Users Guide
• Performing routing on behalf of peer VLT nodes for a configured time period when a peer VLT node goes down.
When you configure Layer 3 VLT peer routing using the peer-routing command in VLT DOMAIN mode, it applies for both IPv4 and
IPv6 traffic in VLT domains. Layer 3 VLT provides a higher resiliency at the Layer 3 forwarding level. Routed VLT allows you to replace
VRRP with routed VLT to route the traffic from the Layer 2 access nodes. With neighbor discovery (ND) synchronization, both the VLT
nodes perform Layer 3 forwarding on behalf of each other.
The neighbor entries are typically learned by a node using neighbor solicitation (NS) and ND messages. These NS or neighbor
advertisement (NA) messages can be either destined to the VLT node or to any nodes on the same network as the VLT interface. These
learned neighbor entries are propagated to another VLT node so that the peer does not need to relearn the entries.
IPv6 Peer Routing
When you enable peer routing on VLT nodes, the MAC address of the peer VLT node is stored in the ternary content addressable memory
(TCAM) space table of a station. If the data traffic destined to a VLT node, node1, reaches the other VLT node, node2, owing to LAG-
level hashing in the ToR switch, it is routed instead of forwarding the packet to node1. This processing occurs because of the match or hit
for the entry in the TCAM of the VLT node2.
Synchronization of IPv6 ND Entries in a VLT Domain
Because the VLT nodes appear as a single unit, the ND entries learned via the VLT interface are expected to be the same on both VLT
nodes. VLT V6 VLAN and neighbor discovery protocol monitor (NDPM) entries synchronization between VLT nodes is performed.
The VLT V6 VLAN information must synchronize with peer VLT node. Therefore, both the VLT nodes are aware of the VLT VLAN
information associated with the peers. The CLI configuration and dynamic state changes of VLT V6 VLANs are notified to peer VLT node.
The ND entries are generally learned by a node from Neighbor advertisements (NA).
ND entries synchronization scenarios:
• When you enable and configure VLT on both VLT node1 and node2, any dynamically learned ND entry in VLT node1 be synchronizes
instantaneously to VLT node2 and vice-versa. The link-local address also synchronizes if learned on the VLT VLAN interface.
• During failure cases, when a VLT node goes down and comes back up all the ND entries learned via VLT interface must synchronize to
the peer VLT node.
Synchronization of IPv6 ND Entries in a Non-VLT Domain
Layer 3 VLT provides a higher resiliency at the Layer 3 forwarding level. Routed VLT allows you to replace VRRP with routed VLT to route
the traffic from Layer 2 access nodes. With ND synchronization, both the VLT nodes perform Layer 3 forwarding on behalf of each other.
Synchronization of NDPM entries learned on non-VLT interfaces between the non-VLT nodes.
NDPM entries learned on non-VLT interfaces synchronize with the peer VLT nodes in case the ND entries are learned on spanned VLANs
so that each node can complete Layer 3 forwarding on behalf of each other. Whenever you configure a VLAN on a VLT node, this
information is communicated to the peer VLT node regardless of whether the VLAN configured is a VLT or a non-VLT interface. If the
VLAN operational state (OSTATE) is up, dynamically learned ND entry in VLT node1 synchronizes to VLT node2.
Tunneling IPv6 ND in a VLT Domain
Tunneling an NA packet from one VLT node to its peer is required because an NA may reach the wrong VLT node instead of arriving at
the destined VLT node. This may occur because of LAG hashing at the ToR switch. The tunneled NA carries some control information
along with it so that the appropriate VLT node can mimic the ingress port as the VLT interface rather than pointing to VLT node’s
interconnecting link (ICL link).
The overall tunneling process involves the VLT nodes that are connected from the ToR through a LAG. The following illustration is a basic
VLT setup, which describes the communication between VLT nodes to tunnel the NA from one VLT node to its peer.
NA messages can be sent in two scenarios:
• NA messages are almost always sent in response to an NS message from a node. In this case, the solicited NA has the destination
address field set to the unicast MAC address of the initial NS sender. This solicited NA must be tunneled when they reach the wrong
peer.
• Sometimes NA messages are sent by a node when its link-layer address changes. This NA message is sent as an unsolicited NA to
advertise its new address and the destination address field is set to the link-local scope of all-nodes multicast address. This unsolicited
NA packet does not have to be tunneled.
864
Virtual Link Trunking (VLT)