Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Occasional Contributor I

Active-Gateways vs Active-Forwarding

Hi,

 

What is the best practise for when to use Active-Gateways and when to use Active-Forwarding as they are mutually exclusive.

 

For example: For a Data SVI, I would imagine using Active-Gateways would serve a better purpose due to it offering first hop redundancy. If true, you lose the active-forwarding feature, so I assume traffic will need to pass through the ISL. So when is it best to use Active-Gateways, and when is it best to use Active-Forwarding?

 

Many Thanks 

 

 


Accepted Solutions
Highlighted
MVP Guru

Re: Active-Gateways vs Active-Forwarding

Active-gateway is the default gateway Virtual IP for client subnet

whereas active-forwarding is an optional setting for upstream L3 connectivity in case of VSX LAG and transit VLANs. Active-Forwarding is useless on dowstream VSX LAG to access-switches

and as well as not an option for upstream Routed port. Only for VSX LAG upstream with transit VLANs.

Here is a summary.

 

View solution in original post


All Replies
Highlighted
MVP Guru

Re: Active-Gateways vs Active-Forwarding

Active-gateway is the default gateway Virtual IP for client subnet

whereas active-forwarding is an optional setting for upstream L3 connectivity in case of VSX LAG and transit VLANs. Active-Forwarding is useless on dowstream VSX LAG to access-switches

and as well as not an option for upstream Routed port. Only for VSX LAG upstream with transit VLANs.

Here is a summary.

 

View solution in original post

Highlighted
MVP

Re: Active-Gateways vs Active-Forwarding

This may give you an idea.

 

https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Aruba-8320-and-ArubaOS-CX-Experience/td-p/442723/page/4

 

 

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.


Ajay Kumar Ravipati
ACMA (V8) | ACMP (V8) | CCENT | CCNA (R&S) | PAN-OS 8.0 ACE
Highlighted
New Contributor

Re: Active-Gateways vs Active-Forwarding

Hi Vincent, 

 

I understand why you wouldnt use Active-Forwarding. I think what BC123 is trying to ask is "In what scenario would you want to use Active-Forwarding". 

 

IF you had a pair of 8325 (VSX), connected to two Firewalls running active-active then Active-Forwarding would make sense (there would be ECMP routes).

In our scenario we have a pair of 8325's (VSX) connecting to two Firewalls northbound in Active-Passive mode so I assume there would be no need for Active-Forwarding on the transit vlan, is this correct?

 

Thanks, 

Cole

Highlighted
Occasional Contributor I

Re: Active-Gateways vs Active-Forwarding

Hi Vincent, 

 

Just want to arrest your attention to the question raised by Cole, for learning purpose. I am not exactly in the same situation. Mine is two 8320 VSX nodes connected to one firewall. I understand the Active gateway concept; in my case, for my servers to only know about an active gateway IP address on the VSX as their default gateway. However, I am not sure of when it is necessary to apply active forwarding. 

 

I have read the technical whitepapers and/or documents but in all honesty, I still don't get it. 

Highlighted
MVP Guru

Re: Active-Gateways vs Active-Forwarding

The appendix E of the VSX tech.paper was added to cover FW use-case.

https://support.hpe.com/hpsc/doc/public/display?docId=a00094242en_us

 

If this is not enough, would this slide better explains:

 

In a nutshell, Active-gateway is set on L3 VLAN interface facing the server (provided the VSX pair does the routing).

For the FW attachement, due to active/standby model, it is likely you have to connect the VSX pair with a VSX LAG to FW active, and a seconda VSX LAG to the standby FW. Then you set a transit VLAN for routing on this VSX LAG. On this transit VLAN 2 options:

- active-forwarding if you use OSPF or BGP

- or simpler: active-gateway if you use static routing.

(it is not both, it is either).

 

 

Highlighted
Occasional Contributor I

Re: Active-Gateways vs Active-Forwarding

Thanks, Vincent for this info. Initially, I didn't notice the FW case scenario in the document. This makes sense now.

Highlighted
MVP Guru

Re: Active-Gateways vs Active-Forwarding

Good. Happy that this is clear for you and thanks for your exchange.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: