Sending Network Traffic to an ECMP Group with PBR
When it is required to specify multiple next hops for redundancy purposes in Policy-Based Routing policies, it is possible to use static ECMP groups. They can be created with the static-ecmp-group-create command and then used in a vFlow PBR configuration to identify all the next hops.
You can add up to 16 next hops (NH) to an ECMP group.
Static ECMP groups can be defined with any of the three scopes: local, cluster or fabric. They can become active only if they are associated with a vRouter in the configuration. In other words, only if a static ECMP group is associated with a vRouter, Netvisor ONE creates an ECMP group entry in the hardware.
A static ECMP group can be associated with a vFlow PBR policy by using the action to-ecmp-group and the group’s name as the action value for action-to-ecmp-group-value. For example:
CLI (network-admin@switch) > vflow-create name PBR_ECMP scope local src-ip 3.3.3.0/24 vlan 300 action to-ecmp-group action-to-ecmp-group-value group_name vrouter-name vr-s2 table-name System-L3-L4-PBR-1-0
vflow-create: ecmp group group_name not created in hw
In the above case the vRouter did not exist hence the group was not programmed in hardware.
In addition, only if a Layer 3 entry is resolved and therefore is active as a given next hop, the associated egress ID is added to the ECMP group. Then, if a vFlow policy using the ECMP group is matched by some traffic, the hardware hashes (i.e., distributes) the traffic over the corresponding active next hops based on the Layer 3 and Layer 4 fields in the packets.
You can use the following command to create a static ECMP group associated to a vRouter:
CLI (network-admin@switch) > static-ecmp-group-create
group-name group-name-string |
Specify an ECMP group name. |
scope local|cluster|fabric |
Specify the scope of the group. |
vrouter-name vrouter-name |
Specify the vRouter name. |
hash-type non-resilient|resilient |
Specify the ECMP hash type. |
You can use the following command to delete a static ECMP group:
CLI (network-admin@switch) > static-ecmp-group-delete group-name group-name-string
Informational note: You cannot delete a static ECMP group while it is in use by any vFlow configuration.
You can use the following command to modify a static ECMP group:
CLI (network-admin@switch) > static-ecmp-group-modify group-name <group-name-string> vrouter-name <vrouter name> hash-type non-resilient|resilient
To display a static ECMP group’s information you can use the command:
CLI (network-admin@switch) > static-ecmp-group-show
group-name group-name-string |
Displays an ECMP group name. |
scope local|cluster|fabric |
Displays the scope of the group. |
vrouter-name vrouter-name |
Displays the vRouter name. |
vrid vrid-number |
Displays the vRouter ID. |
hw-ecmp-id hw-ecmp-id-number |
Displays the hardware ID. |
hash-type non-resilient|resilient |
Displays the ecmp hash type. |
CLI (network-admin@switch) > static-ecmp-group-show
group-name scope vrouter-name vrid hw-ecmp-id
---------- ----- ------------ ---- ----------
gr1 local -1 -1
In the above example a vRouter is missing, hence the ECMP group is not active.
To add or remove a next hop to an ECMP group you can use:
CLI (network-admin@switch) > static-ecmp-group-nh-add
group-name group-name-string |
Specify the name of the ECMP group. |
ip ip-address |
Specify the IP address for the next hop. |
CLI (network-admin@switch) > static-ecmp-group-nh-remove
group-name group-name-string |
Specify the name of the ECMP group. |
ip ip-address |
Specify the IP address for the next hop. |
To show the next hop information you can use:
CLI (network-admin@switch) > static-ecmp-group-nh-show
group-name group-name-string |
Displays the name of the ECMP group. |
ip ip-address |
Displays the IP address for the next hop. |
vlan vlan-id |
Displays the VLAN of the next hop. |
egress-id egress-id-number |
Displays the hardware egress ID. |
By default ECMP groups use a fixed hashing algorithm to distribute the traffic across multiple next hops. The advantage of this choice is that such algorithm is simple to implement in hardware and hence is widely available on all switch models.
However, when a link associated with a next hop goes down, the traffic is automatically re-distributed to adapt to the change in the number of paths: this action requires a complete remapping of the hash values thus resulting in unnecessary traffic disruption for certain flows.
Therefore, starting from Netvisor ONE release 5.1.1, on certain models only, a new more flexible hashing algorithm is supported. It is called resilient hashing, because it helps prevent unnecessary traffic disruption when the number of next hops changes.
The hash type can be specified as a parameter when a static ECMP group is created like so:
CLI (network-admin@switch) > static-ecmp-group-create group-name <name> [hash-type non-resilient|resilient]
The default hash type is non-resilient. For example, two groups with two different hash types can be created with the following commands:
CLI (network-admin@switch) > static-ecmp-group-create group-name gr1 scope fabric
CLI (network-admin@switch) > static-ecmp-group-nh-add group-name gr1 ip 2.2.2.2
CLI (network-admin@switch) > static-ecmp-group-create group-name gr2 scope fabric hash-type resilient
CLI (network-admin@switch) > static-ecmp-group-nh-add group-name gr2 ip 3.3.3.3
CLI (network-admin@switch) > static-ecmp-group-show
group-name scope vrouter-name vrid hw-ecmp-id hash-type
---------- ------ ------------ ---- ---------- -------------
gr1 fabric vr1 1 200001 non-resilient
gr2 fabric vr1 1 200000 resilient
Informational note: Resilient hashing is not supported in the following switch models:
- Dell Z9100, Freedom F9532-C
- Dell S5048, Freedom F9572L-V