Extreme Networks

Anonymous · ‎08-23-2017

Hi,

Currently working on integrating a legacy Cisco network with Extreme, where the default route for the interim is to send all traffic into the legacy Cisco network.

This is to be configured via static routing, due to problems in the legacy network enabling a common routing protocol. Below is an example of what the network interconnections will look like:

The two Extreme Switches are using MLAG, common VRRP between them for each of the VLANs with Fabric routing mode enabled, and OSPF also enable across the two.

So in the scenario I would like both cores to route all traffic to the first Cisco core, should that fail all traffic to be routed to the other core.

Have been looking at both these articles:

https://extremeportal.force.com/ExtrArticleDetail?an=000083175

https://extremeportal.force.com/ExtrArticleDetail?an=000083436

The new network is all on 10.x.x.x/8, everything else is to go to the legacy network.

Was exploring implementing something like the following:

create flow-redirect core3-redirect
configure flow-redirect core3-redirect add nexthop 10.0.254.204 priority 100
configure flow-redirect core3-redirect add nexthop 10.0.254.138 priority 200

edit policy ACL_redirect

Entry redirect {
If match all {
source-address 10.0.0.0/8;
} then {
permit;
redirect-name core3-redirect;
}
}

configure access-list ACL_redirect ports x ingress

---------------
create flow-redirect core4-redirect
configure flow-redirect core4-redirect add nexthop 10.0.254.142 priority 100
configure flow-redirect core4-redirect add nexthop 10.0.254.203 priority 200

edit policy ACL_redirect

Entry redirect {
If match all {
source-address 10.0.0.0/8;
} then {
permit;
redirect-name core4-redirect;
}
}

configure access-list ACL_redirect ports x ingress

--------------

Not sure if this is the best way to do it, perhaps using the following instead?:

configure iproute priority static [11-65534]

Also, should I use flow-redirect I would probably have to apply the ACL to all ports bar the ISC link and interlinks to legacy network?

Will have to give the same consideration on the legacy side to stop any asymmetric routing, so if you also have any ideas around that?

Many thanks

Mel78__CISSP__E · ‎08-23-2017

Yes. Each VRRP Group default gateway will be the opposing VIP address.

Again, you can have multiple VRRP group (mVRRP) with multiple VIP addresses.

From there, you can use destination-based static route to the respective gateway on those VIP addresses.

The load-sharing algorithm is based on your static route. You have control how to load share your traffic based on your 2-pairs of opposing VRRP. This design is very deterministic and works much better than load-balancing algorithms in small networks.

Anonymous · ‎08-23-2017

Oh, right, that makes sense..... assume all these addresses share the same VLAN 3999 and mask of /29, as per my example above (just noticed some errors in my masks above) so that the default route see's the opposing VIP addresses as being in same subnet?

Mel78__CISSP__E · ‎08-23-2017

Nope.

What I am recommending is as follows. (As an example)

1) VRRP ID 100 (for Cisco switches only, switch A:10.0.254.178 primary gateway, switch B:10.0.254.179), virtual IP is 10.0.254.182

2) Add a default route to the Extreme virtual IP 10.0.254.192

The above is single group VRRP. You can defined another VRRP group with a new ID and switch B as primary gateway.

3) VRRP ID 101 (for Extreme switches only, switch C:10.0.254.188 primary gateway, switch D:10.0.254.189), virtual IP is 10.0.254.192

4) Add a default route to the Cisco virtual IP 10.0.254.182

The above is single group VRRP. You can defined another VRRP group with a new ID and switch D as primary gateway.

Extreme Switches default route will point to Cisco VRRP and vice-versa.

You can create multiple VRRP group with different primary gateway on both sides to load-share the traffic.

Anonymous · ‎08-23-2017

So scratched this config up, what do you think, this what you had in mind?:

#### Extreme Core 1 ####

create vlan "Interlink1-VRRP"
configure vlan "Interlink1-VRRP" tag 3999
configure vlan "Interlink1-VRRP" add ports x tagged
configure vlan "Interlink1-VRRP" ipaddress 10.0.254.180 255.255.255.248
enable ipforwarding vlan "Interlink1-VRRP"

create vrrp vlan "Interlink1-VRRP" vrid 100
configure vrrp vlan "Interlink1-VRRP" vrid 100 add 10.0.254.182
configure vrrp vlan "Interlink1-VRRP" vrid 100 priority 150
enable vrrp vlan "Interlink1-VRRP" vrid 100

#### Extreme Core 2 ####

create vlan "Interlink2-VRRP"
configure vlan "Interlink2-VRRP" tag 3999
configure vlan "Interlink2-VRRP" add ports x tagged
configure vlan "Interlink2-VRRP" ipaddress 10.0.254.181 255.255.255.248
enable ipforwarding vlan "Interlink2-VRRP"

create vrrp vlan "Interlink2-VRRP" vrid 100
configure vrrp vlan "Interlink2-VRRP" vrid 100 add 10.0.254.182
enable vrrp vlan "Interlink2-VRRP" vrid 100

#### Cisco Core 1 ####

interface TenGigabitEthernet1/1/2
description "Interlink-VRRP-Extreme-Core1"
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3999
switchport mode trunk

interface Vlan3999
ip address 10.0.254.178 255.255.254.0
vrrp 100 description "VRRP-Cisco-Extreme"
vrrp 100 ip 10.0.254.182
no vrrp 100 preempt
end

#### Cisco Core 2 ####

interface TenGigabitEthernet1/1/3
description "Interlink-VRRP-Extreme-Core2"
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3999
switchport mode trunk

interface Vlan3999
ip address 10.0.254.179 255.255.254.0
vrrp 100 description "VRRP-Cisco-Extreme"
vrrp 100 ip 10.0.254.182
no vrrp 100 preempt
end

Anonymous · ‎08-23-2017

I would still have the same problem in the other direction, think mVRRP is the only way to go, as you say, in this example. I'll look further into that but if anything else comes to mind let me know. Many thanks

Extreme Networks

Floating Default Route vs Flow Redirect

Floating Default Route vs Flow Redirect