Hot Standby Router Protocol (“HSRP”) serves at the Layer 3 Virtual Extensible Local Area Network (“VXLAN”) for hosts in the VxLAN. A Layer 3 VxLAN gateway provides routing between VxLAN segments and between VxLAN to Virtual Local Area Network (“VLAN”) segments. A Layer 3 VxLAN Gateway also serves as a gateway for Host's external connectivity.
In a VxLAN flood and learn mode, the Layer 3 HSRP gateway can be deployed in multiple ways in the VxLAN.
First, HSRP can be configured on VxLAN leaf switches which are typically Top of Rack (“TOR”) switches. In this deployment, HSRP can be enabled on two TOR switches, also known as VxLAN tunnel endpoints (“VTEP”), connected in virtual Port Channel (“vPC”) pair or dedicated Layer 2 peer link to synchronize its states. In this scenario, a spine layer is used as a Layer 3 underlay network to carry the VxLAN overlay tunnels to the TOR switches. In this deployment VxLAN tunnels are originated and terminated on the TOR switches, and the spines do not interpret the VxLAN tunnels. In this case HSRP Active and HSRP Standby parts of a vPC complex, forward packets destined to HSRP VMAC. So there can be only two Active Gateways, as there can be only two switches connected in a vPC complex.
Second, HSRP can be deployed in the spine layer, typically in End of Rack (“EOR”) switches. In this scenario, spine layers also act as Layer 3 VxLAN gateways to terminate the VxLAN tunnels for router to external network and inter VxLAN segment routing and acts as a transit point for the packets bridged from one TOR switch to the other. Here as well Spines can be connected in a vPC pair by a dedicated L2 link, with HSRP enabled on two spine switches. In this case HSRP Active and HSRP Standby parts of the vPC complex forward packets destined to HSRP VMAC. So there can be only two Active Gateways, as there can be only two switches connected in a vPC complex.
Third, HSRP can peer itself with packets being flooded on the VxLAN overlay. In this case HSRP Active only forward packets destined to HSRP VMAC. So there can be only one Active Gateway at a time without vPC.
In each of the above three scenarios, HSRP can act as a maximum of two Active gateways, but it cannot be supported beyond two active gateways.