• Tag : varp


Best Practices for FHRP

trying to put together a best practices guide for the field. Let me know if i am wrong with these as they have been found in different sources VRRP should be used with non MLAG configurations VRRP or VARP(using the “ip virtual-router address” and “ip virtual-router mac-address”)  should be used with MLAG. Whats the subnet option used ofr and should it always be used for MLAG installs? anycast IP address (using the “in address virtual” and “ip virtual-router mac-address) should be used with VXLAN EVPN Direct Routing (Asymetrical IRB). However it also appears you can use the “ip virtual-router address”...
Continue reading →

Connected routes for VARP subnets

Description Virtual-ARP (VARP) allows multiple switches to simultaneously route packets from a common IP address in an active-active router configuration by configuring a virtual IP on an interface.  Source ARP with a virtual IP  is an existing feature where a virtual IP address may optionally be configured with a subnet.  When configured, all ARP request packets will use the virtual IP and MAC address in the ARP header for addresses that match a configured virtual subnet.  Prior to this feature, static routes needed to be configured to associate the virtual subnets with the local interfaces on which the virtual IP...
Continue reading →

attached-host routes and MLAG

I have been experimenting in our test environment with attached-host routes on a vxlan network. We have are using asymmetric IRB across our vxlan infrastructure as it is (for the moment at least) simple enough for this not to cause us an issue. We want to use attached-host to ensure that the correct pair of leaf switches are used for routing “southbound” traffic. In the production environment there will be 5 pairs of leaf switches which will be routing traffic for the edge vlan. Behind this vlan are ~50 nodes that are connected with MLAG to the pairs of (7060CX)...
Continue reading →

Can I configure VARP on port-channel subinterface of two 7500E switch?

Such as SW1interface Po10.100 encapsulation dot1q vlan 100 no switchport ip add ip virtual-router address!ip virtual-router mac-address 00:1c:73:00:00:99 SW2interface Po10.100 encapsulation dot1q vlan 100 no switchport ip add ip virtual-router address!ip virtual-router mac-address 00:1c:73:00:00:99  

A comparison of virtual ip commands

The ‘ip virtual-router’ command Switch1:   Switch1(config)#interface vlan 10   Switch1(config-if-Vl10)#ip address   Switch1(config-if-Vl10)#ip virtual-router address   Switch1(config)#ip virtual-router mac-address 00:1c:73:00:00:99 Switch2:   Switch2(config)#interface vlan 10   Switch2(config-if-Vl10)#ip address   Switch2(config-if-Vl10)#ip virtual-router address   Switch2(config)#ip virtual-router mac-address 00:1c:73:00:00:99 The ‘ip virtual-router address’ command requires an IP address to be configured on the SVI where it is applied. How does the host resolve ARP for the default gateway/vIP? Gratuitous ARPs: Gratuitous ARPs are periodically sent from both switches which have VARP configured. In the gratuitous ARPs the configured vMAC is used as the Ethernet Source MAC. The ARP message  informs the host that Virtual IP...
Continue reading →

VARP – IP router not configured with MLAG peer MAC address

Hi forum, I have configured VARP on four 7050QX with 4.16.6M using the following config: <pre>ip virtual-router mac-address 00:1c:73:00:00:99 interface vlan 999 ip address ip virtual-router address</pre> The virtual IP is pingable, but what does “IP router is not configured with Mlag peer MAC address” means in the output below? <pre>spine1(config)#sh ip virtual-router IP virtual router is configured with MAC address: 001c.7300.0099 IP router is not configured with Mlag peer MAC address MAC address advertisement interval: 30 seconds Protocol: U – Up, D – Down, T – Testing, UN – Unknown NP – Not Present, LLD – Lower...
Continue reading →

VARP not working on a VRF VLAN interface

I am running vEOS (4.14.5F) in a Lab environment and have set up a simple config of two switches connected via a single virtual hypervisor interface as an MLAG peer link. Each switch has 3 VLAN interfaces and I have configured VARP on them which works fine (show ip virtual-router displays all VARP links). When I place the VLAN interfaces into a VRF and add the ip address and ip virtual-router address back to the interface, VARP no longer works (show ip virtual-router displays an empty list). Below is a copy of the simple config for each switch I am...
Continue reading →

VARP Issue duplicate packets

I am trying to setup VARP in a test LAB and I am getting some weird results when I initiate a ping.  Currently I have MLAG configured between switches Spine-1 and Spine-2. Both interfaces on Switch1 are part of the MLAG on Spine-1 and Spine-2. On Spine-1 and Spine-2 I have SVI Vlan100 configured with VARP. The issue is when send a ping from Switch1 towards the virtual-router address which is I get a replies back but with duplicate packets. I understand that from VARP perspective both switches reply but how can I stop the duplicate packets? Below is...
Continue reading →

Active-active router redundancy using VARP

In most of Leaf-Spine deployments, redundancy in Spine layer is required to achieve high availability and to prevent network service disruption. Modern layer 2 networks adopted loop-free and balanced path networks using Multi Chassis Link Aggregation topologies with LACP port channels, leaving loop control methods (STP) as second protection layer. Spines also supports layer 3 networks, using ECMP in a scalable network topology. For unicast redundancy in layer 3, a common method is use First Hop Router Redundancy (FHRR) to provide a simple and unique gateway for Leaf level. VRRP and HRSP are popular FHRR protocols and supported in most...
Continue reading →


Get every new post on this blog delivered to your Inbox.

Join other followers: