Comware

 View Only

  • 1.  Policy based routing with tracking/nqa

    Posted Jun 07, 2018 10:38 AM

    Hi All

    JPBR.PNG

    Currently there's a policy based route on 3600 which tells the switch to send the traffic sourced from A rane to be send via Primary GRE. I'm trying add track option to "apply ip-address next-hop" statement within PBR. Now I guess if I set my track nqa to be checking next hop's IP [GRE DC1 END] address and this is not available PBR would not take any actions and traffic in question would be send based on routing table, correctly me if I'm wrong. How do I tell the switch to use backup GRE if the primary tunnel fails?

    Current config:

    policy-based-route test permit node 5
    if-match acl 3333
    apply ip-address next-hop [GRE DC1 END] 



  • 2.  RE: Policy based routing with tracking/nqa

    Posted Jun 08, 2018 03:34 AM

    I came up with this, let me know your thoughts

    policy-based-route GUEST_TRAFFIC permit node 5
   if-match acl 3333
   apply ip-address next-hop [DC-1 IP] track 1
    #
policy-based-route GUEST_TRAFFIC permit node 10
   if-match acl 3333
   apply ip-address next-hop [DC-2 IP] track 2 # I think there's no need for track here 
#
nqa entry DC1-GRE ping
 type icmp-echo
  destination ip [DC-1 IP]
  reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
#
nqa entry DC2-GRE ping
 type icmp-echo
  destination ip [DC-2 IP]
  reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
    #
    track 1 nqa entry DC1-GRE ping reaction 1
    track 2 nqa entry DC2-GRE ping reaction 1
    #
    interface Vlan-interface2
     description "GUEST_TRAFFIC"
     ip address 10.0.0.1 24
     dhcp select relay
     dhcp relay server-select 1
     ip policy-based-route GUEST_TRAFFIC
    #
    acl number 3333 name GUEST_TRAFFIC
     rule 0 permit ip source 10.0.0.0 0.0.0.255


  • 3.  RE: Policy based routing with tracking/nqa

    Posted Jun 14, 2018 08:57 AM

    I might have overcomplicated things a little bit, I have used the config below and managed to test it briefly, I think this works fine. I will be able to run better test to make sure this behaves as expected I have also case opened with HP to be sure

    policy-based-route GUEST_TRAFFIC permit node 5
   if-match acl 3333
   apply ip-address next-hop [DC-1 IP] track 1  [DC-2 IP] 
#
nqa entry DC1-GRE ping
 type icmp-echo
  destination ip [DC-1 IP]
  frequency 2000
  reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
#
track 1 nqa entry DC1-GRE ping reaction 1
#
interface Vlan-interface2
 description "GUEST_TRAFFIC"
 ip policy-based-route GUEST_TRAFFIC
#
acl number 3333 name GUEST_TRAFFIC
 rule 0 permit ip source 10.0.0.0 0.0.0.255


Related Content