Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

Enhanced Failover of ECMP Static Routes

Description

The enhanced routing features automatically start failover on detection of unreachable next hop gateways for ECMP static routes. It ensures that the required destination will be routed only from reachable next-hops by deleting unreachable next-hops from the routing table, and add it again when they are reachable.

The new functionality probes each next hop gateway of a static route to detect its reachability status. Probing is done on each SGM, with "ping", the standard ICMP echo protocol. If the next hop is unreachable it is being removed from the routing table and re-entered when it is detected as reachable.

Syntax

In order to activate enhanced failover on a static route run from gclish:
> set static-route <network>/<subnet length> ping on

Note: enhanced ECMP failover can be configured after you configured ECMP static route. (see Configuring)

Parameter

Description

<network>

The IP address of the destination network

<subnet length>

The subnet length of the destination network

In order to adjust ping behavior, use:
> set ping count <VALUE>
> set ping interval <VALUE>

Parameter

Description

count <VALUE>

Number of packets to be sent before next hop is declared dead

Interval <VALUE>

Time in seconds to wait between two consecutive pings

Example

Step 1: set ECMP for destination 5.5.5.0/24

> set static-route 5.5.5.0/24 nexthop gateway address 10.33.85.2 on
> set static-route 5.5.5.0/24 nexthop gateway address 10.33.85.4 on
> set static-route 5.5.5.0/24 nexthop gateway address 10.33.85.100 on
> show route
1_01:
Codes: C - Connected, S - Static, R - RIP, B - BGP,
       O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA)
       A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed

S     0.0.0.0/0           via 192.168.33.1, eth2-01, cost 0, age 2092 
      5.5.5.0/24          via 10.33.85.2, eth1-01, cost 0, age 322 
                          via 10.33.85.4, eth1-01 
                          via 10.33.85.100, eth1-01 

step2: enable failover ECMP on all static route configured for destination 5.5.5.0/24
> set static-route 5.5.5.0/24 ping on

Step3: validation

When next-hop 10.33.85.2 is unreachable: (no ICMP replies), after 3 pings (by default) it will be removed from the routing table:

[Expert@CH_Lena-ch02-01]# tcpdump -nepi eth1-01 host 10.33.85.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1-01, link-type EN10MB (Ethernet), capture size 96 bytes
14:40:48.388032 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28
14:40:58.388425 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28
14:41:08.387895 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28

The route has been deleted from the routing table

01 > show route
1_01:
Codes: C - Connected, S - Static, R - RIP, B - BGP,
       O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA)
       A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed

     0.0.0.0/0           via 192.168.33.1, eth2-01, cost 0, age 2511 
S     5.5.5.0/24          via 10.33.85.4, eth1-01, cost 0, age 52 
                          via 10.33.85.100, eth1-01 

When 10.33.85.2 is reachable again we can see in the tcpdump that it replies to ping requests and it is added to the routing table


[Expert@CH_Lena-ch02-01]# tcpdump -nepi eth1-01 host 10.33.85.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1-01, link-type EN10MB (Ethernet), capture size 96 bytes
14:38:08.388224 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28
14:38:08.388462 00:50:fc:58:80:0a > 00:1c:7f:0f:00:fe, ethertype IPv4 (0x0800), length 62: 10.33.85.2 > 10.33.85.1: ICMP echo reply, id 53007, seq 43981, length 28
14:38:18.387762 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28
14:38:18.387980 00:50:fc:58:80:0a > 00:1c:7f:0f:00:fe, ethertype IPv4 (0x0800), length 62: 10.33.85.2 > 10.33.85.1: ICMP echo reply, id 53007, seq 43981, length 28
14:38:28.388161 00:1c:7f:a1:01:55 > 00:50:56:a7:7f:f5, ethertype IPv4 (0x0800), length 62: 10.33.85.1 > 10.33.85.2: ICMP echo request, id 53007, seq 43981, length 28
14:38:28.388382 00:50:fc:58:80:0a > 00:1c:7f:0f:00:fe, ethertype IPv4 (0x0800), length 62: 10.33.85.2 > 10.33.85.1: ICMP echo reply, id 53007, seq 43981, length 28

> show route
1_01:
Codes: C - Connected, S - Static, R - RIP, B - BGP,
       O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA)
       A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed

S     0.0.0.0/0           via 192.168.33.1, eth2-01, cost 0, age 2092 
     5.5.5.0/24          via 10.33.85.2, eth1-01, cost 0, age 322 
                          via 10.33.85.4, eth1-01 
                          via 10.33.85.100, eth1-01 

Validation

  1. Run from gclish:

    show route and verify that only ECMP static routes with reachable next-hops are shown

  2. Run:

    tcpdump to verify that each few seconds there is a ping request on the interface with static route and ping on

 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print