Re: how to understand Route-map used in L3 portchannel

117222400 · ‎09-22-2024

Hi Experts,

Today when I am learning our company's routers configuration, I found that a Port-channel is in L3 and it is in VLAN490 as below:

interface Port-channel1.490
description To_CP01
encapsulation dot1Q 490
ip flow monitor NETFLOW_MON input
ip flow monitor NETFLOW_MON output
ip address 10.2.48.84 255.255.255.248
standby version 2
standby 490 ip 10.2.48.86
standby 490 timers 2 6
standby 490 priority 255
standby 490 preempt
standby 490 track 490 decrement 15
ip policy route-map RM_PBR_ZSCALER
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 0622043242195A2A46
ip ospf 65118 area 0
!

An ip address was configured on the port channel, and a route-map was configured. The router-map is to match IP address ACLs and set the interface/next hop.

I never use this type of routing policy before, and is there any documents for this? I mean the route-map policy in port channel.

is the route-map policy in port channel higher priority than routing table?

Thanks very much

Giuseppe Larosa · ‎09-22-2024

Hello @117222400 ,

it is an example of PBR = Policy Based Routing here some properties:

it processes user traffic in inbound direction on the L3 interface where it is applied in your case the po1.490

It processes only transit traffic , locally generated packets are not processed by standard PBR ( they can be processed by local PBR that is applied at global level)

Input packets that match the conditions like match address <ACL-name| ACL#> are diverted using the set conditions that in your case set an IP next-hop .

The purpose of your PBR configuration is to send matching packets to a ZSCALER device.

Traffic not matching the route-map is not discarded but it is routed in normal manner using destination based IP routing table.

The set actions decides if the actions performed by PBR takes precedence over the IP routing table or not:

set ip next-hop overrides routing table

set interface overrides routing table

set ip default next-hop

set default interface

these last two actions are used only if there is no explicit route for the packets so they are used only to override the default route.

Hope to help

Giuseppe

MHM Cisco World · ‎09-23-2024

the route-map policy in port channel higher priority than routing table? Yes if you not use default keywords in command.

What most important is I don't think Pbr can apply to PO.

MHM

Acksyn6500 · ‎10-01-2024

Actually, it does work on PO.

As for the question if the route-map precedes the routing-table, check the order of operation table (I included one by Craig Weinhold as I can't find a reference URL anymore). As it says this depends on IOS version. hope it helps

Acksyn6500 · ‎10-01-2024

for the ingress packet, pbr will be dealt by 21.policy routing and gets marked as pbr-treated (if there is an action triggered (if no match, then it is not set), packet gets dealt by the routing process, if pbr-marked, then it does not get treated and is dealt with based on the action that was set in the route-map.

MHM Cisco World · ‎10-01-2024

I will check this in lab

MHM

Richard Burts · ‎10-01-2024

Route map can be used for multiple purposes, one of which is Policy Based Routing. And that is what the OP is asking about. When used for PBR the route map examines traffic entering the layer 3 interface on which the route map is configured. The route map has some selection criteria which are defined in the access list in the route map. If a packet enters the interface and is matched in the ACL then the PBR route map can specify forwarding for the packet that is different from the normal forwarding logic in the routing table. So in that sense yes PBR does have precedence over the routing table.

HTH

Rick