Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1211
Views
10
Helpful
5
Replies

Cisco ACI dynamic routing with VPC

Go to solution
Netzwerker
Level 1
Level 1

‎08-04-2022 01:43 AM

Why dynamic protocols (OSPF for example) doesn't use the secondary address in a L3OUT like static routing ? it uses the primary ( Side A and B) instead of the secondary address! So what is the use of this secondary address in dynamic routing with VPC?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
RedNectar
VIP
VIP

‎08-04-2022 03:17 AM

Hi @Netzwerker  ,

what is the use of this secondary address in dynamic routing with VPC?

Not much use at all!

Secondary addressing on the VPC pair is really for static routing. Assuming the routing protocol you are using understands load balancing, then there is no point in configuring a static secondary address unless you want to use it for management purposes (i.e. if the secondary address responds, you know at leas ONE of the interfaces is up)

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

Go to solution
RedNectar
VIP
VIP
In response to Netzwerker

‎08-05-2022 10:41 PM

Hi @Netzwerker  ,

There will be no L3 loop.  The fact that the external router sees two routes to the same destination is a good thing. Without the ability to hold multiple paths to a destination, you have the same scalability problems that L2 gives us. The ability for L3 routing protocols to maintain multiple paths is what makes the world keep turning and the Internet work.

What the external router does with the two paths is up to the way the routing protocols works. OSPF, for instance, can load balance traffic over 4 multiple paths (in Cisco's implementation anyway - used to be a question on the CCNA exam).  BGP, by default uses only ONE path all the time, unless you specifically configure multi-path.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

5 Replies 5

Go to solution
RedNectar
VIP
VIP

‎08-04-2022 03:17 AM

Hi @Netzwerker  ,

what is the use of this secondary address in dynamic routing with VPC?

Not much use at all!

Secondary addressing on the VPC pair is really for static routing. Assuming the routing protocol you are using understands load balancing, then there is no point in configuring a static secondary address unless you want to use it for management purposes (i.e. if the secondary address responds, you know at leas ONE of the interfaces is up)

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
Netzwerker
Level 1
Level 1
In response to RedNectar

‎08-04-2022 03:48 AM - edited ‎08-04-2022 03:49 AM

Thank you for your reply!

So in case of VPC with dynamic routing, we don't need a HSRP for redundancy? and VPC doesn't support HSRP?

0 Helpful

Go to solution
RedNectar
VIP
VIP

‎08-04-2022 02:33 PM

Hi @Netzwerker  ,

So in case of VPC with dynamic routing, we don't need a HSRP for redundancy?

Correct.

HSRP is a First-Hop Redundancy Protocol (FHRP) - like VRRP and GLBP and the key to understanding all these protocols is the First-Hop part - they are ALL designed to provide multiple routers that services a single IP address for end-points with a default gateway to find the First-Hop - or Default Gateway.

Sometime we configure routers with a Default Gateway too - and when we do that, or configure static routes to a single IP address on a router, it can also be useful to use one of the FHRPs

The use-case for using a secondary IP address on a VPC is if an external router is connected to the VPC by a PC (which is seen as a single interface on the external router) and that router has static routes to an internal subnet. Like this one below

image.png

In this case, the secondary address provides connectivity to the external router, no need for HSRP.

But before I go on, note that the above example is configuring SVI interfaces in the ACI L3Out. This is important for the next bit.

HSRP in ACI

HSRP is supported in ACI, but ONLY on routed interfaces or routed sub-interfaces.

If you are configuring a VPC SVI Interfaces MUST be configured

So your assumption that

VPC doesn't support HSRP?

is absolutely correct, but it is not needed either, so is no disadvantage.

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

Go to solution
Netzwerker
Level 1
Level 1
In response to RedNectar

‎08-05-2022 05:35 AM - edited ‎08-05-2022 05:37 AM

Thank you for your explanation!

So for OSFF over VPC SVIs, we don't need secondary address and HSRP isn't supported. Then, we will not be at risk of L3 loop? because the Router will see the same routes injected by 2 different sources (the 2 leaves)  at the same time so this can't cause route flapping on router side?

0 Helpful

Go to solution
RedNectar
VIP
VIP
In response to Netzwerker

‎08-05-2022 10:41 PM

Hi @Netzwerker  ,

There will be no L3 loop.  The fact that the external router sees two routes to the same destination is a good thing. Without the ability to hold multiple paths to a destination, you have the same scalability problems that L2 gives us. The ability for L3 routing protocols to maintain multiple paths is what makes the world keep turning and the Internet work.

What the external router does with the two paths is up to the way the routing protocols works. OSPF, for instance, can load balance traffic over 4 multiple paths (in Cisco's implementation anyway - used to be a question on the CCNA exam).  BGP, by default uses only ONE path all the time, unless you specifically configure multi-path.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License