This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Floating Default Route vs Flow Redirect

Floating Default Route vs Flow Redirect

Anonymous
Not applicable

‎08-23-2017 08:31 AM

Hi,

Currently working on integrating a legacy Cisco network with Extreme, where the default route for the interim is to send all traffic into the legacy Cisco network.

This is to be configured via static routing, due to problems in the legacy network enabling a common routing protocol. Below is an example of what the network interconnections will look like:
 

0b8f36ec79f94116895811afcc55ee12_RackMultipart20170823-112614-1is8lxe-Floating-Route_inline.png

 


The two Extreme Switches are using MLAG, common VRRP between them for each of the VLANs with Fabric routing mode enabled, and OSPF also enable across the two.

So in the scenario I would like both cores to route all traffic to the first Cisco core, should that fail all traffic to be routed to the other core.

Have been looking at both these articles:


https://extremeportal.force.com/ExtrArticleDetail?an=000083175

https://extremeportal.force.com/ExtrArticleDetail?an=000083436

The new network is all on 10.x.x.x/8, everything else is to go to the legacy network.

Was exploring implementing something like the following:

create flow-redirect core3-redirect
configure flow-redirect core3-redirect add nexthop 10.0.254.204 priority 100
configure flow-redirect core3-redirect add nexthop 10.0.254.138 priority 200

edit policy ACL_redirect

Entry redirect {
If match all {
source-address 10.0.0.0/8;
} then {
permit;
redirect-name core3-redirect;
}
}

configure access-list ACL_redirect ports x ingress

---------------
create flow-redirect core4-redirect
configure flow-redirect core4-redirect add nexthop 10.0.254.142 priority 100
configure flow-redirect core4-redirect add nexthop 10.0.254.203 priority 200

edit policy ACL_redirect

Entry redirect {
If match all {
source-address 10.0.0.0/8;
} then {
permit;
redirect-name core4-redirect;
}
}

configure access-list ACL_redirect ports x ingress

--------------

Not sure if this is the best way to do it, perhaps using the following instead?:

configure iproute priority static [11-65534]

Also, should I use flow-redirect I would probably have to apply the ACL to all ports bar the ISC link and interlinks to legacy network?

Will have to give the same consideration on the legacy side to stop any asymmetric routing, so if you also have any ideas around that?

Many thanks

 

17 REPLIES 17

Anonymous
Not applicable

‎08-23-2017 01:20 PM

Great, thanks
0 Kudos

Mel78__CISSP__E
New Contributor III

‎08-23-2017 01:20 PM

You did the 1st step right. Retain the LAG at Cisco side and MLAG at Extreme side.

There will be no loop at MLAG-ISC link.

Theres no need to tag VLAN 3999 over the link between the Cisco switches.

The VRRP multicast hello packet will traverse between Extreme Switches.

0 Kudos

Anonymous
Not applicable

‎08-23-2017 01:20 PM

So having a think about this and decided I would end up creating a L2 loop if I was to add the VLAN 3999 everywhere.

This article mentions a similar problem, where they just omitted the VLAN between one pair of the cores but VRRP information was still shared between the other core pair because of the common VLAN:

https://supportforums.cisco.com/t5/lan-switching-and-routing/vrrp-looping-issue/td-p/2117103

Below I have tried to depict this in the diagram, by omitting VLAN 3999 between the Cisco Cores:

12e47c3b40a94a4bb1496352506dc682_RackMultipart20170823-27917-p6z04l-Floating-Route3_inline.png


Would that make sense, or am I missing something or need to do it in another fashion?

0 Kudos

Anonymous
Not applicable

‎08-23-2017 11:15 AM

Nice one Wong, your a genius! Your time and support has been very much appreciated.

Cheers
Top
GTM-P2G8KFN