A comparison of virtual ip commands

The ‘ip virtual-router’ command

topology_ip_virtual_router

 Switch1:
   Switch1(config)#interface vlan 10
   Switch1(config-if-Vl10)#ip address 10.0.0.2/24
   Switch1(config-if-Vl10)#ip virtual-router address 10.0.0.1
   Switch1(config)#ip virtual-router mac-address 00:1c:73:00:00:99

Switch2:
   Switch2(config)#interface vlan 10
   Switch2(config-if-Vl10)#ip address 10.0.0.3/24
   Switch2(config-if-Vl10)#ip virtual-router address 10.0.0.1
   Switch2(config)#ip virtual-router mac-address 00:1c:73:00:00:99

The ‘ip virtual-router address’ command requires an IP address to be configured on the SVI where it is applied.

How does the host resolve ARP for the default gateway/vIP?

  • Gratuitous ARPs: Gratuitous ARPs are periodically sent from both switches which have VARP configured. In the gratuitous ARPs the configured vMAC is used as the Ethernet Source MAC. The ARP message  informs the host that Virtual IP is present at vMAC.
  • packet_1_1ARPing for VIP from host: Some hosts might not learn from GARPs or they might come up between the gratuitous ARP interval. The host will send out an ARP request for the virtual IP. The receiving switch will send out an ARP reply similar to the gratuitous ARP (unicast instead of broadcast).     

How do the switches resolve ARP for the host?

When one of the switches receive data to be routed to the host, the switch sends out an ARP request for the host from the interface IP address, not the virtual IP.

Example: Switch1 has to send data to the host, the switch will send out an ARP request in the format:

packet_1_2

 

The ‘ip virtual-router’ command with mask

topology_ip_virtual_router_mask

The ‘ip virtual-router address’ command with mask allows us to conserve IP  addresses which would usually be assigned to the SVI interface. With this command, we can assign dummy IPs (20.0.0.2, 20.0.0.3) to the SVI while retaining first hop redundancy for the 10.0.0.0/24 network.

Static route:  

Since the SVI IP belongs to a different subnet (20.0.0.0/24), we need a static route to point to the 10.0.0.0/24 subnet, via the SVI (interface vlan 10). This installs the 10.0.0.0/24 network in the routing table as a directly connected route.

 Switch1:
   Switch1(config)#interface vlan 10
   Switch1(config-if-Vl10)#ip address 20.0.0.2/24
   Switch1(config-if-Vl10)#ip virtual-router address 10.0.0.1/24
   Switch1(config)#ip virtual-router mac-address 00:1c:73:00:00:99
   Switch1(config)#ip route 10.0.0.0/24 vlan 10

Switch2:
   Switch2(config)#interface vlan 10
   Switch2(config-if-Vl10)#ip address 20.0.0.3/24
   Switch2(config-if-Vl10)#ip virtual-router address 10.0.0.1/24
   Switch2(config)#ip virtual-router mac-address 00:1c:73:00:00:99
   Switch1(config)#ip route 10.0.0.0/24 vlan 10

How does the host resolve ARP for the default gateway/vIP?

  • Gratuitous ARPs: Gratuitous ARPs are periodically sent from both switches which have VARP configured. In the gratuitous ARP, the configured vMAC is used as the Ethernet Source MAC. The ARP message informs the host that Virtual IP is present at vMAC.

packet_1_1

  • ARPing for VIP from host: Some hosts might not learn from Grat ARPs or they might come up between the gratuitous ARP interval. It will send out an ARP request for the virtual IP. The receiving switch will send out an ARP reply similar to the gratuitous ARP (unicast instead of broadcast).

How do the switches resolve ARP for the host?

When one of the switches receive data to be routed to the host, the switch sends out an ARP for the host sourced from the switch MAC address, but the ARP packet contains the virtual IP and MAC information.

Example: Switch1 has to send data to the host, the switch will send out an ARP request in the format:

packet_2_2

ARP sync

The host will learn the virtual IP and MAC from the ARP request and will reply to the same. Since the reply could be hashed to any one of the switches, ARP sync is enabled on the switches to allow both the switches in the MLAG pair to learn the host MAC.

Example: Switch 1 sends out the ARP request. Host replies to the ARP request, but the reply could get hashed to Switch2. In this case, Switch 2 consumes the ARP reply since it also possesses the vMAC. Switch2 then uses ARP sync to inform Switch1 about the host’s ARP information.

 

The ‘ip address virtual’ command

topology_ip_address_virtual

This command is generally used to conserve IP addresses in VXLAN deployments and can be used to provide an Anycast gateway.

 Switch1:
   Switch1(config)#interface vlan 10
   Switch1(config-if-Vl10)#ip address virtual 10.0.0.1/24
   Switch1(config)#ip virtual-router mac-address 00:1c:73:00:00:99

Switch2:
   Switch2(config)#interface vlan 10
   Switch2(config-if-Vl10)#ip address virtual 10.0.0.1/24
   Switch2(config)#ip virtual-router mac-address 00:1c:73:00:00:99

The ‘ip virtual-router address’ commands discussed above require an IP address to be configured on the SVI where it is applied. However, the ‘ip address virtual’ command does not require such an IP address to be configured.

How does the host resolve ARP for the default gateway/vIP?

   No gratuitous ARPs: There are no gratuitous ARPs generated by the switch when the ‘ip address virtual’ command is used.

  • To learn the vMAC, the host will send an ARP request for the virtual IP. The receiving switch will sent an ARP reply in the format:

packet_1_1

How do the switches resolve ARP for the host?

When one of the switches receive data to be routed to the host, the switch sends out an ARP for the host sourced from the vMAC and the ARP packet contains the virtual IP and MAC information.

Example: Switch1 has to send data to the host, the switch will send out an ARP request in the format:

topology_3_2

ARP sync

The host will learn the virtual IP and MAC from the ARP request and will reply to the same. Since the reply could be hashed to any one of the switches, ARP sync is enabled on the switches to allow both the switches in the MLAG pair to learn the host MAC.

Suggested reading

  1. Active-active router redundancy using VARP 
  2. Difference between”ip virtual-router address” and “ip address virtual” 
  3. VXLAN routing with MLAG