About Symmetric Routing over vLAGs
As stated above, vLAGs work best with symmetric traffic flows. In order to achieve that with routing, two main designs are recommended: VRRP + ECMP and symmetric VRRP.
The goal of either design is to distribute traffic equally across the different paths both upstream and downstream, making sure that the redundant cluster nodes can steer the traffic to its destination without having to rely upon the cluster links.
Figure 13:Symmetric Routing over a vLAG with ECMP and VRRP
In this figure traffic is, for example, directed to and from host downstream the spine router/switch has ECMP routes toward both cluster nodes, which have Layer 3 adjacencies to all the hosts, so either of them can properly steer traffic to Upstream they implement the active-active default gateway function via VRRP and support traffic load-balancing with vLAGs from the host(s) toward the spine.
Hence this design implements optimal Layer 3 forwarding both ways (without relying on the cluster links as active paths, only as backups). It also supports running Layer 3 routing protocols on the cluster switches.
Figure 14:Symmetric Routing over a vLAG with VRRP
In this other scenario two cluster switches run vRouters with active-active VRRP in order to provide redundant Layer 3 next hops (using virtual IPs) to both upstream and downstream devices.
This design achieves symmetric Layer 3 forwarding purely via vLAG load-balancing and VRRP active-active forwarding. However, note that it does not lend itself to the use of dynamic routing protocols on vRouters because with VRRP routing adjacencies would only form on the vRouter acting as VRRP master, preventing the slave vRouter to process and install routes.
Netvisor ONE supports the active-active dual-forwarding logic by default with VRRP. However, if needed, you can disable it or re-enable it on a per vRouter basis with this command:
CLI network-admin@switch > vrouter-modify name vRouter-PN-0 cluster-active-active-routing|no-cluster-active-active-routing
To display the configuration, use the vrouter-show command:
CLI network-admin@switch > vrouter-show format all layout vertical
switch: PN-0
id: b000f1e:1
name: vRouter-PN-0
type: vrouter
scope: local
vnet: test
vnet-service: dedicated
state: enabled
location: sw45
zone-id: b000f1e:2
template: no
failover-action: stop-old
router-type: hardware
fabric-comm: false
router-ipstack: frr
hw-router-mac: 66:0e:94:1e:7a:6a
cluster-active-active-routing: disable
hw-vrid: 0
hw-vrrp-id: -1
proto-multi: none
proto-routing: static,routesnoop
bgp-redist-static-metric: none
bgp-redist-connected-metric: none
bgp-redist-rip-metric: none
bgp-redist-ospf-metric: none
bgp-dampening: false
bgp-scantime(s): 60
bgp-delayed-startup(s): 1
bgp-keepalive-interval(s): 60
bgp-holdtime(s): 180
ospf-redist-static-metric: none
ospf-redist-static-metric-type: 2
ospf-redist-connected-metric: none
ospf-redist-connected-metric-type: 2
ospf-redist-rip-metric: none
ospf-redist-rip-metric-type: 2
ospf-redist-bgp-metric: none
ospf-redist-bgp-metric-type: 2
ospf-stub-router-on-startup: false
ospf-bfd-all-if: no
ospf-default-information: none
ospf-default-info-originate-metric: none
ospf-default-info-originate-metric-type: 2
bgp-snmp: false
bgp-snmp-notification: false
ospf-snmp: false
ospf-snmp-notification: false
ospf6-snmp: false
ospf6-snmp-notification: false
ip-snmp: false