Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1444
Views
6
Helpful
17
Replies

BBR and route-map

D@1984
Level 1
Level 1

‎01-01-2025 03:07 AM

Hi,

I have a PBR configured which works as expected when I generate some traffic, however when I check the show ip route-map, I can't see packets increasing for seq 10 of my route-map

router# show ip route-map

route-map test, deny, sequence 10

match clauses:

ip address (access-lists):100

set clauses:

policy routing matches: 0 packets, 0 bytes

route-map test, permit, sequence 20

match clauses:

set clauses:

ip next-hop 2.2.2.2

policy routing matches: 143 packets, 12368 bytes

#show access-list

extended ip access-list 100

10 permit ip any host 40.10.10.10 (27 matches)

considering that I had some hits on access-list , shouldn't I see packets and bytes increasing for route-map-seq 10?

Thanks

 

Labels:
17 Replies 17

MHM Cisco World
VIP
VIP

‎01-01-2025 03:26 AM

policy routing matches: 143 packets, 12368 bytes <<- this indicates of pbr work' other count for qos pbr not routing pbr

MHM

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to MHM Cisco World

‎01-01-2025 08:32 AM

I wonder if it is because route-map-seq 10 uses deny rather than permit and does not have any action in the set clause.

HTH

Rick

MHM Cisco World
VIP
VIP
In response to MHM Cisco World

‎01-01-2025 08:37 AM

as @Richard Burts  why you use deny in route-map line 10??

MHM

0 Helpful

D@1984
Level 1
Level 1

‎01-01-2025 02:33 PM

I just add a set ip next-hop to it but still showing 0 packets. I was wondering what I could read from the output of show route-map but it seems that it only shows the total match rather than matches for individual sequences.

0 Helpful

MHM Cisco World
VIP
VIP
In response to D@1984

‎01-01-2025 02:41 PM - edited ‎01-02-2025 03:53 AM

The acl show match 

But you use deny not permit so there is no packet forwarding using pbr line 10

Use new pbr with permit and check packet count 

MHM

0 Helpful

paul driver
VIP
VIP

‎01-02-2025 03:52 AM

Hello

D@1984 wrote:
considering that I had some hits on access-list , shouldn't I see packets and bytes increasing for route-map-seq 10?


FYI - the first RM stanza has NO set clause so a match WILL be made on the ACL (and you can see that in the ACL logging) However no packets will be policy routed by that RM deny stanza, the RTR will continue to read the RM and faill into to next RM stanza and then be policy routed via the set clause 

route-map test, deny, sequence 10
match clauses:
ip address (access-lists):100  <  matching acl 100
set clauses: <--no set clause so no policy-routed
policy routing matches: 0 packets, 0 bytes

route-map test, permit, sequence 20
match clauses: < no match clause so match everything
set clauses:
ip next-hop 2.2.2.2 < set clause 
policy routing matches: 143 packets, 12368 bytes


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎01-02-2025 07:51 AM

I do not agree with Paul that it will fall to the next RM stanza. My understanding of the functionality is that if there is a match in the first stanza, unless there is a continue in that stanza that the route map processing stops at the first match.

I agree that the logic of the route map is not clear. Why is the first stanza using deny? If the intent was to make sure that the host 40.10.10.10 is not policy routed, why not use permit in the stanza and then in the acl deny the host? What is trying to be accomplished? If we knew that we could give better advice.

HTH

Rick

paul driver
VIP
VIP
In response to Richard Burts

‎01-02-2025 10:57 AM - edited ‎01-02-2025 11:06 AM

Hello @Richard Burts 
What is it that is not correct, maybe its my wording...
My understanding is that any traffic matching on that deny rm stanza (acl) as it has no set clause will fail (normal routing) and as a result all traffic (other) will then fall into the permit stanza and be policy routed

Edited..

@Richard Burts wrote:

Why is the first stanza using deny? If the intent was to make sure that the host 40.10.10.10 is not policy routed, 

It suggests exactly that, The PBR rtr its denying any traffic destined for that particular host originating from a particular interface to be policy routed as such instead follow normal routing as per its rib table population.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎01-02-2025 03:10 PM

Hello @paul driver I do not think that it is your wording. I believe that we have a fundamentally different understanding of the processing logic of PBR. You believe that if a packet is a match in one stanza but the stanza does not take action on the packet that it falls through to the next stanza. I believe that if a packet is a match in a stanza that processing that packet for PBR stops - unless the stanza includes "continue". Perhaps one of the Cisco experts in the community could help us with this? Or perhaps MHM can create a lab example of this that could shed some light on the behavior ?

HTH

Rick
0 Helpful

paul driver
VIP
VIP
In response to Richard Burts

‎01-02-2025 04:00 PM

Hello @Richard Burts 

@paul driver wrote:
My understanding is that any traffic matching on that deny rm stanza (acl) as it has no set clause will fail (normal routing) and as a result all traffic (other) will then fall into the permit stanza and be policy routed

The above is what i believe happens when the rtr reads the deny/permit stanzas - 
please review the attached


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Preview file
2 KB
0 Helpful

MHM Cisco World
VIP
VIP
In response to paul driver

‎01-03-2025 12:49 PM

Your test is confirm what Mr. @Richard Burts and I mention' if ACL not match traffic the route-map check other seq' 

MHM

0 Helpful

paul driver
VIP
VIP
In response to MHM Cisco World

‎01-03-2025 02:22 PM - edited ‎01-03-2025 02:24 PM

Hello @MHM Cisco World 
my test confirms what i’ve been trying to explain - that traffic matching the acl in the deny rm stanza is read and -as there is no set clause then normal routing is performed any other traffic not matching the acl in the deny rm stanza is policy routed due to the catch all permit stanza 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎01-03-2025 02:45 PM

@paul driver Thanks for the update (and for the different phrasing of what happens). We are on the same page after all. My interpretation of your original explanation was that the first packet (to the specified destination host) did not match and that this packet fell through to the next stanza. Your restatement of the process is clear that the first packet (to the specified host) is processed in the first stanza (and results in normal routing) and goes no further. What falls through is other traffic that is not to the specified host.

HTH

Rick
0 Helpful

D@1984
Level 1
Level 1
In response to Richard Burts

‎01-03-2025 03:16 PM

Thanks everyone. what Paul said make sense in that as in seq 10 policy routing wasn't used, the number of packets was zero.

 

0 Helpful
Customers Also Viewed These Support Documents