Hosts attached to the leaf switches are configured with a default gateway, which is typically the IP address of the leaf switch in the VLAN that faces the host. If the host moves to another leaf switch, you have to reconfigure the host with the IP address of the new leaf switch as its default gateway.
To make this movement of host from one leaf switch to another seamless, all the leaf switches are configured with the same anycast IP address and the associated virtual MAC (VMAC or anycast MAC) address for a VLAN or bridge domain. This configuration allows any leaf switch to behave as the default gateway for the host and allows for the most optimal forwarding behavior.
The ingress leaf switch recognizes the VMAC address as its own MAC address and performs Layer 3 forwarding.
As shown in the following figure, all leaf switches for VLAN 10 are configured with the same MAC address and IP address.
When the host sends an ARP request for the gateway IP address on VLAN 10, the ingress leaf switch intercepts the ARP request and responds with the VMAC address associated with anycast IP. This behavior is controlled for each VE interface.
Note
Static anycast gateway is recommended only in the presence of a BGP EVPN control plane.To configure static anycast gateway, configure the VMAC address first by specifying the default MAC address or an arbitrary unicast MAC address as in the following IPv4 and IPv6 examples. The default MAC address values are 02e0.5200.0100 for IPv4 and 02e0.5200.0200 for IPv6.
device(config)# ip anycast-gateway-mac default-mac device(config)# ipv6 anycast-gateway-mac default-mac device(config)# ip anycast-gateway-mac 0000.0101.0101 device(config)# ipv6 anycast-gateway-mac 0000.0101.0102
The anycast gateway IP address can be configured under the VE interface for VLANs or bridge domains in the following example.
device(config)# vlan 100 device(config-vlan-100)# router-interface ve 100 device(config-vlan-100)# int ve 100 device(config-if-Ve-100)# ip anycast-address 100.0.0.1/24 device(config-if-Ve-100)# ipv6 anycast-address 1000::1/24
The configured anycast gateway address can be seen in the following examples.
device# show ip anycast-gateway Gateway mac: 02e0.5200.0100 Ve10 1.1.1.0/24 Inactive (Interface Down) Ve100 100.0.0.1/24 Active device# show ipv6 anycast-gateway Gateway mac: 02e0.5200.0200 Ve100 1000::1/24 Active
Important
As a best practice, configure ARP suppression on VLANs or bridge domains if static anycast gateway is configured on the corresponding VE interface. Otherwise, duplicate ARP responses to the gateway IP address are observed.