In most of Leaf-Spine deployments, redundancy in Spine layer is required to achieve high availability and to prevent network service disruption. Modern layer 2 networks adopted loop-free and balanced path networks using Multi Chassis Link Aggregation topologies with LACP port channels, leaving loop control methods (STP) as second protection layer.
Spines also supports layer 3 networks, using ECMP in a scalable network topology. For unicast redundancy in layer 3, a common method is use First Hop Router Redundancy (FHRR) to provide a simple and unique gateway for Leaf level. VRRP and HRSP are popular FHRR protocols and supported in most equipments today.
Although HSRP and VRRP provide redundancy, they are active-standby FHRR protocols and do not provide a balanced data traffic distribution over Multi Chassis Link Aggregated topologies.
The following figure show show data traffic is handled using active-standby FHRR protocol topology.
Figure 1: Active-Standby FHRR topology schema
L3 Anycast Gateway (a.k.a. vARP – Virtual ARP) provides better data traffic balancing and faster redundancy convergence, implementing active-active First Hop Router Redundancy to provide active/active unicast IP routing.
The following figure shows how data traffic passes through active-active FHRR protocol topology.
Figure 2: Active-Active FHRR topology schema
The primary benefit of this design is that all configured routers are active and are able to perform routing. L3 Anycast Gateway also provides rapid failover in the event of a link or switch failure, while enabling the sharing of IP forwarding load between both switches. L3 Anycast Gateway requires configuring the same virtual-router IP address on the appropriate VLAN interfaces of both peers, as well as a global unique virtual-router MAC address. VARP functions by having both switches respond to ARP requests and GARP for a configured IP address with the “virtual-router” MAC address. This address is receive-only MAC address and no packet is ever sent with this address as its source. If IP routing is enabled, received packets will be routed as follows: when the DMAC of a packet destined to a remote network matches the configured “virtual-router” MAC address, each MLAG peer locally forwards the traffic to its next hop destination.
Below is an example configuration of L3 Anycast Gateway. The example uses 00:1c:73:00:00:99, which is a MAC address that will not occur naturally.
Switch1: Switch1(config)#interface vlan 10 Switch1(config-if-Vl10)#ip address 10.10.10.2/24 Switch1(config-if-Vl10)#ip virtual-router address 10.10.10.1 Switch1(config-if-Vl10)#interface vlan 20 Switch1(config-if-Vl20)#ip address 10.10.20.2/24 Switch1(config-if-Vl20)#ip virtual-router address 10.10.20.1 Switch1(config-if-Vl20)#exit Switch1(config)#ip virtual-router mac-address 00:1c:73:00:00:99 Switch2: Switch2(config)#interface vlan 10 Switch2(config-if-Vl10)#ip address 10.10.10.3/24 Switch2(config-if-Vl10)#ip virtual-router address 10.10.10.1 Switch2(config-if-Vl10)#interface vlan 20 Switch2(config-if-Vl20)#ip address 10.10.20.3/24 Switch2(config-if-Vl20)#ip virtual-router address 10.10.20.1 Switch2(config-if-Vl20)#exit Switch2(config)#ip virtual-router mac-address 00:1c:73:00:00:99
To sum up, vARP provides significant benefits over traditional FHRP protocols (e.g. VRRP, HSRP) with rapid fail-over and allowing all configured routers to perform routing.