Wired Intelligent Edge

The user guide for v10.03 says: If a system has active forwarding enabled, an active gateway can have a maximum of 14 "unique" MAC addresses per system, both IPv4 and IPv6 addresses are included in the count"

Here is the guide: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00075287en_us&docLocale=en_US

Does this mean each VLAN interface can have up to 14 unique MAC addresses like shown below? Or does it mean something else? Why would you have more than 1 unique MAC address anyway?

For example:

interface vlan 100

ip address 10.1.1.1/24

active-gateway ip 10.1.1.1 mac 00:00:00:00:01:00

active-gateway ip 10.1.1.1 mac 00:00:00:00:01:01

active-gateway ip 10.1.1.1 mac 00:00:00:00:01:02

active-gateway ip 10.1.1.1 mac 00:00:00:00:01:03

...and so on

I also found other documentation which shows the interface IP address being the same as the active gateway IP address on both switches. That's the same IP address in place 4 times, how does that not cause issues!! It shows:

- 10.0.0.1/24 on agg1 VLAN 3

- 10.0.0.1 on agg1 VLAN 3 active gateway

- 10.0.0.1/24 on agg2 VLAN 3

- 10.0.0.1 on agg2 VLAN 3 active gateway

That documentation is here - page 61 shows the configuration and page 62 shows the duplicated IP addresses on the diagram: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00075287en_us&docLocale=en_US

Hi, Active Gateway is a "super" VRRP (with Active/Active Mode)

and you need to use the same vMAC on different VSX to use Active Gateway.

There is a 16vMAC available (you can use the same vMAC on different vlan) but for specific case, you can need different vMAC

with 10.04, there is a secondary ip active gateway also avaiable

Hello,

Thank you for pointing an error in the documentation. The IP address can not be the same for the SVI (L3 VLAN interface) and for the active-gateway. On the VSX Best practices document it appears in a correct way: 

https://support.hpe.com/hpsc/doc/public/display?docId=a00094242en_us

For instance, 10.1.1.1 as VIP, but 10.1.1.2 as SVI (L3 VLAN intervace) address.

In most of the case, there is absolutely no need to have more than one Virtual MAC value in the VSX cluster configuration, as the scope of this Virtual MAC is link-local (no control-plane protocol uses this VMAC except ARP response).

However, some IT may have to connect systems/servers with multiple attachments (one leg in DMZ, one leg in intranet), and in such a case the system admin may prefer to have different MAC for next-hop router (so the capability on VSX to offer more than 1).

Hope this helps.

Thank you that guide is very helpful. 

Regarding this point: "If some servers or systems have dual-attachment to two different SVIs, and the system administrator would like to see distinct MAC addresses
for the next-hops over these separate interfaces, then 16 VMACs are available. For dual-stack IPv4 and IPv6, 16 VMACs can be used for IPv4
and the same VMACs can be used for IPv6. It is however a best practice to use only 8 VMACs for IPv4 and 8 different VMACs for IPV6"

Does this mean you can't have more than 16 unique virtual mac addresses on the entire switch? Or does it mean you can't have more than 16 unique virtual mac addresses per vlan interface?

You can use not use more of 16 virtual mac address on the switch but the same virtual mac address can be use on differents vlans