trying to put together a best practices guide for the field. Let me know if i am wrong with these as they have been found in different sources
VRRP should be used with non MLAG configurations
VRRP or VARP(using the “ip virtual-router address” and “ip virtual-router mac-address”) should be used with MLAG. Whats the subnet option used ofr and should it always be used for MLAG installs?
anycast IP address (using the “in address virtual” and “ip virtual-router mac-address) should be used with VXLAN EVPN Direct Routing (Asymetrical IRB). However it also appears you can use the “ip virtual-router address” command you just need secondary IPs in the SVI’s
anycast IP address (using the “in address virtual” and “ip virtual-router mac-address) should be used with VXLAN EVPN INDirect Routing (symmetrical IRB).
Thank you for posting your query on the EOSC forum. Please find my responses as follows:
1. VRRP is best suited for non-MLAG setups.
2. VARP is recommended (best suited) for MLAG setups. Since VRRP is "Active/Standby", it does not provide balanced data traffic distribution over Multi Chassis Link Aggregated topologies. Whereas, VARP is "Active/Active" provides better data traffic balancing and faster redundancy convergence, implementing active-active First Hop Router Redundancy to provide active/active unicast IP routing.
The primary benefit of this design is that all configured routers are active and are able to perform routing. L3 Anycast Gateway also provides rapid failover in the event of a link or switch failure, while enabling the sharing of IP forwarding load between both switches.
You can refer to the following articles, that talk about VARP & its use cases.
3. The subnet option (also called as Source ARP with virtual IP) is a special feature of VARP. The purpose of this feature is to change the ARP request headerâs source IP and source MAC address to the virtual IP and virtual MAC addresses.
This change occurs for all the ARP request packets originating from the router that match a configured virtual subnet. The VARP MAC address is used as the source MAC address, while the virtual IP address is based on the interface on which the packet goes out.
The subnet option is associated with VARP and is usually used with MLAG. Please refer to the following articles, that explains in detail about the feature.
4. With respect to virtual IP configurations, we have two types :
# ip virtual-router address <x.x.x.x>
# ip address virtual <x.x.x.x/x>
Both needs a virtual Mac to be configured using the command "ip virtual-router mac-address <aaaa.bbbb.cccc>"
The difference between them is that "ip address virtual" does not need a physical IP to be configured under the interface and hence we can conserve IP address space. In a configuration model using VARP with "ip virtual-router address", it would result in each leaf node consuming an IP address within the overlay subnet in addition to the shared Anycast gateway IP address.
When an interface is configured with the âip address virtualâ option, a virtual IP address is assigned without the need to configure a physical IP address on the interface. With the âip address virtualâ representing the default gateway for the subnet and shared across all leafs, only a single IP address is consumed for each subnet, rather than an IP address per leaf node.
5. For your questions regarding the usage of Virtual IPs in VxLAN & EVPN scenarios, "ip virtual-router address" is generally recommended for non-VxLAN / EVPN scenarios , while "ip address virtual" is specific to a VXLAN / EVPN routing deployment and is used to conserve IP address space.
Apart from the IP address con consumption, there is no harm in using "ip virtual-router address" for small scale VxLAN scenarios, but with EVPN as control plane, the supported anycast gateway option is âip address virtualâ.
For supporting multicast, PIM adjacency needs real IP on the SVI. So, overlay anycast would have to be with VARP (ip virtual-router address).
You can also refer to the following articles / forum link for understanding the difference between the virtual IPs and the need for vVTEP IP in a Vxlan environment.
I hope the above information helps. Please feel free to reach out to firstname.lastname@example.org for troubleshooting any issues and alternatively you can reach out to your Arista Accounts team for design related recommendations.
Thank you that exactly what i expected so im on the right track.
Post your Answer
You must be logged in to post an answer.