• Active-active router redundancy using VARP

 
 
Print Friendly, PDF & Email

In most of Leaf-Spine deployments, redundancy in Spine layer is required to achieve high availability and to prevent network service disruption. Modern layer 2 networks adopted loop-free and balanced path networks using Multi Chassis Link Aggregation topologies with LACP port channels, leaving loop control methods (STP) as second protection layer.

Spines also supports layer 3 networks, using ECMP in a scalable network topology. For unicast redundancy in layer 3, a common method is use First Hop Router Redundancy (FHRR) to provide a simple and unique gateway for Leaf level. VRRP and HRSP are popular FHRR protocols and supported in most equipments today.

Although HSRP and VRRP provide redundancy, they are active-standby FHRR protocols and do not provide a balanced data traffic distribution over Multi Chassis Link Aggregated topologies.

The following figure show show data traffic is handled using active-standby FHRR protocol topology.

FHRR_Active-Standby

Figure 1: Active-Standby FHRR topology schema

L3 Anycast Gateway (a.k.a. vARP – Virtual ARP) provides better data traffic balancing and faster redundancy convergence, implementing active-active First Hop Router Redundancy to provide active/active unicast IP routing.

The following figure shows how data traffic passes through active-active FHRR protocol topology.

FHRR_Active-Active

Figure 2: Active-Active FHRR topology schema

The primary benefit of this design is that all configured routers are active and are able to perform routing. L3 Anycast Gateway also provides rapid failover in the event of a link or switch failure, while enabling the sharing of IP forwarding load between both switches. L3 Anycast Gateway requires configuring the same virtual-router IP address on the appropriate VLAN interfaces of both peers, as well as a global unique virtual-router MAC address. VARP functions by having both switches respond to ARP requests and GARP for a configured IP address with the “virtual-router” MAC address. This address is receive-only MAC address and no packet is ever sent with this address as its source. If IP routing is enabled, received packets will be routed as follows: when the DMAC of a packet destined to a remote network matches the configured “virtual-router” MAC address, each MLAG peer locally forwards the traffic to its next hop destination.

Below is an example configuration of L3 Anycast Gateway. The example uses 00:1c:73:00:00:99, which is a MAC address that will not occur naturally.

Switch1:

   Switch1(config)#interface vlan 10
   Switch1(config-if-Vl10)#ip address 10.10.10.2/24
   Switch1(config-if-Vl10)#ip virtual-router address 10.10.10.1

   Switch1(config-if-Vl10)#interface vlan 20
   Switch1(config-if-Vl20)#ip address 10.10.20.2/24
   Switch1(config-if-Vl20)#ip virtual-router address 10.10.20.1

   Switch1(config-if-Vl20)#exit
   Switch1(config)#ip virtual-router mac-address 00:1c:73:00:00:99

Switch2:

   Switch2(config)#interface vlan 10
   Switch2(config-if-Vl10)#ip address 10.10.10.3/24
   Switch2(config-if-Vl10)#ip virtual-router address 10.10.10.1

   Switch2(config-if-Vl10)#interface vlan 20
   Switch2(config-if-Vl20)#ip address 10.10.20.3/24
   Switch2(config-if-Vl20)#ip virtual-router address 10.10.20.1

   Switch2(config-if-Vl20)#exit
   Switch2(config)#ip virtual-router mac-address 00:1c:73:00:00:99

To sum up, vARP provides significant benefits over traditional FHRP protocols (e.g. VRRP, HSRP) with rapid fail-over and allowing all configured routers to perform routing.

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: