cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10777
Views
66
Helpful
23
Replies

CSCve66879 - FMC 6.2 - Unassigning flexconfig that uses a route-map submits a change to remove the route-map

dcpolgar1
Level 1
Level 1

I have been dealing with this error for the last 2 weeks. The policy will update just fine  with the PBR flexconfig and then the next time a deployment takes place I get this error even if I didn't touch the flexconfig option. I have spent close to 20 hours with TAC regarding this and I hope they get this issue resolved soon. Very frustrating !

23 Replies 23

belgarioz
Level 1
Level 1
It seems 6.2.3.3 is affected too

Anyway, there is a system defined flex config called "policy_based_routing_clear" that goes on Prepend and it should clear all the PBR set up.
I just added it to my flexconfig to clear the PBR.

 

This for 6.2.2.3

Thanks for the information. After working with TAC on this we do have a current workaround until this issue gets fixed. I just have to go into the Flexconfig option and delete the PBR out of the selected append Flexconfig and save it. I then re-add it and save it and then select view to make sure the command will be re-added and deploy it. This has worked so far. I just have to make sure I do this anytime there is a deployment. It is a pain but at least we can work with it until this issue gets fixed. I guess the issue is supposed to be resolved in the 6.3.0 release whenever that comes out. Cisco didn't have any eta last time I talked to them.

Don't you have the "Policy_Base_Routing_Clear" option?

Check attachment

I do have it. I can use that as well if I want. Either option will do the same thing. The one difference is if I add the policy-based-routing-clear I will have to deploy 2 times instead of just once. I will have to deploy it to have that clear option remove the PBR and then deploy again when re-adding it. By just removing the PBR saving it. The re-adding it the PBR adds the next hop back in because that is what gets blown away.The deployment feature is another one I hope they fix waiting 8 minutes for the deployment to finish to make one minor change is ridiculous. Hopefully that will be another issue they address moving forward as well.

Don't tell me: my deployement is 10 minutes :)
I have one doubt: since policy-based-routing-clear is in prepend, it is supposed to run before all the others flex configs. So you cann add it in prepend and then add the PBRs you want in the Append section.
They should work with one deploy.
I haven't checked since I can't afford a 20 minutes deployement in case I am wrong :)

Wow, 10 minutes, now I don't feel so bad :). I did try the prepend when we working working on the issue last month and the PBR got removed but it didn't get added back in which made it more frustrating. That was with 6.2.1 though so maybe they have fixed that part of it. But like I said I know what I am doing at this time only requires one deployment which saves me time and less aggravation. Try it my way once and see if that works for you all I know is they haven't fixed the prepend issue that will be 20 minutes for you instead of 10. Let me know.

hello,

i assume that you configured your PBR by setting the nex-hop ip in route-map creation in section set clauses 

but i'm confused how to monitor the PBR policy if the link is down to move traffic to the second link just like SLA , how can i achieve this ?

hello,

I assume that you configured your PBR by setting the next-hop IP in route-map creation in section set clauses 

but I'm confused how to monitor the PBR policy if the link is down to move traffic to the second link just like SLA, how can I achieve this?

I am assuming you have a HA pair? We use our PBR for out Guest network. We had to setup a second ip address under the monitored interfaces in the HA tab on the devices in FTD. Once we did that we did a failover to the secondary device and then went into the CLI and typed in show route-map. That will show you if the next hop and PBR are working. Hope this helps 

 

show route-map
route-map FTD_Guest_Wireless, permit, sequence 10
Match clauses:
ip address (access-lists): Guest_WiFi_PBR1
interface Guest_Portal

Set clauses:
ip next-hop XXX.XXX.XXX.X

i do have HA working as Active/Standby , but i'm talking about links to ISPs
now i have 2 ISPs links X and Y according to PBR Policy guest network will access internet through link X
what if this link became down withthe ISP
i need them to move to use ISP Y

When are PBR goes down all the Guest traffic then gets routed through the production network ISP automatically. I am not sure how you have your system setup. I would open a TAC case for assistance if the failover isn't working correctly.

yes that's exactly what i need, but my question is how PBR goes down how it's marked as down, how to configure the monitoring mechanism

Hello,

I've successfully configured PBR with tracking using flexconfig,

this video demonstrates the configuration

https://www.youtube.com/watch?v=MKcSBTJ55e8&t=18s