What is GLBP?

GLBP is a protocol for load balancing routers but make them appear to be a single router to other devices on a network. GLBP stands for gateway load balancing protocol. An example of a situation where this could be used is for balancing between two broadband connections for a small to medium office. As far I as am aware it will only work with Cisco routers and nobody else support the GLBP protocol. A full description http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ft_glbp.html can be found on the Cisco web site for the command reference.

How does it work?

It works the same way as other redundant gateway protocols work. Like HSRP or VRRP. However in GLBP instead of one or other router being the active gateway both routers share an ip address to make them both active in the setup. So as an added benefit of load balancing you can also have the added benefit of redundancy for free. It is possible for the device to share a single ip address because it will only ever advertise one mac / arp address to each host that
requests the gateway.

Where is the benefit?

What it will not be able to do is to double an internet connection bandwidth to a single machine when nat is involved. What it will do is spread the load from multiple machines into two or more internet connections. So it is best suited to growing offices where there are too many people for a single internet connection but not yet enough to consider getting a costly leased line.

Actually the initial setup like HSRP and VRRP is very simple. It goes something like this. Assuming the gateway your host to use is on 192.168.1.254

  • Configure router 1 to be on ip address 192.168.1.253
  • Configure router 2 to be on ip address 192.168.1.252
  • Configure GLBP to be on 192.168.1.254
  • Setup some port forwards

Router 1 Config

interface Vlan1
  ip address 192.168.1.253 255.255.255.0
  glbp 1 ip 192.168.1.254
  glbp 1 load-balancing host-dependent
  glbp 1 weighting track 1 decrement 255

Router 2 Config

interface Vlan1
 ip address 192.168.1.252 255.255.255.0
 glbp 1 ip 192.168.1.254
 glbp 1 load-balancing host-dependent
 glbp 1 weighting track 1 decrement 255

The load-balancing host-dependent setting is important as it tells clients on the network to always use the same gateway. It also uses the client’s mac address as a seed to which gateway is selected.

To work with the configuration above you will also need to use a few track’s just so that the routers only stay a member of the GLBP group when their internet connections are actually up. Both of these routers are the same so both routers will want a configuration entry like below. Where these are using an ADSL connection on the sub interface ATM0.2.

track 1 interface ATM0.2 line-protocol

It really is that simple. You can check it is working by issuing a command “show glbp”. You will get the output of something like this.

Vlan1 - Group 1
  State is Active
    2 state changes, last state change 5w3d
  Virtual IP address is 192.168.1.254
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.736 secs
  Redirect time 600 sec, forwarder timeout 14400 sec
  Preemption disabled
  Active is local
  Standby is 192.168.1.252, priority 100 (expires in 8.171 sec)
  Priority 100 (default)
  Weighting 100 (default 100), thresholds: lower 1, upper 100
    Track object 1 state Up decrement 255
  Load balancing: host-dependent
  Group members:
    0026.0b2b.66f0 (192.168.1.253) local
    b8be.bf57.35a6 (192.168.1.252)
  There are 2 forwarders (1 active)
  Forwarder 1
    State is Active
      13 state changes, last state change 3d15h
    MAC address is 0007.b400.0101 (default)
    Owner ID is 0026.0b2b.66f0
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 100
    Client selection count: 223549
  Forwarder 2
    State is Listen
      12 state changes, last state change 17:12:57
    MAC address is 0007.b400.0102 (learnt)
    Owner ID is b8be.bf57.35a6
    Redirection enabled, 599.332 sec remaining (maximum 600 sec)
    Time to live: 14399.300 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 192.168.1.252 (primary), weighting 100 (expires in 9.236 sec)
    Client selection count: 64723

What about port forwarding?

There are some issues with port forwarding with this setup. After all if you forward something from router 1 (192.168.1.253) to a host (192.168.1.1) it could go back out though router 2. If you are using external nat this of course will fail to work correctly since it is not being translated though the same router again and will be sent back to the original sender with an incorrect source ip address (router 2 in this case)

To get around this problem we will need to do some source routing on the vlan interfaces. We can accomplish this using a route map and an access list and the most complex case that we can come across which would be inbound mail on port 25. Which is also probably where we want the most redundancy. For this example we have the mail server on the internal ip address of 192.168.1.2

On router 1 we want to forward the port 25 to port 25 on the mail server:

ip nat inside source static tcp 192.168.1.2 25 interface ATM0.2 25

On router 2 we want to forward the external port 25 to port 2525 on the mail server. The mail server will also need to be configured to listen for email on port 2525 as well.

ip nat inside source static tcp 192.168.1.2 2525 interface ATM0.2 25

On router 1 we will create a route-map called redirect and an access list to match all things coming from 192.168.1.2 port 2525 and redirect it to router 2.

access-list 152 remark Redirect List
access-list 152 permit tcp host 192.168.1.2 eq 2525 any

route-map Redirect permit 10
 match ip address 152
 set ip next-hop 192.168.1.252

interface Vlan1
  ip policy route-map Redirect

On router 2 we want to create the opposite. So traffic arriving at router 2 from 192.168.1.2 port 25 will be sent out though router 1.

access-list 152 remark Redirect List
access-list 152 permit tcp host 192.168.1.2 eq smtp any

route-map Redirect permit 10
 match ip address 152
 set ip next-hop 192.168.1.253
 set interface Vlan1

interface Vlan1
  ip policy route-map Redirect

All that is left to do would be to test that you can access both external ip address’s that are forwarded. A quick example on testing for the email ports that have just been forwarded would be to remote desktop or some such to a remote computer and telnet to the external ip address’s on port 25.

You can extend these to use more port forwards by changing the access lists. However it is not suitable to forward from both routers to ports or services that will only listen on a single port like remote desktop.





Last Modified: 21 December 2016

Releated Posts


2012-07-07 - Cisco - Howto enable scp file transfer
2011-06-21 - Cisco - Gateway load balancing