How different Scaling Methods work

ARP tables are maintained for scaled out virtual service configuration, which is relevant for VIP scale-out scenarios only, i.e., a single VIP across multiple Service Engines In L2 scale-out mode, the primary always responds to the ARP for the VIP. It then sends out a part of the traffic to the secondary SEs. The return traffic can go directly from the secondary SEs through the Direct Secondary Return mode or the primary SE (Tunnel mode). In the case of Tunnel mode, the MAC-VIP mapping is always unique. The VIP is always mapped to the primary SE.

In the Direct Secondary Return mode, the return traffic will use VIP as the source IP and the secondary SE’s MAC as the source MAC. The ‘ARP Inspection’ must be disabled in the network, that is, the network layer should not inspect/block/learn the MAC of the VIP from these packets. Otherwise, MAC-IP mapping will flap. This is a case with a few environments, such as OpenStack, Cisco ACI, etc., and tunnel mode is required in these environments.

In the L3 scale-out with BGP, this is not applicable since the ARP is done for the next hop, which is the upstream router, which in turn does the ECMP to individual SEs. The return traffic uses respective SE’s MAC as source MAC and VIP as source IP. The router handles this as expected.