cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
286
Views
8
Helpful
6
Replies

Policy-routing problem

PEDRO AGUIRRE
Level 1
Level 1

Hello!!

We have some troubles with policy-routing feature.

We have 2 7200VXR routers with 2 E1 links connected.

We are doing load-balance by load-sharing per-packet metod. We have CEF enabled.

The problem is: when we put a policy-routing for an address pair, the effect seems like all traffic goes trough the first Serial interface (route-map secuence 10) and the access-list seems no have effect. All the other traffic that should be routing by the normal protocol it´s not working that way.

Even if the nets 15.0.0.0 and 14.0.0.0 are disabled this problem still!!

The "show route-map" command shows great matches amount only for first secuence of route map

The traffic loads the first link and it looks like the per-packet load-balance isn´t work.

It´s normal??

There is a default cef load-balance metod for the other traffic that have be normally routed?

We need load-sharing per-packet for this service, policy routing is only for particular access to the host address (93.16.250.36). We need use this because the nets 14.0.0.0 and 15.0.0.0 are present on another R1 link with better metric. R2 knows this nets too.

This is the configuration:

R1

route-map prueba permit 10

match ip address access-list 102

set ip next-hop 93.16.250.194

!

route-map prueba permit 20

match ip address access-list 103

set ip next-hop 93.16.250.218

!

access-list 102 permit 93.16.250.36 0.0.0.0 14.0.0.0 0.255.255.255

!

access-list 103 permit 93.16.250.36 0.0.0.0 15.0.0.0 0.255.255.255

!

interface FastEthernet0/0

ip policy route-map prueba

R2

route-map prueba permit 10

match ip address access-list 102

set ip next-hop 93.16.250.193

!

route-map prueba permit 20

match ip address access-list 103

set ip next-hop 93.16.250.217

!

access-list 102 permit 14.0.0.0 0.255.255.255 93.16.250.36 0.0.0.0

!

access-list 103 permit 15.0.0.0 0.255.255.255 93.16.250.36 0.0.0.0

!

interface FastEthernet0/1

ip policy route-map prueba

The IOS name is: c7200-ik9s-mz.122-17a.bin

____ ___ ___

| |Fe0| |_link1 _| |

|Host|---|R1 |________|R2 | nets 14.0.0.0

|____| _|___| link2 |___| 15.0.0.0

| | | |

Fe1|___| | |

___

|R3 |

|___|

nets 14.0.0.0

15.0.0.0

Thanks in advance!!

Pedro.

6 Replies 6

Hello Pedro,

can you post the full configs of both routers ? Are all interfaces that can forward traffic to the destination enabled for per-packet load sharing ?

Regards,

Georg

Hi Georg

I Think that this a config problem..

I will probe today or tomorrow and I expect no problems

Harold Ritter
Cisco Employee
Cisco Employee

Pedro,

Are these excerpt from your configs. If so, two things are wrong.

First, your route-map match statement should be

match ip address 102

not

match ip address access-list 102

Second, the access-list should be

access-list 102 permit ip 93.16.250.36 0.0.0.0 14.0.0.0 0.255.255.255

not

access-list 102 permit 93.16.250.36 0.0.0.0 14.0.0.0 0.255.255.255

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thank you very much!!!

You are right..

I Think that the problem is with the route-map match statement (as you say).

The wrong access-list 102 (the missing "ip") gave us a syntax error, but the match on the route-map did not.

I think that the router was made reference to "match ip address [word]" statement but there was not any list called "access-list 102". Perhaps, as result, the set statement was on effect for any packet..Is this possible??

We will probe today or tomorrow and give you the results.

Thanks!!

Pedro

omohamed
Level 1
Level 1

Hi Pedro,

You can do couple of things to verify your config. From the host connected to R1 if you do a traceroute to an ip on 14.0.0.0 network what is the next hop. Does it follow the policy routing configured on the router? Do show access-list 102 to see if you see any matches.

Do a extended traceroute on R1 sourcing it from the fastethernet0/0 and see if the traceroute follows the routing table or not.

That will be a good starting point.

Hi!!

Thanks for your helpful recommendations..

Bye

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: