Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2919
Views
5
Helpful
3
Replies

policy routing-Cef/Fib

ccobtn
Level 1
Level 1

‎06-27-2005 03:11 AM - edited ‎03-03-2019 09:54 AM

Hi,

I have question about policy-routing with regard to next-hop ip. Does next-hop ip have to existed in the Cef/fib table for policy to work?.

Reason being is that if I make next-hop ip via address learn from routing table I get policy reject and routed normal way. But If I make next-hop ip explicit via directly connected address which exist in the cef/fib table then policy works fine.

here is config......

access-list 110 permit tcp any any eq www

route-map http permit 10

match ip address 110

set ip next-hop verify-availability 192.168.5.2 5 track 123

!

!

C 172.10.10.0 is directly connected, GigabitEthernet1/0/9

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.20.0 is directly connected, GigabitEthernet1/0/1

R 192.168.5.0/24 [120/1] via 172.16.20.2, 00:00:05, GigabitEthernet1/0/1

10.0.0.0/24 is subnetted, 2 subnets

C 10.10.2.0 is directly connected, GigabitEthernet1/0/13

O IA 10.10.3.0 [110/2] via 10.10.2.2, 00:25:47, GigabitEthernet1/0/13

!

ws-sw#sh ip cef

Prefix Next Hop Interface

0.0.0.0/32 receive

10.10.2.0/24 attached GigabitEthernet1/0/13

10.10.2.0/32 receive

10.10.2.1/32 receive

10.10.2.2/32 attached GigabitEthernet1/0/13

10.10.2.255/32 receive

10.10.3.0/24 10.10.2.2 GigabitEthernet1/0/13

172.10.10.0/24 attached GigabitEthernet1/0/9

172.10.10.0/32 receive

172.10.10.1/32 receive

172.10.10.100/32 attached GigabitEthernet1/0/9

172.10.10.255/32 receive

172.16.20.0/24 attached GigabitEthernet1/0/1

172.16.20.0/32 receive

172.16.20.1/32 receive

172.16.20.2/32 attached GigabitEthernet1/0/1

172.16.20.255/32 receive

192.168.5.0/24 172.16.20.2 GigabitEthernet1/0/1

224.0.0.0/4 drop

224.0.0.0/24 receive

255.255.255.255/32 receive

ws-sw#

!

00:28:35: CEF-IP-POLICY: fib for address 192.168.5.2 is with flag 0

00:28:35: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, len 40, FIB

policy rejected - normal forwarding

00:28:35: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, len 40, FIB

policy match

00:28:35: CEF-IP-POLICY: fib for address 192.168.5.2 is with flag 0

00:28:35: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, len 40, FIB

policy rejected - normal forwarding

00:28:39: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, len 40, FIB

policy match

00:28:39: CEF-IP-POLICY: fib for address 192.168.5.2 is with flag 0

00:28:39: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, len 40, FIB

policy rejected - normal forwarding

00:28:39: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, len 40, FIB

policy match

00:28:39: CEF-IP-POLICY: fib for address 192.168.5.2 is with flag 0

00:28:39: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, len 40, FIB

policy rejected - normal forwarding

!

access-list 110 permit tcp any any eq www

route-map http permit 10

match ip address 110

set ip next-hop verify-availability 172.16.20.2 5 track 123

!

0:41:01: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, len 48, FIB

policy match

00:41:01: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, g=172.16.20

.2, len 48, FIB policy routed

00:41:01: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, len 40, FIB

policy match

00:41:01: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, g=172.16.20

.2, len 40, FIB policy routed

00:41:01: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, len 284, FI

B policy match

00:41:01: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, g=172.16.20

.2, len 284, FIB policy routed

00:41:01: IP: s=172.10.10.100 (GigabitEthernet1/0/9), d=192.168.5.2, len 331, FI

B policy match

Labels:
0 Helpful
3 Replies 3

Harold Ritter
Level 12
Level 12

‎06-27-2005 04:51 AM

Use of the recursive next-hop (non-directly connected) with PBR route-map is supported starting with 12.3(14)T or 12.0(28)S. For more information, please refer to the following URL:

http://www/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a008021de72.html

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

ccobtn
Level 1
Level 1
In response to Harold Ritter

‎06-27-2005 05:07 AM

Hi,

Is this mean that policy routing "next-hop" is only supported with ip address (which is directly adjacent) and indirect next-hops will not work.

At moment i'm using Cat 3750 and is there cat software that suport recursive next-hop (non-directly connected ?)

Regard

0 Helpful

Harold Ritter
Level 12
Level 12
In response to ccobtn

‎06-27-2005 07:25 AM

You are correct. Without the PBR recursive next-hop feature, you can only specify a directly connected NH.

Unfortunately, the latest 12.2SE code (12.2(25)SEB2) for the 3750 doesn't support this feature.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card