cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
737
Views
0
Helpful
5
Replies

Cannot apply a policy-map on interface because of Flowspec IOS XR

Louey
Level 1
Level 1

Hi 

I need to apply a policy on my router interface to change the next-hop for some packet source IPs so it could be redirected to a specific transit. I applied a Policy-map PBR on an ingress interface on Cisco XR ASR9000 but the commit does not work and here is the log :

 

!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.
 
interface Bundle-Ether2.10
 service-policy type pbr input PM_IP_SFR_Sortie_NAT
!!% 'PBR' detected the 'warning' condition 'BGP FS policy already applied to an interface or traditional policy applied to an interface'
!
Flowspec is enabled on all interfaces for DDoS and we cannot disable it.
Someone can help with this please ?
 
Regards
Louey
 
5 Replies 5

Stratforders
Level 1
Level 1

That’s an useful feature because we can develop a program executed on the router itself to convert the flowspec rules received into configuration line. That’s exactly what the bgpfs2acl script is doing. 

 

MyGeorgiaSouthern.edu

fssabati
Cisco Employee
Cisco Employee

Hi @Louey 

 

Can you please share the configuration of that interface .

 

Regards 

Sharanya 

Hi 

Here is the interface config :

interface Bundle-Ether2.10
description Server: VLAN10 - Interco Public_Network_and_Transit9
ipv4 mtu 1500

ipv4 address 10.10.10.1 255.255.255.192

encapsulation dot1q 10

ex

And here is the policy-map

policy-map type pbr PM_IP_SFR_Sortie_NAT
class type traffic CM_IP_SFR_Sortie_NAT
redirect ipv4 nexthop x.x.x.x

ex
!

marce1000
VIP
VIP

 

  - Review this thread : https://community.cisco.com/t5/routing/got-error-when-applying-pbr-on-asr9010/td-p/4076635

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

No solution on the post unfortunately.

Thanks

Review Cisco Networking for a $25 gift card