Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dor_Marcovitch
Advisor

VSX Multiple Interfaces on the Same vlan

hey

i was just exposed to a design in which i have a VSX cluster configured in VSLX mode.

i know that admin guide mentioned that it is recommended to have dedicated management interface for the VS.

so the VSX has the interface that used for VS0 to vlan 3, and one of the VSs (VS3) on that VSX has an interface on vlan 3 that acts as the default GW for that vlan.

the problem i notice on the switch is MAC moving between the port used for the dedicated managment interface and the port that run all the vlans for the VSs including VS3. this mac is the source MAC of the packets used by the CCP protocol.

it looks like the same issue exist for "multiple gateways cluster on the same vlan". however the cluster ID is a parameter used for the entire VSX cluster and it is not per-vs parameter. 

1) what is the best practice configuration on this scenario?

2) how the above configuration settles with the fact that

2.1) best practice to have dedicated management interface for VS0  

2.2) VS0 in VSX cluster is by itself a cluster

2.3) VS0 should have internet connection and from what i see in most cases it can get it from one of the VSs

thanks

0 Kudos
2 Replies
Daniel_Taney
Advisor

I had the same situation where my Dedicated Management Interface (DMI) sat behind an Interface of one of the VS's in the VSLS cluster. I believe adding fwha_add_vsid_to_ccp_mac=1 to $FWDIR/boot/modules/fwkern.conf resolved this issue for us. Unfortunately, I believe you need to reboot for it to take effect. I believe this parameter takes the VS number into consideration when determining the MAC address for the Interface. Since your DMI is vs0 and other interface is vs3, this should give you different MAC addresses and resolve the flapping.

As far as "best practices" go, I'm sure others can weigh in on this, but I had a hard time nailing down an absolute recommendation. Probably the most basic recommendation I heard was to put the DMI on a network that doesn't sit behind the VSX cluster. In our case, this really didn't match with our optimal design. 

R80 CCSA / CCSE
0 Kudos
Daniel_Taney
Advisor

For a more depth explanation, I believe this is the relevant SK article I referenced when addressing the issue. Connecting multiple clusters to the same network segment (same VLAN, same switch)

R80 CCSA / CCSE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events