Hi,
While i working on migration of a 6.x master-standby to 8.4.0.4 mc active-active cluster i focus some issues with policy based routing.
In the new active-active cluster i have an internal vlan (999) with a VRRP configuration and internal DHCP. The DHCP server has a default gateway configured 192.168.1.1, the VRRP VIP address.
When a user connected to controller MC02 (the VRRP master) the nexthop policy works fine. But when a user connected to MC02 (the VRRP backup) the nexthop policy is not working and the traffic is routed out the management interface (200).
When i change the DHCP default gateway from 192.168.1.1 (the VRRP VIP) to 192.168.1.7 (MC01 VLAN999 IP address). It works fine again for MC01.
Now i understand that for PBR to work the default gateway must be on the same controller and cannot be the VIP address.
Can somebody help me, to what is the correct wat to configure this in an active-active cluster. Would be very appreciated ;)
Below some config from a test environment.
user-role nexthoptest
access-list session nexthoptest ###acl is any any any permit
ip nexthop-list nexthoplist-nhl
ip 172.16.201.254 priority 5
ip nexthop-list nexthoplist-nhl202
ip 172.16.202.254 priority 5
ip access-list route nexthoptest-acl
any any any route next-hop-list nexthoplist-nhl
ip access-list route nexthoplist-acl202
any any any route next-hop-list nexthoplist-nhl202
ip access-list route nexthoptest-acl
any any any route next-hop-list nexthoplist-nhl
ip access-list route nexthoplist-acl202
any any any route next-hop-list nexthoplist-nhl202 routing-policy-map role nexthoptest access-list nexthoplist-acl202
interface vlan 200 ###management vlan
ip address 172.16.200.7 255.255.255.0
no suppress-arp
interface vlan 201 ###nexthop vlan
ip address 172.16.201.7 255.255.255.0
ip nat outside
interface vlan 202 ###nexthop vlan
ip address 172.16.202.7 255.255.255.0
ip nat outside
interface vlan 999 ###internal vlan
ip address 192.168.1.7 255.255.255.0
ip nat inside
no suppress-arp