This post is a discussion about how OSPF neighbour can be connected to VSX pair and how VSX Active forwarding will resolve the suboptimal forwarding.
An OSPF neighbour of a VSX pair can be connected in various way.,
Using routed ports is the most convenient method, but in that case only 1 VRF can be active on the port.
When multiple VRFs are required between the routers, VLAN interface needs to be used to transport multiple SVI contexts over the same physical port.
OSPF Related Config:
6300F Switch Config
vlan trunk native 1
vlan trunk allowed 41
vlan trunk allowed 42
interface vlan 41
ip address 10.5.41.4/24
ip ospf 1 area 0.0.0.0
interface vlan 42
ip address 10.5.42.4/24
interface loopback 0
ip address 10.5.0.4/32
router ospf 1
ip address 10.5.41.2/24
ip address 10.5.0.2/32
ip address 10.5.42.3/24
ip address 10.5.0.3/32
Verifying OSPF Neighbour:
Since every VRF would require a unique VLAN and subnet for each port, VSX also supports connecting OSPF peers over a Layer2 LAG with multiple VLAN interfaces. This reduces the number of VLAN interfaces that are required.
The administrator should note that instead of point to point connections, the transit network become an OSPF broadcast network with 3 routers on the subnet: VSX primary, VSX secondary and the peer router.
interface gigabitethernet 0/0/16
trusted vlan 1-4094
lacp group 5 mode active
interface gigabitethernet 0/0/17
interface port-channel 5
switchport mode trunk
switchport trunk allowed vlan 1,11,40
interface vlan 40
ip address 10.5.40.6 255.255.255.0
ip ospf area 0.0.0.0
router ospf area 0.0.0.0
interface lag 5 multi-chassis
vlan trunk allowed 1,11,40
lacp mode active
ip address 10.5.40.2/24
ip address 10.5.40.3/24
Understanding the need for Active Forwarding:
Two VSX systems (Primary and Secondary) should have the same routing table information.
We have an even and odd IP as source (Lo0 - 10.5.0.4 and 10.5.0.7), to force a hashing difference. Some traffic that may be destined to VSX Primary may be sent to the VSX secondary due to the LAG HASH.
If you ping from source to destination and you saw the ping packets on both Agg1 and Agg2, it means that the traffic is redirected to the other VSX node. The destination MAC of the ICMP packet will not match 1 of the 2 switches (Agg1, Agg2), so that switch will forward the traffic over the ISL. The VSX Active forwarding will resolve the suboptimal forwarding.
Disable ICMP redirect and enable Active forwarding. Once Active forwarding is enabled locally on both the Agg1 and Agg2, MAC and IP of the neighbour system are learnt and will be programmed in the ASIC for local routing.
no ip icmp redirect
So now if you ping from both the even and odd source IP address, you will find that the traffic is routed locally by each Aggregation switch. (Only for the SVI where active forwarding was enabled). The destination MAC address of the ICMP packet will still be the other switch MAC address, but now it is handled by the local switch.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.