View Only
last person joined: yesterday 

Expand all | Collapse all

VSX keepalive: routing in vrf necessary?

This thread has been viewed 10 times
  • 1.  VSX keepalive: routing in vrf necessary?

    Posted Aug 02, 2022 05:14 PM
    I have several pairs of 8325 32C switches for which I refuse to waste a 100Gbps port on a keepalive.  As such I want to route it up through my upstream spine.  The problem I'm having is the keepalive vrf.  I have to route the global table up through the spine switches and evidently I can't configure subinterfaces on the routed ports.

    I could change the routed ports between the spine and my VSX switches to L2 and route between SVI.  Is that really my only option?  That or upgrade to 10.10 and use the mgmt port?

    What is the danger of leaving the keepalive in the global vrf?  It is all underlay routing, no servers or users in global.

  • 2.  RE: VSX keepalive: routing in vrf necessary?

    Posted Aug 03, 2022 10:26 PM

    From the VSX best practice Appendix D - VSX keepalive over upstream L3 Core nodes.  This uses the default VRF not the KA VRF.

    DownloadDocumentFile.ashx (arubanetworks.com)

    I will be interested to know if this works as I will face the same issue and agree with you I wouldn't want to use a 100G port for a keepalive.



  • 3.  RE: VSX keepalive: routing in vrf necessary?

    Posted Aug 10, 2022 04:15 AM

    A dedicated VRF was a best practice to secure operations of VSX keepalive, but not mandatory. As Matt pointed out the VSX UDP keepalive over the upstream L3 core network is perfectly fine and supported.
    Something that might help: since AOS-CX 10.10, VSX keepalive over OOBM (mgmt) port is supported. So, no need for dedicated port for keepalive.
    This will be part of updated best practices (when out-of-band management network is available).