Why does flow-redirect not work?

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved

snmp sysName "LAYER2-3_SWITCH"

configure sys-recovery-level switch reset


configure vlan default delete ports all

configure vr VR-Default delete ports 1-5

configure vlan default delete ports 1-5

configure vlan "Default" qosprofile QP1

create vlan "GW_primary"

configure vlan GW_primary tag 10

create vlan "GW_secondary"

configure vlan GW_secondary tag 20

create vlan "Network"

configure vlan Network tag 30

configure vlan GW_primary add ports 1 untagged

configure vlan GW_secondary add ports 2 untagged

configure vlan Network add ports 3 untagged

configure vlan GW_primary ipaddress

enable ipforwarding vlan GW_primary

configure vlan GW_secondary ipaddress

enable ipforwarding vlan GW_secondary

configure vlan Network ipaddress

enable ipforwarding vlan Network


configure iproute add

configure ipforwarding originated-packets require-ipforwarding


create flow-redirect primary_GW

configure flow-redirect primary_GW add nexthop priority 100

configure flow-redirect primary_GW nexthop ping health-check interval 60 miss 3

configure access-list primary_GW vlan "Network" ingress


ACL Policy

entry Network1 {

if match all {



} then {


        redirect-name primary_GW;



LAYER2-3_SWITCH.116 # show iproute

Ori  Destination        Gateway         Mtr  Flags         VLAN       Duration

#d        1    U------um--f- Network    0d:1h:51m:5s

#d    1    U------um--f- GW_primary 0d:1h:52m:4s

#d  1    U------um--f- GW_secondary 0d:1h:51m:47s

#s  1    UG---S-um--f- GW_secondary 0d:0h:5m:45s


LAYER2-3_SWITCH.117 # show flow-redirect "primary_GW"

Name             : primary_GW            VR Name          : VR-Default

Inactive Nexthops: Forward               Health Check     : PING

Nexthop Count    : 1

Active IP Address :

Index    State      Priority  IP Address          Status Interval Miss


0        Enabled    100        UP     60       3


NET_PC> trace

trace to, 8 hops max, press Ctrl+C to stop

 1   0.307 ms  0.358 ms  0.311 ms

 2   *   9.823 ms (ICMP type:3, code:3, Destination port unreachable)


NET_PC> ping

84 bytes from icmp_seq=1 ttl=254 time=9.281 ms

84 bytes from icmp_seq=2 ttl=254 time=6.840 ms

84 bytes from icmp_seq=3 ttl=254 time=3.192 ms

84 bytes from icmp_seq=4 ttl=254 time=2.802 ms

84 bytes from icmp_seq=5 ttl=254 time=3.291 ms


If I remove the static route to the secondary gateway, it still doesn’t work.


As long as I put a default or static route in, I can get to either of the gateways and the desired network behind them, but only one of them.

Photo of Jeff McLeod

Jeff McLeod

  • 220 Points 100 badge 2x thumb
  • Extreme(ly) frustrated

Posted 2 years ago

  • 0
  • 1
Photo of Patrick Voss

Patrick Voss, Employee

  • 11,214 Points 10k badge 2x thumb
Hi Jeff,

If you look at your other post I believe I answered your question. Please let me know if you have any questions.
Photo of Jarek


  • 2,386 Points 2k badge 2x thumb

what switch (model) and EXOS you have ? I have done this now on my summit 250e and all is working well.

Photo of Jeff McLeod

Jeff McLeod

  • 220 Points 100 badge 2x thumb
Hey Jarek.  Sorry it took me so long to get back to you, I had a Surface Pro mishap.  So... I'm trying to validate all of my configurations on the virtual appliance, running System type is Summit-PC.  If I can ever get the flow-redirect successfully tested, I will be implementing it on an X460-48p running  Everything seems to work in the virtual lab image, except the nexthop redirect.  I will look at the access-list info that Patrick guided me towards.

Thanks again,

Photo of Jarek


  • 2,386 Points 2k badge 2x thumb
I have done last test on x250e and I think there was xos installed, but I have also x670 with 15.6.3 p1-8 and flow redirect is working ok.

Photo of Jeff McLeod

Jeff McLeod

  • 220 Points 100 badge 2x thumb
Haha!  Hey Jarek.  It looks like it was the EXOS image I was using in my virtual environment.  I loaded a 15.7.x.x image and everything worked.  Weird thing is; the echos respond with type 3 unreachable, but it gives me a round trip response time. Is this correct?  Is this the way it should work?
Photo of Jarek


  • 2,386 Points 2k badge 2x thumb
I don't like tests on vr environment :).

I prefer test with real hardware. I know that sometimes it is a problem, but vr are good for simple things that don't require hardware.
About the "echo and roundtrip time" in VR... I think we should ask guys from Extreme :)