Upstream routing over VSX LAG SVI links

This section shows two configurations for upstream routing over VSX LAG SVI links:

  • ECMP

  • ECMP and VSX LAG

  • Active gateway as next-hop router

The ECMP and VSX LAG configuration is the preferred configuration because LAGs introduce simplicity by reducing the number of transit VLANs and associated SVIs. This simplified configuration results in a minimized Sender Policy Framework (SPF) calculation time. The following figure shows that Core1 and Core2 are not in a VSX LAG, but Agg1 and Agg2 are in a VSX LAG. This figure introduces the requirement for MSTP because all the links between the aggregate and core are bridged (trunk ports with multiple VLANs).

Figure 20: ECMP in a VSX environmentECMP in a VSX environment

The following figure differs from the previous figure in that Core1 and Core2 are in a VSX LAG, which provides load balancing for ECMP. The transit VLANs shown in the following figure are per VRF.

Figure 21: ECMP and VSX LAG in a VSX environmentECMP and MCLAG in a VSX environment

If ECMP is not supported or firewall does not support dynamic routing protocols, active gateway can be used as next-hop router. The following figure shows the specific use case of active/standby firewall with active gateway as the next-hop router.

Figure 22: Active gateway as a next-hop router