Users Guide
295 | BranchController Config for Controllers Dell Networking W-Series ArubaOS 6.4.x| User Guide
Branch Controller Routing Features
The following sections describe some of the features that can be configured using the Smart Config WebUI. For
details on configuring these feature using the Smart Config WebUI, see Routing Configuration on page 309.
Uplink Routing Using Nexthop Lists
A next-hop IP is the IP address of a adjacent router or device with Layer-2 connectivity to the controller. If the
controller uses policy-based routing to forward packets to a next hop device and that device becomes
unreachable, the packets matching the policy will not reach their destination.
The nexthop list provides redundancy for the next-hop devices by forwarding the traffic to a backup next hop
device in case of failures. If the active next-hop device on the list becomes unreachable, traffic matching a
policy-based routing ACL is forwarded using the highest-priority active next-hop device on the list.
If preemptive failover is enabled and a higher priority next hop becomes reachable again, packets are again
forwarded to the higher priority next-hop device.
For more information on creating a routing policy that references a nexthop list, see Configuring Firewall Policies on
page 438.
A maximum of four next-hop device entries can be added to a nexthop list. Each next-hop device can be
assigned a priority, which decides the order of selection of the next hop. If a higher priority next-hop device
goes down, the next higher priority active next-hop device is chosen for forwarding.
If all the next-hop devices are configured with same priority, the order is determined based on the order in
which they are configured. If all the next-hops devices are down, traffic is passed regular destination-based
forwarding.
In a typical deployment scenario with multiple uplinks, the default route only uses one of the uplink next-hop
devices for forwarding packets. If a next hop device becomes unreachable, the packets will not reach their
destination.
If your deployment uses policy-based routing based on a nexthop list, any of the uplink next hop devices could
be used for forwarding traffic. This requires a valid ARP entry (route-cache) in the system for all the policy-
based routing next-hop devices. Each controller supports up to 32 nexthop lists.
In a branch office deployment, the site uplinks can obtain their IP addresses and default gateway using DHCP.
In such deployments, the nexthop list configuration can use the VLAN IDs of uplink VLANs. If the VLAN gets an
IP address using DHCP, and the default gateway is determined by the VLAN interface, the gateway IP is used as
the next-hop IP address.
Branch deployments may also require policy-based redirection of traffic to different VPN tunnels. The nexthop
list allows you to select an IPsec map to redirect traffic through IPsec tunnels.
Policy-Based Routing
Policy-based routing is an optional feature that allows packets to be routed based on access control lists (ACLs)
configured by the administrator. By default, when a controller receives a packet for routing, it looks up the
destination IP in the routing table and forwards the packet to the next-hop router. If policy-based routing is
configured, the nexthop device can be chosen based on a defined access control list.
In a typical deployment scenario with multiple uplinks, the default route only uses one of the uplink next-hop
devices for forwarding packets. If a next-hop device becomes unreachable, the packets will not reach their
destination. If your deployment uses policy-based routing based on a nexthop list, any of the uplink next-hop
devices can be used for forwarding traffic. This requires a valid ARP entry (Route-cache) in the system for all the
policy-based routing next hop devices.