Multiple Next-hop Support

As discussed above, Layer 3 and Layer 2 policy-based redirect support only one next-hop for one policy-based entry. Multiple next-hops with different priorities can be configured. A higher priority is denoted with a higher number; for example, "priority 5" has a higher precedence than "priority 1." When a high priority next-hop becomes unreachable, another preconfigured next-hop, based on priority, replaces the first. This is done by first creating a flow-redirect name that is used to hold next-hop information. User-created flow-redirect names are not case-sensitive.
Note

Note

As of ExtremeXOS 16.1, there is no limitation in creating the flow-redirects. Number of Next hops has been increased to 4,096 next hops. If more than 4,096 next hops are attempted to be created, an error message appears.

Use the following command:

create flow-redirect flow_redirect_name

To delete the flow-redirect name, use:

delete flow-redirect flow_redirect_name

Then information for each next-hop, including a defined priority, is added one by one to the new flow-redirect name. Use the following command:

configure flow-redirect flow_redirect_name add nexthop ipaddress priority number
Note

Note

You can add IPv4 or IPv6 next-hops to a flow-redirect policy, but both types are not supported in the same policy.

To delete a next-hop, use the following command:

configure flow-redirect flow_redirect_name delete nexthop {ipaddress | all }

Because an ACL does not recognize the virtual routing concept, one policy-based routing is used for multiple virtual routing entries when a VLAN-based virtual router is used for one port. Configuring a virtual router into a flow-redirect allows policy-based routing to work for only one specific virtual router. Use the following command:

configure flow-redirect flow_redirect_name vr vr_name
Note

Note

Flow-redirect does not work on user-created virtual routers.

Finally, a new action modifier, redirect-name, is used to specify the flow-redirect name in an ACL rule entry.

entry redirect_redundancy {
	if match all {
		source-address 1.1.1.100/24 ;
	} then 		 {
		permit ;
		redirect-name <name>
	}
}