Wired Intelligent Edge

 View Only
  • 1.  Same active-gateway on 2 VSX Clusters

    Posted Aug 11, 2021 11:16 AM
    Hi,

    I've inherited a network where there are 2 separate VSX clusters (using 8320s) that are both on the same LAN fibre ring.

    One cluster is configured as the 'live' cluster routing traffic to the WAN, with the other cluster intended to be used in a disaster recovery situation should the 'live' cluster fail (it has a point-to-point link to a secondary site). The DR cluster is also an active member of the LAN network.

    Looking at the config, I can see that the VLAN serving our clients has been configured with the same active gateway IP and MAC on both VSX clusters.
    For example:

    CLUSTER1-SWI-1:
    interface vlan10
    vsx-sync active-gateways
    description CLIENTS
    ip address 10.1.10.1/24
    active-gateway ip 10.1.10.5 mac 00:00:00:00:10:05

    CLUSTER1-SWI-2:
    interface vlan10
    vsx-sync active-gateways
    description CLIENTS
    ip address 10.1.10.2/24
    active-gateway ip 10.1.10.5 mac 00:00:00:00:10:05

    CLUSTER2-SWI-1:
    interface vlan10
    vsx-sync active-gateways
    description CLIENTS
    ip address 10.1.10.3/24
    active-gateway ip 10.1.10.5 mac 00:00:00:00:10:05

    CLUSTER2-SWI-2:
    interface vlan10
    vsx-sync active-gateways
    description CLIENTS
    ip address 10.1.10.4/24
    active-gateway ip 10.1.10.5 mac 00:00:00:00:10:05

    My question is does this configuration meet best practices when it comes to VSX active gateways? Or should active-gateway IPs and MACs be only used once on 1 VSX cluster? And therefore the second VSX cluster should be re-configured?

    I think the idea was that this could be a way of creating a failover for a gateway IP address if one cluster fails but I'm unsure if this might cause issues on the network. (I'm not currently seeing any issues as it is.) 

    Thanks for your help.

    ------------------------------
    Adam Bishop
    ------------------------------


  • 2.  RE: Same active-gateway on 2 VSX Clusters
    Best Answer

    Posted Aug 12, 2021 05:32 AM
    Hi,
    Here is the VSX configuration best practices guide.

    https://support.hpe.com/hpesc/public/docDisplay?docId=a00094242en_us

    Starting with page 106 you can find Appendix F VLAN extension between 2 VSX clusters. This seems to be matching your scenario. You can find here more information about the pros and cons.

    ------------------------------
    Emil Gogushev
    ------------------------------



  • 3.  RE: Same active-gateway on 2 VSX Clusters

    Posted Aug 12, 2021 07:31 AM
    Thankyou, that's very helpful.

    ------------------------------
    Adam Bishop
    ------------------------------



  • 4.  RE: Same active-gateway on 2 VSX Clusters

    Posted Aug 12, 2021 01:09 PM
    Edited by parnassus Aug 12, 2021 02:13 PM
    Curious to understand if, given what is exposed in the VSX Best Practice (extended L2 between VSX clusters hosted at different sites), the VSX System MAC addresses were kept differentiaded (thus are uniques) while the Virtual MAC Addresses were kept equal.

    ------------------------------
    Davide Poletto
    ------------------------------



  • 5.  RE: Same active-gateway on 2 VSX Clusters

    Posted Aug 13, 2021 03:45 AM
    Hi Davide,
    These are 2 different concepts. The system-MAC is unique to a VSX cluster, it can not be shared with an other cluster as this is used for LACPDU bridge-ID. The active-gateway VIP/VMAC is an anycast IP/MAC that can be shared in specific back-to-back VSX topology. This is just ARPing with same MAC, and can be shared between these 2 VSX clusters, and specifically for VLAN stretching between 2 DC: MUST be shared.

    ------------------------------
    Vincent Giles
    ------------------------------