cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1590
Views
5
Helpful
3
Replies

Override the anycast-gateway-mac for one SVI on N9K

sjhloco
Level 1
Level 1

Hi,

 

Does anyone know if is it possible to override the vMAC address for one specific specific distributed anycast-gateway SVI? 

 

From what I understand if you have a leaf and spine fabric with a pair of Leaf switches and pair of Border Gateway switches all with the same vMAC (fabric forwarding anycast-gateway-mac 0000.1111.2222) you have to have to have the distributed anycast-gateway SVI on both sets of switches if you have hosts in that VLAN on both sets of switches. If you dont have it on one set of switches traffic doesnt reach the default gateway as the MAC of the default gateway is on the local switch but the default gateway IP is not.

 

I was wanting to have one specific VLAN traverse the leafs (L2VNI but no SVI) and have its default gateway only on the BGWs. I thought if I could override the MAC for one SVI this would work, but have not found anything to say if it is doable or not. 

 

Thanks 

3 Replies 3

Sergiu.Daniluk
VIP Alumni
VIP Alumni

If the anycast gateway feature is enabled for a specific VNI, then the anyway gateway feature must be enabled on all VTEPs that have that VNI configured. Having the anycast gateway feature configured on only some of the VTEPs enabled for a specific VNI is not supported. Also regarding the vMAC, there is only one virtual MAC per VTEP, and all VTEPs must have the same virtual MAC address.

In your case, I think you can simply disable the anycast gateway for your specific VNI, an configure the SVIs on the BGW.

 

Cheers,

Sergiu

Unfortunately you cant do that. If the Anycast feature is enabled and the VLAN has 'vn-segment' the SVI is suspended if it doesnt have the command 'fabric forwarding mode anycast-gateway'. I tried hacking it by giving the SVI on the BGW a static MAC and adding a static ARP entry on a device in that VXLAN off the Leaf. The packet now gets to the BGW and in the BGW debug can see the BGW trying to reply, but in wireshark don't see anything leaving the wire. Also now seeing duplicate ARPs on the fabric as you got the BGWs saying one thing and the server saying the other, so probably wouldn't be a good idea if it did work.

 

Was hoping would be a magic command to override this behaviour but starting to think it is not going to be possible with the devices setup in this manner.

 

thanks

f00z
Level 3
Level 3

Exactly what I've been trying to get Cisco to make work. It works on Arista/Juniper (it's called centralized EVPN gateway).  Basically everything L2 except only one switch or switch pair or more have an SVI in that particular VNI.  

The only reason it doesn't work is the nexus won't advertise the system mac or the virtual mac into EVPN.  It will work if you use an external BGP injection like from exabgp to map the MAC to the gateway but I don't want to use the hacked approach and is why I still have some arista devices doing gateways, although I'd much prefer to keep the whole network cisco /shrug

Review Cisco Networking for a $25 gift card