Re: Nexus 7K

Just got burned by this recently by an F5 load balancer and a NAS appliance.

It was touched on earlier but I'll give my perception of the problem
peer-gateway solves.

Some network appliances that dont run ARP (like load-balancer and some NAS
devices) learn MAC addresses by the source MAC of received frames not by
making the normal 'ARP whois' request. So when they receive a frame from,
say the standby member of an HSRP pair they take the source MAC (reall MAC
of the interface) and associate it to the HSRP virtual IP. This isn't a
problem until you start using vPC. By default vPC wont forward frames over
the vPC peer link that are destine for its remote peer. So if you get a
host on the far end of a vPC link that addresses a frame to the real mac
address of one of the HSRP members (vs the virtual HSRP mac address) and it
gets forwarded up the wrong vPC link to the other vPC member that member
will drop the frame because it sees the real mac address of its vPC peer.
Peer-gateway allows the member that received the frame to process it as if
it were addressed to the virtual hsrp mac address.

clear as mud?

Jason

On Mon, Oct 11, 2010 at 11:37 PM, <randy.pope_at_gmail.com> wrote:

> Also very handy for load balances that reply to mac addresses. We even saw
> some old HP-UX boxes that needed it.
> Sent from my Verizon Wireless BlackBerry
>
> -----Original Message-----
> From: Jeffrey Pazahanick <jeffpaz_at_gmail.com>
> Sender: nobody_at_groupstudy.com
> Date: Mon, 11 Oct 2010 09:29:52
> To: naman sharma<naman.prep_at_gmail.com>
> Reply-To: Jeffrey Pazahanick <jeffpaz_at_gmail.com>
> Cc: Cisco certification<ccielab_at_groupstudy.com>
> Subject: Re: Nexus 7K
>
> Scenario:
> Interoperability with non RFC compliant features of some NAS devices
> (i.e. NETAPP Fast-Path or EMC IP-Reflect)
> NAS device may reply to traffic using the MAC address of the sender
> device rather than the HSRP gateway.
> Packet reaching vPC for the non local Router MAC address are sent
> across the peer-link and can be dropped if the final destination is
> behind another vPC.
>
> vPC Peer-Gateway Solution:
> Allows a vPC switch to act as the active gateway for packets addressed
> to the peer router MAC (CLI command added in the vPC global config)
>
>
> On Fri, Oct 8, 2010 at 10:52 PM, naman sharma <naman.prep_at_gmail.com>
> wrote:
> > Hi Experts,
> >
> > Does anyone knows about vPC Peer-Gateway feature. I am not able to
> > understand this feature properly.
> >
> > thanks
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Oct 12 2010 - 14:30:07 ART