track 2 ip sla 2 ! ip sla 2 icmp-echo 10.82.6.26 source-interface TenGigabitEthernet1/7 vrf SAT threshold 500 timeout 1000 frequency 3 ! ip sla schedule 2 life forever start-time now ! route-map PROV_USSATS permit 10
match ip address PROV_USSATS
set ip next-hop verify-availability 10.82.6.26 1 track 2
wsw01-07r1#show ip sla statistics IPSLAs Latest Operation Statistics IPSLA operation id: 2 Latest RTT: 1 milliseconds Latest operation start time: 09:54:40 MDT Wed Oct 23 2019 Latest operation return code: OK Number of successes: 57 Number of failures: 0 Operation time to live: Forever ! wsw01-07r1#show track 2 Track 2 IP SLA 2 state State is Up 1 change, last change 00:02:45 Latest operation return code: OK Latest RTT (millisecs) 1 Tracked by: Route Map 0 !
wsw01-07r1#debug ip policy Policy routing debugging is on wsw01-07r1#ter moni Oct 23 09:53:51.756 MDT: IP: s=172.22.128.178 (TenGigabitEthernet1/1), d=18.104.22.168, len 64, policy match Oct 23 09:53:51.756 MDT: IP: route map PROV_USSATS, item 10, permit Oct 23 09:53:51.756 MDT: IP: s=172.22.128.178 (TenGigabitEthernet1/1), d=22.214.171.124 (TenGigabitEthernet1/7), len 64, policy routed Oct 23 09:53:51.756 MDT: IP: TenGigabitEthernet1/1 to TenGigabitEthernet1/7 10.82.6.26
Same symptom. Debug says it is policy-routed, however, traceroute says otherwise...
curious- you are trace route within vrf and sourced from the pbr interface?
Do you get the same trace route result from a host behind the pbr interface
Can you post results of trace-route with-without track please and also
Show Ip cef exact-route (sip) (dip)
I do traceroute from a linux host that has the IP in the matched ACL. This is when it is working (without the track). The highlighted IP is the next-hop IP in the PBR config.
Even without track, with the PBR working, the "show ip cef exact-route" still reports that it is going by the routing table
wsw01-07r1#sh ip cef vrf SAT exact-route 172.22.128.178 126.96.36.199 172.22.128.178 -> 188.8.131.52 =>IP adj out of Vlan986, addr 192.168.250.70
wsw01-07r1#sh ip route vrf SAT 0.0.0.0 Routing Table: SAT Routing entry for 0.0.0.0/0, supernet Known via "bgp 64610", distance 20, metric 0, candidate default path Tag 64700, type external Last update from 192.168.250.70 1d01h ago Routing Descriptor Blocks: * 192.168.250.70, from 192.168.250.70, 1d01h ago Route metric is 0, traffic share count is 1 AS Hops 4 Route tag 64700 MPLS label: none
I did (another) pretty extensive search, and it actually looks like the tracking option in conjunction with the verify-availability is not supported on any of the Catalysts...
The document below seems to confirm this (scroll down to the bottom)...
-->2. Tracking options are not available for Cisco Catalyst Switches. However, there's an advanced workaround available to achieve the same behavior.