The simplest way to carry out layer-3 forwarding in a network cloth is to offload it to an exterior gadget^{, be it a WAN edge router, a firewall, a load balancer, or any other network equipment.}

Although the hipsters sipping EVPN Kool-Help may well think about that method a style and design from the 1990s, it’s applied a lot more typically than you may possibly expect, for example:

• When the the vast majority of the traffic goes by a WAN edge router towards exterior destinations
• When all the targeted visitors involving a subnet and external destinations has to be inspected by a safety equipment
• When you are working with virtual network appliances in combination with layer-2-only overlay digital networks
• When the sum of routed targeted visitors is modest, and the seller overcharges for layer-3 forwarding abilities in the fabric switches
• In aggregation networks, when swap ports are way much less expensive than router ports, it helps make sense to combination the targeted visitors in a layer-2 change and ahead it by means of a solitary faster port to a router^.

This design and style seems like the most basic achievable matter you may be questioned to implement right up until another person says, “but we will need two edge products for redundancy.” Welcome to the to start with-hop redundancy hell.

In a perfect environment, absolutely everyone would be employing IPv6, the IPv6 hosts would happily load-balance website traffic involving multiple adjacent routers, and we could wonderful-tune the router ad (RA) messages to make it possible for a sub-2nd failover on a router failure.

Meanwhile, on Planet Earth:

• Way far too a lot of environments even now use IPv4.
• Most IP hosts use a single default route toward a solitary default gateway, and that default gateway can have a single MAC deal with.
• RA-dependent redundancy is normally viewed as far too sluggish (see IPv6 Higher Availability Strategies webinar for far more details), so we have to use very first-hop redundancy protocols even in IPv6 deployments.

Even worse, we just cannot use active-lively FHRP implementations or anycast gateways in this style and design due to the fact we are not able to have the very same MAC address (the MAC handle of the initially-hop router) current on two cloth ports.

There are no very good solutions to this problem the only thing you can do is to pick 1 that sucks the the very least:

• Use every product as the initially-hop gateway for fifty percent of the subnets and hope that you obtained it proper and that a unexpected increase in traffic will not carry down a single of the devices^.
• Use energetic/energetic FHRP implementation or an anycast gateway with a hyperlink aggregation group (LAG) among the cloth and the redundant products. The LAG will make redundant gadgets surface as a single node in the community material so that they can use the same MAC address. Have entertaining dealing with MLAG implementations on both equally finishes of people back links.
• Use a proprietary implementation like GLBP that makes use of unique MAC addresses in ARP replies for the very same IP handle, successfully spreading the load throughout redundant units primarily based on the host ARP entries.
• Give up and settle for that obtaining a redundant answer that is a lot more than 50% loaded doesn’t make feeling in any case. That will make your CFO not happy, but you may well still have a functioning community following one particular of the units fails throughout the peak visitors period of time.

You will discover extra particulars in the VRRP, Anycasts, Fabrics and Exceptional Forwarding blog site write-up.

What is Subsequent?

Subsequent weblog posts will target on the intricate aspects of intra-fabric routing, but it may well choose me a even though to publish them. If you’re in a hurry, you’ll come across all those facts in Leaf-and-Spine Fabric Architectures and EVPN Complex Deep Dive webinars.