Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1804
Views
5
Helpful
5
Replies

PBR Recursive Next Hop Issues

Go to solution
rmnr
Level 1
Level 1

‎06-06-2016 05:25 PM - edited ‎03-05-2019 04:10 AM

Hi There,

I am having an issue with setting up PBR to make use of secondary ISP which is sitting idle. Here is our network topology!

Gi0/2 - 10.10.10.1/24 LAN Subnet

Gi0/0/0 - 200.200.200.1/30 ISP1

Gi0/0 - 100.100.100.1/30 ISP2

Default routes:

ip route 0.0.0.0 0.0.0.0 200.200.200.1

ip route 0.0.0.0 0.0.0.0 100.100.100.1 10

Since ISP2 will only be used when there is an issue with ISP1, we are trying to make use of PBR to route few traffic via ISP2.

Here is the configuration we have done:

Created an access list with the hosts that are to be routed via ISP2:

ip access-list extended trafficlist
permit ip any host 50.50.50.50
permit ip any host 60.60.60.60
permit ip any host 70.70.70.70

Created a Route-map as below:

route-map trafficmap permit 10
match ip address trafficlist
set ip next-hop recursive 10.104.1.1

And added the below route so that 10.104.1.1 can be reachable which is behind ISP2.

ip route 10.104.1.1 255.255.255.255 100.100.100.1

Binded this Route-Map to LAN interface Gi0/2.

So this works fine without when both ISP1 and ISP2 are up, all traffic except that are matching the access list trafficlist will be forwarded to ISP1. Matched traffic will be forwarded to ISP2.

Issue happens when link between ISP2 and CPE is broken, route map will still forward the traffic to 100.100.100.1 since the route for 10.104.1.1 is in the routing table. We would not be able to use 100.100.100.1 as the next-hop since the router and CPE are mounted in the same rack and link between them is never going to break!(unless the cables/device goes faulty - I tested the recursive routemap by disconnecting the link between Router and CPE which seems to failover the traffic via ISP1.)

So could anyone please suggest me if there is any other way to do what I am trying to achieve?

Thanks,

Rijath Mohammed

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP
In response to rmnr

‎06-08-2016 02:59 AM

Hello

My understanding if the recursive next hop isn't available, Then the packet is routed using a the default route table.( ie you primary default route)

However looking again at your topology why don't you use the next hop of 100.100.100.1 in the PBR

Then you can you set the Route-map to use set ip next-hop verify-availability 100.100.100.1 track 10 then it should work.

ip sla 10

icmp-echo 10.104.1.1 source-ip 100.100.100.2
freq 5
ip sla schedule 10 life forever start-time now



res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

5 Replies 5

Go to solution
rmnr
Level 1
Level 1

‎06-06-2016 05:45 PM

.

0 Helpful

Go to solution
paul driver
VIP
VIP

‎06-07-2016 12:14 AM

Hello

Given its not a direct neighbour, you could try to verifying the availability of the next hop recursive via object tracking, this then would route normally if the policy route isn't available.

ip sla 10

icmp-echo 8.8.8.8 soruce-ip 100.100.100.2
freq 5
ip sla schedule 10 life forever start-time now

track 10 sla 10 reachability

ip next-hop verify-availability 10.104.1.1 1 track 10

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
rmnr
Level 1
Level 1
In response to paul driver

‎06-07-2016 04:11 PM

Hi Paul,

I tried your suggestion but it did not work! I think the reason would be that we cannot use 'ip next-hop' just because the next hop is not the adjacent device.

Let me know if you think otherwise!

Thanks,

Rijath Mohammed

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to rmnr

‎06-08-2016 02:59 AM

Hello

My understanding if the recursive next hop isn't available, Then the packet is routed using a the default route table.( ie you primary default route)

However looking again at your topology why don't you use the next hop of 100.100.100.1 in the PBR

Then you can you set the Route-map to use set ip next-hop verify-availability 100.100.100.1 track 10 then it should work.

ip sla 10

icmp-echo 10.104.1.1 source-ip 100.100.100.2
freq 5
ip sla schedule 10 life forever start-time now



res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
rmnr
Level 1
Level 1
In response to paul driver

‎06-08-2016 05:21 PM

Hi Paul,

That worked! Fail over is working when ISP2(10.104.1.1) is not reachable and it fails back when the connection resumes! :)

Thank you very much for the solution, you rock!

Thanks,

Rijath Mohammed

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card