Layer 2 based anycast - Kind like GLBP - Research

William Herrin bill at
Thu Jul 1 19:06:22 UTC 2021

On Thu, Jul 1, 2021 at 11:05 AM Douglas Fischer
<fischerdouglas at> wrote:
> I'm looking for solutions do deploy some type of selective high availability and load balance based on the glue between Layer 2 and Layer 3 (ARP or ND).

Hi Douglas,

Anycast is where you send to one network address and the "nearest"
single server with that address receives the packet.

By definition, every piece of equipment in an L2 broadcast domain is
exactly one hop from every other -- no equipment is "nearer." So
conceptually, there is no anycast.

However, L2 domains aren't built with hubs any more; they're built
with switches. There actually are variable distances between
equipment, they're just not expressed in the protocols. So, in theory
you could build an SDN controller for your switches which sets up
different FIB entries in each switch to select which port receives the
traffic for the designated "anycast" mac address. But you may face
limitations where the hardware can't reasonably be programmed to give
each port its own FIB allowing fine-grained control of which client
reaches which server.

Realistically... that approach would tend to be both expensive to
build and very brittle. There's almost certainly a better way to
accomplish your goal than trying to invent L2 anycast.

If you're load balancing IP traffic, another approach might be a
custom ARP controller which responds to ARP requests with different
MAC addresses depending on the request source. There's no guaranteed
timeout for ARP bindings but if you shared around a pool of MAC
addresses guaranteeing that every MAC address in the pool gets
assigned to a currently-working server it could work. You just have to
keep in mind that gratuitous arp absolutely would not work in this
sort of scenario so you have to have a plan for switching loads
between servers without it.

I don't think anybody has built that sort of arp controller (at least
I haven't heard of one) so you'd have to invent it yourself.

>From what I understand of EVPN, it's about creating something
equivalent to VLANs across a distributed virtual server
infrastructure. Basically like what Amazon does under the hood for its
virtual private cloud. Since you're trying to get the machines to
appear on the same subnet, not separate them to different subnets, I
don't think it's what you're looking for.

Bill Herrin

William Herrin
bill at

More information about the NANOG mailing list