So what I'm trying to accomplish seems quite simple but I can't figure out the best way to do it and I'm starting to question if what I'm trying to do is even possible - L3 redundancy without using something that "eats" 2 extra addresses out of a subnet to provide said redundancy.
Working at the level where I'm struggling is a set of core/distribution switches that are responsible for subnetting out an IP block into a bunch of smaller blocks (/29s), one per VLAN. These two switches are N3ks and I have a VPC setup between them each provide 1 link to an N9k rack switch.
So on layer2 everything appears to work properly as expected. On layer 3, things actually seem to work (surprisingly) by having an identical VLAN on each of the 3ks configured with the exact same ip/mask, let's say 10.0.0.1/29.
I don't think this is a correct config though, and that's supported by log lines like this:
Source address of packet received from 00ea.bd68.f001 on Vlan101(port-channel10) is duplicate of local, x.x.192.9
with .9 being the gateway address of this subnet that's indeed duplicated by being configured on both of the 3ks.
Am I mixing layers and things together that aren't supposed to work? If not, what's the step I'm missing to get the 3ks to cooperate better and not complain about duplicates that I thought VPC was supposed to handle? I'm wondering if I have a very poor understanding of VPC.
As far as alternatives, are there any? I know Juniper has VC and others have similar things but that still has a single point of failure on the control plane. Perhaps the only way to accomplish this is by eating IPs so you have 2 physical/1 virtual?
Thanks for any and all advice/feedback!
No comments:
Post a Comment