Configure IP SLA + PBR

  • 1
  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)
Hello,

I have to migrate from CISCO routers 1941 to Extreme X670, the routing configuration is as follows:
We have two outputs, one is for the business flow and the other is for the internet, if one link falls the other will replace it, for this we have to configure a PBR + SLA.
Here is the CISCO configuration:

************* Config Tracking *******************

track 100 ip sla 100
track 101 ip sla 101
track 150 list boolean or
 object 100
 object 101
track 300 ip sla 300
track 301 ip sla 301
track 350 list boolean or
 object 300
 object 301

************** Config SLA *********************

ip sla 100
 icmp-echo 10.x.x.x source-interface Loopback2
 threshold 1500
 timeout 1500
 frequency 2
ip sla schedule 100 life forever start-time now
ip sla 101
 icmp-echo 10.x.x.x source-interface Loopback2
 threshold 1500
 timeout 1500
 frequency 2
ip sla schedule 101 life forever start-time now
ip sla 300
 icmp-echo 10.x.x.x source-interface Loopback1
 threshold 1500
 timeout 1500
 frequency 2
ip sla schedule 300 life forever start-time now
ip sla 301
 icmp-echo 10.x.x.x source-interface Loopback1
 threshold 1500
 timeout 1500
 frequency 2
ip sla schedule 301 life forever start-time now

******************* Config Route-Map ********************

route-map FluxMetier deny 5
 match ip address flux-intra-UP
!
route-map FluxMetier permit 10
 match ip address DSCP-IN-D1INP
 set ip next-hop verify-availability 172.x.x.x 1 track 350
!
route-map FluxMetier permit 20
 match ip address DSCP-IN-D2INP
 set ip next-hop verify-availability 172.x.x.x 1 track 350
!
route-map FluxMetier permit 40
 match ip address inter-UP
 set ip next-hop verify-availability 172.x.x.x 1 track 350
!
route-map FluxMetier permit 50
 match ip address meca-up-LUG
 set ip next-hop verify-availability 172.x.x.x 1 track 350
!
route-map STATIC-TO-OSPF permit 40
 match tag 201
!

****************** Config Routage statique ****************

ip route 0.0.0.0 0.0.0.0 172.x.x.x 10 name Cxxx track 150
ip route 0.0.0.0 0.0.0.0 172.x.x.x 20 name Oxx track 350
ip route 10.x.x.x 255.255.255.255 172.x.x.x name UP-PBR-Mxxxxxx
ip route 10.x.x.x 255.255.255.255 172.x.x.x name UP-PBR-Mxxxxxx
ip route 10.x.x.x 255.255.255.255 172.x.x.x name UP-PBR-Cxxxxxxxx
ip route 10.x.x.x 255.255.255.255 172.x.x.x name UP-PBR-Cxxxxxxxx
ip route 172.x.x.x 255.255.255.0 172.x.x.x tag 201 name Ixxxxxx-Pxxxxxxxxxxx
!

My questions :

I am a beginner on ExtremeNetworks, and on the internet, I learned that to do this I have to write scripts, can you help me to write this script knowing that I never Written Scripts before (except ACL)

Thank you sincerely for your help, my situation is really critical and urgent.

Best regards.
Photo of SOUILAH Mohamed

SOUILAH Mohamed

  • 122 Points 100 badge 2x thumb
  • Frustred

Posted 2 years ago

  • 1
  • 1
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
Were it sufficient to simply use ICMP to the next-hop to verify the static route, one could avoid using scripting and instead use the ping-protection feature found in 16.2. Here is a link to the release notes.

It appears, however, that the SLA for each route is more complex, and that latency is used in addition to ICMP packet loss to determine that a static route is invalid. Is this true?

I can help with a script, but I need you to verify the exact conditions under which you need to determine that a static route is invalid.
Photo of SOUILAH Mohamed

SOUILAH Mohamed

  • 122 Points 100 badge 2x thumb
Hello,

Thank you for your reply.

After verification, I do not think the Ping-Protection feature can meet our needs, in addition to that, we use XOS 16.1.3.

For the Script, I will explain how it was configured on CISCO:

Two Loopback addresses were determined for each stream type (business stream and internet confore stream)

Both addresses are mentioned in the "IP SLA" commands (two addresses correspond to two routers in our Data Center).

Track 150 and 350 determine the conditions: if one of the two static routes falls, the connection is switched.

(This is the result of track 150 for example which brings together the 100 or the 101)

Afterwards, nothing obliged to follow the CISCO concept, we can propose an alternative solution that works well too.

Last remark: We have no precise conditions determining what the loss of a static route means, we can fix this in the script

Thank you again for your help.
Photo of SOUILAH Mohamed

SOUILAH Mohamed

  • 122 Points 100 badge 2x thumb
Can any one help me please
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
 Here is an example where the switch has two paths and if the target address is not reachable for anyone path, that path is removed (the port is disabled). The mechanics should be very similar to what you want to do with the exception that routes would be deleted.

While this does not do exactly with what you need, please take a look at this as an example of how scripting like this would work (including the UPM timer mechanism).

create upm profile pingchk1set var target 10.0.0.1
set var source 10.0.10.1
set var gw 10.0.10.2
set var gwp 3
disable clip
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} "\n")
set var i $TCL(lsearch $s *0\ packets\ received\,*)
if ($i < 0) then
   disable port $gwp
   set var msg $TCL(concat \" \" "Route failed via gateway" $gw "! Disabled port " $gwp \" \")
   create log message $msg
   unconfig upm timer pingchk1
endif
.
create upm profile pingchk2
set var target 10.0.0.1
set var source 10.0.20.1
set var gw 10.0.20.2
set var gwp 2
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} "\n")
set var i $TCL(lsearch $s *0\ packets\ received\,*)
if ($i < 0) then
   disable port $gwp
   set var msg $TCL(concat \" \" "Route failed via gateway" $gw "! Disabled port " $gwp \" \")
   create log message $msg
   unconfig upm timer pingchk2
endif
.
create upm timer pingchk1
configure upm timer pingchk1 profile pingchk1
configure upm timer pingchk1 after 1 every 3
create upm timer pingchk2
configure upm timer pingchk2 profile pingchk2
configure upm timer pingchk2 after 1 every 3
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
I can work on a more thorough example that more closely resembles your use case later today.
Photo of SOUILAH Mohamed

SOUILAH Mohamed

  • 122 Points 100 badge 2x thumb
thanks a lot for your help I'll try to understand your script and adapt it to my need. I will come back to you in case of need
Photo of SOUILAH Mohamed

SOUILAH Mohamed

  • 122 Points 100 badge 2x thumb
Matthew : Can I show you my Script?
(Edited)
Photo of Matthew Helm

Matthew Helm, Employee

  • 1,852 Points 1k badge 2x thumb
My script above needs to be fixed with the $t < 0 changed to $t > -1.

This is the script modified for use with routes. Please test this as I have not had a chance to.

#pingcheckroute
create upm profile pingchk1
set var target 10.0.0.1
set var source 10.0.10.1
set var gw 10.0.10.2
disable clip
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} "\n")
set var i $TCL(lsearch $s *0\ packets\ received\,*)
if ($i > -1) then
   show iproute
   set var s $TCL(split ${cli.out} "\n")
   set var i $TCL(lsearch $s *Ori*)
   set var i ($i + 1)
   set var e $TCL(lsearch $s *MOSPF*)
   set var e ($e - 1)
   while ($i < $e) do
      set var l $TCL(lindex $s $i)
      set var r $TCL(lindex $l 0)
      set var n $TCL(lindex $l 1)
      set var g $TCL(lindex $l 2)
      set var t $TCL(regexp $g {Route})
      if ($t) then
         set var g $TCL(lindex $l 3)
      endif
      set var t $TCL(regexp $g ${gw})
      if ($t) then
         set var t $TCL(regexp $r {\#\d})
         if ($t == 0) then
            config iproute delete $n $g
         endif
      endif
      set var i ($i + 1)
   endwhile
   set var msg $TCL(concat \" \" "Route failed via gateway" $gw "! Removed Routes through this gateway to " $target \" \")
   create log message $msg
   unconfig upm timer pingchk1
endif
.
create upm profile pingchk2
set var target 10.0.0.1
set var source 10.0.20.1
set var gw 10.0.20.2
disable clip
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} "\n")
set var i $TCL(lsearch $s *0\ packets\ received\,*)
if ($i > -1) then
   show iproute
   set var s $TCL(split ${cli.out} "\n")
   set var i $TCL(lsearch $s *Ori*)
   set var i ($i + 1)
   set var e $TCL(lsearch $s *MOSPF*)
   set var e ($e - 1)
   while ($i < $e) do
      set var l $TCL(lindex $s $i)
      set var r $TCL(lindex $l 0)
      set var n $TCL(lindex $l 1)
      set var g $TCL(lindex $l 2)
      set var t $TCL(regexp $g {Route})
      if ($t) then
         set var g $TCL(lindex $l 3)
      endif
      set var t $TCL(regexp $g ${gw})
      if ($t) then
         set var t $TCL(regexp $r {\#\d})
         if ($t == 0) then
            config iproute delete $n $g
         endif
      endif
      set var i ($i + 1)
   endwhile
   set var msg $TCL(concat \" \" "Route failed via gateway" $gw "! Removed Routes through this gateway to " $target \" \")
   create log message $msg
   unconfig upm timer pingchk1
endif
.
create upm timer pingchk1
configure upm timer pingchk1 profile pingchk1
configure upm timer pingchk1 after 1 every 3
create upm timer pingchk2
configure upm timer pingchk2 profile pingchk2
configure upm timer pingchk2 after 1 every 3
Photo of Drew C.

Drew C., Community Manager

  • 40,694 Points 20k badge 2x thumb
Let me know if you want to get this posted on our GitHub.
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,676 Points 10k badge 2x thumb
That would benefit to be converted into Python. Can't do it right now, but I'll look into it.