cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2201
Views
0
Helpful
4
Replies

Nexus 7k installs static routes to route table even if connected interface present?

Stephen Berk
Level 1
Level 1

I have a Nexus 7k with a load balancer connected on trunks. The trunk to the outside port of the lb carries vlan 223 and the inside carries vlan 224. The Nexus has layer 3 SVI's for both vlan223 and vlan224. The lb has IP's for both vlans also.

interface Vlan223

  ip address 10.1.223.3/24

  hsrp 223

    ip 10.1.223.1

interface Vlan224

  ip address 10.1.224.5/24

  hsrp 224

    ip 10.1.224.1

My coworker put a static route in the Nexus 7k for the vlan224 subnet to go to the IP address on the load balancer:

ip route 10.1.224.0/24 10.1.223.254

And now the route table shows the static route is installed instead of the connected interface.

10.1.224.0/24, ubest/mbest: 1/0

    *via 10.1.223.254, [1/0], 21w0d, static

How is this possible? Why is the static route installed in the route table when a connected interface is present? I'm asking because I have to recreate this at a disaster recovery location that uses a 6509 instead of a Nexus 7k, and when I add a static route to the 6509, it doesn't get added to the route table--just the connected interface does.

Any help is greatly appreciated!

1 Accepted Solution

Accepted Solutions

Stephen

Since it's working and it's in production, I can't change anything, but I'm thinking the layer 3 interface for the "inside" vlan/subnet shouldn't even be configured.

I can't answer the specific question about the Nexus behaviour but i would agree with what you say above.  if the load balancer is routing between subnets which it obviously is otherwise it wouldn't have different IP subnets on each interface then i wouldn't have thought there should be an SVI for the inside subnet on the L3 switch.

Whether or not having an SVI for the inside subnet would be problematic depends on the VIPs you are using on the load balancer ie. if the VIPs are from the outside subnet then it should still be routed correctly to the outside interface.

And as long as the inside servers are using the load balancer as their default gateway traffic should go back through it. Obviously you don't want the default gateway to be the SVI on the L3 switch otherwise return traffic would route around the load balancer.

That said i am still struggling to see why the inside subnet has an SVI on the L3 switch if the load balancer is meant to be routing between those subnets.

I should say i have not done much work with the ACE module so it may act differently but i did do a fair bit with it's predecessor, the CSM (or more specifically the CSM-S).

Is there a reason you had to add that route to the Nexus ie. was it not working properly, were the VIPs not in the outside subnet etc. ?

Jon

View solution in original post

4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

I am curious why you are adding a static route for a connected interface?  Both vlans as you noted are already on the 7k, so what is the static route for?

HTH

The idea is to force the traffic destined for the "inside" of the load balancer through the "outside" interface. I don't understand why it's working though. A connected interface should have an administrative distance of zero and be preferred over a static route with an administrative distance of 1.

Since it's working and it's in production, I can't change anything, but I'm thinking the layer 3 interface for the "inside" vlan/subnet shouldn't even be configured.

Stephen

Since it's working and it's in production, I can't change anything, but I'm thinking the layer 3 interface for the "inside" vlan/subnet shouldn't even be configured.

I can't answer the specific question about the Nexus behaviour but i would agree with what you say above.  if the load balancer is routing between subnets which it obviously is otherwise it wouldn't have different IP subnets on each interface then i wouldn't have thought there should be an SVI for the inside subnet on the L3 switch.

Whether or not having an SVI for the inside subnet would be problematic depends on the VIPs you are using on the load balancer ie. if the VIPs are from the outside subnet then it should still be routed correctly to the outside interface.

And as long as the inside servers are using the load balancer as their default gateway traffic should go back through it. Obviously you don't want the default gateway to be the SVI on the L3 switch otherwise return traffic would route around the load balancer.

That said i am still struggling to see why the inside subnet has an SVI on the L3 switch if the load balancer is meant to be routing between those subnets.

I should say i have not done much work with the ACE module so it may act differently but i did do a fair bit with it's predecessor, the CSM (or more specifically the CSM-S).

Is there a reason you had to add that route to the Nexus ie. was it not working properly, were the VIPs not in the outside subnet etc. ?

Jon

"That said i am still struggling to see why the inside subnet has an SVI on the L3 switch if the load balancer is meant to be routing between those subnets."

That got me to thinking and was able to find the problem. The L3 interface on the switch in production is admin down, so that's why the static route was installed in the route table. When I shutdown the L3 interface on the DR side, everything worked because the static route sent the traffic to the load balancer as expected. You're right, there was no need for a L3 SVI for the inside vlan on the switch. Thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: