GLBP Concepts

GLBP Concepts

Posted on Jan 24, 2020 (0)

GLBP Concepts

GLBP: GLBP is Gateway Load balancing Protocol which provide the first hop redundancy along with multiple load balancing method for IP packets. It allows a group of routers to share IP traffic load on default gateway on LAN.

GLBP performs a similar function to the Hot Standby Redundancy Protocol (HSRP) and the Virtual Router Redundancy Protocol (VRRP) but with little difference.

In GLBP, It involves the two or more group of routers to acts as default gateway, these group of router has same virtual gateway IP address.

GLBP also provides load balancing method by multiple routers (gateways) using a single virtual IP address and multiple virtual MAC addresses.

GLBP load balances the traffic among all routers who are in a group instead of allowing a single router to handle the whole load while the other routers remain idle. You should configure each host with the same virtual IP address, and all routers in the virtual group participate in forwarding packets. GLBP members communicate between each other using periodic hello messages.

In GLBP to provide first hop redundancy and Load balancing, it uses following components:

  • AVG (Active Virtual Gateway)
  • AFG (Active Forwarded Gateway)

Active Virtual Gateway: Active Virtual Gateway is elected which has highest priority and if the priority is same then highest real IP address becomes the AVG. Once AVG is active it assigns a virtual MAC address to each member of the GLBP group and each member is the active virtual forwarder (AVF) for its assigned virtual MAC address, forwarding packets sent to its assigned virtual MAC address.

A member in a group can be in the active, standby, or listen state. GLBP uses a priority algorithm to elect one gateway as the AVG and elect another gateway as the standby virtual gateway. The remaining gateways go into the listen state.

The AVG also answers Address Resolution Protocol (ARP) requests for the virtual IP address. Load sharing is achieved when the AVG replies to the ARP requests with different virtual MAC addresses.

As soon as GLBP group member discovers the AVG by hello message, they request for virtual MAC address for same IP address acting as Gateway.

The AVG assigns the next MAC address based on the load-balancing algorithm selected. A gateway that is assigned with a virtual MAC address by the AVG is the primary virtual forwarder. The other members of the GLBP group that learn the virtual MAC addresses from hello messages are secondary virtual forwarders.

AFG (Active Forwarded Gateway)

In GLBP, As AVG redundancy is used same way AFG redundancy is done. If the AVF fails, a secondary virtual forwarder in the listen state assumes responsibility for the virtual MAC address. This secondary virtual forwarder is also a primary virtual forwarder for a different virtual MAC address. GLBP migrates hosts away from the old virtual MAC address of the failed AVF, using the following two timers:

  • Redirect timer—specifies the interval during which the AVG continues to redirect hosts to the old virtual MAC address. When the redirect time expires, the AVG stops using the old virtual MAC address in ARP replies, although the secondary virtual forwarder continues to forward packets that were sent to the old virtual MAC address.
  • Secondary hold timer—specifies the interval during which the virtual MAC address is valid. When the secondary hold time expires, GLBP removes the virtual MAC address from all gateways in the GLBP group and load balances the traffic over the remaining AVFs. The expired virtual MAC address becomes eligible for reassignment by the AVG.

GLBP Authentication

GLBP has three authentication types:

  • MD5 authentication
  • Plain text authentication
  • No authentication


TASKConfigure GLBP as per following topology.

  • Configure Po100 as trunk between N7K4-1 and N7K-4-2
  • Configure VLAN 100 with VIP
  • On N7K-4-1 configure Priority 200 and GLBP group 100 for VLAN 100
  • On N7K-4-2 configure Priority 100 and GLBP group 100 for VLAN 100
  • Use Authentication method Plain Text and key CCIE.
  • Configure N7K-4-1 with as secondary IP on Group 100 and on N7K-4-2


N7K-4-1(config) # vlan 100
N7K-4-1(config-vlan) #
N7K-4-1(config) # feature interface-vlan
N7K-4-1(config) # feature lacp
N7K-4-1(config) # feature glbp
N7K-4-1(config) #
N7K-4-1(config) # int eth1/9-10
N7K-4-1(config-if-range) # channel-group 100 mode active
N7K-4-1(config-if-range) # no shut
N7K-4-1(config) # int po100
N7K-4-1(config-if) # switchport mode trunk
N7K-4-1(config-if) # no shut
N7K-4-1(config) Interface Vlan100
N7K-4-1(config-if) No shutdown
N7K-4-1(config-if) Ip address
N7K-4-1(config-if) No shutdown
N7K-4-1(config) # int vlan 100
N7K-4-1(config-if) # glbp 100
N7K-4-1(config-if-glbp) # priority 200
N7K-4-1(config-if-glbp) # preempt
N7K-4-1(config-if-glbp) # ip
N7K-4-1(config-if-glbp) # authentication text CCIE
N7K-4-1(config-if-glbp) # no shut
N7K-4-1(config-if-glbp) # exit
N7K-4-1(config-if) # ip address secondary
N7K-4-1(config-if) # glbp 100
N7K-4-1(config-if-glbp) # ip secondary
Warning: address is not within a subnet on this interface
N7K-4-1(config-if-glbp) # no shut

N7K-4-2# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N7K-4-2(config) # vlan 100
N7K-4-2(config-vlan) #
N7K-4-2(config) # feature interface-vlan
N7K-4-2(config) # feature lacp
N7K-4-2(config) # feature glbp
N7K-4-2(config) # int eth1/9-10
N7K-4-2(config-if-range) # channel-group 100 mode active
N7K-4-2(config-if-range) # no shut
N7K-4-2(config-if-range) # exit
N7K-4-2(config) # int po100
N7K-4-2(config-if) # switchport mode trunk
N7K-4-2(config-if) # no shut
N7K-4-2(config) # int vlan 100
N7K-4-2(config-if) # ip address
N7K-4-2(config-if) # no shut
N7K-4-2(config) # feature glbp
N7K-4-2(config) # int vlan 100
N7K-4-2(config-if) # glbp 100
N7K-4-2(config-if-glbp) # preempt
N7K-4-2(config-if-glbp) # ip
N7K-4-2(config-if-glbp) # authentication text CCIE
N7K-4-2(config-if-glbp) # no shut
N7K-4-2(config-if-glbp) # exit
N7K-4-2(config-if) # ip address secondary
Disabling IP Redirects on Vlan100: secondary address configured.
N7K-4-2(config-if) # glbp 100
N7K-4-2(config-if-glbp) # ip secondary
Warning: address is not within a subnet on this interface
N7K-4-2(config-if-glbp) # no shut


In figure above N7K-4-1 is the AVG for a GLBP group and is responsible for the virtual IP address N7K-4-1   is also an AVF for the virtual MAC address 0026.980D.4142. N7K-4-2 is a member of the same GLBP group and is designated as the AVF for the virtual MAC address 0026.980D.3C42. HOST A has a default gateway IP address of, the virtual IP address, and a gateway MAC address of 0026.980D.4142 that points to N7K-4-1. HOST B shares the same default gateway IP address but receives the gateway MAC address 0026.980D.3C42 because N7K-4-2 is sharing the traffic load with N7K-4-1.


    You are will be the first.


Please login here to comment.