4/09/2018

FHRP/GLBP vs VRRP vs VARP

Reference links:
1. Active-Active by using VARP - "ip virtual address x.x.x.x" w/o mask
  • Arista recommends VARP, which is Active-Active Redundancy
  • HSRP and VRRP是Active-Standby Redundancy
    • Host发送数据包,如果hash到VRRP slave/HSRP standby,是不处理的,而是bridge到对方,这个是MLAG里面最不希望的情况,就是数据走PeerLink
    • 如果想Active-Active,客户必须手工分配Vlan和Master,比较烦
  • Configuration is quite simple:
ip virtual mac-address feed:dead:beef
interface vlan 101
  ip address 10.10.10.2/24
  ip virtual address 10.10.10.1
2. Comparison of virtual ip commands
  • Summary:
    • MLAG/"ip virtual addr x.x.x.x": 
      • when sending ARP requests to dstHost, it uses its own eth hw MAC!! 
      • so ARP Resonse肯定回到Sender, 即使ARP Response hash到另外一个Peer, eth hw is booked peerLink. 
    • VXLAN+MLAG/"ip addr virtual x.x.x.x"
      • uses vMAC in the ARP requests to dstHost;
      • so need ARP sync between mlag peers. 
  • "ip virtual addr x.x.x.x/24" vs "ip addr virtual x.x.x.x/24"
    • "ip addr virtual" for VXLAN anycast
    • "ip airtual addr" for non-VXLAN MLAG, 看上面
  • "ip virtual address <vip>/mask", 无论有没有mask,必须有phy IP. 
  • vlan - "ip virtual address 10.10.10.1" + global - "ip virtual mac aa:bb:cc"
    • 标准的VARP config
    • host resolves GW
      • GARP: dMac=ff:ff:ff | sMAC=aa:bb:cc | sndHw=aa:bb:cc | sndIP = vip,10.10.10.1
      • 关键是vMAC aa:bb:cc hosts vIP
      • ARP reply: 如何一个收到Arp req 的router都可以返回, dMac = hostMAC, 其他和上面一样
    • GW resolves host:
      • ARP request: dMAC=ff:ff:ff | sMAC = swMAC | sndHW = swMAC | sndIP = phyIP, 不是vIP
      • 所以会有mlag-peer的问题? 
      • 不需要ARP sync, 因为sndHW = swMAC?
  • vlan - "ip virtual address 10.10.10.1/24" + global - "ip virtual mac aa:bb:cc"
    • 注意是有network mask. 而且phy ip 和 vip不是一个网段
    • 还要增加一个static route - "ip route 10.10.10.0/24 vlan 100"
      • 为了节省phy ip, 如果一个vlan across 100 vtep/mlag, 200 phy ip 就被用掉了。
    • host resolves GW:
      • GARP/ARP和前面一样
    • GW resolves host:
      • ARP req: dMAC=allFF | sMAC = swMAC | sndHW = vMAC | sndIP = vIP
      • 需要ARP sync, 因为sndHW = vMAC, sw2收到应该sw1的ARP reply,也吃了因为是vMAC?
  • vlan - "ip address virtual 10.10.10.1/24" + global - "ip virtual mac aa:bb:cc"
    • 不需要phy IP under vlan
    • 专门为VXLAN, = Anycast Gateway
    • host resolves GW:
      • 没有GARP,为啥?
      • 只能是ARP reply, 里面全virtual, srcMAC = vMAC | sndHW = vMAC | sndIP = vIP
    • GW resolves host:
      • 也一样,全是vritual address
      • 需要ARP sync
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)