Redundancy -- HSRP, VRRP AND GLBP

Answered Question
Jun 23rd, 2008

1.}A network with SVI configured for more that 16 vlans with host machines deriving their IP's from a dedicated windows DHCP server and each vlan's SVI ip address configured as the default gateway on the DHCP server. How will the hosts be aware of the virtual IP's used for redundancy if their current default gateway is their individual vlan svi ip address?

I have this problem too.
0 votes
Correct Answer by Richard Burts about 8 years 5 months ago

Babatunde

My solution works essentially the same whether there is 1 subnet (1 vlan) or 16 vlans (16 subnets - just for 16 vlans you would do it 16 times).

to explain it I will borrow from the example provided by Jon. So we will start with vlan 10 with its original address (which would also be the address configured in DHCP for the default router)

int vlan 10

ip address 192.168.5.1 255.255.255.0

Then we will change the SVI address from .1 to .2 and will add the HSRP using .1 for the virtual address

int vlan 10

ip address 192.168.5.2 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 100

standby 10 preempt

standby 10 auth

and then if you have another vlan you do the same steps for the other vlan

int vlan 11

ip address 192.168.11.1 255.255.255.0

Then we will change the SVI address from .1 to .2 and will add the HSRP using .1 for the virtual address

int vlan 11

ip address 192.168.11.2 255.255.255.0

standby 11 ip 192.168.11.1

standby 11 pri 100

standby 11 preempt

standby 11 auth

And you can do these steps 16 times and will change 16 vlans.

HTH

Rick

Correct Answer by Richard Burts about 8 years 5 months ago

Babatunde

If I correctly understand some aspect of your situation not explained in your post, I believe that you are describing a situation in which the switch(es) were configured and the network implemented without having redundancy. Now you want to go back and implement redundancy and to minimize the impact of the change (make it as transparent as possible to users).

While I agree with Jon that the real solution is to have the default gateway defined in DHCP be the virtual address, I believe that there is a way to get to that which will minimize the impact to users. I have been through a similar conversion effort. What we did was to keep the same default gateway in DHCP. We changed the address on the SVI to a different address, and we configured the virtual address to be the previous SVI address. The result was redundancy achieved without anything in the user PC changing.

Another possible approach would be to set a very short lease in DHCP. Once the user PCs are going back to DHCP on a very frequent basis you can schedule a maintenance window for a time when the minimum number of users are on the network, make your changes to configure redundancy, and by the time that most users return to the network the PC will have a working default gateway that points to the virtual address.

HTH

Rick

Correct Answer by Jon Marshall about 8 years 5 months ago

You set the default-gateway in your DHCP scope to be the virtual IP address eg

switch1

int vlan 10

ip address 192.168.5.2 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 100

standby 10 preempt

standby 10 auth

switch 2

int vlan 10

ip address 192.168.5.3 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 110

standby 10 auth

You then set the default-gateway in your DHCP scope to be 192.168.5.1 ie. the Virtual IP.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (6 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 06/24/2008 - 03:01

You set the default-gateway in your DHCP scope to be the virtual IP address eg

switch1

int vlan 10

ip address 192.168.5.2 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 100

standby 10 preempt

standby 10 auth

switch 2

int vlan 10

ip address 192.168.5.3 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 110

standby 10 auth

You then set the default-gateway in your DHCP scope to be 192.168.5.1 ie. the Virtual IP.

Jon

Correct Answer
Richard Burts Tue, 06/24/2008 - 03:25

Babatunde

If I correctly understand some aspect of your situation not explained in your post, I believe that you are describing a situation in which the switch(es) were configured and the network implemented without having redundancy. Now you want to go back and implement redundancy and to minimize the impact of the change (make it as transparent as possible to users).

While I agree with Jon that the real solution is to have the default gateway defined in DHCP be the virtual address, I believe that there is a way to get to that which will minimize the impact to users. I have been through a similar conversion effort. What we did was to keep the same default gateway in DHCP. We changed the address on the SVI to a different address, and we configured the virtual address to be the previous SVI address. The result was redundancy achieved without anything in the user PC changing.

Another possible approach would be to set a very short lease in DHCP. Once the user PCs are going back to DHCP on a very frequent basis you can schedule a maintenance window for a time when the minimum number of users are on the network, make your changes to configure redundancy, and by the time that most users return to the network the PC will have a working default gateway that points to the virtual address.

HTH

Rick

babatunde_sanda Tue, 06/24/2008 - 09:40

Thanks Jon for the hsrp config. I actually understand the configurations and how to implement them. Your suggestion which I figured was my solution is pretty straight forward. Looking more at the way Rick analyzed it. Rick this goes for you. Simply changing the default gateway for all my subnets to the virtual IP address and reconfiguring the DHCP renewal time scope will achieve the results as you acknowledged.

When you said "We changed the address on the SVI to a different address (the address must still be within the subnet, right?), and we configured the virtual address to be the previous SVI address" where you dealing with just a subnet? Because that's the way I picture that will work well. But with multiple subnets..... (Clarify please). The way I see it with what you said that means I have to have as many HSRP/VRRP/GLBP virtual IP address groups for that solution. As I said I may be wrong please clarify with the scenario you figured out but take note there is more than a subnet (16 vlans). You could just explain the scenario you experienced (mentioning the VLANs, SVI interfaces virtual IP address and how you made the host aware of the Virtual IP address) that might help my understanding.

Thanks in advance.

Correct Answer
Richard Burts Tue, 06/24/2008 - 10:05

Babatunde

My solution works essentially the same whether there is 1 subnet (1 vlan) or 16 vlans (16 subnets - just for 16 vlans you would do it 16 times).

to explain it I will borrow from the example provided by Jon. So we will start with vlan 10 with its original address (which would also be the address configured in DHCP for the default router)

int vlan 10

ip address 192.168.5.1 255.255.255.0

Then we will change the SVI address from .1 to .2 and will add the HSRP using .1 for the virtual address

int vlan 10

ip address 192.168.5.2 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 100

standby 10 preempt

standby 10 auth

and then if you have another vlan you do the same steps for the other vlan

int vlan 11

ip address 192.168.11.1 255.255.255.0

Then we will change the SVI address from .1 to .2 and will add the HSRP using .1 for the virtual address

int vlan 11

ip address 192.168.11.2 255.255.255.0

standby 11 ip 192.168.11.1

standby 11 pri 100

standby 11 preempt

standby 11 auth

And you can do these steps 16 times and will change 16 vlans.

HTH

Rick

babatunde_sanda Tue, 06/24/2008 - 10:06

You know what Rick, I carefully analysed your solution in my head now and pictured it right. That is another briliant solution. Thanks. In Jon's senario, I have to reconfigure the default gateway for each subnet to the virtual IP address in the DHCP server scopes but in your senario to use the same IP address, I just need to add the standby group, priority and what other configs I want to the existing SVI interfaces. right? Thanks.

Jon Marshall Tue, 06/24/2008 - 11:52

Babatunde

The scenario i gave was just a generic answer to how to use HSRP on 2 switches.

However as Rick correctly interpreted you are also concerned with a migration. So in answer to your question yes Rick's solution means you do not need to update your DHCP scope nor change anything on the client.

Jon

Actions

This Discussion