Solved

OOB Routing: Accessing OOB from different subnet

  • 6 January 2021
  • 8 replies
  • 155 views

Hi Guys!

A few days ago i updated our vsp 7254 to VOSS Version 8.2. The new version implemented some changes for the management-interfaces/IPs according to:

 

Our OOB is segmented into different subnets. if im trying to connect from the same subnet the oob-ip belongs to, i can successfully reach the system but i can’t ssh or even ping the oob-ip from the other subnets.

i created the static routes for the different subnets with:

enable
conf t
mgmt oob
ip route 172.28.12.0/24 next-hop 172.28.15.1
ip route 172.28.13.0/24 next-hop 172.28.15.1
ip route 172.28.14.0/24 next-hop 172.28.15.1
exit

the oob-interface has the ip 172.28.15.5/24. how come the interface wont route? is this intentionally?

Best regards,
schuert

icon

Best answer by schuert 8 January 2021, 12:44

found the error. i pinged and checked ssh from a connected exos switch and forgot to define the from ip, which in turn caused the switch to use its transport subnet ip to ping, which isn’t defined via static route on the vsp.

thanks for helping me to figure out my mistake

View original

This topic has been closed for comments

8 replies

Userlevel 5

Here is a config example I have used.

 

mgmt oob

ip address 20.20.20.200/24

ip route 0.0.0.0/0 next-hop 20.20.20.1 weight 300

enable /////// Not sure if this is required.

exit

 

 

 

:upside_down:

the oob-interface was enabled already. i can reach and connect the ip via a system in the same subnet but not from different subnets. other devices in these subnet can successfully route via the GW to the 3 other oob-nets, so this can only be caused by a routing-problem on the vsp.

additionally im using a clip in vrf0 for inbound management, maybe using two kinds of mgmt-interfaces is not supported?

#show mgmt interface
************************************************************************************
Command Execution Time: Wed Jan 06 23:16:05 2021 UTC
************************************************************************************

==================================================================================================
Mgmt Interface Information
==================================================================================================
INST DESCR TYPE ADMIN VLAN PORT VRF PHYSICAL
--------------------------------------------------------------------------------------------------
1 Mgmt-oob1 OOB enable - oob - 94:9b:2c:a2:18:81
3 Mgmt-clip CLIP enable - - GlobalRouter aa:bb:cc:dd:ee:01

2 out of 2 Total Num of mgmt interfaces displayed


#show mgmt ip
************************************************************************************
Command Execution Time: Wed Jan 06 23:15:26 2021 UTC
************************************************************************************

================================================================================
Mgmt IP Addresses
================================================================================
INST DESCR IPV4 TYPE (ORIGIN)
--------------------------------------------------------------------------------
1 oob1 172.28.15.5/24 Manual
3 clip 172.28.64.23/32 Manual

2 out of 2 Total Num of dynamic addresses displayed
--------------------------------------------------------------------------------


#show mgmt ip route
************************************************************************************
Command Execution Time: Wed Jan 06 23:15:02 2021 UTC
************************************************************************************

==========================================================================================
Mgmt IPv4 Route Information - Table main
==========================================================================================
DEST/MASK NEXTHOP METRIC INTERFACE TYPE
------------------------------------------------------------------------------------------
0.0.0.0/0 0.0.0.0 100 Mgmt-clip INTERNAL
172.28.12.0/24 172.28.15.1 300 Mgmt-oob1 STATIC
172.28.13.0/24 172.28.15.1 300 Mgmt-oob1 STATIC
172.28.14.0/24 172.28.15.1 300 Mgmt-oob1 STATIC
172.28.15.0/24 0.0.0.0 1 Mgmt-oob1 LOCAL
172.28.64.23/32 0.0.0.0 1 Mgmt-clip LOCAL

6 out of 6 Total Num of mgmt ip route displayed
------------------------------------------------------------------------------------------

 

Userlevel 6
Badge +1

schuert,

 

Why dont you simply add a default route to the oob mgmt?:

enable
conf t
mgmt oob
ip address 172.28.15.5/24
ip route 0.0.0.0/0 next-hop 172.28.15.1
enable
exit

There are some characteristics to keep in mind:

Mig

Userlevel 5

@schuert TTBOMK all three interface types will work at the same time.

 

OoB, L2, CLIP.  

Userlevel 6
Badge +1

@schuertTTBOMK all three interface types will work at the same time.

 

OoB, L2, CLIP.  


I confirm that all three interfaces will work at the same time

Mig

i have read in the past in some documentation that you shouldn’t set a default route for the management (now oob) interface (at least for the vsp8600), which allows traffic from the data plan to reach the management-interface.

anyways, on my vsp8600 with voss version 6.3 this exact configuration works without the need of a default route. i tried to implement the same on the 7200 with firmware 8.2 and it doesn’t.

i’ll check tomorrow if the interface will be reachable if i add a default route, but for my understanding this shouldn’t be needed and can be considered a bug, if it only works with a default gw?

Userlevel 4

This should work. Could it be that the VSP knows the 3 other OOB routes through another inband path as well? Who is the GW of the other 3 subnets? Does this router have the VSP in its ARP table?

found the error. i pinged and checked ssh from a connected exos switch and forgot to define the from ip, which in turn caused the switch to use its transport subnet ip to ping, which isn’t defined via static route on the vsp.

thanks for helping me to figure out my mistake