Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Enhanced Failover of ECMP Static Routes

The enhanced routing features automatically start failover on detection of unreachable next hop gateways for ECMP static routes. It deletes unreachable next-hobs from the routing table to make sure that the required destination is routed only from reachable next-hops. It adds them back when they are reachable.

This functionality probes each next hop gateway of a static route to detect its reachability status. It pings each SGM. If the next hop is unreachable, it is removed from the routing table and re-entered when it is detected as reachable.

Syntax

> set static-route <network>/<subnet_len> ping on

Note - You can configure enhanced ECMP failover after you configure an ECMP static route.

Parameter

Description

<network>

The IP address of the destination network

<subnet_len>

The subnet length of the destination network

To adjust ping behavior:

> set ping count <val>
> set ping interval <val>

Parameter

Description

count <val>

Number of packets to be sent before next hop is declared dead

interval <val>

Time in seconds to wait between two consecutive pings

Example

  1. Set ECMP for destination 5.5.5.0/24.

    > set static-route 5.5.5.0/24 nexthop gateway address 10.33.85.2 on

    > set static-route 5.5.5.0/24 nexthop gateway address 10.33.85.4 on

    > set static-route 5.5.5.0/24 nexthop gateway address 10.33.85.100 on

    > show route

    1_01:

    Codes: C - Connected, S - Static, R - RIP, B - BGP,

    O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA)

    A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed

    S 0.0.0.0/0 via 192.168.33.1, eth2-01, cost 0, age 2092

    5.5.5.0/24 via 10.33.85.2, eth1-01, cost 0, age 322

    via 10.33.85.4, eth1-01

    via 10.33.85.100, eth1-01

  2. Enable failover ECMP on all static routes configured for destination 5.5.5.0/24.

    > set static-route 5.5.5.0/24 ping on

  3. Make sure the configuration is correct.

    When next-hop 10.33.85.2 is unreachable (no ICMP replies), after 3 pings (by default) it is removed from the routing table:

    [Expert@CH_Lena-ch02-01]# tcpdump -nepi eth1-01 host 10.33.85.2

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on eth1-01, link-type EN10MB (Ethernet), capture size 96 bytes

    14:40:48.388032 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28

    14:40:58.388425 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28

    14:41:08.387895 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28

    The route is deleted from the routing table.

    01 > show route

    1_01:

    Codes: C - Connected, S - Static, R - RIP, B - BGP,

    O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA)

    A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed

    0.0.0.0/0 via 192.168.33.1, eth2-01, cost 0, age 2511

    S 5.5.5.0/24 via 10.33.85.4, eth1-01, cost 0, age 52

    via 10.33.85.100, eth1-01

    When 10.33.85.2 can be reached again, tcpdump shows that it replies to ping requests and is added to the routing table.

    [Expert@CH_Lena-ch02-01]# tcpdump -nepi eth1-01 host 10.33.85.2

    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

    listening on eth1-01, link-type EN10MB (Ethernet), capture size 96 bytes

    14:38:08.388224 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28

    14:38:08.388462 00:50:fc:58:80:0a > 00:1c:7f:0f:00:fe, ethertype IPv4 (0x0800), length 62: 10.33.85.2 > 10.33.85.1: ICMP echo reply, id 53007, seq 43981, length 28

    14:38:18.387762 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28

    14:38:18.387980 00:50:fc:58:80:0a > 00:1c:7f:0f:00:fe, ethertype IPv4 (0x0800), length 62: 10.33.85.2 > 10.33.85.1: ICMP echo reply, id 53007, seq 43981, length 28

    14:38:28.388161 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28

    14:38:28.388382 00:50:fc:58:80:0a > 00:1c:7f:0f:00:fe, ethertype IPv4 (0x0800), length 62: 10.33.85.2 > 10.33.85.1: ICMP echo reply, id 53007, seq 43981, length 28

    > show route

    1_01:

    Codes: C - Connected, S - Static, R - RIP, B - BGP,

    O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA)

    A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed

    S 0.0.0.0/0 via 192.168.33.1, eth2-01, cost 0, age 2092

    5.5.5.0/24 via 10.33.85.2, eth1-01, cost 0, age 322

    via 10.33.85.4, eth1-01

    via 10.33.85.100, eth1-01

Validation

  1. Run from gclish:

    > show route

  2. Make sure that only ECMP static routes with reachable next-hops appear.

    Run: tcpdump

  3. Make sure that every few seconds there is a ping request on the interface with static route and ping on.
  
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print