cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
679
Views
5
Helpful
2
Replies

Best practice for redundant external connections

dodgerfan78
Level 1
Level 1

This is a 2-part discussion. I have a single L3 switch with connections to leaves 101 and 102

switch port 21 -> leaf 101 port 47

switch port 23 -> leaf 102 port 47

Part 1: What is the recommended way to connect to external L2/L3 networks from multiple leafs? Port-channel? Dual L3 links?

Part 2:

While setting up BGP from the external L3 switch to Leaf101 and Leaf102 using SVIs, I noticed that the leaves have the same MAC address for their SVI and thus are learned on the same port from the L3 switch:

LAB-3850-01#show ip bgp summary | inc 172.28
172.28.49.2 4 65000 4541 4996 4 0 0 3d03h 2      <-leaf101
172.28.49.3 4 65000 17 18 4 0 0 00:12:54 2       <-leaf102

LAB-3850-01#show ip arp | inc 172.28.49
Internet 172.28.49.1 - dcce.c1f2.39e6 ARPA Vlan49
Internet 172.28.49.2 0 0022.bdf8.19ff ARPA Vlan49
Internet 172.28.49.3 18 0022.bdf8.19ff ARPA Vlan49

LAB-3850-01# show mac address-table | inc 0022.bdf8.19ff

49 0022.bdf8.19ff DYNAMIC Gi2/0/21

So how is this working? It appears both IPs are now traversing Leaf101? I assume Leaf101 is then tunneling BGP packets over to Leaf102 through the fabric? I can't imagine this is the proper way to do it. 

Thanks,

2 Replies 2

Robert Correiro
Level 1
Level 1

Hi dodgerfan78,

Yes, you are correct. It looks like traffic from the external L3 switch going to the ACI fabric is only being sent to one Leaf at a time. 

How do you currently have the links configured on both sides? It seems like the BD SVI MAC (19FF) could actually be flapping between the ports on the external L3 switch if it's receiving traffic from the MAC on both interfaces.

I would suggest using a port-channel configuration on the external L3 switch, so the BD MAC is learned towards both Leaf switches. The ACI Leafs would then be configured as a VPC pair (with VPC interfaces downstream) to handle the traffic correctly.

Hope this helps.

Thanks Robert. I did indeed have flapping. I've since configured port-channel on external device and VPC on leaves it seems to work fine.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Save 25% on Day-2 Operations Add-On License