Anycast Gateway for EVPN Distributed Networks
Introduction
In a data center or campus networks, it is often necessary to implement a seamless migration of virtual machines (VMs) without changing network settings or disrupting the traffic forwarding. Virtual machine migration is just like changing the location of a MAC address in the network. Network infrastructure devices such as switches need to be aware of this change to refresh their forwarding table entries in time to ensure that traffic forwarding is not interrupted.
In EVPN distributed networks, users can configure the same anycast gateway IP and the same virtual MAC (router MAC) on all distributed gateways to enable the anycast gateway function. And also, configure the same IP default gateway address on all hosts or VMS. After that, irrespective of which VTEP the host connected to, as long as they are within the same VNI, they can always use their connected VTEPs as the default gateway to send and receive traffic. Since all hosts within a VLAN are configured with the same IP default gateway address, all hosts or VMs can be easily moved throughout the data center without changing their configuration. This provides flexible VM mobility between different distributed gateways in the network.
You can configure anycast gateway in one of two ways:
- Use the following commands to configure an identical anycast gateway IP address (VLAN interface IP address) and router MAC for anycast gateway.
set l3-interface vlan-interface <vlan-interface-name> address <address> prefix-length <number>
set l3-interface vlan-interface <vlan-interface-name> router-mac <macaddr>
- Use the following commands to configure the anycast gateway IP address (virtual IP address) and anycast gateway MAC (virtual MAC).
set l3-interface vlan-interface <interface-name> anycast address <ip-address> prefix-length <prefix>
set l3-interface vlan-interface <interface-name> anycast mac <mac-address>
NOTEs: For anycast gateway over MLAG scenario, only the second way is available. |
Configuration Example
For example, as shown in the following simplified EVPN topology, the gateways of the attached servers are on the leaf VTEP switches. Since Server A and Server C are in the same subnet (VLAN: 10/VNI:10010), they should have the same gateway configuration (e.g, gateway IP 10.10.10.1 and gateway MAC 00:00:10:00:00:FE). If Server A moves from Leaf 1 to Leaf 2, the gateway IP configured on Server A doesn’t need to be changed. Similarly, Server B and Server D do not need to change their gateway IP and MAC addresses.
When configuring, all VTEPs in the same VNI are required to configure the same anycast gateway IP and virtual MAC.
The example commands below configure anycast gateway on VTEP1 and VTEP2.
# Configuring VLAN to VNI mapping set vlans vlan-id 10 set vlans vlan-id 20 set vxlans vni 10010 vlan 10 set vxlans vni 10020 vlan 20 # Configuring GW IP set vlans vlan-id 10 l3-interface vlan10 set vlans vlan-id 20 l3-interface vlan20 set l3-interface vlan-interface vlan10 address 10.10.10.1 prefix-length 24 set l3-interface vlan-interface vlan20 address 20.20.20.1 prefix-length 24 # Configuring GW MAC set l3-interface vlan-interface vlan10 router-mac 00:00:10:00:00:FE set l3-interface vlan-interface vlan20 router-mac 00:00:20:00:00:FE
NOTEs:
- Anycast gateway can be applied to VTEPs only in the same VLAN/VNI. For example, it is not supported to apply the same anycast gateway within VLAN 10 and VLAN 20 in above case, different gateway configurations for Server A and Server D are required.
- Anycast gateway is mutually exclusive with EVPN advertise-default-gw or advertise-svi-ip configuration when in the EVPN distributed gateway scenario, they cannot be configured at the same time.
set protocols bgp [vrf <vrf-name>] evpn advertise-default-gw
set protocols bgp evpn vni <vni> advertise-svi-ip
Anycast Gateway over MLAG
Anycast gateway over MLAG function enables VTEP devices to be configured with a single virtual IP address and a single virtual MAC in the form of an anycast IP address and anycast MAC on a pair of MLAG devices. This enables a pair of switches to act as a single VTEP device and seen as such by downstream devices.
In this configuration, two routing devices are combined to form one virtual router, and the virtual IP address is used as the default gateway for hosts to achieve normal communication. When one device in the MLAG pair fails, the other device can still forward traffic normally, thus ensuring reliable network communication.
To ensure proper traffic forwarding, ARP/ND synchronization is performed between the two switches in the MLAG pair every 5 minutes.
MLAG synchronizes ARP/ND entry between the two switches in the MLAG pair; EVPN does not synchronize.
When configuring anycast gateway over MLAG, the following command can be used to configure anycast IP address and anycast MAC address on the MLAG peer devices.
set l3-interface vlan-interface <interface-name> anycast address <ip-address> prefix-length <prefix>
set l3-interface vlan-interface <interface-name> anycast mac <mac-address>
Besides the anycast IP address and anycast MAC address, IP address of the corresponding access-facing VLAN interface is required to be specified.
set l3-interface vlan-interface <interface-name> address <ip-address> prefix-length <prefix>
NOTE: For IPv4, the anycast IPv4 address and the VLAN interface IPv4 address should be configured in the same network segment to ensure that the MLAG pair can work normally. For IPv6, the anycast IPv6 address and the global IPv6 address of the VLAN interface should be configured in the same network segment to ensure that the MLAG pair can work normally. |
On the hosts, configure the anycast IP address of the virtual router as the gateway address either statically or through DHCP.
Configuration Consistency
To ensure the pair of MLAG switches continue acting as one single VTEP device, the following configuration needs to be consistent on both devices.
- anycast IP address
- anycast MAC
- VNI on the VXLAN interface (includes both L2 VNI and L3 VNI)
- VTEP address
- RMAC (router MAC), if configured
Configuration Notes
- Anycast gateway over MLAG function and VRRP are mutually exclusive. If anycast gateway over MLAG is configured, VRRP is not allowed to be configured on the same MLAG pair.
- Besides the anycast IP address and anycast MAC address, IP address of the corresponding access-facing VLAN interface is required to be specified through the following command.
set l3-interface vlan-interface <interface-name> address <ip-address> prefix-length <prefix>
- For IPv4, the anycast IPv4 address and the VLAN interface IPv4 address should be configured in the same network segment to ensure that the MLAG pair can work normally.
- For IPv6, the anycast IPv6 address and the global IPv6 address of the VLAN interface should be configured in the same network segment to ensure that the MLAG pair can work normally.
- Anycast IP address list on both devices of MLAG pair must be the same.
Example
As shown in the following simplified EVPN topology, Leaf1 and leaf2 have established VXLAN tunnel with spine. Leaf1 and leaf2 are a pair of MLAG devices.
To enable MLAG pair switches Leaf 1 and Leaf 2 to act as a single virtual router, configure anycast gateway over MLAG on the MLAG pair.
The example commands below can be used to configure anycast gateway over MLAG on Leaf 1 and Leaf 2.
# Leaf 1 # Configuring VXLAN source interface. set l3-interface loopback lo address 201.201.201.201 prefix-length 32 set vxlans source-interface lo address 201.201.201.201 # Configuring VLAN to VNI mapping. set vlans vlan-id 10 set vxlans vni 10010 vlan 10 # Configuring VXLAN VLAN interface IP address. set vlans vlan-id 10 l3-interface vlan10 set l3-interface vlan-interface vlan10 address 10.10.10.20 prefix-length 24 # Configuring anycast IP address and anycast MAC. set l3-interface vlan-interface vlan10 anycast address 10.10.10.1 prefix-length 24 set l3-interface vlan-interface vlan10 anycast mac 00:00:10:00:00:FE # Leaf 2 # Configuring VXLAN source interface. set l3-interface loopback lo address 201.201.201.201 prefix-length 32 set vxlans source-interface lo address 201.201.201.201 # Configuring VLAN to VNI mapping. set vlans vlan-id 10 set vxlans vni 10010 vlan 10 # Configuring VXLAN VLAN interface IP address. set vlans vlan-id 10 l3-interface vlan10 set l3-interface vlan-interface vlan10 address 10.10.10.10 prefix-length 24 # Configuring anycast IP address and anycast MAC on Leaf 2. set l3-interface vlan-interface vlan10 anycast address 10.10.10.1 prefix-length 24 set l3-interface vlan-interface vlan10 anycast mac 00:00:10:00:00:FE
Copyright © 2024 Pica8 Inc. All Rights Reserved.