It took distributors like Cisco years to begin supporting routing protocols between MLAG-attached routers and a pair of switches within the MLAG cluster. That looks as if a no brainer state of affairs, so there should be some hidden complexities. Let’s work out what they’re.
We’ll use the acquainted MLAG diagram, changing one of many connected hosts with a router operating a routing protocol with each members of the MLAG cluster (for instance, R, S1, and S2 are OSPF neighbors).
Now think about each switches promote the trail to blue and orange subnets to the connected router. Every of them would promote the prefix with their very own IP deal with as the subsequent hop, however from the router’s perspective, each subsequent hops could be reachable over the identical hyperlink (the LAG hyperlink). The router would ship packets towards A or C with the vacation spot MAC deal with of S1 or S2 on account of layer-3 ECMP. The router would use each members of the hyperlink aggregation group (R-S1 and R-S2) hyperlinks when sending these packets on account of layer-2 ECMP.
In line with the foundations I defined in Layer-2 Flooding and Layer-3 Forwarding weblog posts, a packet arriving over the peer hyperlink can by no means be forwarded to a dual-attached neighbor. Suppose the router decides to ship a packet towards A via S1 (utilizing the S1 MAC deal with) however sends the ensuing Ethernet body via the R-S2 hyperlink. In that case, S2 forwards the packet towards S1 over the peer hyperlink (as a result of vacation spot MAC deal with), however S1 can not ahead it to A (as a result of it arrived over the peer hyperlink).
Whatever the expertise limitations, customers love attempting to implement inconceivable issues, and the distributors normally implement all types of kludges to accommodate them. Can we repair the present conundrum? In fact!
Whereas members of an MLAG cluster have impartial IP addresses, most layer-3 forwarding implementations use a shared IP/MAC deal with because the first-hop gateway. Saying that IP deal with because the third-party subsequent hop in routing protocol updates fixes the issue for good. That’s straightforward to do with BGP. EIGRP and OSPF have comparable performance for exterior routers, however what may we do with inside routes the place the routing protocol packet format doesn’t embody the subsequent hop?
Time to get inventive. We’re dealing with packet drops as a result of:
- The instantly connected router selects an IP deal with of one of many MLAG members as the subsequent hop.
- It rewrites the Ethernet header utilizing the MAC deal with of that member because the vacation spot MAC deal with.
- It sends the ensuing Ethernet body to the opposite MLAG member.
What if we had each MLAG members listening to each MAC addresses? That might take away the additional forwarding step over the peer hyperlink, and layer-3 forwarding would work. Sadly, that might additionally break the routing protocols – we nonetheless must ship unicast packets despatched to the MLAG member IP deal with to the proper system.
Right here’s a attainable implementation of that ultimate kludge:
- Obtain packets for S1 MAC, S2 MAC, and shared MAC on each MLAG members.
- Route packets for third-party locations on the ingress MLAG member, making certain they gained’t be despatched over the peer hyperlink except crucial.
- Use policy-based routing matching on the distant MLAG member IP and MAC deal with to push the unicast packets for that node to the peer hyperlink with out doing the L2/L3 lookup or decrementing TTL.
Does that work? In fact. It’s additionally unnecessarily advanced.
Lengthy story brief: Don’t run routing protocols over MLAG hyperlinks. Use two impartial hyperlinks and two routing adjacencies.
Extra Data
The Information Middle Community Reference Structure a part of Information Middle Networking part of Information Middle Infrastructure for Networking Engineers webinar describes MLAG particulars and typical MLAG implementations. The webinar is a part of Normal ipSpace.web Subscription.
