Reset Search
 

 

Article

Policy based routing ACE redirect-next-hop does not resolve ARP of next hop which is a Virtual IP address of a Server Cluster

« Go Back

Information

 
TitlePolicy based routing ACE redirect-next-hop does not resolve ARP of next hop which is a Virtual IP address of a Server Cluster
Symptoms
Customer does HTTP and HTTPS traffic redirection to their proxy server virtual IP address using policy based routing. Since there is no arp exists to next-hop IP address, traffic matching the redirect-next-hop ACE drops.
Environment
VSP 8400
VOSS 7.1.0.0
Cause
Nonexistence of ARP entry to next-hop IP address.
Resolution

There are 2 possible workaround solutions:

1. If the next hop is reachable via UNI interface : Create a static ARP entry to the next hop IP address.
2. If the next hop is reachable via NNI interface : Switch will not support adding static ARP via NNI interface. Adding a dummy static route with gateway IP address as redirected next-hop IP address will resolve the arp and it will keep the arp alive.

eg :

Filter Configuration
filter acl 10 type inPort name "ACL_NAME"
filter acl port 10 <PORT#>
filter acl ace action 10 13 permit redirect-next-hop <NEXT_HOP_IP_ADDRESS> 
filter acl ace action 10 13 permit count
filter acl ace ethernet 10 13 ether-type eq 0x800
filter acl ace ip 10 13 src-ip mask <USER_SOURCE_SUBNET> <SUBNET_MASK>
filter acl ace ip 10 13 ip-protocol-type eq  tcp
filter acl ace protocol 10 13 dst-port eq http
filter acl ace 10 13 enable

Solution 1 :
           ip arp <NEXT_HOP_IP_ADDRESS> <NEXT_HOP_MAC_ADDRESS> <UNI_OUTGOING_PORT> vid <VLAN_ID>

Solution 2 :
           ip route <DUMMY_IP_ADDRESS> <DUMMY_IP_SUBNET_MASK> <NEXT_HOP_IP_ADDRESS> weight 10
 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255