ā08-28-2018 04:09 AM
Hi friends.
We have 2 ISP and now we use only isp 1 for forwarding traffic and the isp 2 is for backup.
we decided to forward some traffic toward isp 2 using pbr,
also we have dmvpn for all branch,
we have a problem with pbr and it does not forward the traffic toward the second link.
my access-list and the pbr policy matches.
---------------------------------------------------------------
Extended IP access list Antivirus_To_Branch2
10 permit ip host 172.30.111.88 10.113.1.128 0.0.0.127 (62934 matches)
----------------------------------------------------------------
route-map Backup_Link permit 2
match ip address Antivirus_To_Branch2
set ip next-hop 10.198.198.130
----------------------------------------------------------------
sho route-map Backup_Link
route-map Backup_Link, permit, sequence 1
Match clauses:
ip address (access-lists): Antivirus_To_Branch2
Set clauses:
Policy routing matches: 63320 packets, 40651445 bytes
-------------------------------------------------------
when I use the debug command " debup ip policy"
I got this error
CEF-IP-POLICY: fib for addr 10.198.198.130 is Not Attached; Nexthop rejected
what is the problem? the second link is connect.
best regards
ā08-28-2018 04:31 AM
Hello,
is 10.198.198.130 a directly connected next hop ? Post the full configuration of your router...
ā08-28-2018 06:30 AM
Hi and thank you for answer.
hub config
int tu 3
ip adress 10.198.198.129 255.255.128
tu des mode multipoint
tu source int gi0/1.100
int gi 0/0
ip policy route-map backup_link
antvirus_To_Branch2
10 permit ip host 172.30.111.88 10.113.1.128 0.0.0.127 (62934 matches)
----------------------------------------------------------------
route-map Backup_Link permit 2
match ip address Antivirus_To_Branch2
set ip next-hop 10.198.198.130
---------------
spoke that is the next hop
int t 3
ip address10.198.198.130 255.255.255.128
.
.
the two interface are dmvpn interfaces that have connectivity through WAN MPLS
best regards
ā08-28-2018 10:19 AM
Hello,
change your set clause to:
route-map Backup_Link permit 2
match ip address Antivirus_To_Branch2
set interface Tunnel 3
ā08-28-2018 03:24 PM
Hello
just like to add - suggest to apply some validation of availability for the nexthop otherwise if it become unavailable you will incur blackholing of what ever is being pbrād
Set ip next-hop verifiy availability x.x.x.x track x
ā08-28-2018 10:42 PM
Hi
thank you for your help and answer
is there no problem with adding the multipoint dmvpn interface in the " set interface " command?
can the router decide the correct destination?
when I set the dmvpn interface I received this error.
%Warning:Use P2P interface for routemap setinterface clause
and it does not work
best regards
ā08-29-2018 05:49 AM
Hello
Did you set the next hop towards the NBMA address of the DMPN spoke?
ā09-01-2018 12:22 AM - edited ā09-01-2018 12:35 AM
Hi
No I dont set the NBMA address I set the tunnel address as the next hop.
is that correct?
best regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: