Configuring the Anycast Gateway MAC Address as Source Address
Starting from Netvisor ONE release 6.1.0, it is possible to select the Anycast Gateway MAC address as source address used for distributed routing of traffic across subnets. (When the Anycast Gateway function is not used or when this capability is not enabled, Netvisor ONE only employs the router MAC address as source address.)
This feature is useful when some downstream device (for example, a firewall) gleans the source MAC address from a routed packet to use it for various reasons, such as for example in the response to the original packet.
The default source MAC address used for the Anycast Gateway function is the common router MAC address. During VRF creation or modification, by using the following command it is possible to specify to use the Anycast Gateway MAC address instead:
CLI (network-admin@switch) > vrf-create name vrf1 anycast-mac-for-forwarding
CLI (network-admin@switch) > switch * vrf-modify name vrf1 {anycast-mac-for-forwarding | no-anycast-mac-for-forwarding}
The default setting is no-anycast-mac-for-forwarding.
Note: To modify this capability fabric-wide, use switch * vrf-modify as shown above, because scope fabric is not supported.
CLI (network-admin@switch) > vrf-show format name,anycast-mac,active,hw-router-mac,anycast-mac-for-forwarding
name anycast-mac active hw-router-mac anycast-mac-for-forwarding
----- ----------------- ------ ----------------- --------------------------
VRF-1 64:0e:94:40:00:02 yes 66:0e:94:b5:9e:c2 yes
VRF-4 64:0e:94:40:00:02 yes 66:0e:94:b5:d5:fb yes
VRF-2 64:0e:94:40:00:02 yes 66:0e:94:b5:be:8c yes
VRF-3 64:0e:94:40:00:02 yes 66:0e:94:b5:6c:97 yes
You can verify that the vFlow entry is properly installed with the command:
CLI (network-admin@switch) > vflow-show format name,src-mac,action | grep Anycast
name src-mac action
----------------------------- ----------------- --------------------
Anycast-Src-Miss-Cancel-ToCpu 64:0e:94:40:00:02 cancel-switch-to-cpu