Question

Help required for EXOS 15.6 source ip based PBR


Running XOS 15.6 on X770 and configured ACL to match on source-address and ACL matches, but the actions i tried e.g. "redirect" and "redirect-name" to change nexthop does not work but instead the switch continues to use the default routing table. Anyone know of any PBR related bug on the version of XOS as we verified the commands exactly same as given in official concept guide and ACL solution guides?

6 replies

Userlevel 5
Hello,

As far as I can see there is no bug that would preclude policy based routing on the X770. Sometimes I find it helpful to put an ACL counter into my statements to make sure the the ACL's are actually hitting. Add the "count" as an action and as you send traffic you can check the counters to make sure the match criteria is taking. I would check that first and let me know if you need additional support.

Thanks.. Bill
I have not used count, but instead changed the action from redirect to deny instead and found it had really denied the matched (source-address) traffic. So i am very sure ACL was it. Just both redirect and redirect-name did not work. Thanks.
Userlevel 6
Hi

Could you confirm if you are trying the flow-redirect in the default virtual router or a user-created virtual router?

Flow re-direct is not supported in user created VR.

Thanks.
Prashanth KG
Now another new issue with PBR feature on same firmware and switch. After running for some time, all of a sudden it no longer redirects any more even though next hop is up (ping health checks) and counter still incrementing (in policy file). Only starts to redirect after a switch reboot done.
Userlevel 3
Hi,

the PBR with flow- redirect is working when (concept guide) :redirect IP address’s adjacency
is resolved. When the ARP table does not have the information to reach the redirect IP
address, the packet is routed based on the Layer 3 routing table.

Maybe the next-hop IP is learned from routing protocol like OSPF,BGP etc..
and then it will be up

--
Jarek
Hi Jarek,



Health check using ping was configured and switch still recognises that next hop to be healthy (UP) when problem occured. Ping test to nexthop working but flow-redirect not working still. Snoop at peer showed no packet received from Extreme. So redirect not doing what its supposed to.



Chew

Reply