10-02-2023 10:54 AM - edited 10-02-2023 12:37 PM
I have a query on vpn "peer-gateway" based on the best practices guide :
The guide says "By enabling vPC Peer-Gateway functionality, each vPC peer device will replicate locally MAC address of interface VLAN defined on the other vPC peer device with the G flag (Gateway flag)."
So based on my understanding, this feature will be useful , only when the two VPC peers have their own interface MAC address to be used as the default gateway MAC.
In my setup, I am using the "fabric forwarding mode anycast-gateway" under the interface which acts as default gateway on both the VPC peers. This means that on both VPC peers, the MAC address for default gateway interface is the same. So does "peer-gateway" actually help/applicable here?
Please let me know if additional info is needed if query isn't clear.
Thanks
Mukundh
Solved! Go to Solution.
10-04-2023 09:43 PM
I believe I posted something about this a while back but I can't find it.
Peer gateway is a workaround and only useful to optimize traffic patterns if certain devices are used on the network that don't properly send traffic to the MAC address specified in the ARP. Some older F5 and some SAN devices send traffic to the source MAC address instead of the ARP address. For example if switch 1 has macad 001 and switch 2 has macad 002 , both switches in mlag/vpc will have a virtual macaddr 0ABC and this virtual mac addr is what the devices are SUPPOSED to send traffic to, but some devices are broken and will send to the 001 002. This peer-gateway tweak installs 002 macaddr in 001 and installs 001 in 002 so that they will both do layer3 lookups for traffic received with either one of the mac addrs.
TLDR: It's a workaround and normally not used, as all traffic is directed to the virtual mac addr (hsrp/vrrp/varp/whatever). Unless you need it and know you need it , don't enable it.
10-04-2023 09:43 PM
I believe I posted something about this a while back but I can't find it.
Peer gateway is a workaround and only useful to optimize traffic patterns if certain devices are used on the network that don't properly send traffic to the MAC address specified in the ARP. Some older F5 and some SAN devices send traffic to the source MAC address instead of the ARP address. For example if switch 1 has macad 001 and switch 2 has macad 002 , both switches in mlag/vpc will have a virtual macaddr 0ABC and this virtual mac addr is what the devices are SUPPOSED to send traffic to, but some devices are broken and will send to the 001 002. This peer-gateway tweak installs 002 macaddr in 001 and installs 001 in 002 so that they will both do layer3 lookups for traffic received with either one of the mac addrs.
TLDR: It's a workaround and normally not used, as all traffic is directed to the virtual mac addr (hsrp/vrrp/varp/whatever). Unless you need it and know you need it , don't enable it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide