Service routes are one of the many ways you can perform routing using your 128T. Service routes allow you to influence the 128T router’s egress interface and next hop for a service’s traffic. In other words, if your traffic is headed to a particular application that you have defined as a service, then the service route tells your 128T how to route that traffic. In the above eLearning, we’ll discuss service routes in more detail and then we’ll show you how to configure them.
Services
We should start our discussion of service routes by first reviewing services.
You may remember from the Video: Services in 128T, services within your 128T are the termination of routes to the end devices or networks that deliver application services to the requestor. So basically, the server or servers that deliver the application you are requesting or the “next hop network” you go to in order to reach the server or servers that deliver that application. For example, a web server that delivers a particular website could be a service, or your syslog servers may be another service.
When you configure services on your 128T, you are telling your 128T routers what type of traffic it is allowed to route, what policies to apply, and who has access to particular applications. Modeling your network’s applications as services, and defining relationships between services establishes routing paths for application traffic through your network. Services are defined under the authority, meaning that you only need to configure them in one spot and they’re applied to all routers in that authority.
Service Routes
Now, in order to access a service, you need a route to that service. That is where service routes come in. Service routes are defined at the router level, meaning they are considered local data. Routers that have access to those terminating end devices or destination networks for the service will have service routes defined. Other routers may not have direct access to those networks or end devices, and will need to go through a peer to get there.
You can think of service routes like traditional static routes, but only for traffic specific to the associated service. When packets arrive at a 128T router and match a known service, then the 128T router use its route selection algorithm to choose the most appropriate service route. This algorithm will consider the current traffic load, the provisioned capacities of the routes that match the service, the traffic distribution policy for this service, and the availability of the next-hop elements derived via BFD.
Service Agent or Peer Service Route?
The service route can be one of two types: service agent or a peer service route. A service agent service route forwards sessions to traditional routers or end devices. A peer service route points to another 128T router you have configured as a peer. When your service route points to a peer, then you will route using secure vector routing or SVR. For more info on SVR check out the Minute Monday Video: Secure Vector Routing and the Video: Packet Walkthrough.
Configuring Service Routes
Configuring a service route is extremely easy. Remember, each service route is particular to a router, so from the authority level, go into the router. Then just select “New Service Route” and give it a name. We like to name it based on what service it is associated with and what it routes to, but you can name it however you like.
Now you just tell the 128T which service this service route applies to and how it gets there. You can also apply some service route policies to load balance or set SLAs if you like, but we won’t cover those here.
Demo
For this demo, we are creating 2 service routes, both for a service named dnat-testservice3. This service sits behind our datacenter router. So on our branch router, we are configuring a service route to point to our datacenter router for any dnat-testservice3 traffic. This is clear because under Service Route Type, we chose is “Peer Service Route” and we selected “bostonsite1,” our datacenter router. This was configured as a peer prior to this exercise, which is why it is available in our drop down.
On our datacenter router, we will now create a service route that tells our 128T what ip address to route dnat-testservice3 traffic to. We do that by selecting “Service Agent” under Service Route Type and then putting the ip address of the server that packets are forwarded to for dnat-testservice3 under NAT Target. The destination will now be natted to this ip address.
If we want to specify which Node and Network Interface we want this service route to use, we can do that by selecting “New Next Hop.” We can also leave NAT Target and Destination blank and just select a “New Next Hop,” if we prefer. This way we are telling it which network interface to go out of, but it will use the packet’s destination address as its destination.
Fib Table
Alright, let’s take a look at the fib table to see what is going on here. What we see is that when our branch office router receives traffic headed to 128.128.128.1 coming from the tenant customerx (which we applied on our lan interface, so any traffic coming into that interface will be from the customerx tenant) will be allowed access to our service dnat-testservice3, which has a next hop set to 10.0.128.1 (our Peer datacenter router).
Now, the fib table of our datacenter router shows us that traffic headed to 128.128.128.1 belonging in the customerx tenant will be allowed access to service dnat-testservice3 at 172.36.128.2 - our NAT Target set in our Service Agent service route.
#video