Show Menu
Cheatography

Arista VARP Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Virtua­l-ARP aka vARP aka VARP

VARP is an active­/active FHRP (first hop redundancy protocol) used together with Arista's MLAG techno­logy. In VARP, both MLAG peers can act as default gateways (DGs) and can forward packets in and out of the subnet regardless of which peer receives the original packet.
https:­//w­ww.a­ri­sta.co­m/e­n/u­m-e­os/­eos­-vr­rp-­and­-varp

Arista also supports VRRP, the active­/st­andby industry standard FHRP.

VARP Topology

Confir­mation

show ip virtua­l-r­outer
Make sure all are "­U" and active. Make sure the virtual MAC is as config­ured. Also notice the default GARP - 30 seconds.
#bash tcpdump -nei vlanX arp
Confirm source IP and source MAC are as expected and that ARP/GARP is being sent/r­eceived as expected.

Optional Config­uration - Source VARP

Peer A
!
interface vlan 10
  ip address 1.0.10.1/24
  ip virtual-router address 192.10.10.254/24
  ip virtual-router address 192.10.11.254/24
!
ip route 192.10.10.0/24 vlan 10
ip route 192.10.11.0/24 vlan 10
!

Peer B
!
interface vlan 10
  ip address 1.0.10.2/24
  ip virtual-router address 192.10.10.254/24 
  ip virtual-router address 192.10.11.254/24 
!
ip route 192.10.10.0/24 vlan 10
ip route 192.10.11.0/24 vlan 10
!
 

Config­uration

Peer A
!
interface vlan 15
  ip address 1.0.15.1/24
  ip virtual-router address 1.0.15.254
!
interface vlan 20
  ip address 1.0.20.1/24
  ip virtual-router address 1.0.20.254
!
ip virtual-router mac-address 001c.7300.0999
!
ip routing
!

Peer B
!
interface vlan 15
  ip address 1.0.15.2/24
  ip virtual-router address 1.0.15.254
!
interface vlan 20
  ip address 1.0.20.2/24
  ip virtual-router address 1.0.20.254
!
ip virtual-router mac-address 001c.7300.0999
!
ip routing
!

Optional Config­uration - GARP interval

ip virtual-router mac-address advertisement-interval

Optional Config­uration - SSH to SVI, etc.

ip fhrp accept-mode
Configures the switch to permit SSH access to the VARP IPs.

Consid­era­tions for VARP

VARP uses two IP addresses on each SVI - a physical IP address per MLAG peer and a virtual IP address (VIP).
Once config­ured, the SVI will start GARPing period­ically (default every 30 seconds). If a local host tries to reach its DG (the VIP) in between intervals, whichever MLAG peer SVI receives the ARP request will respond with the VIP and VMAC.
If a local host is trying to reach a remote host in a different VLAN for the first time, the DG for that remote host will ARP for it using the VIP as the Source IP and the physical MAC of the SVI as the Source MAC. This way the ARP reply will reach the asking­/co­rrect MLAG peer.
There is a feature with VARP called "­Source ARP with a virtual IP" (see Optional Config­ura­tion). This is configured using a different subnet than the physical IP address of the SVI and adding a subnet mask. With this config­ured, the Source IP and Source MAC of the ARP request changes to the VIP and the virtual MAC configured on the switch.
PLEASE NOTE: It is a miscon­fig­uration if a subnet mask is added when using the same subnet as the physical address of the SVI. An error message will be generated if this occurs. If this is not corrected, when the DG sends an ARP request for a remote host, instead of the Source MAC being its physical MAC, it will use its virtual MAC as the Source MAC. The ARP reply from the remote host will use the VMAC as its destin­ation MAC and this could hash to either MLAG peer. If the non-asking peer receives it, the ARP reply will be discarded.
Check "show ip virtua­l-r­out­er" to confirm config­ura­tion.