High availability

I am a security passionate. First I would like to think about the concept.

What does it means “high availability”?

For example:

You are responsible of a small network and you have a spare server, router, switch and some computers. This can not be considered high availability because but is not efficient. High availability will be if you have two routers configured and in case that one is broken, all traffic will be router by the other one. The administrator should receive an alarm and this broken appliance should be replaced. This can be a “basic” scenario. It will be same for servers and switches.

Best scenario could be:

*Two different internet providers.

*A pair of good routers each one with redundant power and configured with HSRP, VRRP or GLBP protocols.

*A cluster server environment to prevent a failure in the system.

*All devices should be connected to a separate power line.

*A SAI should protect the core of the company.

If finally all the above can be duplicated  in another office…. means that the information that you are handling is toooooo important 😉

I do not know if I have skipped an y concept.

This is the theory but it depends on the necessity of the company. If the company can assume an hour or a day loss service, then is not necessary all this kind of measures. However, if the company sells articles in a website each minute is important because the service is not good for the customer.

There are another extreme cases.I read a whitepapper in which the author were talking about the systems used by the military forces in aircrafts. The systems used to control this jets is best redundant example. It uses 3 different systems with 3 different architectures and 3 different operating systems. He did not talk about power but I think that is redundant too 😉

Now let’s start to talk about redundant protocols.

Hot Standby Router Protocol (HSRP). Provides default gateway redundancy using one active and one standby router. That means. A router is receiving all weight and in case of it fails, the standby router will become as active router. When the the service is established it will back to standby router as before. By multicasting packets, HSRP sends its hello messages to the multicast address using UDP port 1985, to other HSRP-enabled routers, defining priority between the routers.The primary router with the highest configured priority will act as a virtual router with a pre-defined gateway IP and will respond to the ARP request from machines connected to the LAN with the mac address 0000.0c07.acXX where XX is the group ID in hex. If the primary router should fail, the router with the next-highest priority would take over the gateway IP and answer ARP requests with the same mac address, thus achieving transparent default gateway fail-over.

HSRP and VRRP are not routing protocols as they do not advertise IP routes or affect the routing table in any way.

HSRP and VRRP on some routers have the ability to trigger a failover if one or more interfaces on the router go down. This can be useful for dual branch routers each with a single serial link back to the head end. If the serial link of the primary router goes down, you would want the backup router to take over the primary functionality and thus retain connectivity to the head end.

Virtual Router Redundancy Protocol (VRRP). An open-standard alternative to Cisco’s HSRP, providing the same funcionality.designed to increase the availability of the default gateway servicing hosts on the same subnet. This increased reliability is achieved by advertising a “virtual router” (an abstract representation of master and backup routers acting as a group) as a default gateway to the host(s) instead of one physical router. Two or more physical routers are then configured to stand for the virtual router, with only one doing the actual routing at any given time. If the current physical router that is routing the data on behalf of the virtual router fails, an arrangement is made for another physical router to automatically replace it. The physical router that is currently forwarding data on behalf of the virtual router is called the master router. Physical routers standing by to take over from the master router in case something goes wrong are called backup routers.

A virtual router must use 00-00-5E-00-01-XX as its Media Access Control (MAC) address. The last byte of the address (XX) is the Virtual Router IDentifier (VRID), which is different for each virtual router in the network. This address is used by only one physical router at a time, and it will reply with this MAC address when an ARP request is sent for the virtual router’s IP address. Physical routers within the virtual router must communicate within themselves using packets with multicast IP address and IP protocol number 112.

Routers have a priority of between 1-255 and the router with the highest priority will become the master. When a planned withdrawal of a master router is to take place, its priority can be lowered which means a backup router will pre-empt the master router status rather than having to wait for the hold time to expire. This reduces the black hole period.

Gateway Load Balancing Protocol (GLBP). Supports arbitrary load balancing in addition to redundancy across gateways. It is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols by adding basic load balancing functionality.

In addition to being able to set priorities on different gateway routers, GLBP also allows a weighting parameter to be set. Based on this weighting (compared to others in the same virtual router group), ARP requests will be answered with MAC addresses pointing to different routers. Thus, load balancing is not based on traffic load, but rather on the number of hosts that will use each gateway router. By default GLBP load balances in round-robin fashion.

GLBP elects one AVG (Active Virtual Gateway) for each group. Other group members act as backup in case of AVG failure. In case there are more than two members, second best AVG is placed in the Standby state and all other members are placed in the Listening state. This is monitored using hello and holdtime timers, which are 3 and 10 seconds by default. The elected AVG then assigns a virtual MAC address to each member of the GLBP group, including itself, thus enabling AVFs (Active Virtual Forwarders). Each AVF assumes responsibility for forwarding packets sent to its virtual MAC address. There could be up to four active AVFs at the same time.

By default, GLBP routers use the local multicast address to send hello packets to their peers every 3 seconds over UDP 3222 (source and destination).