Cisco / Data Center

Cisco NX-OS: VXLAN – vPC – Anycast

December 3, 2019

VxLAN and vPC Anycast VTEP

Problem with VXLAN and vPC:

  • in a vPC both vPC peers duplicate EVPN MAC/IP routes to spine RRs
  • with other attributes equal, one vPC peer is always preferred for dual attached hosts (based on the normal BGP Best path selection)

Result: egress traffic from vPC Member is load-balanced, but return ingress traffic is polarized

 

Solution: Anycast VTEP address – Loopback 0 ip address secondary, the same on both vPC peers:

conf t
interface Loopbak 0
    ip address 1.1.1.111/32 secondary

BGP automatically sets the next-hop to the secondary IP address.

From the Spines (NXOS1 and NXOS2) and another leaf (NXOS7):

Note: In my lab, I even was not able to bring up vPC without a secondary IP address on the loopback interface. There was an inconsistency: “Configuration inconsistency reason: Secondary IP address does not match”, but the configuration on both switches was identical.

Distributed Anycast Layer 3 Gateway

The distributed IP anycast gateway allows you to configure the default gateway of a subnet across multiple Leafs using the same IP and MAC address.

NXOS3

conf t

fabric forwarding anycast-gateway-mac 1234.1234.1234

interface Vlan10
    no shutdown
    vrf member CUSTOMER1
    ip address 10.10.10.1/24
    fabric forwarding mode anycast-gateway
 

NXOS4

conf t

fabric forwarding anycast-gateway-mac 1234.1234.1234

interface Vlan10
    no shutdown
    vrf member CUSTOMER1
    ip address 10.10.10.1/24
    fabric forwarding mode anycast-gateway
 

No need the HSRP configuration

Tags:

Share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to DG