Wired Intelligent Edge

 View Only
  • 1.  Active-Gateways vs Active-Forwarding

    Posted Oct 04, 2019 05:26 AM

    Hi,

     

    What is the best practise for when to use Active-Gateways and when to use Active-Forwarding as they are mutually exclusive.

     

    For example: For a Data SVI, I would imagine using Active-Gateways would serve a better purpose due to it offering first hop redundancy. If true, you lose the active-forwarding feature, so I assume traffic will need to pass through the ISL. So when is it best to use Active-Gateways, and when is it best to use Active-Forwarding?

     

    Many Thanks 

     

     


    #8325


  • 2.  RE: Active-Gateways vs Active-Forwarding
    Best Answer

    Posted Oct 04, 2019 05:35 AM
      |   view attached

    Active-gateway is the default gateway Virtual IP for client subnet

    whereas active-forwarding is an optional setting for upstream L3 connectivity in case of VSX LAG and transit VLANs. Active-Forwarding is useless on dowstream VSX LAG to access-switches

    and as well as not an option for upstream Routed port. Only for VSX LAG upstream with transit VLANs.

    Here is a summary.

     



  • 3.  RE: Active-Gateways vs Active-Forwarding

    Posted Oct 04, 2019 06:26 AM

    Hi Vincent, 

     

    I understand why you wouldnt use Active-Forwarding. I think what BC123 is trying to ask is "In what scenario would you want to use Active-Forwarding". 

     

    IF you had a pair of 8325 (VSX), connected to two Firewalls running active-active then Active-Forwarding would make sense (there would be ECMP routes).

    In our scenario we have a pair of 8325's (VSX) connecting to two Firewalls northbound in Active-Passive mode so I assume there would be no need for Active-Forwarding on the transit vlan, is this correct?

     

    Thanks, 

    Cole



  • 4.  RE: Active-Gateways vs Active-Forwarding

    Posted Jun 06, 2020 10:28 PM

    Hi Vincent, 

     

    Just want to arrest your attention to the question raised by Cole, for learning purpose. I am not exactly in the same situation. Mine is two 8320 VSX nodes connected to one firewall. I understand the Active gateway concept; in my case, for my servers to only know about an active gateway IP address on the VSX as their default gateway. However, I am not sure of when it is necessary to apply active forwarding. 

     

    I have read the technical whitepapers and/or documents but in all honesty, I still don't get it. 



  • 5.  RE: Active-Gateways vs Active-Forwarding

    Posted Jun 08, 2020 04:48 AM
      |   view attached

    The appendix E of the VSX tech.paper was added to cover FW use-case.

    https://support.hpe.com/hpsc/doc/public/display?docId=a00094242en_us

     

    If this is not enough, would this slide better explains:

     

    In a nutshell, Active-gateway is set on L3 VLAN interface facing the server (provided the VSX pair does the routing).

    For the FW attachement, due to active/standby model, it is likely you have to connect the VSX pair with a VSX LAG to FW active, and a seconda VSX LAG to the standby FW. Then you set a transit VLAN for routing on this VSX LAG. On this transit VLAN 2 options:

    - active-forwarding if you use OSPF or BGP

    - or simpler: active-gateway if you use static routing.

    (it is not both, it is either).

     

     



  • 6.  RE: Active-Gateways vs Active-Forwarding

    Posted Jun 09, 2020 01:00 AM

    Thanks, Vincent for this info. Initially, I didn't notice the FW case scenario in the document. This makes sense now.



  • 7.  RE: Active-Gateways vs Active-Forwarding

    Posted Jun 09, 2020 03:33 AM

    Good. Happy that this is clear for you and thanks for your exchange.



  • 8.  RE: Active-Gateways vs Active-Forwarding

    Posted Oct 04, 2019 05:42 AM

    This may give you an idea.

     

    https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Aruba-8320-and-ArubaOS-CX-Experience/td-p/442723/page/4

     

     

    --Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
    --Problem Solved? Click "Accepted Solution" in a post.