Announcement

I am not sure I follow you.

Even a Windows client has a routing table. How is the ST switch learning about these new routes. If it is senting the traffice to the same gateway, how is it telling the gateway to route the traffic through a different path.

I don't have access to a switch to see what your are describing but, I would like to hear more about your issue.

Tom

Aging out the routing tables on the switches.

There used to be a known issue where the ShoreGear switches and phones would get host routes from ICMP redirect messages and wouldnt release them. You would have to manually clear them from the switch by rebooting or telneting into each switch and deleting the routes manually. There is a registry key you can add to your voicemail switch that will tell the switches to ignore ICMP redirects. I'm not sure if this is enabled by default on the later versions or not. I haven't encountered an issue like this since version. 4.3.

From what my partner and ShoreTel have told me, when the ShoreTel switch has a valid route it does not check for a new one unless that route becomes unavailable or upon reboot.

So with valid MPLS routes, the ST switch shows a gateway of 192.168.x.1 for the HQ site. When MPLS goes down, it then shows a gateway of 192.168.x.254 to go across VPN. When MPLS comes back up, the VPN route did not drop therefore the ST switch continues to use this route until it is rebooted or the VPN becomes unavailable.

According to support, this is by design. They do have an enhancement request and are supposed to be creating something to work with this as I am not the first customer who has had issues with it.

I hope that made sense.

Until ST gets their act together, wouldn't a workaround be to drop the VPN for whatever period of time the switches take to find the correct path?

Ran across a similar issue with ICMP redirect (not multiple wan links, but maybe applicable anyway)

This assumes you are using a layer3 switch: put your gateways to the WAN on a different VLAN (or maybe a different subnet on the same vlan would work).


Say all your servers, shoretel switches, PCs, etc are on vlan 10, 192.168.10.x/24

Put your MPLS router, and VPN device on VLAN 100 192.168.100.x

Set the gateway on the servers, shoretel switches, etc to be the ip address of the layer 3 switch and let it route to the wan.

Then when MPLS goes down, the router won't send the ICMP redirect to anything other than yor L3 switch, the shoretel switches will never get the ICMP redirect. If your L3 switch even wants to send ICMP redirects, it won't be able to as there is no more preferable route (traffic has to hit the L3 as its gateway).


I actually hit upon this method because of a client with L3 switches sending redirects for each public ip accessed, because their firewall was on the same vlan as their PCs. It was only a problem with some websites, but this removed the ICMP redirects.

Try a Layer 3 switch

Not sure I completely understand your set up but here's how we've been designing it to help with a number of issues (which sounds like it fits your situation)

If you have a switch that can handle Layer 3, make it the gateway for your ShoreTel switches. Let the Router handle routing to your service providers and let the switch take care of routing between subnets (Voice and Data VLANs for example) with static routes. ShoreTel gear won't care how often your circuit bounces back and forth if the L3 switch stays up.