cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Enyi_Ajoku
Nickel

Traffic Engineering

Attached is a brief look of my present architecture. The camera traffic highlighted in blue terminates to the video server for display on the a.a.a.a ip address. On the other hand i have users (using the labeled netscaler as an example) on Vlan B also trying to get access to a.a.a.a.

I have BGB established with all switches and from information i have gathered from the network they have bgp/ospf redistribution set up between the multicast switch and blef switch VS5. 

The issue i have right now is,  VS4 firewall is sending all traffic going to vlan A to use the multicast switch as it next hop which should not be the case. This is causing a loop on my network.

The attached image shows the right part i want the traffic to go.

I have VSX running,i have tried to setup pbr but it is disabled.

Would appreciate any insights.

Thank You

 

0 Kudos
3 Replies

Re: Traffic Engineering

Hello,

Have you tried setting up Route Maps to achieve the desired routing? I had a similar issue with OSPF inside VSX and Route Maps was the way to go, you can set up conditions, actions and weights.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Keep in mind that you may need to set up static routes via SmartDashBoard first:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Hope it helps,
Federico Meiners
https://www.linkedin.com/in/federicomeiners/
0 Kudos
Highlighted
Enyi_Ajoku
Nickel

Re: Traffic Engineering

Thank You for your feedback

one question, why do i need static? i have a growing number of traffic from both the remote sites and VS4.

my assumption was BGP will take care of the routing and i would create routemap to only allow traffic from camera  firewall go through the multicast switch and everything else go to the BLEF switch (VS5)

 

 

 

 

0 Kudos

Re: Traffic Engineering

Maybe you don't have to. In our use case we had to publish static routes via OSPF, that's why we needed it.

 

https://www.linkedin.com/in/federicomeiners/
0 Kudos