MAC Masquerade

Avi Vantage supports MAC masquerade for use in conjunction with Avi SE IP routing to accelerate legacy HA SE failover in Linux server clouds. As of 17.2.4, feature support is extended to VMware no-access clouds. The delay in failover that otherwise may occur is attributed to back-end servers clinging to the MAC address of the interface of the previously active SE while they wait to learn the new MAC address from the newly active SE.

For such cases, MAC masquerade facilitates the use of a virtual MAC. Back-end servers are made to learn the virtual MAC for reachability of SE through the floating IP. Upon failover, just as the floating interface IP moves from the failed SE to the new active SE, so does the virtual MAC, enabling back-end servers to reach the correct SE as soon as the floating IP is moved to the new active SE.

Since the feature is applicable only when IP-routing is enabled, all constraints applicable to IP routing are applicable here. Additionally, the feature is only supported for DPDK-based bare-metal deployments and (as of 17.2.4) VMware no-access deployments.

Note: Below are the security settings needed for front-end and back-end port groups for MAC masquerade in a VMware no-access deployment.

security settings for VMware no-access deployment

CLI Interface

The following command-line interface enables the feature under serviceenginegroup configuration:

[admin:10-140-1-4]: > configure serviceenginegroup Default-Group
[admin:10-140-1-4]: serviceenginegroup> enable_vmac
Overwriting the previously entered value for enable_vmac
[admin:10-140-1-4]: serviceenginegroup> save
[admin:10-140-1-4]: >

To disable the feature, use the no-form of the CLI:

[admin:10-140-1-4]: > configure serviceenginegroup Default-Group
[admin:10-140-1-4]: serviceenginegroup> no enable_vmac
[admin:10-140-1-4]: serviceenginegroup> save
[admin:10-140-1-4]: >