Sending Network Traffic to an ECMP Group with PBR


When it is required to specify multiple next hops for redundancy purposes in Policy-Based Routing policies, it is possible to use static ECMP groups. They can be created with the static-ecmp-group-create command and then used in a vFlow PBR configuration to identify all the next hops.


You can add up to 16 next hops (NH) to an ECMP group.


Static ECMP groups can be defined with any of the three scopes: local, cluster or fabric. They can become active only if they are associated with a vRouter in the configuration. In other words, only if a static ECMP group is associated with a vRouter, Netvisor ONE creates an ECMP group entry in the hardware.


A static ECMP group can be associated with a vFlow PBR policy by using the action to-ecmp-group and the group’s name as the action value for action-to-ecmp-group-value. For example:


CLI (network-admin@switch) > vflow-create name PBR_ECMP scope local src-ip 3.3.3.0/24 vlan 300 action to-ecmp-group action-to-ecmp-group-value group_name vrouter-name vr-s2 table-name System-L3-L4-PBR-1-0

vflow-create: ecmp group group_name not created in hw


In the above case the vRouter did not exist hence the group was not programmed in hardware.


In addition, only if a Layer 3 entry is resolved and therefore is active as a given next hop, the associated egress ID is added to the ECMP group. Then, if a vFlow policy using the ECMP group is matched by some traffic, the hardware hashes (i.e., distributes) the traffic over the corresponding active next hops based on the Layer 3 and Layer 4 fields in the packets.


You can use the following command to create a static ECMP group associated to a vRouter:


CLI (network-admin@switch) > static-ecmp-group-create


group-name group-name-string

Specify an ECMP group name.

scope local|cluster|fabric

Specify the scope of the group.

vrouter-name vrouter-name

Specify the vRouter name.

hash-type non-resilient|resilient

Specify the ECMP hash type.


You can use the following command to delete a static ECMP group:


CLI (network-admin@switch) > static-ecmp-group-delete group-name group-name-string


Informational note: You cannot delete a static ECMP group while it is in use by any vFlow configuration.


You can use the following command to modify a static ECMP group:


CLI (network-admin@switch) > static-ecmp-group-modify group-name <group-name-string> vrouter-name <vrouter name> hash-type non-resilient|resilient


To display a static ECMP group’s information you can use the command:


CLI (network-admin@switch) > static-ecmp-group-show


group-name group-name-string

Displays an ECMP group name.

scope local|cluster|fabric

Displays the scope of the group.

vrouter-name vrouter-name

Displays the vRouter name.

vrid vrid-number

Displays the vRouter ID.

hw-ecmp-id hw-ecmp-id-number

Displays the hardware ID.

hash-type non-resilient|resilient

Displays the ecmp hash type.


CLI (network-admin@switch) > static-ecmp-group-show

 

group-name scope vrouter-name vrid hw-ecmp-id

---------- ----- ------------ ---- ----------

gr1        local              -1   -1


In the above example a vRouter is missing, hence the ECMP group is not active.


To add or remove a next hop to an ECMP group you can use:


CLI (network-admin@switch) > static-ecmp-group-nh-add


group-name group-name-string

Specify the name of the ECMP group.

ip ip-address

Specify the IP address for the next hop.



CLI (network-admin@switch) > static-ecmp-group-nh-remove


group-name group-name-string

Specify the name of the ECMP group.

ip ip-address

Specify the IP address for the next hop.


To show the next hop information you can use:


CLI (network-admin@switch) > static-ecmp-group-nh-show


group-name group-name-string

Displays the name of the ECMP group.

ip ip-address

Displays the IP address for the next hop.

vlan vlan-id

Displays the VLAN of the next hop.

egress-id egress-id-number

Displays the hardware egress ID.


By default ECMP groups use a fixed hashing algorithm to distribute the traffic across multiple next hops. The advantage of this choice is that such algorithm is simple to implement in hardware and hence is widely available on all switch models.


However, when a link associated with a next hop goes down, the traffic is automatically re-distributed to adapt to the change in the number of paths: this action requires a complete remapping of the hash values thus resulting in unnecessary traffic disruption for certain flows.


Therefore, starting from Netvisor ONE release 5.1.1, on certain models only, a new more flexible hashing algorithm is supported. It is called resilient hashing, because it helps prevent unnecessary traffic disruption when the number of next hops changes.


The hash type can be specified as a parameter when a static ECMP group is created like so:


CLI (network-admin@switch) > static-ecmp-group-create group-name <name> [hash-type non-resilient|resilient]


The default hash type is non-resilient. For example, two groups with two different hash types can be created with the following commands:


CLI (network-admin@switch) > static-ecmp-group-create group-name gr1 scope fabric


CLI (network-admin@switch) > static-ecmp-group-nh-add group-name gr1 ip 2.2.2.2


CLI (network-admin@switch) > static-ecmp-group-create group-name gr2 scope fabric hash-type resilient


CLI (network-admin@switch) > static-ecmp-group-nh-add group-name gr2 ip 3.3.3.3


CLI (network-admin@switch) > static-ecmp-group-show


group-name scope  vrouter-name vrid hw-ecmp-id hash-type    

---------- ------ ------------ ---- ---------- -------------

gr1        fabric vr1          1    200001     non-resilient     

gr2        fabric vr1          1    200000     resilient


Informational note: Resilient hashing is not supported in the following switch models:

  • Dell Z9100, Freedom F9532-C
  • Dell S5048, Freedom F9572L-V