Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5093
Views
0
Helpful
10
Replies

How to trace route path correctly

Go to solution
Bekzod Fakhriddinov
Level 4
Level 4

‎08-02-2018 08:11 AM

Hi guys.  I have [switch_withvoice_datavlans]-->-- 2 routers(A, B) with hsrp-->---dmvpnHUBS. 

rtrA is active for voice vlan 200 ; rtrB is active for data vla100 . Voice should go via rtrA, data via rtrB. 

 

There is PBR on rtrA sending data vlan to rtrB (as next hop) with acl permit only data subnet on it. No voice subnet permit on that acl !  But when I do trace with source of voice vlan ip x.x.200.1 to my call manager   I see trace goes to router B ... and ip cef shows samething - to rtrB ...

it's weird because route-map and acl was only for data vlan , and subnets are correct in acl ...

What else I can check , what is missing ? 

Thank you 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Bekzod Fakhriddinov
Level 4
Level 4
In response to Bekzod Fakhriddinov

‎08-08-2018 11:07 AM

for this question I have tested in GNS3 lab : so voice packets will be processed by rule of 1st route-map on SVI for voice and use gi1/0 as exit point. Then voice packets coming to the second interface gi1/0 and will pass trough because of they are not falling to the 2nd  route-map on gi1/0 match rule . 

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Sergey Lisitsin
VIP Alumni
VIP Alumni

‎08-02-2018 09:54 AM

Bekhzod,

 

Can you please show your route-map and access-list configurations. Also, a more detailed diagram would be nice to see.

 

When you say " But when I do trace with source of voice vlan ip x.x.200.1 to my call manager", where do you originate that trace from? What device?

0 Helpful

Go to solution
Bekzod Fakhriddinov
Level 4
Level 4
In response to Sergey Lisitsin

‎08-02-2018 10:24 AM - edited ‎08-02-2018 10:37 AM

 

trace from rtrA. I attached picture. But  I found interesting thing here, this may be cause , but I am not sure if router will run second route-map:
 - on the rtrA on the int gi0/0.200 voice there is "ip policy route-map SPLIT-TRAFFIC", which has 

route-map SPLIT-TRAFFIC, permit, sequence 10
Match clauses:
ip address (access-lists): 101 ### this acl included voice subnet 
Set clauses:
default interface gi0/1 ## so it's sending voice subnet and others to gi0/1 as destination

- on the same rtrA int gi0/1 there is

 sho route-map
route-map TO_RTRB, permit, sequence 10
Match clauses:
ip address (access-lists): 102 ## this acl doesn't have voice subnet
Set clauses:
ip next-hop 10.167.16.133 ## rtrB ip address 

route-map on the voice int sending voice subnet to destination gi0/1 which has its own route-map . will router run second route-map on gi0/1? if yes voice subnet is not in acl of the second route-map.so how it will work.. ?  

Preview file
9 KB
0 Helpful

Go to solution
Sergey Lisitsin
VIP Alumni
VIP Alumni
In response to Bekzod Fakhriddinov

‎08-03-2018 08:19 AM

Bekzod,

 

I take it, Interface gi0/1 on both routers is the one that connects them directly?

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Sergey Lisitsin

‎08-04-2018 05:47 AM

I am not sure that I fully understand this discussion. But I have a couple of points that I believe may clarify what is going on. There is a question of whether the router will utilize a second route map. The answer to that is that yes the router will implement and operate multiple route maps for Policy Based Routing (as long as each route map is applied to different interfaces).

 

There also appears to be a question about why the trace route is not following the route map. The reason for this is that the route map for Policy Based Routing applied on an interface operates on traffic passing through that interface. When you do trace route from the switch or router then PBR does not apply because the trace route packets do not pass through that interface. If you want to test using trace route then you need to also apply the route map for locally generated traffic using ip local policy. You might find this discussion of PBR to be helpful

https://community.cisco.com/t5/switching/policy-based-routing-and-locally-generated-ospf-hello/td-p/1872831

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
Bekzod Fakhriddinov
Level 4
Level 4
In response to Richard Burts

‎08-06-2018 07:52 AM

" The reason for this is that the route map for Policy Based Routing applied on an interface operates on traffic passing through that interface. When you do trace route from the switch or router then PBR does not apply because the trace route packets do not pass through that interface."

 

But I was doing traceroute by using source and destination IP . That should hit that interface with route-map, right ?  

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Bekzod Fakhriddinov

‎08-06-2018 08:04 AM - edited ‎08-06-2018 08:05 AM

 

As Rick says traffic generated from the router will not be subject to PBR unless you configure it explicitly. 

 

Coming back to your other question, PBR is applied to traffic inbound to the interface so if gi0/0.200 is the interface connecting to the switch then when the traffic is sent to gi0/1 the PBR on that interface will not apply to the traffic. 

 

Assuming gi0/1 is connected to router B only traffic coming from router B to router A would use that PBR configuration. 

 

Jon

0 Helpful

Go to solution
Bekzod Fakhriddinov
Level 4
Level 4
In response to Jon Marshall

‎08-06-2018 08:37 AM - edited ‎08-06-2018 08:39 AM

Ok, I got it, traceroute is local traffic and need ip local policy route-map.... to process it 

Thnak you 

Can you tell me also :

if on voice vlan there is 

route-map A permit 10
match ip address 101 (with acl permit voice subnet)
set default interface gi1/0  ;

 

on the gi1/0:

ip address 10.0.10.1  255.255.255.252

route-map B permit 10
match ip address 102  (with only data vlans subnets,no voice )
set ip next-hop 10.0.20.1

 

Will voice packets been forwarded to 10.0.10.1 because of they didn't match second route-map or they will dropped/forwarded to 10.0.20.1 based on the second route-map?

 

Thank you 

 

 

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Bekzod Fakhriddinov

‎08-07-2018 12:38 AM

 

Can you explain which interfaces connect to what ie. update your diagram with the relevant interfaces. 

 

Jon

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Bekzod Fakhriddinov

‎08-07-2018 02:52 PM

I agree with Jon that we would be able to provide better answers if we had a better understanding of the network environment, interface addressing and relationships, etc.

 

But I think I understand the follow up question well enough to respond to it. If I am understanding correctly the current question is that if there is a route map on the voice vlan that directs some traffic to a different interface and that different interface has a route map will that second route map operate on the traffic sent from the first interface? And the answer is that no the second route map will not operate on the traffic redirected from the first interface. The route map will operate only on traffic that arrived on that interface and not on traffic that was redirected to that interface.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
Bekzod Fakhriddinov
Level 4
Level 4
In response to Bekzod Fakhriddinov

‎08-08-2018 11:07 AM

for this question I have tested in GNS3 lab : so voice packets will be processed by rule of 1st route-map on SVI for voice and use gi1/0 as exit point. Then voice packets coming to the second interface gi1/0 and will pass trough because of they are not falling to the 2nd  route-map on gi1/0 match rule . 

0 Helpful
Customers Also Viewed These Support Documents