02-26-2011 01:58 AM - edited 03-04-2019 11:35 AM
Hi All..
I have two Lease line Rel and tata between DC and DR with configuring eigrp load balancing.But due to some issue my management ask me that keep separete link for Storage Database and other traffic.
So I have configured Route Map for NAS traffic and Other(mail,other) traffic.
But problem is that when I trace my branch IP 10.2.15.1....It goes like
Tracert ,
10.3.0.1
192.168.3.31
10.5.0.149
10.5.0.150
10.2.15.1
It sohuld be go directly...
10.3.0.1
192.168.3.31
10.2.15.1
Pls find the attached file for Net diag and config...
Thanx a lo....
03-04-2011 02:25 AM
Hi Ian,
For PBR you don't need to add a permit all route-map entry because when ther is no match in the first entry then traffic is routed according to routing
table.It's not the same as route-maps for redistribution or filtering.
Regards.
Alain.
03-04-2011 01:41 AM
Arjun,
Are you running any protocol between your Branch and DC ?
Eigrp or Static ?
Understand your concern for the NAS traffic over a particular link, and PBR helps there.
Could you paste a trace from the Branch router or from any user IP from you Branch to the user in in DC ?
Just a thought.
03-04-2011 01:57 AM
Between branch and DC its static.
And this is the trace from DC t branch:
10.3.0.1
192.168.3.31
10.5.0.149
10.5.0.150
10.2.15.1
03-04-2011 05:34 AM
Arjun and IAN,
Can anyone show us output of "sh ip route" over here along with "sh route-map
1. We need to see why the the Branch traffic is being policy routed.
2. pease check the trace backwards from the Branch to the DC, just to isolate the issue to DC router.
3. Can you please do a trace to any other destinations other than the NAS ip, just to make sure this ain't any config issue
03-04-2011 06:30 AM
Dear All,
Thanx.....
1. pease check the trace backwards from the Branch to the DC, just to isolate the issue to DC router.
Branch#traceroute
Protocol [ip]:
Target IP address: 10.0.0.100
Source address: 10.2.15.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 10.0.0.100
1 10.5.4.29 12 msec 12 msec 12 msec
2 192.168.3.1 12 msec 16 msec 12 msec
3 10.0.0.100 12 msec 16 msec 12 msec
2. Can you please do a trace to any other destinations other than the NAS ip, just to make sure this ain't any config issue
Which destination? I can Trace to Branch, NAS and Mail server which are directly connectly with LL (EIGRP).
DC#sh ip route 10.2.15.0
Routing entry for 10.2.15.0/24
Known via "static", distance 1, metric 0
Redistributing via eigrp 111
Advertised by eigrp 111
Routing Descriptor Blocks:
* 10.5.4.30
Route metric is 0, traffic share count is 1
DC#sh route-map PBR
route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists): NAS
Set clauses:
ip next-hop 10.5.0.161
Policy routing matches: 101966311 packets, 1363714042 bytes
route-map PBR, permit, sequence 20
Match clauses:
ip address (access-lists): OTHER
Set clauses:
ip next-hop 10.5.0.149
Policy routing matches: 367748723 packets, 3506886271 bytes
route-map PBR, permit, sequence 30
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Pls find the attch files for config of DC, DR and BRANCH.
Thanx...a Lot.....Any kind of help is appriciated.
Arjun
03-05-2011 06:23 AM
I labbed this up in GNS and gt the same results. When you remove the route-map it works fine.
Your problem is the route-map access-list in DC:
Extended IP access list OTHER
10 deny ip host 10.0.0.175 host 10.1.2.74
20 deny ip host 10.0.0.176 host 10.1.2.76
30 deny ip host 10.0.0.175 host 10.1.2.76
40 deny ip host 10.0.0.176 host 10.1.2.74
50 permit ip any any (224 matches)
ip access-list extended NAS
permit ip host 10.0.0.175 host 10.1.2.74
permit ip host 10.0.0.176 host 10.1.2.76
permit ip host 10.0.0.175 host 10.1.2.76
permit ip host 10.0.0.176 host 10.1.2.74
ip access-list extended OTHER
deny ip host 10.0.0.175 host 10.1.2.74
deny ip host 10.0.0.176 host 10.1.2.76
deny ip host 10.0.0.175 host 10.1.2.76
deny ip host 10.0.0.176 host 10.1.2.74
permit ip any any
!
!
route-map PBR permit 10
match ip address NAS
set ip next-hop 10.5.0.161
!
route-map PBR permit 20
match ip address OTHER
set ip next-hop 10.5.0.149
So you need to work on your access-lists.
Example.
ip access-list extended NAS
permit tcp host 10.0.0.175 host 10.1.2.74 range 1000 5000 (this is just and example! - specify protocol tcp/udp and ports used by NAS)
permit tcp host 10.0.0.176 host 10.1.2.76 range 1000 5000 (this is just and example! - specify protocol tcp/udp and ports used by NAS)
!
ip access-list extended OTHER
permit tcp host 10.0.0.175 host 10.1.2.74 range 1 1024 (this is just and example! - specify other ports)
route-map PBR permit 10
match ip address NAS
set ip next-hop 10.5.0.161
!
route-map PBR permit 20
match ip address OTHER
set ip next-hop 10.5.0.149
Other than that, you should be fine.
03-06-2011 02:06 PM
Ian,
stars for taking the time to lab it up and also follow thru on this one
Regards,
Kishore
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide