What is GLBP?
GLBP is a protocol for load balancing routers but make them appear to be a single router to other devices on a network. GLBP stands for gateway load balancing protocol. An example of a situation where this could be used is for balancing between two broadband connections for a small to medium office. As far I as am aware it will only work with Cisco routers and nobody else support the GLBP protocol. A full description http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html can be found on the Cisco web site for the command reference.
How does it work?
It works the same way as other redundant gateway protocols work. Like HSRP or VRRP. However in GLBP instead of one or other router being the active gateway both routers share an ip address to make them both active in the setup. So as an added benefit of load balancing you can also have the added benefit of redundancy for free. It is possible for the device to share a single ip address because it will only ever advertise one mac / arp address to each host that
requests the gateway.
Where is the benefit?
What it will not be able to do is to double an internet connection bandwidth to a single machine when nat is involved. What it will do is spread the load from multiple machines into two or more internet connections. So it is best suited to growing offices where there are too many people for a single internet connection but not yet enough to consider getting a costly leased line.
Actually the initial setup like HSRP and VRRP is very simple. It goes something like this. Assuming the gateway your host to use is on 192.168.1.254
- Configure router 1 to be on ip address 192.168.1.253
- Configure router 2 to be on ip address 192.168.1.252
- Configure GLBP to be on 192.168.1.254
- Setup some port forwards
Router 1 Config
interface Vlan1 ip address 192.168.1.253 255.255.255.0 glbp 1 ip 192.168.1.254 glbp 1 load-balancing host-dependent glbp 1 weighting track 1 decrement 255
Router 2 Config
interface Vlan1 ip address 192.168.1.252 255.255.255.0 glbp 1 ip 192.168.1.254 glbp 1 load-balancing host-dependent glbp 1 weighting track 1 decrement 255
The load-balancing host-dependent setting is important as it tells clients on the network to always use the same gateway. It also uses the client’s mac address as a seed to which gateway is selected.
To work with the configuration above you will also need to use a few track’s just so that the routers only stay a member of the GLBP group when their internet connections are actually up. Both of these routers are the same so both routers will want a configuration entry like below. Where these are using an ADSL connection on the sub interface ATM0.2.
track 1 interface ATM0.2 line-protocol
It really is that simple. You can check it is working by issuing a command “show glbp”. You will get the output of something like this.
Vlan1 - Group 1 State is Active 2 state changes, last state change 5w3d Virtual IP address is 192.168.1.254 Hello time 3 sec, hold time 10 sec Next hello sent in 2.736 secs Redirect time 600 sec, forwarder timeout 14400 sec Preemption disabled Active is local Standby is 192.168.1.252, priority 100 (expires in 8.171 sec) Priority 100 (default) Weighting 100 (default 100), thresholds: lower 1, upper 100 Track object 1 state Up decrement 255 Load balancing: host-dependent Group members: 0026.0b2b.66f0 (192.168.1.253) local b8be.bf57.35a6 (192.168.1.252) There are 2 forwarders (1 active) Forwarder 1 State is Active 13 state changes, last state change 3d15h MAC address is 0007.b400.0101 (default) Owner ID is 0026.0b2b.66f0 Redirection enabled Preemption enabled, min delay 30 sec Active is local, weighting 100 Client selection count: 223549 Forwarder 2 State is Listen 12 state changes, last state change 17:12:57 MAC address is 0007.b400.0102 (learnt) Owner ID is b8be.bf57.35a6 Redirection enabled, 599.332 sec remaining (maximum 600 sec) Time to live: 14399.300 sec (maximum 14400 sec) Preemption enabled, min delay 30 sec Active is 192.168.1.252 (primary), weighting 100 (expires in 9.236 sec) Client selection count: 64723
What about port forwarding?
There are some issues with port forwarding with this setup. After all if you forward something from router 1 (192.168.1.253) to a host (192.168.1.1) it could go back out though router 2. If you are using external nat this of course will fail to work correctly since it is not being translated though the same router again and will be sent back to the original sender with an incorrect source ip address (router 2 in this case)
To get around this problem we will need to do some source routing on the vlan interfaces. We can accomplish this using a route map and an access list and the most complex case that we can come across which would be inbound mail on port 25. Which is also probably where we want the most redundancy. For this example we have the mail server on the internal ip address of 192.168.1.2
On router 1 we want to forward the port 25 to port 25 on the mail server:
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.2 25
On router 2 we want to forward the external port 25 to port 2525 on the mail server. The mail server will also need to be configured to listen for email on port 2525 as well.
ip nat inside source static tcp 192.168.1.2 2525 interface ATM0.2 25
On router 1 we will create a route-map called redirect and an access list to match all things coming from 192.168.1.2 port 2525 and redirect it to router 2.
access-list 152 remark Redirect List access-list 152 permit tcp host 192.168.1.2 eq 2525 any route-map Redirect permit 10 match ip address 152 set ip next-hop 192.168.1.252 interface Vlan1 ip policy route-map Redirect
On router 2 we want to create the opposite. So traffic arriving at router 2 from 192.168.1.2 port 25 will be sent out though router 1.
access-list 152 remark Redirect List access-list 152 permit tcp host 192.168.1.2 eq smtp any route-map Redirect permit 10 match ip address 152 set ip next-hop 192.168.1.253 set interface Vlan1 interface Vlan1 ip policy route-map Redirect
All that is left to do would be to test that you can access both external ip address’s that are forwarded. A quick example on testing for the email ports that have just been forwarded would be to remote desktop or some such to a remote computer and telnet to the external ip address’s on port 25.
You can extend these to use more port forwards by changing the access lists. However it is not suitable to forward from both routers to ports or services that will only listen on a single port like remote desktop.