Configure IP SLA + PBR


Hello,

I have to migrate from CISCO routers 1941 to Extreme X670, the routing configuration is as follows:
We have two outputs, one is for the business flow and the other is for the internet, if one link falls the other will replace it, for this we have to configure a PBR + SLA.
Here is the CISCO configuration:

************* Config Tracking *******************

track 100 ip sla 100
track 101 ip sla 101
track 150 list boolean or
object 100
object 101
track 300 ip sla 300
track 301 ip sla 301
track 350 list boolean or
object 300
object 301

************** Config SLA *********************

ip sla 100
icmp-echo 10.x.x.x source-interface Loopback2
threshold 1500
timeout 1500
frequency 2
ip sla schedule 100 life forever start-time now
ip sla 101
icmp-echo 10.x.x.x source-interface Loopback2
threshold 1500
timeout 1500
frequency 2
ip sla schedule 101 life forever start-time now
ip sla 300
icmp-echo 10.x.x.x source-interface Loopback1
threshold 1500
timeout 1500
frequency 2
ip sla schedule 300 life forever start-time now
ip sla 301
icmp-echo 10.x.x.x source-interface Loopback1
threshold 1500
timeout 1500
frequency 2
ip sla schedule 301 life forever start-time now

******************* Config Route-Map ********************

route-map FluxMetier deny 5
match ip address flux-intra-UP
!
route-map FluxMetier permit 10
match ip address DSCP-IN-D1INP
set ip next-hop verify-availability 172.x.x.x 1 track 350
!
route-map FluxMetier permit 20
match ip address DSCP-IN-D2INP
set ip next-hop verify-availability 172.x.x.x 1 track 350
!
route-map FluxMetier permit 40
match ip address inter-UP
set ip next-hop verify-availability 172.x.x.x 1 track 350
!
route-map FluxMetier permit 50
match ip address meca-up-LUG
set ip next-hop verify-availability 172.x.x.x 1 track 350
!
route-map STATIC-TO-OSPF permit 40
match tag 201
!

****************** Config Routage statique ****************

ip route 0.0.0.0 0.0.0.0 172.x.x.x 10 name Cxxx track 150
ip route 0.0.0.0 0.0.0.0 172.x.x.x 20 name Oxx track 350
ip route 10.x.x.x 255.255.255.255 172.x.x.x name UP-PBR-Mxxxxxx
ip route 10.x.x.x 255.255.255.255 172.x.x.x name UP-PBR-Mxxxxxx
ip route 10.x.x.x 255.255.255.255 172.x.x.x name UP-PBR-Cxxxxxxxx
ip route 10.x.x.x 255.255.255.255 172.x.x.x name UP-PBR-Cxxxxxxxx
ip route 172.x.x.x 255.255.255.0 172.x.x.x tag 201 name Ixxxxxx-Pxxxxxxxxxxx
!

My questions :

I am a beginner on ExtremeNetworks, and on the internet, I learned that to do this I have to write scripts, can you help me to write this script knowing that I never Written Scripts before (except ACL)

Thank you sincerely for your help, my situation is really critical and urgent.

Best regards.

10 replies

Userlevel 4
Were it sufficient to simply use ICMP to the next-hop to verify the static route, one could avoid using scripting and instead use the ping-protection feature found in 16.2. Here is a link to the release notes.

It appears, however, that the SLA for each route is more complex, and that latency is used in addition to ICMP packet loss to determine that a static route is invalid. Is this true?

I can help with a script, but I need you to verify the exact conditions under which you need to determine that a static route is invalid.
Hello,

Thank you for your reply.

After verification, I do not think the Ping-Protection feature can meet our needs, in addition to that, we use XOS 16.1.3.

For the Script, I will explain how it was configured on CISCO:

Two Loopback addresses were determined for each stream type (business stream and internet confore stream)

Both addresses are mentioned in the "IP SLA" commands (two addresses correspond to two routers in our Data Center).

Track 150 and 350 determine the conditions: if one of the two static routes falls, the connection is switched.

(This is the result of track 150 for example which brings together the 100 or the 101)

Afterwards, nothing obliged to follow the CISCO concept, we can propose an alternative solution that works well too.

Last remark: We have no precise conditions determining what the loss of a static route means, we can fix this in the script

Thank you again for your help.
Can any one help me please
Userlevel 4
Here is an example where the switch has two paths and if the target address is not reachable for anyone path, that path is removed (the port is disabled). The mechanics should be very similar to what you want to do with the exception that routes would be deleted.

While this does not do exactly with what you need, please take a look at this as an example of how scripting like this would work (including the UPM timer mechanism).

create upm profile pingchk1set var target 10.0.0.1
set var source 10.0.10.1
set var gw 10.0.10.2
set var gwp 3
disable clip
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} "\n")
set var i $TCL(lsearch $s *0\ packets\ received,*)
if ($i < 0) then
disable port $gwp
set var msg $TCL(concat "\"" ""Route failed via gateway"" $gw ""! Disabled port "" $gwp \"" \"")
create log message $msg
unconfig upm timer pingchk1
endif
.
create upm profile pingchk2
set var target 10.0.0.1
set var source 10.0.20.1
set var gw 10.0.20.2
set var gwp 2
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} ""\n"")
set var i $TCL(lsearch $s *0\ packets\ received,*)
if ($i < 0) then
disable port $gwp
set var msg $TCL(concat \"" \"" ""Route failed via gateway"" $gw ""! Disabled port "" $gwp \"" \"")
create log message $msg
unconfig upm timer pingchk2
endif
.
create upm timer pingchk1
configure upm timer pingchk1 profile pingchk1
configure upm timer pingchk1 after 1 every 3
create upm timer pingchk2
configure upm timer pingchk2 profile pingchk2
configure upm timer pingchk2 after 1 every 3

"
Userlevel 4
I can work on a more thorough example that more closely resembles your use case later today.
thanks a lot for your help I'll try to understand your script and adapt it to my need. I will come back to you in case of need
Matthew : Can I show you my Script?
Userlevel 4
My script above needs to be fixed with the $t < 0 changed to $t > -1.

This is the script modified for use with routes. Please test this as I have not had a chance to.

#pingcheckroute
create upm profile pingchk1
set var target 10.0.0.1
set var source 10.0.10.1
set var gw 10.0.10.2
disable clip
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} "\n")
set var i $TCL(lsearch $s *0\ packets\ received,*)
if ($i > -1) then
show iproute
set var s $TCL(split ${cli.out} "\n")
set var i $TCL(lsearch $s *Ori*)
set var i ($i + 1)
set var e $TCL(lsearch $s *MOSPF*)
set var e ($e - 1)
while ($i < $e) do
set var l $TCL(lindex $s $i)
set var r $TCL(lindex $l 0)
set var n $TCL(lindex $l 1)
set var g $TCL(lindex $l 2)
set var t $TCL(regexp $g {Route})
if ($t) then
set var g $TCL(lindex $l 3)
endif
set var t $TCL(regexp $g ${gw})
if ($t) then
set var t $TCL(regexp $r {\#\d})
if ($t == 0) then
config iproute delete $n $g
endif
endif
set var i ($i + 1)
endwhile
set var msg $TCL(concat "\"" ""Route failed via gateway"" $gw ""! Removed Routes through this gateway to "" $target \"" \"")
create log message $msg
unconfig upm timer pingchk1
endif
.
create upm profile pingchk2
set var target 10.0.0.1
set var source 10.0.20.1
set var gw 10.0.20.2
disable clip
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} ""\n"")
set var i $TCL(lsearch $s *0\ packets\ received,*)
if ($i > -1) then
show iproute
set var s $TCL(split ${cli.out} ""\n"")
set var i $TCL(lsearch $s *Ori*)
set var i ($i + 1)
set var e $TCL(lsearch $s *MOSPF*)
set var e ($e - 1)
while ($i < $e) do
set var l $TCL(lindex $s $i)
set var r $TCL(lindex $l 0)
set var n $TCL(lindex $l 1)
set var g $TCL(lindex $l 2)
set var t $TCL(regexp $g {Route})
if ($t) then
set var g $TCL(lindex $l 3)
endif
set var t $TCL(regexp $g ${gw})
if ($t) then
set var t $TCL(regexp $r {\#\d})
if ($t == 0) then
config iproute delete $n $g
endif
endif
set var i ($i + 1)
endwhile
set var msg $TCL(concat \"" \"" ""Route failed via gateway"" $gw ""! Removed Routes through this gateway to "" $target \"" \"")
create log message $msg
unconfig upm timer pingchk1
endif
.
create upm timer pingchk1
configure upm timer pingchk1 profile pingchk1
configure upm timer pingchk1 after 1 every 3
create upm timer pingchk2
configure upm timer pingchk2 profile pingchk2
configure upm timer pingchk2 after 1 every 3

"
Userlevel 7
Matthew Helm wrote:

My script above needs to be fixed with the $t < 0 changed to $t > -1.

This is the script modified for use with routes. Please test this as I have not had a chance to.

#pingcheckroute
create upm profile pingchk1
set var target 10.0.0.1
set var source 10.0.10.1
set var gw 10.0.10.2
disable clip
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} "\n")
set var i $TCL(lsearch $s *0\ packets\ received,*)
if ($i > -1) then
show iproute
set var s $TCL(split ${cli.out} "\n")
set var i $TCL(lsearch $s *Ori*)
set var i ($i + 1)
set var e $TCL(lsearch $s *MOSPF*)
set var e ($e - 1)
while ($i < $e) do
set var l $TCL(lindex $s $i)
set var r $TCL(lindex $l 0)
set var n $TCL(lindex $l 1)
set var g $TCL(lindex $l 2)
set var t $TCL(regexp $g {Route})
if ($t) then
set var g $TCL(lindex $l 3)
endif
set var t $TCL(regexp $g ${gw})
if ($t) then
set var t $TCL(regexp $r {\#\d})
if ($t == 0) then
config iproute delete $n $g
endif
endif
set var i ($i + 1)
endwhile
set var msg $TCL(concat "\"" ""Route failed via gateway"" $gw ""! Removed Routes through this gateway to "" $target \"" \"")
create log message $msg
unconfig upm timer pingchk1
endif
.
create upm profile pingchk2
set var target 10.0.0.1
set var source 10.0.20.1
set var gw 10.0.20.2
disable clip
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} ""\n"")
set var i $TCL(lsearch $s *0\ packets\ received,*)
if ($i > -1) then
show iproute
set var s $TCL(split ${cli.out} ""\n"")
set var i $TCL(lsearch $s *Ori*)
set var i ($i + 1)
set var e $TCL(lsearch $s *MOSPF*)
set var e ($e - 1)
while ($i < $e) do
set var l $TCL(lindex $s $i)
set var r $TCL(lindex $l 0)
set var n $TCL(lindex $l 1)
set var g $TCL(lindex $l 2)
set var t $TCL(regexp $g {Route})
if ($t) then
set var g $TCL(lindex $l 3)
endif
set var t $TCL(regexp $g ${gw})
if ($t) then
set var t $TCL(regexp $r {\#\d})
if ($t == 0) then
config iproute delete $n $g
endif
endif
set var i ($i + 1)
endwhile
set var msg $TCL(concat \"" \"" ""Route failed via gateway"" $gw ""! Removed Routes through this gateway to "" $target \"" \"")
create log message $msg
unconfig upm timer pingchk1
endif
.
create upm timer pingchk1
configure upm timer pingchk1 profile pingchk1
configure upm timer pingchk1 after 1 every 3
create upm timer pingchk2
configure upm timer pingchk2 profile pingchk2
configure upm timer pingchk2 after 1 every 3

"

Let me know if you want to get this posted on our GitHub.
Userlevel 7
Matthew Helm wrote:

My script above needs to be fixed with the $t < 0 changed to $t > -1.

This is the script modified for use with routes. Please test this as I have not had a chance to.

#pingcheckroute
create upm profile pingchk1
set var target 10.0.0.1
set var source 10.0.10.1
set var gw 10.0.10.2
disable clip
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} "\n")
set var i $TCL(lsearch $s *0\ packets\ received,*)
if ($i > -1) then
show iproute
set var s $TCL(split ${cli.out} "\n")
set var i $TCL(lsearch $s *Ori*)
set var i ($i + 1)
set var e $TCL(lsearch $s *MOSPF*)
set var e ($e - 1)
while ($i < $e) do
set var l $TCL(lindex $s $i)
set var r $TCL(lindex $l 0)
set var n $TCL(lindex $l 1)
set var g $TCL(lindex $l 2)
set var t $TCL(regexp $g {Route})
if ($t) then
set var g $TCL(lindex $l 3)
endif
set var t $TCL(regexp $g ${gw})
if ($t) then
set var t $TCL(regexp $r {\#\d})
if ($t == 0) then
config iproute delete $n $g
endif
endif
set var i ($i + 1)
endwhile
set var msg $TCL(concat "\"" ""Route failed via gateway"" $gw ""! Removed Routes through this gateway to "" $target \"" \"")
create log message $msg
unconfig upm timer pingchk1
endif
.
create upm profile pingchk2
set var target 10.0.0.1
set var source 10.0.20.1
set var gw 10.0.20.2
disable clip
set var cli.out 0
ping count 2 $target from $source
set var s $TCL(split ${cli.out} ""\n"")
set var i $TCL(lsearch $s *0\ packets\ received,*)
if ($i > -1) then
show iproute
set var s $TCL(split ${cli.out} ""\n"")
set var i $TCL(lsearch $s *Ori*)
set var i ($i + 1)
set var e $TCL(lsearch $s *MOSPF*)
set var e ($e - 1)
while ($i < $e) do
set var l $TCL(lindex $s $i)
set var r $TCL(lindex $l 0)
set var n $TCL(lindex $l 1)
set var g $TCL(lindex $l 2)
set var t $TCL(regexp $g {Route})
if ($t) then
set var g $TCL(lindex $l 3)
endif
set var t $TCL(regexp $g ${gw})
if ($t) then
set var t $TCL(regexp $r {\#\d})
if ($t == 0) then
config iproute delete $n $g
endif
endif
set var i ($i + 1)
endwhile
set var msg $TCL(concat \"" \"" ""Route failed via gateway"" $gw ""! Removed Routes through this gateway to "" $target \"" \"")
create log message $msg
unconfig upm timer pingchk1
endif
.
create upm timer pingchk1
configure upm timer pingchk1 profile pingchk1
configure upm timer pingchk1 after 1 every 3
create upm timer pingchk2
configure upm timer pingchk2 profile pingchk2
configure upm timer pingchk2 after 1 every 3

"

That would benefit to be converted into Python. Can't do it right now, but I'll look into it.
My colleague suggested this script, what do you think?

Reply