ICX multiple interfaces to default route

  • 1
  • Question
  • Updated 4 months ago
3 switch stack. Using 1/2/1 2/2/1 3/2/1 SFPs as uplinks to firewall. Trying to figure out best way or any way to get all my internet traffic out to any of those ports. 
I can map a single destination network to mult int's and the switch can do a little load balancing RR, but I cannot map the default route to multiple interfaces. tried moving them to vlan and using ve but cannot route default route to ve int. 

So does anyone have any suggestions on how to configure the default route to be available via three uplink ports? This is all on one stack. If one of those interfaces went down, I want internet traffic still routing out. 
Photo of scopa

scopa

  • 25 Posts
  • 0 Reply Likes

Posted 4 months ago

  • 1
Photo of Simon

Simon, Employee

  • 14 Posts
  • 5 Reply Likes
If the Firewall supports LACP LAGs then this is the simplest solution as it provides load balancing and automatic failover/recovery if one of the links is lost.
Photo of scopa

scopa

  • 25 Posts
  • 0 Reply Likes
Thanks. Simon. What else could I do to accomplish this?

As per my firewall doc
Aggregated Interfaces for a Virtual Wire
You can Configure an Aggregate Interface Group of virtual wire interfaces, but virtual wires don’t use LACP..If you configure LACP on devices that connect the firewall to other networks, the virtual wire will pass LACP packets transparently without performing LACP functions. In order for aggregate interface groups to function properly, ensure all links belonging to the same LACP group on the same side of the virtual wire are assigned to the same zone.
Photo of Simon

Simon, Employee

  • 14 Posts
  • 5 Reply Likes
From the text you quoted it states " In order for aggregate interface groups to function properly, ensure all links belonging to the same LACP group on the same side of the virtual wire are assigned to the same zone." so I assume that this means that the firewall does support LAGs so long as the the LAG interfaces are in the same zone (I don't know what "zone" means in the context of your firewall but I guess that you do).

If you want to do this using L3 routes then ECMP should help but I'm afraid I'm not sure how to set up the default routes to give you what you need. Hopefully someone smarter than me will be along soon to help out some more.