cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
597
Views
1
Helpful
4
Replies
Highlighted
Beginner

Using onePK to enforce a next hop

Hi folks,

I'm using the C version of SDK 1.1 and the All in one VM. I want to apply a policy to set the next hop for a given traffic (effectively ignoring the routing table). Based on my current understanding, I have 3 options:

1) Use a next hop action with the explicit next hop IP

2) Use a divert action with a call to onep_dpss_inject_raw_packet with the original packet and location set at PREROUTING (to rebuild its L2 header)

3) Use a divert action with a call to onep_dpss_inject_raw_packet with the original packet and location set to OUTPUT, but with its L2 header modified before injection.

But,

- Option 1 doesn't seems supported (not listed in the capability table actions)

- Option 2 will route packet based on the routing table (not what we want)

- Option 3 could work, but we have to build the L2 ourselves. Is there any way with onePK we can easily retrieve the dst mac based on the next hop IP? And what about retrieving the local src mac from the interface selected for injection to build a fully valid L2 header?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Cisco Employee

As was stated, you could use the VTY SS to do everything, but that's not very "onePK-like."  One way to determine the proper destination MAC address, assuming the next hop is a onePK node, is to connect to it, and get the physical address from the interface that has your desired IP.  If that is not possible, then you can resort to the VTY SS to run "show ip arp" and grab the MAC of the next hop (note: you may have to do a ping first).

View solution in original post

4 REPLIES 4
Highlighted
Enthusiast

Hi,

in my opinion exists different option, I use python api to manipulate with policy based routing (PBR: in cisco terminology route-maps). Via VTY service set - onepk v1.1.0 has not PBR.

Highlighted
Hall of Fame Cisco Employee

As was stated, you could use the VTY SS to do everything, but that's not very "onePK-like."  One way to determine the proper destination MAC address, assuming the next hop is a onePK node, is to connect to it, and get the physical address from the interface that has your desired IP.  If that is not possible, then you can resort to the VTY SS to run "show ip arp" and grab the MAC of the next hop (note: you may have to do a ping first).

View solution in original post

Highlighted
Beginner

Hi,

In SDK 1.1 you can configure policy based routing in package "policyservice" as an action. The API is fully implemented.

That's the good news.

Bad news is, that in IOS this API is not implemented yet and an exception is thrown when activated on router.

It should work on IOS XR on ASR 9000 but I had no chance to test that.

Looking forward having this feature in SDK 1.2 on IOS too...

Highlighted
Beginner

Hi guys,

As mentioned by Joseph, using VTY to enforce a policy is always a workaround. Actually, this is our current way to do it. However, we would like to get away from that using an SDN approach.

Our current workaround instead is to expose a subset of the C Datapath service via a JNI wrapper. The traffic is diverted to the Java callback that modifies the destination MAC corresponding to the next hop and re-injects the packet to a target interface (using location OUTPUT).

Of course this approach has drawbacks. It requires some L2 topology information (for the dst mac) and would probably not scale so well.


So +1 for supporting policy based routing on ISR G2 routers in SDK C 1.2 (and bonus point for the functionality in the Java SDK)

This widget could not be displayed.