Solved: Route-map MY-LOCAL-POLICY

insccisco · ‎02-10-2009

Guys,

can you please help understand exactly what the following code means:

route-map MY-LOCAL-POLICY permit 10

match ip address 150

set ip next-hop 75.127.231.25

set interface Null0

!

Especially, what does the Null interface do?

Mohamed Sobair · ‎02-10-2009

The PBR matches the Datagrams recieved by the Interface and forward it based on the routing policy.

Your config means, If packet hits an interface and matches ACL 150 , then forward the packet and sets the next hop to be (75.127.231.25) , However, If the Next hop (75.x.x.x) is not reachable, then Set the next hop of the packet to (Null0 interface) , In other word black hole or drop the traffic.

HTH

Mohamed

View solution in original post

Istvan_Rabai · ‎02-10-2009

Hi Angel,

These are the route-map statements for policy routing and applied together with the "ip policy route-map MY-LOCAL-POLICY" on an interface for policy-routing incoming traffic that may override the routing table.

This route-map says:

If the incoming packet matches on ACL 150 then it should be routed to next-hop 75.127.231.25.

Else the packet should be routed using the normal routing table.

The ip next-hop must be a neighbor router on a directly connected link.

What I don't understand:

If the writer of this route-map wants to route traffic to a next-hop router, why would he want to drop it: this is what the "set interface Null0" does.

So either "set ip next-hop 75.127.231.25" or "set interface Null0" is redundant in the config.

Cheers:

Istvan

insccisco · ‎02-10-2009

Hi Istvan,

This code is from a single router with 2 ISP. The router is doing failover meaning that if ISP1 goes down, it will re-route the traffic via ISP2.

This code is part of the Object Tracking system. When ISP1 is up, all is normal and the router tracks 2 objects and uses access list 150 for this. The idea is to always "track" those 2 objects only via ISP1. When ISP2 is up, the objects should not be tracked using ISP2, so I assume that the "set interface Null0" does this.

So, from your explanation I get that the these statements are read in order. So when the router is going out to the internet using ISP2, the statement "set ip nex-hop 75.127.231.25" will be ignored but then is dropped at the next statement "set interface Null0" ... right?

Mohamed Sobair · ‎02-10-2009

The PBR matches the Datagrams recieved by the Interface and forward it based on the routing policy.

Your config means, If packet hits an interface and matches ACL 150 , then forward the packet and sets the next hop to be (75.127.231.25) , However, If the Next hop (75.x.x.x) is not reachable, then Set the next hop of the packet to (Null0 interface) , In other word black hole or drop the traffic.

HTH

Mohamed

insccisco · ‎02-11-2009

Great stuff Mohamed. This is exactly the understanding I was looking for.

Now I have one more bit of understanding to do... the code

route-map MY-LOCAL-POLICY permit 10

match ip address 150

set ip next-hop 75.127.231.25

set interface Null0

is called by

ip local policy route-map MY-LOCAL-POLICY

and the access-list 150 is

access-list 150 permit icmp any host 66.66.66.66 echo

access-list 150 permit icmp any host 4.2.2.2 echo

I want to know in what direction this is applied? when the statement "ip local policy route-map MY-LOCAL-POLICY" is triggered, in what direction this is supposed to go for it to trigger?

Mohamed Sobair · ‎02-11-2009

Hi,

The Ip Local-policy route-map MY-LOCAL-POLICY instruct the router to perform PBR locally.

Looking at ur exampl:

access-list 150 permit icmp any host 66.66.66.66 echo

access-list 150 permit icmp any host 4.2.2.2 echo

It means icmp request from the router detined to (66.66.66.66 & 4.2.2.2) has to be Locally Policed and set the next hop to be 75.127.231.25 or Null0 If the next-hop is not reachable.

This only applies from the router it self, the direction of the traffic is defined by the nexthop on the Policy-map.

HTH

Mohamed

insccisco · ‎02-11-2009

great stuff again Mohamed. Thank you very much.

do you have any good links to read on this subject (PBR)?