This article will provide you the required information to understand what Gateway Load Balancing Protocol (GLBP) is and how to configure its most common features.

Afterwards, you should be able to complete a lab exercise where you will configure these features. The lab is based on a GNS3 simulator. If you haven’t set up GNS3 already and you need guidance to do so, you can use this article for initial installation: GNS3 Labs for CCNA: Getting Started

GLBP allows automatic router backup for hosts configured with a single default gateway. GLBP is meant to work only on 802.3 LAB.

Multiple first hop routers are used to provide a single virtual gateway in combination with load sharing of the IP forwarding.

GLBP is a more advanced version of Hot Standby Router Protocol. HSRP allows multiple routers to be configured with the virtual IP default gateway. However, only one member of the HSRP group is active and it’s the forwarder of the packets. The other routers are in backup state and will start to forward packets only when the primary router has failed. A workaround to this might be to configure multiple groups for the same routers and configure the hosts with different default gateways. While this is a simple procedure, it can add administrative burden in the deployment phase.

On the other hand, GLBP provides a single virtual IP address with multiple virtual MAC addresses. Every host is configured with the same default gateway, but when the ARP resolution happens, the hosts have different MAC addresses as next hop for the default gateway IP.

Members of the GLBP group elect one router that will become the active virtual gateway (AVG). The other members of the group will become the backup of the AVG. The AVG then assigns virtual MAC addresses to the other members of the GLBP group and these members must forward packets sent to the virtual MAC addresses assigned to them. These gateways are called Active Virtual Forwarders (AVF).

When a host sends an ARP request, the AVG will reply with a virtual MAC address. When another host sends an ARP request, the AVG will reply with another virtual MAC address. In this way, traffic load balancing is achieved.

There can be up to four virtual MAC addresses only.

In each GLBP group, there is one AVG and one standby virtual gateway, with all the other members of the group in listen state. A member in listen state will transition in standby state if the AVG fails.

GLBP also has a so called weighting scheme, a mechanism which determines the forwarding ability of each router in the GLBP group. The weight value determines how many hosts the traffic will be forwarded to.

GLBP brings the following benefits:

  • Load sharing –traffic from the LAN will be forwarded by multiple routers
  • Multiple virtual routers – multiple groups, each with up to four virtual forwarders
  • Pre-emption – ability to take over the active role after the router is back online
  • Authentication – passwords can be configured to protect GLBP operation

The topology used in the lab is illustrated below.

At the beginning of this article is a link where you can download the GNS3 topology along with the router configurations.

In case you want to use the same configuration files for the routers, make sure that you adapt the path to the files in the topology file (topology.net).

You will start the lab by configuring the GLBP on the two routers R1 and R2.

There are a few things not displayed in the diagram:

  • The virtual GLBP IP address is 10.10.12.3.
  • The loopback of R3 is configured with the IP address 1.1.1.1/32.
  • R1, R2 and R3 are running OSPF protocol so that R1 and R2 can reach the loopback interface of R3, which can reach the hosts from the 10.10.12.0/24 subnet.

This is the routing table of R3:

R3#show ip route | begin Gateway
Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 3 subnets
O       10.10.12.0 [110/2] via 10.10.23.2, 00:00:11, FastEthernet1/0
                   [110/2] via 10.10.13.1, 00:00:11, FastEthernet0/0
C       10.10.13.0 is directly connected, FastEthernet0/0
C       10.10.23.0 is directly connected, FastEthernet1/0
R3#

And this is the routing table of R1, which is almost identical with the one from R2:

R1#show ip route | begin Gateway
Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/2] via 10.10.13.3, 00:01:04, FastEthernet1/0
     10.0.0.0/24 is subnetted, 3 subnets
C       10.10.12.0 is directly connected, FastEthernet0/0
C       10.10.13.0 is directly connected, FastEthernet1/0
O       10.10.23.0 [110/2] via 10.10.13.3, 00:01:04, FastEthernet1/0
                   [110/2] via 10.10.12.2, 00:01:04, FastEthernet0/0
R1#

Before you can configure the hosts, you should know that they are emulated using a lightweight version of Linux. You can download it here http://sourceforge.net/projects/gns-3/files/Qemu%20Appliances/linux-microcore-3.8.2.img. Once you’ve downloaded it, you need to configure GNS3. Go to Edit – Preferences – Qemu. You should have something similar to this. Keep in mind that path location might be different based on where you decided to store the Linux image.

Once you have configured Qemu, you can start the hosts (PC_1, PC_2 and PC_3) as well. If you are prompted for login credentials, use ‘tc’ as username and you will be able to login without a password.

The host configuration is empty. You would have to configure the IP address of the eth0 interface. Below is a screenshot showing how to do this on PC_2. Do the same for all hosts.

sudo ifconfig eth0 10.10.12.102 netmask 255.255.255.0

Once you configured this, you should be able to ping R2 or R1:

However, this is not all. A host needs to have a default gateway and this will be the virtual GLBP IP address, 10.10.12.3. This is how you configure the default gateway on Linux and check the routing table:

sudo route add default gw 10.10.12.3 eth0

After you are done configuring the IP addresses and the default routes on the hosts, you can start the actual lab of configuring GLBP.

You can paste this configuration on R1 to configure it as GLBP active:

R1#show running-config interface f0/0
Building configuration...

Current configuration : 262 bytes
!
interface FastEthernet0/0
 ip address 10.10.12.1 255.255.255.0
 duplex auto
 speed auto
 glbp 1 ip 10.10.12.3
 glbp 1 priority 105
 glbp 1 preempt
 glbp 1 weighting 1
 glbp 1 authentication md5 key-string cisco-glbp
 glbp 1 weighting track 1 decrement 15
end

R1#

And this is the configuration for R2:

R2#show running-config interface f0/0
Building configuration...

Current configuration : 202 bytes
!
interface FastEthernet0/0
 ip address 10.10.12.2 255.255.255.0
 duplex auto
 speed auto
 glbp 1 ip 10.10.12.3
 glbp 1 preempt
 glbp 1 weighting 1
 glbp 1 authentication md5 key-string cisco-glbp
end

R2#

Also, as you can see, we configured R1 to track its uplink status. This is done using this line of configuration:

R1#show  running-config | i track 1 interface
track 1 interface FastEthernet1/0 line-protocol
R1#

Let’s check the operational status of GLBP on R1:

R1#show glbp
FastEthernet0/0 - Group 1
  State is Active
    2 state changes, last state change 01:09:53
  Virtual IP address is 10.10.12.3
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.216 secs
  Redirect time 600 sec, forwarder time-out 14400 sec
  Authentication MD5, key-string "cisco-glbp"
  Preemption enabled, min delay 0 sec
  Active is local
  Standby is 10.10.12.2, priority 100 (expires in 9.132 sec)
  Priority 105 (configured)
  Weighting 1 (configured 1), thresholds: lower 1, upper 1
    Track object 1 state Up decrement 15
  Load balancing: round-robin
  Group members:
    cc00.c7e4.0000 (10.10.12.2) authenticated
    cc02.c7e4.0000 (10.10.12.1) local
  There are 2 forwarders (1 active)
  Forwarder 1
    State is Active
      1 state change, last state change 01:09:43
    MAC address is 0007.b400.0101 (default)
    Owner ID is cc02.c7e4.0000
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 1
    Arp replies sent: 2
  Forwarder 2
    State is Listen
    MAC address is 0007.b400.0102 (learnt)
    Owner ID is cc00.c7e4.0000
    Redirection enabled, 597.204 sec remaining (maximum 600 sec)
    Time to live: 14397.200 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 10.10.12.2 (primary), weighting 1 (expires in 7.196 sec)
    Arp replies sent: 1
R1#

As you can see, the active router is local with the priority of 105 and the standby (backup) is 10.10.12.2 (R2).

Pre-emption is enabled.

The password is cisco-glbp.

The default timers are used: hello timer is 3 seconds and hold timer is 10 seconds.

There are two forwarders: one for the MAC 0007.b400.0101, for which R1 is the active router and R2 is the standby; and the second for MAC 0007.b400.0102, for which R2 is the active router and R1 is the standby.

You can also see how ARP replies were sent for each forwarder.

This means that some of the hosts will resolve the ARP for default gateway using one of the MACs and other hosts will use the other MAC to resolve the ARP.

Let’s check the arp table for each host. For PC_1:

For PC_2:

For PC_3:

As you can see, the hosts use different MAC addresses. This means that the traffic in the LAN will be sent to that MAC address, achieving load balancing this way.

I mentioned track configuration which can trigger the active router for any of the forwarders to transition to Listen state.

In our example, if the hosts want to reach 1.1.1.1 IP address from R3, they will not be able to do it if the interface F1/0 from R1 will be down.

For our test, we will shutdown F1/0:

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int f1/0
R1(config-if)#shut
R1(config-if)#end
R1#
*Mar  1 01:31:49.047: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
R1#
*Mar  1 01:31:50.695: %SYS-5-CONFIG_I: Configured from console by console
*Mar  1 01:31:51.035: %LINK-5-CHANGED: Interface FastEthernet1/0, changed state to administratively down
R1#
*Mar  1 01:31:52.035: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to down
R1#
*Mar  1 01:32:19.983: %GLBP-6-FWDSTATECHANGE: FastEthernet0/0 Grp 1 Fwd 1 state Active -> Listen
R1#

We can check that R1 transitioned to Listen state:

R1#show glbp
FastEthernet0/0 - Group 1
  State is Active
    2 state changes, last state change 01:27:25
  Virtual IP address is 10.10.12.3
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.592 secs
  Redirect time 600 sec, forwarder time-out 14400 sec
  Authentication MD5, key-string "cisco-glbp"
  Preemption enabled, min delay 0 sec
  Active is local
  Standby is 10.10.12.2, priority 100 (expires in 7.372 sec)
  Priority 105 (configured)
  Weighting -14, low (configured 1), thresholds: lower 1, upper 1
    Track object 1 state Down decrement 15
  Load balancing: round-robin
  Group members:
    cc00.c7e4.0000 (10.10.12.2) authenticated
    cc02.c7e4.0000 (10.10.12.1) local
  There are 2 forwarders (0 active)
  Forwarder 1
    State is Listen
      2 state changes, last state change 00:01:12
    MAC address is 0007.b400.0101 (default)
    Owner ID is cc02.c7e4.0000
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is 10.10.12.2 (secondary), weighting 1 (expires in 9.456 sec)
    Arp replies sent: 3
  Forwarder 2
    State is Listen
    MAC address is 0007.b400.0102 (learnt)
    Owner ID is cc00.c7e4.0000
    Redirection enabled, 599.456 sec remaining (maximum 600 sec)
    Time to live: 14399.456 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 10.10.12.2 (primary), weighting 1 (expires in 9.456 sec)
    Arp replies sent: 3
R1#

And that R2 is active for both forwarders:

R2#show  glbp
FastEthernet0/0 - Group 1
  State is Standby
    1 state change, last state change 01:28:37
  Virtual IP address is 10.10.12.3
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.580 secs
  Redirect time 600 sec, forwarder time-out 14400 sec
  Authentication MD5, key-string "cisco-glbp"
  Preemption enabled, min delay 0 sec
  Active is 10.10.12.1, priority 105 (expires in 7.848 sec)
  Standby is local
  Priority 100 (default)
  Weighting 1 (configured 1), thresholds: lower 1, upper 1
  Load balancing: round-robin
  Group members:
    cc00.c7e4.0000 (10.10.12.2) local
    cc02.c7e4.0000 (10.10.12.1) authenticated
  There are 2 forwarders (2 active)
  Forwarder 1
    State is Active
      1 state change, last state change 00:02:44
    MAC address is 0007.b400.0101 (learnt)
    Owner ID is cc02.c7e4.0000
    Time to live: 14235.096 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is local, weighting 1
  Forwarder 2
    State is Active
      1 state change, last state change 01:28:47
    MAC address is 0007.b400.0102 (default)
    Owner ID is cc00.c7e4.0000
    Preemption enabled, min delay 30 sec
    Active is local, weighting 1
R2#

GLBP is pretty simple to configure. However it’s a little more complex from the operation point of view than HSRP. I suggest you go over the references mentioned at the end of this article to get familiarized with GLBP.

References

  1. GLBP – Gateway Load Balancing Protocol (http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html)
  2. Configuring GLBP (http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/12-4/fhp-12-4-book/fhp-glbp.html)