The best approach to implement layer-3 forwarding in a community cloth is to dump it to an exterior system, be it a WAN edge router, a firewall, a load balancer, or another community equipment.
Routing on the (outer) fringe of the material
Whereas the hipsters sipping EVPN Kool-Support may contemplate that strategy a design from the Nineties, it’s used extra usually than you may count on, for instance:
- When the vast majority of the visitors goes via a WAN edge router towards exterior locations;
- When all of the visitors between a subnet and exterior locations needs to be inspected by a safety equipment;
- While you’re utilizing digital community home equipment together with layer-2-only overlay digital networks;
- When the quantity of routed visitors is small, and the seller overcharges for layer-3 forwarding capabilities within the cloth switches;
- In aggregation networks, when swap ports are means cheaper than router ports, it is smart to combination the visitors in a layer-2 swap and ahead it via a single quicker port to a router.
This design looks as if the only attainable factor you is likely to be requested to implement till somebody says, “however we want two edge units for redundancy.” Welcome to the first-hop redundancy hell.
Redundant routing on the (outer) fringe of the material
In an ideal world, everybody can be utilizing IPv6, the IPv6 hosts would fortunately load-balance visitors between a number of adjoining routers, and we might fine-tune the router commercial (RA) messages to permit a sub-second failover on a router failure.
In the meantime, on Planet Earth:
- Manner too many environments nonetheless use IPv4.
- Most IP hosts use a single default route towards a single default gateway, and that default gateway can have a single MAC tackle.
- RA-based redundancy is usually thought-about too gradual (see IPv6 Excessive Availability Methods webinar for extra particulars), so we now have to make use of first-hop redundancy protocols even in IPv6 deployments.
Even worse, we are able to’t use active-active FHRP implementations or anycast gateways on this design as a result of we can not have the identical MAC tackle (the MAC tackle of the first-hop router) current on two cloth ports.
There are not any good options to this downside; the one factor you are able to do is to decide on one which sucks the least:
- Use every system because the first-hop gateway for half of the subnets and hope that you just received it proper and {that a} sudden improve in visitors received’t deliver down one of many units.
- Use energetic/energetic FHRP implementation or an anycast gateway with a hyperlink aggregation group (LAG) between the material and the redundant units. The LAG makes redundant units seem as a single node within the community cloth in order that they will use the identical MAC tackle. Have enjoyable coping with MLAG implementations on each ends of these hyperlinks.
- Use a proprietary implementation like GLBP that makes use of totally different MAC addresses in ARP replies for a similar IP tackle, successfully spreading the load throughout redundant units based mostly on the host ARP entries.
- Surrender and settle for that having a redundant answer that’s greater than 50% loaded doesn’t make sense anyway. That may make your CFO sad, however you may nonetheless have a working community after one of many units fails through the peak visitors interval.
You’ll discover extra particulars within the VRRP, Anycasts, Materials and Optimum Forwarding weblog submit.
What’s Subsequent?
Subsequent weblog posts will deal with the intricate particulars of intra-fabric routing, but it surely may take me some time to publish them. In the event you’re in a rush, you’ll discover these particulars in Leaf-and-Backbone Cloth Architectures and EVPN Technical Deep Dive webinars.
