Sending Network Traffic to an ECMP Group with PBR
When it is required to specify multiple next hops for redundancy purposes in Policy-Based Routing policies, it is possible to use static ECMP groups. They can be created with the static-ecmp-group-create command and then used in a vFlow PBR configuration to identify all the next hops.
You can add up to 16 next hops (NH) to an ECMP group.
Static ECMP groups can be defined with any of the three scopes: local, cluster or fabric. They can become active only if they are associated with a vRouter in the configuration. In other words, only if a static ECMP group is associated with a vRouter or a VRF (with an active sub-net), does NetVisor OS create an ECMP group entry in the hardware.
A static ECMP group can be linked to a vFlow PBR policy using the action to-ecmp-group parameter and the group’s name as the action value for action-to-ecmp-group-value. For example:
CLI (network-admin@switch) > vflow-create name PBR_ECMP scope local src-ip 3.3.3.0/24 vlan 300 action to-ecmp-group action-to-ecmp-group-value group_name vrouter-name vr-s2 table-name System-L3-L4-PBR-1-0
vflow-create: ecmp group group_name not created in hw
In the above case the vRouter did not exist hence the group was not programmed in hardware.
In addition, only if a Layer 3 entry is resolved and therefore is active as a given next hop, the associated egress ID is added to the ECMP group. Then, if a vFlow policy using the ECMP group is matched by some traffic, the hardware hashes (i.e., distributes) the traffic over the corresponding active next hops based on the Layer 3 and Layer 4 fields in the packets.
To create a static ECMP group associated with a vRouter, use the command:
CLI (network-admin@switch) > static-ecmp-group-create
group-name group-name-string |
Specify an ECMP group name. |
scope local|cluster|fabric |
Specify the scope of the group. |
vrouter-name vrouter-name |
Specify the vRouter name. |
vrf vrf-name |
Specify the name of the VRF. |
vnet vnet-name |
Specify the vNET for the static ECMP group. Note: vnet is an optional parameter that you can specify along with vrf. |
hash-type static-fixed|resilient |
Specify the ECMP hash type. |
For example:
CLI (network-admin@switch) > static-ecmp-group-create group-name gr1 scope local vrf vrf1 vnet vnet1 hash-type static-fixed
To display a static ECMP group’s information you can use the command:
CLI (network-admin@switch) > static-ecmp-group-show
group-name group-name-string |
Displays an ECMP group name. |
scope local|cluster|fabric |
Displays the scope of the group. |
vrouter-name vrouter-name |
Displays the vRouter name. |
vrf vrf-name |
Displays the name of the VRF. |
vnet vnet-name |
Displays the vNET for the static ECMP group. |
vrid vrid-number |
Displays the vRouter ID. |
hw-ecmp-id hw-ecmp-id-number |
Displays the hardware ID. |
hash-type static-fixed|resilient |
Displays the ECMP hash type. |
For example, to view the information for the static ECMP group gr1 configured above, use the command:
CLI (network-admin@switch) > static-ecmp-group-show group-name gr1
switch group-name scope vrf vnet vrid hw-ecmp-id hash-type
------- ---------- ----- ---- ---- ---- ---------- ------------
switch1 gr1 local vrf1 vnet1 1 200256 static-fixed
To delete a static ECMP group, use the command:
CLI (network-admin@switch) > static-ecmp-group-delete group-name group-name-string
Informational note: You cannot delete a static ECMP group while it is in use by any vFlow configuration.
To modify a static ECMP group, use the command:
CLI (network-admin@switch) > static-ecmp-group-modify group-name <group-name-string> vrouter-name <vrouter name> hash-type static-fixed|resilient
To add or remove a next hop to an ECMP group you can use:
CLI (network-admin@switch) > static-ecmp-group-nh-add
group-name group-name-string |
Specify the name of the ECMP group. |
ip ip-address |
Specify the IP address for the next hop. |
CLI (network-admin@switch) > static-ecmp-group-nh-remove
group-name group-name-string |
Specify the name of the ECMP group. |
ip ip-address |
Specify the IP address for the next hop. |
To show the next hop information you can use:
CLI (network-admin@switch) > static-ecmp-group-nh-show
group-name group-name-string |
Displays the name of the ECMP group. |
ip ip-address |
Displays the IP address for the next hop. |
vlan vlan-id |
Displays the VLAN of the next hop. |
egress-id egress-id-number |
Displays the hardware egress ID. |
By default ECMP groups use a fixed hashing algorithm to distribute the traffic across multiple next hops. The advantage of this choice is that such algorithm is simple to implement in hardware and hence is widely available on all switch models.
However, when a link associated with a next hop goes down, the traffic is automatically re-distributed to adapt to the change in the number of paths: this action requires a complete remapping of the hash values thus resulting in unnecessary traffic disruption for certain flows.
Therefore, starting from NetVisor OS release 5.1.1, on certain models only, a new more flexible hashing algorithm is supported. It is called resilient hashing, because it helps prevent unnecessary traffic disruption when the number of next hops changes.
The hash type can be specified as a parameter when a static ECMP group is created like so:
CLI (network-admin@switch) > static-ecmp-group-create group-name <name> [hash-type static-fixed|resilient]
The default hash type is static-fixed. For example, two groups with two different hash types can be created with the following commands:
CLI (network-admin@switch) > static-ecmp-group-create group-name gr1 scope fabric
CLI (network-admin@switch) > static-ecmp-group-nh-add group-name gr1 ip 2.2.2.2
CLI (network-admin@switch) > static-ecmp-group-create group-name gr2 scope fabric hash-type resilient
CLI (network-admin@switch) > static-ecmp-group-nh-add group-name gr2 ip 3.3.3.3
CLI (network-admin@switch) > static-ecmp-group-show
group-name scope vrouter-name vrid hw-ecmp-id hash-type
---------- ------ ------------ ---- ---------- -------------
gr1 fabric vr1 1 200001 static-fixed
gr2 fabric vr1 1 200000 resilient
Informational note: Resilient hashing is not supported in the following switch models:
- Dell Z9100, Freedom F9532-C
- Dell S5048, Freedom F9572L-V