9/12/2018

FHRP, VRRP and VARP

VARP (Z636)
  • "ip virtual mac <mac>" 
    • = treat <mac> as own mac;
    • 和MLAG合用=poor-man's VRRP,
    • 好处是active-active,
    • 坏处是static ARP on neighbor hosts,为啥坏啊?
  • 如果SVI有"ip virtual addr"
    • respond ARP req for vIP + vMAC, 但是srcMAC还是phyMAC;
    • GARP, srcMAC = vMAC, 刷switch MAC table
  • under bash, 还有command?
    • varp vlan3 1.2.3.4 00:1c:73:00:00:01
VRRP over MLAG (Z1223)
  • 传统上,MLAG最好的选择的是VARP,用VRRP is kinda dumb(DE's comments)
  • 最大的问题是,VRRP Backup不fwd traffic,而且peerlink上不学MAC,结果哪?
    • hash到backup的traffic,会被flood,连switch都没有,因为peerlink不学mac
    • 纪录在Y31356
    • Solution是write vrrp mac address into mlag host
  • 还有mlag reload delay + VRRP
    • peerlink先起来,vrrp prempt所以newly up peer becomes master
    • 可是the new peer还在reload delay,black hole traffic!!
    • 纪录在Y30494
    • Workaround: config preempt delay reload #1 > reload-delay #2
  • 这个Z1223最后没有做
FHRP: HSRP, VRRP and VARP
  • HSRP, VRRP and VARP use vMAC. GLBP uses phyMAC for LB; 
    • HSRP vMAC = 0000:0c07:ac**
    • VRRP vMAC = 0000:5e00:01xx, xx = VRID (1-256)
    • VARP vMAC = self-configured
    • GLBP其实也用vMAC,应该是不同的vMAC = phyMAC
  • Assigned MAC address (side note)
    • 00-00-5e, IANA (internet assign num association) ucast
      • 00-00-5e-00-01/02-xx, VRRP v4/v6
    • 01-00-5e, IANA mcast
      • 00-00-00 to 7f-ff-ff: v4 mcast
      • 90-00-01: bfd on LAG
  • 最大的区别是,Active-Active vs Active-Standby, 如何做到的?
    • 都用vMAC, hosts send packets with dstMAC = vMAC
    • VARP是active-active,直接route out. 
    • 而VRRP是bridge to peer via peerLink 
  • GARP是刷switch mac table + 通知全部的hosts, ip/MAC mapping of vMAC = vIP
    • GARP和普通ARP Reply一样,只是dstMAC = FF or hostMAC
    • 只有GARP pkt里面的srcMAC是vMAC. 这是唯一pkt!!. 其他data甚至ARP的srcMAC都是phyMAC. 
  • 需要phyIP吗?
    • 'ip virtual address' 无论有没有mask,都需要phyIP. 不过w/ mask可以是dummy ip. 
    • 'ip address virtual' 不要phyIP
  • VARP = ip virtual address  - IVA
    • GARP和ARP Reply一样,srcMAC, arp.sndMAC = vMAC
    • ARP request里面, 里外Eth/ARP都是Switch System MAC,arp.sndIP = phyIP,因为要确保Arp reply回到Src Mlag Peer!!!
  • VARP w/mask = ip virtual address w/ mask - IVAM
    • GARP + ARP Reply = VARP way
    • 关键是ARP Req, 没有phyIP under this subnet, 所以里外都是vMAC/vIP. 好了有问题了,如果Host ARP Reply hashed到里外一个Peer,咋办?
    • 所以这个VxLAN VARP必须有 ARP Sync!
  • VxLAN Anycast = ip address virtual + vMac
    • both Mlag peer都是一个Addr. 不需要phyIP, vIP就可以
    • 没有GARP,为啥?因为ARP reply另外都是vMAC,不需要GARP刷switch
    • host知道GW,必须靠ARP reply by mlag peer. 里外都是vMac + vIP. 
    • ARP Req = VARP w/mask, 因为没有phyIP;
    • 所以也需要ARP Sync. 
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)