Dear Calin,

Thanks for your support.

We are getting from LAN location encounter packet loss after applied PBR on LAN interface.

We are observe it's happen at pick time,

So how can i manage outbound traffic without PBR apply on LAN interface .

I must manage outbound traffic So please give me some solution without face this issue and also without apply PBR on LAN interface.

Can i manage our outbound traffic via bgp ??

Thanks in ADV,

Dear Calin,

Thank you very much for your great  explanation

I wll try to do this and then get back to you.

Thanks once again!!!

Just get back to me if you have problems and I'll try to help

Thanks for vote!

Calin

Calin,

I have some questions about your config. Is Local Preference not supposed assign the preference that you receive from your peers.

For example, you are receiving a route with same exact AS-PATH through 2 different entry points, you can assign local preference to one [Like the route-map you mentioned] and force your traffic out of your AS?

So, IMO the configuration is right but a little change is required. In the access-list, mentioning the networks in the destination portion would be appropriate.

Like this.

ip access-list extended ISP-A
permit ip 101 any 205.62.0 0.0.0.255
permit ip 101 any 205.63.0 0.0.0.255

ip access-list extended ISP-B
permit ip any 101.205.64.0 0.0.0.255
permit ip any 101.205.65.0 0.0.0.255

This will assign a local preference to all traffic going to those subnets accordingly. Is it not?

Also, if the BGP sessions are on the same device, you can use "Administrative Weight" instead of Local Preference. Can't we?

Calin : Please correct me if I am wrong !!

Thanks.

I said this because, I have experience manipulating outbound traffic with AS_PATH and LOCAL_PREF but not ACL and LOCAL_PREF.

Hello again,

There might be a little bit of confusion here. My BGP response was to this question:

Can i manage our outbound traffic via bgp ??

And I put together a little example. But I never said that this example will work on a source - destination base.

As you can see that route-map are applied "in", so the local-preference will be setup for some prefixes coming in from outside (I took 4 prefixes of them and name them 1st to 4th).

The ACL will work (as well an ip prefix-list) but you cannot have an extended ACL. I mean you can have it, no problem, BGP will not complain about this, but the inbound rule (route-map in) will not match any traffic.

More, with Internet scenario this is almost impossible to follow if you get the full BGP table from the 2 providers.

Next, if you get only a default-route from your providers, through BGP, then my scenario will not work again.

Going back to the original problem with PBR, my question is what you want to achieve? If you want to load balance the traffic over the 2 links from your providers, this can be done, depending on your configuration. (bgp maximum-path increase to two or more, bgp dmzlink-bw if you have different unequal bandwidth on the provider lines....) Some solution exist always, but without having some more details it's hard to say which will work for sure.

If you really want that traffic from one source (internal subnet) to be push always to one provider, then PBR is your answer. If you want load-balancing over BGP, as I already said, there are more solutions to choose from depending on your network particularities.

If you come with more details, I'll try to put together a working scenario for your.

Cheers,

Calin

Dear Calin,

I dont know i i have to do should i config my outbound traffic manage via BGP as per your templates ??

The problem is getting loss from LAN enviarment to Gateway when i apply PBR on LAN interface in pick time, So I need manage outbound traffic via BGP

I have configure as-path prepend for inbound traffic manage.

So what i have to do should i continue with your template for ourbound traffic ??

Thanks in ADV,

Dear Calin,

outbound traffic via bgp not working i dont know what is wrong but when i apply PBR on LAN interface then it will work but not work via bgp and i must manage outbout traffic  via BGP because very high utilization CPU proc when i apply PBR on LAN interfae please see

CPU utilization for five seconds: 80%/30%; one minute: 76%; five minutes: 76%
PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process

  90   832274980   374811401       2220 30.88% 37.57% 38.63%   0 IP Input  

Please see my config for outbound traffic manage via bgp with local pref.

ip access-list extended ISP-1
permit ip 101.205.65.128 0.0.0.127 any
permit ip 101.205.63.0 0.0.0.255 any
permit ip 101.205.64.0 0.0.0.255 any

ip access-list extended ISP-2
permit ip host 101.205.62.18 any
permit ip host 101.205.62.22 any
permit ip 101.205.62.64 0.0.0.63 any
permit ip 101.205.62.128 0.0.0.127 any
permit ip 101.205.65.64 0.0.0.63 any

route-map ISP-1permit 10
match ip address ISP-1
set local-preference 100
!
route-map ISP-1 permit 20
match ip address ISP-2
set local-preference 90

route-map ISP-2 permit 10
match ip address ISP-2
set local-preference 100
!
route-map ISP-2 permit 20
match ip address ISP-1
set local-preference 90

neighbour ISP-1 WAN IP remote-as asn(isp-1)
neighbour ISP-1 WAN IP route-map ISP-1 in

neighbour ISP-2 WAN IP remote-as asn(isp-2)
neighbour ISP-2 WAN IP route-map ISP-2 in

then clear ip bgp ISP-1 WAN soft in and out
        clear ip bgp ISP-2 WAN soft in and out

but it's not work my outbound traffic not increase but when i apply PBR on LAN interface then only it''s work.

So please give me some solution my outbound traffci manage via BGP and i need to remove PBR because my CPU proc very high when apply PBR on LAN interface that's why i must do it.

Thansk in ADV,

Hi,

You are using extended ACLs so it won't work just do standard ACLs or prefix-list permitting the remote prefixes you want to apply Local_Pref on.

And don't forget in your route-map to do a permit clause with no match otherwise the implicit deny all will filter the other routes.

Regards.

Alain.

The ACL will work (as well an ip prefix-list) but you cannot have an  extended ACL.

My advice was not to use extended ACL, just standard ones. Also cadealain suggested this approach.

Second:

CPU utilization for five seconds: 80%/30%; one minute: 76%;  five minutes: 76%
 PID Runtime(ms)     Invoked      uSecs   5Sec    1Min   5Min TTY Process 

  90   832274980    374811401       2220 30.88% 37.57% 38.63%   0 IP Input

This may be the cause why your PBR is not working fine. I see that the CPU utilization is very high due to process "IP Input". This means that you have a lot of IP traffic that is process-switched causing bad behavior.

Here:

http://www.cisco.com/en/US/products/hw/routers/ps359/products_tech_note09186a00801c2af3.shtml

There are some step-by-step what to check to fix this issue. If you manage to throttle down your CPU utilization, then PBR will work fine.

Let me know if you manage to fix your CPU utilization issue.

Hi Calin,

Normaly since IOS 12.0 PBR is cef-switched if CEF is enabled so we can presume he hasn't got cef enabled and that policy routed traffic is process switched but maybe just enabling fast switching for PBR( ip route-cache policy interface command) would solve the issue without using CEF which is better of course.

Regards.

Alain.

Dear Calin  & Cadetalain,

1st of all i have applied PBR on my Subinterface (gi0/1.2) >> it's my LAN Interface to connect cisco 3750.

ip route-cache policy interface  ( command successfuly applied but dont display when i saw this interface) and also ip route-cache same-interface on this interface but dont display when saw this interace.

should i match standerd list with route map to manage outbound traffic ??

Thanks in ADV,