GLBP(Gateway Load Balance Protocol)網關負載均衡協議
GLBP(Gateway Load Balance Protocol)也是cisco的專有協議,不僅提供冗餘網關功能,還在各網關之間提供負載均衡.
GLBP Functions
GLBP active virtual gateway (AVG): Members of a GLBP group elect one gateway to be the AVG for that group. Other group members provide backup for the AVG in the event that the AVG becomes unavailable. The AVG assigns a virtual MAC address to each member of the GLBP group.
GLBP組中選舉一個AVG作爲活動的網關,組內其他路由器作爲主網關的backup,AVG路由器爲沒一個GLBP組內成員分配虛擬的MAC地址。
GLBP active virtual forwarder (AVF): Each gateway assumes responsibility for forwarding packets that are sent to the virtual MAC address assigned to that gateway by the AVG. These gateways are known as AVFs for their virtual MAC address.
GLBP communication: GLBP members communicate between each other through hello messages sent every 3 seconds to the multicast address 224.0.0.102, User Datagram Protocol (UDP) port 3222.
GLBP組成員交互HEELO信息,時間間隔爲3S,組播地址爲224.0.0.102,使用UDP3222端口。
GLBP Features
Load sharing負載均衡: You can configure GLBP in such a way that traffic from LAN clients can be shared by multiple routers, thereby sharing the traffic load more equitably among available routers.
Multiple virtual routers多路由虛擬: GLBP supports up to 1024 virtual routers (GLBP groups) on each physical interface of a router and up to four virtual forwarders per group.
Preemption搶佔特性: The redundancy scheme of GLBP enables you to preempt an AVG with a higher priority backup virtual gateway that has become available. Forwarder preemption works in a similar way, except that forwarder preemption uses weighting instead of priority and is enabled by default.
Efficient resource utilization有效的資源利用: GLBP makes it possible for any router in a group to serve as a backup, which eliminates the need for a dedicated backup router because all available routers can support network traffic.
GLBP provides upstream load sharing by utilizing the redundant uplinks simultaneously. It uses link capacity efficiently, thus providing peak-load traffic coverage. By making use of multiple available paths upstream from the routers or Layer 3 switches running GLBP, output queues may also be reduced.
Only a single path is used with HSRP or VRRP, while others are idle, unless multiple groups and gateways are configured. The single path may encounter higher output queue rates during peak times, which leads to lower performance from higher jitter rates. The impact of jitter is lessened and over performance is increased because more upstream bandwidth is available, and additional upstream paths are used.
配置詳解:
Switch(config-if)#glbp group-number ip virtual-gateway-addr
設置group-number及其虛擬網關的IP地址
Switch(config-if)# glbp group-number priority priority_value
設定當前路由器的優先級
Switch(config-if)# glbp group-number timers hello-value holdtime-value
設定GLBP的時間
配置示例:
基本配置:全網的接口依照拓撲圖配置IP地址,其中R5充當PC,默認網關指向虛擬網關地址192.168.2.254,此外,R1起環回口1.1.1.1,並且全網啓用RIP保證全網的底層可達。
下面配置GLBP:
R2:interface Ethernet0/1
ip address 192.168.2.2 255.255.255.0
full-duplex
glbp 10 ip 192.168.2.254----------------設置GLBP組的虛擬網關地址爲192.168.2.254
glbp 10 priority 105---------------------設置R2的優先級爲105
glbp 10 preempt-------------------------開啓R2的搶佔功能
glbp 10 authentication md5 key-string ccie------開啓md5驗證,密文爲ccie
R3:interface Ethernet0/1
ip address 192.168.2.3 255.255.255.0
full-duplex
glbp 10 ip 192.168.2.254
glbp 10 preempt
glbp 10 authentication md5 key-string ccie
R4:interface Ethernet0/1
ip address 192.168.2.4 255.255.255.0
full-duplex
glbp 10 ip 192.168.2.254
glbp 10 preempt
glbp 10 authentication md5 key-string ccie
驗證:
R2#sh glbp
Ethernet0/1 - Group 10
State is Init (interface down)
3 state changes, last state change 00:16:42
Virtual IP address is 192.168.2.254
Hello time 3 sec, hold time 10 sec
Redirect time 600 sec, forwarder time-out 14400 sec
Authentication MD5, key-string "ccie"
Preemption enabled, min delay 0 sec
Active is unknown
Standby is unknown
Priority 105 (configured)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Load balancing: round-robin
Group members:
cc00.1264.0001 (192.168.2.2) local
There are 3 forwarders (0 active)
Forwarder 1
State is Init
2 state changes, last state change 00:16:42
MAC address is 0007.b400.0a01 (default)
Owner ID is cc00.1264.0001
Preemption enabled, min delay 30 sec
Active is unknown
Arp replies sent: 5
Forwarder 2
State is Init
MAC address is 0007.b400.0a02 (learnt)
Owner ID is cc00.177c.0001
Time to live: 13393.776 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is unknown
Arp replies sent: 5
Forwarder 3
State is Init
MAC address is 0007.b400.0a03 (learnt)
Owner ID is cc00.143c.0001
Time to live: 13392.628 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is unknown
Arp replies sent: 5
此時在PC(R5)上PING 1.1.1.1,可見虛擬網關有效,PING包成功到達。1.1.1.1
R5#p 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/114/244 ms
這時查看R5的ARP表:
R5#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.2.5 - cc00.11e8.0001 ARPA Ethernet0/1
Internet 192.168.2.254 0 0007.b400.0a01 ARPA Ethernet0/1
可見,PC從AVG獲得的虛擬網關的MAC地址爲0a01,這代表第一臺主網關對應的虛擬MAC地址。
執行clear arp-cache
然後再次PING1.1.1.1後,查看arp表:
R5#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.2.5 - cc00.11e8.0001 ARPA Ethernet0/1
Internet 192.168.2.254 0 0007.b400.0a02 ARPA Ethernet0/1
此舉措模擬此網絡中第二臺計算機獲得虛擬網關MAC地址的現象,可見虛擬網關之間獲得了負載均衡的效果,即主備網關之間執行輪循的均衡原則,極大限度的利用了設備,爲下一臺PC分配0a03,爲再下一臺分配0a04…….以此類推,從而實現GLBP的負載均衡效果。
再驗證主網關DOWN掉之後的現象:shutdown R2的E0/1端口後:
R5#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.2.5 - cc00.11e8.0001 ARPA Ethernet0/1
Internet 192.168.2.254 0 0007.b400.0a02 ARPA Ethernet0/1
發現依然自動切換到R3這個備份的網關上。
寫在試驗後面:
GLBP的作用有別於HSRP VRRP,是網關的負載均衡,既做到了網關的冗餘備份,也完成了對傳統冗餘設備中備份設備的利用,利用輪詢負載的特性使組內每一臺網關都能得到充分的利用,並且在發生故障時能夠得到更快的備份。
Vanyoung 02:14, 19th,Jan,2009,@Beijing