Uplink Routing using Next-hop Lists

If the managed device uses policy-based routing to forward packets to a next-hop device, a next-hop list ensures that if the primary next-hop device becomes unreachable, the packets matching the policy can still reach their destination. ArubaOS now also allows IPv6 next-hop lists in policy-based routing. For more information on next-hop configuration, see Policy Based Routing.

Defining Next-hop Lists

The following procedure describes how to define a next-hop list:

1. In the Managed Network node hierarchy, navigate to the Configuration> Services> WAN tab.

2. Expand the Next Hop Configuration accordion.

3. (Optional) In the Health check probe interval field, specify the probe interval, in seconds.

The default value is 10 seconds.

4. (Optional) In the Pocket Burst per Probe field, specify the number of probes to be sent during the probe interval.

The default value is 5 probes.

5. Click + below the NextHop Lists table to open the NextHop section that allows you to configure the following next-hop settings:

Table 1: Managed Device Next-Hop Settings

Parameter Description

NextHop list name

Add a name for the new next-hop list.

NOTE: You cannot use the same name for both IPv4 and IPv6 next-hop lists.

IP version

Select either IPv4 or IPv6 from the drop-down list, which you want to assign for the new next-hop list.

NextHops

IPv4 or IPv6 address of the next-hop device or the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID of the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. used by the next-hop device. If the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. gets an IPv4 address using DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. , and the default gateway Gateway is a network node that allows traffic to flow in and out of the network. is determined by the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface, the gateway Gateway is a network node that allows traffic to flow in and out of the network. IP is used as the next-hop IP address.

Click + to open the Add IPv4 NextHop pop-up window, if you selected IPv4 option in the IP version field. In the Add IPv4 NextHop pop-up window, select one of the following radio buttons:

IP— Enter the IPv4 address and priority of the next-hop device In the IP address and Priority fields respectively.

DHCP— Enter the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID and priority of the next-hop device In the VLAN ID and Priority fields respectively.

Click + to open the Add IPv6 NextHop pop-up window, if you selected IPv6 option in the IP version field.

In the Add IPv6 NextHop pop-up window, enter the IPv6 address and priority of the next-hop device in the IPv6 address and Priority fields.

Use the optional Priority field to assign priority to next-hop device. The range is 1-255 and default value is 128.

NOTE: You can configure a maximum of 16 next-hop devices for a next-hop list, and a maximum of 32 next-hop lists are currently supported.

NOTE: You cannot configure IPv6 multicast, link-local, unspecified, loopback, and subnet Subnet is the logical division of an IP network. anycast addresses as IPv6 next-hop addresses.

IPsec map name

A next-hop list may require policy-based redirection of traffic to different VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnels. Select an IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. map to redirect traffic through IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels.

Click + to open the Add New IPsec Map pop-up window. Select either Using site-to-site IPSec or Using IPSec Tunnel to VPNC option from the drop-down list of Forward Settings field, and specify the priority in the Priority field.

NOTE: For IPv6 address, only Using site-to-site IPSec option is supported under Forward Settings field.

If a managed device terminates a secure tunnel on a VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator, you can issue the vpn-peer peer-mac command on the VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator configuration to enable load balancing on secure uplinks between the VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator and a managed device.

The following example enables uplinks between a managed device with the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address 01:00:5E:00:00:FF and a VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. concentrator, this automatically enables load balancing:

(host)[node](config) #vpn-peer peer-mac 01:00:5E:00:00:FF cert-auth factory-cert

NOTE: If the peer device is an x86 server, then configure the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the management interface of the managed device. However, if the peer device is a hardware platform, you must provide the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. interface of the managed device

Preemptive-failover

If preemptive failover is disabled and the highest-priority device on the next-hop list is disabled, the new primary next-hop device remains the primary even when the original device comes back online.

6. Click Submit.

7. Click Pending Changes.

8. In the Pending Changes window, select the check box.

9. Click Deploy Changes.