What is GLBP and why to use it?

Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol that attempts to overcome the limitations of existing redundant router protocols such as HSRP and VRRP by adding basic load balancing functionality. ARP requests sent by arp clients will be answered with MAC addresses pointing to different routers per GLBP load balancing configurations that can be deployed. Thus, by default, load balancing is not based on traffic load, but rather on the number of hosts that will use each gateway router. By default GLBP load balances in round-robin fashion.

In regards to using GLBP with dynamic routing protocols, routers do not use the virtual IP addresses of GLBP to form adjacencies. GLBP is designed to provide end-users devices and servers default gateway/router redundancy and load balancing. For instance, EIGRP neighbor relationship are not formed with the GLBP Virtual IP Address but with the physical interface IP address. As such if you are using GLBP in a active passive mode or with specific weighting along with a dynamic routing protocol you should ensure your routes prefer the applicable routers unless offline to avoid router issues.

In the network below there are a total of two routers, two end-user computers and one server. In the example below we will configure two GLBP groups, one for the LAN and one for the WAN network. Both R1 and R2 will be the gateways for the LAN and the WAN network by way of the round-robin load balancing protocol. This will make use of both routers to prevent network capacity from being underutilized. In the event of a router failure failover and failback must occur automatically. GLBP groups will also make use of authentication to prevent any rogue routers from interfering with GLBP operations.

Steps to configure GLBP

Step 1: Configure all applicable router interfaces on the routers R1 and R2, respectively.

R1(config)#interface FastEthernet0/0
R1(config)#ip address 1.1.1.1 255.255.255.248
!
R1(config)#interface FastEthernet0/1
R1(config)#ip address 10.1.0.1 255.255.255.0
R2(config)#interface FastEthernet0/0
R2(config)#ip address 1.1.1.2 255.255.255.248
!
R2(config)#interface FastEthernet0/1
R2(config)#ip address 10.1.0.2 255.255.255.0

Step 2: On Router R1 configure GLBP groups using the glbp command, set the group virtual IP and preempt. This will be repeated for both interfaces but each interface will participate in a separate GLBP group.

R1(config)#interface FastEthernet0/0
R1(config-if)#glbp 2 ip 1.1.1.3
R1(config-if)#glbp 2 preempt
!
R1(config)#interface FastEthernet0/1
R1(config-if)#glbp 1 ip 10.1.0.3
R1(config-if)#glbp 1 preempt

Step 3: On Router R2 configure a GLBP group using the glbp command, set the group virtual IP and preempt. This will be repeated for both interfaces but each interface again will participate in separate GLBP groups.

R2(config)#interface FastEthernet0/0
R2(config-if)#glbp 2 ip 1.1.1.3
R2(config-if)#glbp 2 preempt
!
R2(config)#interface FastEthernet0/1
R2(config-if)#glbp 1 ip 10.1.0.3
R2(config-if)#glbp 1 preempt

Step 4: Configure GLBP tracking and weighting on R1 to decrement the routers priority when it sees any interface down. This is important because if one interface on either side of the router is down any traffic coming into the router will be unable to reach the desired destination.

R1(config)#track 1 interface FastEthernet0/0 line-protocol
!
R1(config)#track 2 interface FastEthernet0/1 line-protocol
!
R1(config)#interface FastEthernet0/0
R1(config-if)#glbp 2 weighting 100 lower 91 upper 91
R1(config-if)#glbp 2 weighting track 1 decrement 10
R1(config-if)#glbp 2 weighting track 2 decrement 10
!
R1(config)#interface FastEthernet0/1
R1(config-if)#glbp 1 weighting 100 lower 91 upper 91
R1(config-if)#glbp 1 weighting track 1 decrement 10
R1(config-if)#glbp 1 weighting track 2 decrement 10

Step 5: Repeat the steps again to configure GLBP tracking on R2.

R2(config)#track 1 interface FastEthernet0/0 line-protocol
!
R2(config)#track 2 interface FastEthernet0/1 line-protocol
!
R2(config)#interface FastEthernet0/0
R2(config-if)#glbp 2 weighting 100 lower 91 upper 91
R2(config-if)#glbp 2 weighting track 1 decrement 10
R2(config-if)#glbp 2 weighting track 2 decrement 10
!
R2(config)#interface FastEthernet0/1
R2(config-if)#glbp 1 weighting 100 lower 91 upper 91
R2(config-if)#glbp 1 weighting track 1 decrement 10
R2(config-if)#glbp 1 weighting track 2 decrement 10

Step 6: Configure GLBP authentication on R1 to prevent any unintended routers from joining the GLBP groups and causing unexpected results.

R1(config)#key chain GLBP-Keychain1
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string glbp-password-here
!
R1(config)#interface FastEthernet0/0
R1(config-if)#glbp 2 authentication md5 key-chain GLBP-Keychain1
!
R1(config)#interface FastEthernet0/1
R1(config-if)#glbp 1 authentication md5 key-chain GLBP-Keychain1

Step 7: Repeat the steps again to configure GLBP authentication on R2.

R2(config)#key chain GLBP-Keychain1
R2(config-keychain)#key 1
R2(config-keychain-key)#key-string glbp-password-here
!
R2(config)#interface FastEthernet0/0
R2(config-if)#glbp 2 authentication md5 key-chain GLBP-Keychain1
!
R2(config)#interface FastEthernet0/1
R2(config-if)#glbp 1 authentication md5 key-chain GLBP-Keychain1

Verify the configuration

Now that the configuration is finished lets verify our GLBP deployment. Using the ping, traceroute and show ip route on PC1 we can verify connectivity, the path used to reach the destination and default gateway. You will find ping is successful from PC1 to Server and the path may be PC1 to R1 to Server or PC1 to R2 to Server depending on which router answered the arp request first.


On R1 issue the show glbp brief and show glbp commands to review the GLBP groups. This will confirm R1 and R2 are actively forwarding traffic for groups 1 and 2.


Now let's shutdown R1 and perform the same steps from PC1. As you can see everything functions the same with the only exception your default gateway, 10.1.0.3, is routed through the backup router R2 which is now the active GLBP router for groups 1 and 2.

For the last verification step we will test load balancing. Turn R1 back on and clear the arp cache on PC1 or PC2. Your default gateway, 10.1.0.3, will be routed again through R1. If you clear the arp cache a few more times and you will see your default gateway will be routed through R2 again. This is the round-robin load balancing policy in action.


Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Cisco Networking

BGP Load Sharing

What is load sharing and why to use it?Load balancing with BGP is not possible in a multihomed environment with two ISPs. BGP selects only the single best path to a destination among the BGP Read more…

Cisco Firewall

Configuring Dynamic Multipoint VPN and Zone Based Firewall

What is a Dynamic Multipoint VPN and why to use it?DMVPN provides the capability for creating a dynamic-mesh VPN network without having to pre-configure (static) all possible tunnel end-point peers, including IPsec (Internet Protocol Security) Read more…

Cisco Networking

Configuring Layer 2 MPLS VPN

What is a Layer 2 MPLS VPN and why to use it?Layer 2 VPNs are a type of Virtual Private Network (VPN) that uses MPLS labels to transport data. The communication occurs between routers that Read more…