TODO: Нужно перенести из IT.
- В целом неплохое описание VRRP, в том числе описан метод балансировки с использованием нескольких групп в одной подсети.
Anycast gateway
Примеры:
1 (same MAC):
https://rayka-co.com/lesson/5-vxlan-anycast-gateway/
Cisco (same IP & MAC):
When multiple leaf switches act together as one single distributed default gateway for the same VLAN, the VLAN IP address remains the same across all the leaf switches, and acts as the gateway IP address for a host that tries to reach an IP address outside its subnet. But, each leaf switch retains its own MAC address. In the above figure, if host device 1 moves from leaf switch 1 to leaf switch 2, while remaining within the same VXLAN network, it still maintains the same ARP entries for gateway MAC and IP addresses. But, the MAC address of the VLAN interface on leaf switch 2 is different from the MAC address of the VLAN interface on leaf switch 1. This results in a mismatch between the MAC address in the ARP entry and the MAC address of the VLAN in leaf switch 2. As a result, the traffic from host device 1 that needs to be sent outside of Subnet 1 is either lost or gets continuously flooded as unknown unicast. EVPN VXLAN Distributed anycast gateway feature prevents this from happening by ensuring that all the leaf switches have the same gateway MAC and IP addresses.
ИИ (same IP & MAC):
An anycast gateway is a network routing technique where the same gateway IP address is used across multiple devices, typically on leaf switches within a data center fabric. This creates a distributed, active-active gateway architecture, ensuring that the closest or most efficient gateway handles network traffic. This approach is most commonly used in a Virtual Extensible LAN (VXLAN) with an Ethernet VPN (EVPN) fabric, which overcomes the limitations of older first-hop redundancy protocols (FHRP) like HSRP or VRRP.
How it works Anycast gateways operate on the principle of anycast routing: Shared addresses: The same virtual IP address and virtual MAC address are configured on the VLAN interfaces of all participating leaf switches. Advertise and route: Each leaf switch advertises the gateway IP as a reachable network using a routing protocol like BGP. End devices, unaware of the multiple gateways, send traffic to this single IP address. Local forwarding: The host's local leaf switch serves as the gateway. When the host needs to send traffic outside its subnet, it sends an Address Resolution Protocol (ARP) request for the gateway IP. Its local leaf switch responds and handles the routing, ensuring optimal local forwarding. Traffic distribution: In the event of a failure, the routing protocol simply directs traffic to the next closest available gateway. This active-active design effectively load-balances the traffic across the gateways. Key benefits Anycast gateways provide significant advantages over traditional network designs: Optimal performance: By routing traffic through the nearest gateway, anycast gateways minimize network latency and reduce the number of "hops" a packet must travel. Seamless host mobility: Anycast gateways allow virtual machines (VMs) and other workloads to be moved across the data center fabric without changing their IP address. The new, local leaf switch simply becomes the new gateway, and traffic flow is automatically optimized. Enhanced redundancy: With multiple active gateways, if one gateway fails, traffic is automatically rerouted to another, avoiding a single point of failure and improving network resilience. Simplified management: The use of a single gateway IP and MAC address simplifies client configurations, as they don't need to be updated when a workload moves. Anycast vs. FHRP In a traditional FHRP like HSRP or VRRP, one router is active and forwards traffic, while the others remain in a standby state. This creates a single active-passive gateway that is limited to one location. Inefficient traffic flow: With an FHRP, if a host needs to communicate with a destination on a different subnet, all traffic must be "hairpinned" through the single active gateway, even if a physically closer gateway exists. Single active gateway: Since only one device is actively routing traffic, the other devices in the group are idle, wasting resources. Slower failover: While FHRPs do offer redundancy, the failover process can introduce a short delay before the standby device takes over. Anycast gateways, by contrast, offer immediate failover because all gateways are active.