Doubts on Policy Routing - Page 2

Carlos Aguinaldo · ‎12-04-2014

Hi all.

I have a situation that has been keeping me up all night since yesterday and I can't get the explanation why. Here it is.

R2 --- 12.0.0.0 /24 --- R1 --- 13.0.0.0 /24 --- R3

R1 Lo0: 10.0.0.1 /24

R3 Lo0: 3.3.3.3 /24

I've disabled routing on R2 and gave it a gateway of R1's address.

R1's policy route:

route-map TEST permit 10
match ip add 1
set ip next-hop 10.0.0.1

access-l 1 permit 12.0.0.0 0.0.0.255

ip route 0.0.0.0 0.0.0.0 13.0.0.0.3

In this case, R2 not able to reach R3's loopack.

R2#ping 3.3.3.3

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
....

But when I set the next-hop of the policy route to a virtual IP in R1's loopback subnet, the pings fly.

route-map TEST permit 10

no set ip next-hop 10.0.0.1

set ip next-hop 10.0.0.10

R2#ping 3.3.3.3

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!

Why are packets routed successfully if the next hop is a virtual IP and are dropped if the next hop is the exact address of R1's loopback?

Carlos Aguinaldo · ‎12-05-2014

IOS does not necessarily block this setup. It only gives you a warning but it still takes effect. Not to stray away fom the topic but, in fact this is used at times for BGP next hop modification to optimize the results that you get in the BGP table. Here's one example.

http://hackingcisco.blogspot.com/2011/04/lab-92-bgp-next-hop-modification.html

To answer your question, I'm using IOS 15.

R1#sh ver | i IOS
Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2)
R1#sh route-m
route-map TEST, permit, sequence 10
Match clauses:
ip address (access-lists): 1
Set clauses:
ip next-hop 10.0.0.1
Policy routing matches: 0 packets, 0 bytes
R1#sh ip int br | i Loop
Loopback0 10.0.0.1 YES manual up up

EDIT: There are no policy matches cause this is a new setup. I used the same IOS in my OP.