+ Reply to Thread
Results 1 to 10 of 10
  1. Junior Member
    Join Date
    Jul 2016
    Posts
    21
    #1

    Default HSRP load balancing regarding VLANs.

    I know that you have to create Vlans in order for one vlan to use one router and the other vlan to use the other router for load balancing per subnet. My question is why do we have to create VLAN's can't we just create 2 Hsrp groups with 2 different virtual IP addresses and set a virtual IP address on half of the hosts and the other virtual IP address on the other half without having to use VLAN's and just letting it be one subnet.
    Why must we use VLAN's?
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    May 2014
    Location
    NJ
    Posts
    849

    Certifications
    CCNP: R&S, CCDA, CCNA: Security, CCNA: R&S, MTA: Networking Fundamentals, Security+, Network+, Linux+, A+, Project+
    #2
    So, we're talking layer 3 switches here.

    If we create the vlans (let us just say VLAN 10 and VLAN 20) and then the two SVIs (switched virtual interfaces), the HSRP config goes under the SVI.

    Example:

    SWITCH 1
    interface Vlan10
    description user VLAN
    ip address 192.168.10.2 255.255.255.0
    standby 10 ip 192.168.10.1 255.255.0
    standby 10 priority 115
    standby 10 preempt

    SWITCH 2
    interface Vlan10
    description user VLAN
    ip address 192.168.10.3 255.255.255.0
    standby 10 ip 192.168.10.1 255.255.0
    standby 10 priority 95
    standby 10 preempt


    You would port channel the two switches together, and switch 1 would be the default gateway (unless it goes down) for VLAN 10. This is useful because VLAN 20 could have the opposite priorities, and switch 2 could be the default gateway for than VLAN. Let's just say VLAN 20 is phones. All users should be on the same VLAN, and they will all go to switch 1 when they need to route somewhere, and the phones will all be on the same VLAN and go to switch 2 when they need to route somewhere. Even if a phone is plugged into switch 1, it will traverse the port channel and go to switch 2, which probably has an upstream link to a router. Controls traffic flow and provides some load balancing. You can't just create a standby group, it has to be attached to something.
    Last edited by hurricane1091; 04-18-2017 at 04:25 PM.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jan 2012
    Posts
    1,237

    Certifications
    BS IT (CCNA R&S, Security, Voice) CCDA, MCP XP, A+, L+, P+, LPIC-1, SUSE CLA
    #3
    @hurracain Think we hit send at the same time lol

    @LLukman
    I am not sure how deep does the HSRP section go into for the CCNA exam but have you got to the configuration portion yet?

    HSRP groups are assigned on a SVI. To get a SVI to come online you have to have a vlan configured and assigned to a trunk or an access port for the SVI to come online.

    ex:
    switch A
    interface vlan 20
    ip add 10.1.1.2 255.255.255.0
    standby 20 ip 10.1.1.1

    switch B
    interface vlan 20
    ip add 10.1.1.3 255.255.255.0
    standby 20 ip 10.1.1.1
    standby 20 priority 150

    You don't just create any vlans and assign the hsrp groups under those SVI's. Generally the vlans that you would use would be ones already in place for production for example vlan 10 for sales and vlan 20 for marketing.

    You design hsrp based on STP as well to take the forwarding path. If SWITCH A will be the gateway for vlan 10 then you have to tune spanning tree with a lower priority to take that pathway. Also, if SWITCH B is the gateway for vlan 20 then you lower the priority for spanning tree to take make SWITCH B more desirable.
    Last edited by dmarcisco; 04-18-2017 at 04:40 PM.
    In life you have to make your own opportunities. Don't let anyone stop you from your dreams to many negative people want you to fail because they can't succeed.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Sep 2004
    Location
    New York
    Posts
    436

    Certifications
    MS IT, BS IT, CCIE R&S, CCNP, CCDP, CISSP, Sec+, VCA6-DCV, VCA6-NV
    #4
    Quote Originally Posted by Llukman1 View Post
    I know that you have to create Vlans in order for one vlan to use one router and the other vlan to use the other router for load balancing per subnet. My question is why do we have to create VLAN's can't we just create 2 Hsrp groups with 2 different virtual IP addresses and set a virtual IP address on half of the hosts and the other virtual IP address on the other half without having to use VLAN's and just letting it be one subnet.
    Why must we use VLAN's?

    You can do that if you want, but it is no longer best practice to use HSRP groups as a means to achieve load balancing/sharing. Today we use GLBP to accomplish the same thing that we would do with HSRP groups back in the day. GLBP would be the better option because you get redundancy with failover, and automated load balancing in a simpler configuration and do not have to mess with static default gateways on each device.

    The only reason you would want to use different VLANs is to isolate broadcast domains per subnet on the same logical segment. Without VLANS the broadcasts, multicasts, and unknown unicasts will hit every single device even though they are using different subnets. The known unicasts will have to use their designated routing device or utilize proxy
    Last edited by tunerX; 04-18-2017 at 05:24 PM.
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Jul 2016
    Posts
    266

    Certifications
    CCNA R&S
    #5
    The simple answer is the different vlan will mean it has a different default gateway
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Sep 2004
    Location
    New York
    Posts
    436

    Certifications
    MS IT, BS IT, CCIE R&S, CCNP, CCDP, CISSP, Sec+, VCA6-DCV, VCA6-NV
    #6
    If we expand on hurricanes's example. Switch 1 and switch 2 both have a connection out of the network. We can have two different virtual IP addresses and manually configure the default gateway. Half of the devices will be manually configured for 192.168.10.10 and the other half would use 192.168.10.20. Again this is manual configuration and completely doable but you don't get auto-magic load sharing with redundancy.

    Different VLANs are not required

    SWITCH 1
    interface Vlan10
    description user VLAN
    ip address 192.168.10.2 255.255.255.0
    standby 10 ip 192.168.10.10 255.255.0
    standby 10 priority 115
    standby 10 preempt
    standby 20 ip 192.168.10.20 255.255.0
    standby 20 priority 95
    standby 20 preempt

    SWITCH 2
    interface Vlan10
    description user VLAN
    ip address 192.168.10.3 255.255.255.0
    standby 10 ip 192.168.10.10 255.255.0
    standby 10 priority 95
    standby 10 preempt
    standby 20 ip 192.168.10.20 255.255.0
    standby 20 priority 115
    standby 20 preempt

    It would be easier to use GLBP.
    Last edited by tunerX; 04-18-2017 at 05:25 PM.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    May 2014
    Location
    NJ
    Posts
    849

    Certifications
    CCNP: R&S, CCDA, CCNA: Security, CCNA: R&S, MTA: Networking Fundamentals, Security+, Network+, Linux+, A+, Project+
    #7
    Quote Originally Posted by dmarcisco View Post
    @hurracain Think we hit send at the same time lol

    @LLukman
    I am not sure how deep does the HSRP section go into for the CCNA exam but have you got to the configuration portion yet?

    HSRP groups are assigned on a SVI. To get a SVI to come online you have to have a vlan configured and assigned to a trunk or an access port for the SVI to come online.

    ex:
    switch A
    interface vlan 20
    ip add 10.1.1.2 255.255.255.0
    standby 20 ip 10.1.1.1

    switch B
    interface vlan 20
    ip add 10.1.1.3 255.255.255.0
    standby 20 ip 10.1.1.1
    standby 20 priority 150

    You don't just create any vlans and assign the hsrp groups under those SVI's. Generally the vlans that you would use would be ones already in place for production for example vlan 10 for sales and vlan 20 for marketing.

    You design hsrp based on STP as well to take the forwarding path. If SWITCH A will be the gateway for vlan 10 then you have to tune spanning tree with a lower priority to take that pathway. Also, if SWITCH B is the gateway for vlan 20 then you lower the priority for spanning tree to take make SWITCH B more desirable.
    LOL very nice
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Jul 2016
    Posts
    21
    #8
    Thank you for your responses and I think tunerX is the closest to understanding what I talking about.
    So if I were to use 2 router's for HSRP for load balancing can I use 1 subnet and create 2 groups. GroupA and GroupB. I assign groupA half the hosts and I assign groupB the other half. Of course the hosts on the same subnet have different virtual IP addresses assigned since they are in different HSRP groups.
    So would what I just explain work because I know what VLANs are useful for but I just wanted to know if it's possible to do it on the same subnet using 2 routers and 2 HSRP groups?
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Sep 2004
    Location
    New York
    Posts
    436

    Certifications
    MS IT, BS IT, CCIE R&S, CCNP, CCDP, CISSP, Sec+, VCA6-DCV, VCA6-NV
    #9
    It is absolutely doable. I added a snippet above that has a configuration that would work as you described.

    Again... GLBP would be the better option
    Reply With Quote Quote  

  11. Senior Member dontstop's Avatar
    Join Date
    Dec 2011
    Posts
    514

    Certifications
    CompTIA IT Fundamentals, CCENT, CCNA:R&S, BInfoTech
    #10
    Having two different default gateways for the same subnet would also lead to painful (see: confusing) troubleshooting and wouldn't be very manageable for DHCP. I could imagine over time this configuration would become fragmented as hosts get reconfigured onto the wrong default gateway.
    Last edited by dontstop; 04-19-2017 at 12:11 AM.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks