Why does flow-redirect not work?


configure
snmp sysName "LAYER2-3_SWITCH"

configure sys-recovery-level switch reset



configure vlan default delete ports all

configure vr VR-Default delete ports 1-5

configure vlan default delete ports 1-5

configure vlan "Default" qosprofile QP1

create vlan "GW_primary"

configure vlan GW_primary tag 10

create vlan "GW_secondary"

configure vlan GW_secondary tag 20

create vlan "Network"

configure vlan Network tag 30

configure vlan GW_primary add ports 1 untagged

configure vlan GW_secondary add ports 2 untagged

configure vlan Network add ports 3 untagged

configure vlan GW_primary ipaddress 192.168.8.36 255.255.255.0

enable ipforwarding vlan GW_primary

configure vlan GW_secondary ipaddress 192.168.11.254 255.255.255.0

enable ipforwarding vlan GW_secondary

configure vlan Network ipaddress 10.0.0.1 255.255.255.0

enable ipforwarding vlan Network



configure iproute add 192.168.12.0 255.255.252.0 192.168.11.253

configure ipforwarding originated-packets require-ipforwarding



create flow-redirect primary_GW

configure flow-redirect primary_GW add nexthop 192.168.8.12 priority 100

configure flow-redirect primary_GW nexthop 192.168.8.12 ping health-check interval 60 miss 3

configure access-list primary_GW vlan "Network" ingress



ACL Policy

entry Network1 {

if match all {

source-address 10.0.0.0/24;

destination-address 192.168.12.0/22;

} then {

permit;

redirect-name primary_GW;

}



LAYER2-3_SWITCH.116 # show iproute

Ori Destination Gateway Mtr Flags VLAN Duration

#d 10.0.0.0/24 10.0.0.1 1 U------um--f- Network 0d:1h:51m:5s

#d 192.168.8.0/24 192.168.8.36 1 U------um--f- GW_primary 0d:1h:52m:4s

#d 192.168.11.0/24 192.168.11.254 1 U------um--f- GW_secondary 0d:1h:51m:47s

#s 192.168.12.0/22 192.168.11.253 1 UG---S-um--f- GW_secondary 0d:0h:5m:45s



LAYER2-3_SWITCH.117 # show flow-redirect "primary_GW"

Name : primary_GW VR Name : VR-Default

Inactive Nexthops: Forward Health Check : PING

Nexthop Count : 1

Active IP Address : 192.168.8.12

Index State Priority IP Address Status Interval Miss

======================================================================

0 Enabled 100 192.168.8.12 UP 60 3

TAKING THE WRONG PATH

NET_PC> trace 192.168.12.1

trace to 192.168.12.1, 8 hops max, press Ctrl+C to stop

1 10.0.0.1 0.307 ms 0.358 ms 0.311 ms

2 *192.168.11.253 9.823 ms (ICMP type:3, code:3, Destination port unreachable)



NET_PC> ping 192.168.12.1

84 bytes from 192.168.12.1 icmp_seq=1 ttl=254 time=9.281 ms

84 bytes from 192.168.12.1 icmp_seq=2 ttl=254 time=6.840 ms

84 bytes from 192.168.12.1 icmp_seq=3 ttl=254 time=3.192 ms

84 bytes from 192.168.12.1 icmp_seq=4 ttl=254 time=2.802 ms

84 bytes from 192.168.12.1 icmp_seq=5 ttl=254 time=3.291 ms



If I remove the static route to the secondary gateway, it still doesn’t work.



As long as I put a default or static route in, I can get to either of the gateways and the desired network behind them, but only one of them.


6 replies

Userlevel 6
Hi Jeff,

If you look at your other post I believe I answered your question. Please let me know if you have any questions.
Userlevel 3
Jeff,

what switch (model) and EXOS you have ? I have done this now on my summit 250e and all is working well.

--
Jarek
Jarek wrote:

Jeff,

what switch (model) and EXOS you have ? I have done this now on my summit 250e and all is working well.

--
Jarek

Hey Jarek. Sorry it took me so long to get back to you, I had a Surface Pro mishap. So... I'm trying to validate all of my configurations on the virtual appliance, running 15.3.1.4 System type is Summit-PC. If I can ever get the flow-redirect successfully tested, I will be implementing it on an X460-48p running 15.3.3.5. Everything seems to work in the virtual lab image, except the nexthop redirect. I will look at the access-list info that Patrick guided me towards.

Thanks again,

Jeff
Userlevel 3
Jarek wrote:

Jeff,

what switch (model) and EXOS you have ? I have done this now on my summit 250e and all is working well.

--
Jarek

I have done last test on x250e and I think there was xos 15.3.3.5 installed, but I have also x670 with 15.6.3 p1-8 and flow redirect is working ok. -- Jarek
Haha! Hey Jarek. It looks like it was the EXOS image I was using in my virtual environment. I loaded a 15.7.x.x image and everything worked. Weird thing is; the echos respond with type 3 unreachable, but it gives me a round trip response time. Is this correct? Is this the way it should work?
Userlevel 3
I don't like tests on vr environment 🙂.
I prefer test with real hardware. I know that sometimes it is a problem, but vr are good for simple things that don't require hardware. About the "echo and roundtrip time" in VR... I think we should ask guys from Extreme 🙂 --
Jarek

Reply