Why does flow-redirect not work?

  • 0
  • 1
  • Problem
  • Updated 3 years ago
  • Solved

configure
snmp sysName "LAYER2-3_SWITCH"

configure sys-recovery-level switch reset

 

configure vlan default delete ports all

configure vr VR-Default delete ports 1-5

configure vlan default delete ports 1-5

configure vlan "Default" qosprofile QP1

create vlan "GW_primary"

configure vlan GW_primary tag 10

create vlan "GW_secondary"

configure vlan GW_secondary tag 20

create vlan "Network"

configure vlan Network tag 30

configure vlan GW_primary add ports 1 untagged

configure vlan GW_secondary add ports 2 untagged

configure vlan Network add ports 3 untagged

configure vlan GW_primary ipaddress 192.168.8.36 255.255.255.0

enable ipforwarding vlan GW_primary

configure vlan GW_secondary ipaddress 192.168.11.254 255.255.255.0

enable ipforwarding vlan GW_secondary

configure vlan Network ipaddress 10.0.0.1 255.255.255.0

enable ipforwarding vlan Network

 

configure iproute add 192.168.12.0 255.255.252.0 192.168.11.253

configure ipforwarding originated-packets require-ipforwarding

 

create flow-redirect primary_GW

configure flow-redirect primary_GW add nexthop 192.168.8.12 priority 100

configure flow-redirect primary_GW nexthop 192.168.8.12 ping health-check interval 60 miss 3

configure access-list primary_GW vlan "Network" ingress

 

ACL Policy

entry Network1 {

if match all {

        source-address 10.0.0.0/24;

        destination-address 192.168.12.0/22;

} then {

        permit;

        redirect-name primary_GW;

}

 

LAYER2-3_SWITCH.116 # show iproute

Ori  Destination        Gateway         Mtr  Flags         VLAN       Duration

#d   10.0.0.0/24        10.0.0.1        1    U------um--f- Network    0d:1h:51m:5s

#d   192.168.8.0/24     192.168.8.36    1    U------um--f- GW_primary 0d:1h:52m:4s

#d   192.168.11.0/24    192.168.11.254  1    U------um--f- GW_secondary 0d:1h:51m:47s

#s   192.168.12.0/22    192.168.11.253  1    UG---S-um--f- GW_secondary 0d:0h:5m:45s

 

LAYER2-3_SWITCH.117 # show flow-redirect "primary_GW"

Name             : primary_GW            VR Name          : VR-Default

Inactive Nexthops: Forward               Health Check     : PING

Nexthop Count    : 1

Active IP Address : 192.168.8.12

Index    State      Priority  IP Address          Status Interval Miss

======================================================================

0        Enabled    100       192.168.8.12        UP     60       3


TAKING THE WRONG PATH

NET_PC> trace 192.168.12.1

trace to 192.168.12.1, 8 hops max, press Ctrl+C to stop

 1   10.0.0.1   0.307 ms  0.358 ms  0.311 ms

 2   *192.168.11.253   9.823 ms (ICMP type:3, code:3, Destination port unreachable)

 

NET_PC> ping 192.168.12.1

84 bytes from 192.168.12.1 icmp_seq=1 ttl=254 time=9.281 ms

84 bytes from 192.168.12.1 icmp_seq=2 ttl=254 time=6.840 ms

84 bytes from 192.168.12.1 icmp_seq=3 ttl=254 time=3.192 ms

84 bytes from 192.168.12.1 icmp_seq=4 ttl=254 time=2.802 ms

84 bytes from 192.168.12.1 icmp_seq=5 ttl=254 time=3.291 ms

 

If I remove the static route to the secondary gateway, it still doesn’t work.

 

As long as I put a default or static route in, I can get to either of the gateways and the desired network behind them, but only one of them.

Photo of Jeff McLeod

Jeff McLeod

  • 220 Points 100 badge 2x thumb
  • Extreme(ly) frustrated

Posted 3 years ago

  • 0
  • 1
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,714 Points 10k badge 2x thumb
Hi Jeff,

If you look at your other post I believe I answered your question. Please let me know if you have any questions.
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Jeff,

what switch (model) and EXOS you have ? I have done this now on my summit 250e and all is working well.

--
Jarek
(Edited)
Photo of Jeff McLeod

Jeff McLeod

  • 220 Points 100 badge 2x thumb
Hey Jarek.  Sorry it took me so long to get back to you, I had a Surface Pro mishap.  So... I'm trying to validate all of my configurations on the virtual appliance, running 15.3.1.4 System type is Summit-PC.  If I can ever get the flow-redirect successfully tested, I will be implementing it on an X460-48p running 15.3.3.5.  Everything seems to work in the virtual lab image, except the nexthop redirect.  I will look at the access-list info that Patrick guided me towards.

Thanks again,

Jeff
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
I have done last test on x250e and I think there was xos 15.3.3.5 installed, but I have also x670 with 15.6.3 p1-8 and flow redirect is working ok.

--
Jarek
(Edited)
Photo of Jeff McLeod

Jeff McLeod

  • 220 Points 100 badge 2x thumb
Haha!  Hey Jarek.  It looks like it was the EXOS image I was using in my virtual environment.  I loaded a 15.7.x.x image and everything worked.  Weird thing is; the echos respond with type 3 unreachable, but it gives me a round trip response time. Is this correct?  Is this the way it should work?
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
I don't like tests on vr environment :).

I prefer test with real hardware. I know that sometimes it is a problem, but vr are good for simple things that don't require hardware.
About the "echo and roundtrip time" in VR... I think we should ask guys from Extreme :)

--

Jarek
(Edited)