Wired Intelligent Edge (Campus Switching and Routing)

Reply
Occasional Contributor I

Re: Inter-connecting 4 x 8320


@fefa2k wrote:

Then you should follow Vincents solution. Two VSX pairs interconnected with a single VSX LAG and active gateway configured on all 8320s sharing virtual mac and virtual IPs.

 

 


How would two VSX pairs share an active gateway configuration? 

Re: Inter-connecting 4 x 8320

Reminder: active-gateway is "just" a way to acheive an ARP response for downstream clients. There is no protocol. So having 2 or 3 or 4 devices

sharing the same VIP/VMAC does not have any downside beside multiple ARP responses. You may think or not filtering these ARP between VSX pairs. I'm not sure it is worth the effort considering the very little amount of traffic for ARP responses.

real IP of the same SVI extended between DCs must be of course different.

Say VSX pair 1 with CX1 & CX2. VSX pair 2 with CX3 and CX4.

Consider interface vlan 10

same active-gateway configuration on CX1, CX2, CX3, CX4.

Real IP on CX1: a.b.c.2, on CX2: a.b.c.3, on CX3: a.b.c.4, on CX4: a.b.c.5

Note that it provides active-active DC for outbound traffic (this is fine for DR/backup).

Occasional Contributor I

Re: Inter-connecting 4 x 8320

Thanks Vincent. This is what I was looking for. The VSX guide does not read this way. I'll reply again tomorrow evening after some testing.

 

To summarise ...

 

- Interconnect between VSX clusters is VSX LAG (multi-chassis lag) on both sides

- Identical active gateway config on all four switches

- acl should not be necessary on the interconnect

 


@vincent.giles wrote:

Reminder: active-gateway is "just" a way to acheive an ARP response for downstream clients. There is no protocol. So having 2 or 3 or 4 devices

sharing the same VIP/VMAC does not have any downside beside multiple ARP responses. You may think or not filtering these ARP between VSX pairs. I'm not sure it is worth the effort considering the very little amount of traffic for ARP responses.

real IP of the same SVI extended between DCs must be of course different.

Say VSX pair 1 with CX1 & CX2. VSX pair 2 with CX3 and CX4.

Consider interface vlan 10

same active-gateway configuration on CX1, CX2, CX3, CX4.

Real IP on CX1: a.b.c.2, on CX2: a.b.c.3, on CX3: a.b.c.4, on CX4: a.b.c.5

Note that it provides active-active DC for outbound traffic (this is fine for DR/backup).


 

 

Occasional Contributor I

Re: Inter-connecting 4 x 8320

Just want to thank everyone for their input here.

 

Originally I thought I was going to be forced in to one of the workaround scnearios I dicussed here because I was told by HPE locally that I could not have the same active gateway on 2 VSX pairs. Vincent set me on the right path and then about 9 hours later I received an Email with this from HPE global.

 

Apparently the below will be included in the 10.02 VSX guide.

 

Capture.PNG

Contributor I

Re: Inter-connecting 4 x 8320

Hey burgess,

 

Vincent can correct me if I'm wrong but I think you can already do that on version 10.01. As it was stated before, AGW has no protocol, as soon as a packet arrives to an AGW of any switch it will be forwarded so you don't need to wait for 10.02 release.

 

Cheers,

 

Aarón

Occasional Contributor I

Re: Inter-connecting 4 x 8320


@fefa2k wrote:

Hey burgess,

 

Vincent can correct me if I'm wrong but I think you can already do that on version 10.01. As it was stated before, AGW has no protocol, as soon as a packet arrives to an AGW of any switch it will be forwarded so you don't need to wait for 10.02 release.

 

Cheers,

 

Aarón


Yeah - I configured it today on 10.01 and it is all working well. What I mean is that HPE have told me that this diagram will be included in the 10.02 version of the doc.

Occasional Contributor I

Re: Inter-connecting 4 x 8320

Gents, awsome topic! i'm implementing option 1 at the moment.

but does someone know if there is a workaround for the "Maximum 16 VMACs can be configured" limitation?

 

Re: Inter-connecting 4 x 8320

The 16 VMACs is really to address very niche cases like dual-homed L3 subnet for servers for instance (having one default-route on one NIC and a specific set of route on the second NIC).

You recommend to use a unique VMAC value that is very intuitive for the network support team to identify: something like 00:00:00:00:01:01 for instance. Associated IPV4 VMAC and IPV6 VMAC must be different (in case you use v6 as well).

Remember this VMAC is always local to the SVI and no traffic is sourced from that VMAC besides ARP response and periodic hello broadcast to refresh MAC table of peer switches.

Occasional Contributor I

Re: Inter-connecting 4 x 8320

I think what Vincent is saying is that one VMAC for multiple active-gateway interfaces is fine ... other than in the dual homed situation he mentioned.

 

For my implementation I used the same VMAC for 40+ active-gateway interfaces, but used a different VMAC for anything on the same L2 interface as a routed firewall interface. We have some systems which need to be dual homed into the "LAN" and also with static routes to the DMZ. 

Highlighted
New Contributor

Re: Inter-connecting 4 x 8320

I would also go with option 1 with one caviat. VSX failover is close to hitless (<0.5 seconds - https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/8320-VSF/m-p/441062/highlight/true#M3552), but does pause all flows momentarily. Depending on what is connecting to it this may or may not be an issue.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: