cancel
Showing results for 
Search instead for 
Did you mean: 

Remove primary iproute and inject secondary iproute when primary path is unavailable; then reverse when primary path is available

Remove primary iproute and inject secondary iproute when primary path is unavailable; then reverse when primary path is available

Jeff_McLeod
New Contributor
I'm trying to inject a static route 192.168.12.0/22 192.168.11.253 when gateway 192.168.8.12 fails. When 192.168.8.12 is once again available, I would like to remove the 192.168.12.0/22 192.168.11.253 route and replace it with 192.168.12.0/22 192.168.8.12. Both gateway devices are connected to my Summit L2/3 device 192.168.8.36/22. I've examined numerous documents; flow-redirect, IP SLA scripting, and route weighting. All of the knowledge base articles and user streams seem to have partial configs or the scripts are full of bugs\errors. I'm new to Extreme Networks, so my knowledge is a little lacking. I'm able to do this with my Cisco equipment using ip sla and tracking statements, but of course it's well documented in comparison to what I've found with Extreme Networks. I would appreciate any help. I'm looking for detailed configs and\or explanation.

Drowning,

Jeff

17 REPLIES 17

Can we open this back up? It didn't work. Due to the configurations that I was given, it's sill the same problem. The flow-redirect monitors the primary path, but never takes the primary path even when it's up. It always takes the default path which is the secondary path even if the primary path is up. I've stripped down my whole lab, configured it as Jarek documented (with a couple of modifications due to incorrect subnet designations), and it WILL NOT work. My original thought that it worked is because the traffic was ALWAYS taking the secondary path. So when I dropped the link on the primary path device, I mistakenly thought it was failing over, and it wasn't. It was just taking the same secondary path.

Thanks,

Jeff

I've marked it as answered. Glad to see you were able to get this worked out!

-Brandon

Jeff_McLeod
New Contributor
Hey Jarek.
Thanks a bunch! It wasn't a direct solution for my scenario, but your detailed analysis allowed me to piece together my network needs. I was using the flow-redirect configuration in the complete opposite of how it should have been configured. I now have my traffic going to a monitored next hop. When that next hop becomes unavailable, depending on my "interval," it fails over to a default (the secondary) route. Works like a charm. I now have a good handle on it.

Thanks again!

Jeff

Jarek
New Contributor II
Jeff maybe this will help you, let's assume:
-vlan GW_primary,
-vlan GW_secondary,
-vlan Network,
-both gateway must be direct connected to the switch,
-IP address bellow in config.

create vlan GW_primary
configure vlan GW_primary tag 10
configure vlan GW_primary add ports 1 untagged
configure vlan GW_primary ipaddress 192.168.8.36/22
enable ipforwarding vlan GW_primary

create vlan GW_secondary
configure vlan GW_secondary tag 20
configure vlan GW_secondary add ports 2 untagged
configure vlan GW_secondary ipaddress 192.168.11.254/24
enable ipforwarding vlan GW_secondary

create vlan Network
configure vlan Network tag 30
configure vlan Network add ports 3 untagged

## Lets say Network has subnet 10.0.0.0/24

configure vlan Network ipaddress 10.0.0.1/24
enable ipforwarding vlan Network

## Now we need configure route to our secondary GW
## We need this, because we should know where to route traffic
## when the primary GW is unreachable

configure iproute add 192.168.12.0/22 192.168.11.253

## Now we create our flow redirect and configure IP adress of the primary GW

create flow-redirect primary_GW
configure flow-redirect primary_GW add nexthop 192.168.8.12 priority 100
configure flow-redirect primary_GW nexthop 192.168.8.12 ping health-check interval 60 miss 3

## Now we create an ACL primary_GW.pol for redirect traffic from network 10.0.0.0/24 to gw 192.168.8.12

entry Network1 {
if match all {
source-address 10.0.0.0/24;
destination-address 192.168.12.0/22;
} then {
permit;
redirect-name primary_GW;
}
}

### We apply the access list on vlan ingress

configure access-list primary_GW vlan Network ingress

#############################################

--
Jarek

Jeff_McLeod
New Contributor
Hey Patrick. I may be missing something. I have the flow-redirect configured and I can see the nexthop drop in and out. But nothing is routing to the next hop. Since everything is static here, do I need static routes for both the primary and secondary gateways in addition to the flow-redirect? I can ping from a host (192.168.11.250/22) to the Extreme Networks flow-redirect device (192.168.8.36/22), to the primary gateway (192.168.8.12/22), and the secondary gateway (192.168.11.253/22). But nothing past either of these devices.

USARB-SW010001.94 # show flow
Name Nexthop Active VR Name Inactive Health
Count IP address Nexthops Check
====================================================================
GTAC_redirect 2 192.168.8.12 VR-Default Forward PING

ND: Neighbor Discovery

USARB-SW010001.95 # show flow-redirect "GTAC_redirect"
Name : GTAC_redirect VR Name : VR-Default
Inactive Nexthops: Forward Health Check : PING
Nexthop Count : 2
Active IP Address : 192.168.8.12
Index State Priority IP Address Status Interval Miss
======================================================================
0 Enabled 250 192.168.8.12 UP 2 2
1 Enabled 200 192.168.11.253 UP 2 2

ND: Neighbor Discovery

And if I take down the primary gateway:

USARB-SW010001.96 # show flow
Name Nexthop Active VR Name Inactive Health
Count IP address Nexthops Check
====================================================================
GTAC_redirect 2 192.168.11.253 VR-Default Forward PING

ND: Neighbor Discovery

USARB-SW010001.97 # show flow-redirect "GTAC_redirect"
Name : GTAC_redirect VR Name : VR-Default
Inactive Nexthops: Forward Health Check : PING
Nexthop Count : 2
Active IP Address : 192.168.11.253
Index State Priority IP Address Status Interval Miss
======================================================================
0 Enabled 250 192.168.8.12 DOWN 2 2
1 Enabled 200 192.168.11.253 UP 2 2

ND: Neighbor Discovery

Thanks again,

Jeff

GTM-P2G8KFN