VxLAN and vPC Anycast VTEP
Problem with VXLAN and vPC:
- in a vPC both vPC peers duplicate EVPN MAC/IP routes to spine RRs
- with other attributes equal, one vPC peer is always preferred for dual attached hosts (based on the normal BGP Best path selection)
Result: egress traffic from vPC Member is load-balanced, but return ingress traffic is polarized
Solution: Anycast VTEP address – Loopback 0 ip address secondary, the same on both vPC peers:
conf t
interface Loopbak 0
ip address 1.1.1.111/32 secondary
BGP automatically sets the next-hop to the secondary IP address.
From the Spines (NXOS1 and NXOS2) and another leaf (NXOS7):
Note: In my lab, I even was not able to bring up vPC without a secondary IP address on the loopback interface. There was an inconsistency: “Configuration inconsistency reason: Secondary IP address does not match”, but the configuration on both switches was identical.
Distributed Anycast Layer 3 Gateway
The distributed IP anycast gateway allows you to configure the default gateway of a subnet across multiple Leafs using the same IP and MAC address.
NXOS3
conf t
fabric forwarding anycast-gateway-mac 1234.1234.1234
NXOS4
conf t
fabric forwarding anycast-gateway-mac 1234.1234.1234
No need the HSRP configuration
