VRRP/HSRP and auto last hop tunning - why necessary?
Hi,
I have to be missing something important here as I can not at all understand why actions described in SOL9487: BIG-IP support for neighboring VRRP/HSRP routers are required.
My understanding of virtual router group behavior (for both VRRP/HSRP) is that this is Active/Passive not Active/Active. What I mean is that at given moment only one physical router is responsible for forwarding traffic to BIG-IP using virtual MAC. So always traffic last hop for BIG-IP is equal to virtual MAC of router group.
It's doesn't matter which physical router is master at given time, it's still sending traffic from virtual MAC that floated from previous master. Moreover virtual router group (VRG) is for me self contained object - I mean for other devices it looks like single device, external devices has no reason to find out what is going on inside VRG, all they care about is if virtual MAC/IP are up and accepting traffic. VRP is responsible for detecting members failure and react appropriately (using VRRP/HSRP protocol) so external devices should not care about monitoring members, as long as at least one member is up def gateway will be reachable and routing traffic - still using same vMAC and vIP.
So after long introduction here is my question:
-
Why BIG-IP should use separate monitors for each member of VRG - why BIG-IP should care if given physical router is up or down? For BIG-IP it should be important if vIP/MAC is up, providing redundancy is task of VRG itself
-
As far as I understand when VRG is receiving external traffic that should be routed to BIG-IP it will be always sourced from current master (as far as physical router is concerned) using ALWAYS vMAC as source MAC, so never physical router MAC will be used for traffic directed to BIG-IP from VRG - AM I right or wrong here?
If so why to mess with creating Last Hop Pool (LHP) or disabling Auto Last Hop (ALH)? For me ALH should work perfectly well, it will send returning traffic to vMAC of VRG as it is always source of traffic, no matter which physical router is active. Even if this is different one that was sending given packet to BIG-IP (because this physical router just failed and another was elected as master) it is still accepting returning traffic directed to vMAC.
Considering LHP - for me this is necessary if we have pool of routers that are NOT sharing vMAC. So after failover new router is using own MAC as target for returning traffic (only IP is floating). Then ALH will fail as it will be trying to send traffic to source MAC of original incoming packet, but this MAC won't be available any more.
However when LHP is set and ALH disabled BIG-IP will be able to do reselect and send traffic to MAC of new router that took over.
So if I am correct with above why to mess with ALH and LHP as described in mentioned SOL?
Again I have to be missing something important but can't figure out what :-(
Piotr