Solved: Route-map PBR with Tracking

joshik · ‎03-12-2025

I'm trying to setup a PBR for an interface using a route-map. I want to also the PBR to use a track/SLA to "enable" and "disable" the PBR on the interface.

I can't get the PBR to disable.

This is my config in my GNS3 lab.

int lo0
ip address 1.1.1.1 255.255.255.255
no shut

ip sla 2
icmp-echo 1.1.1.1
ip sla schedule 2 life forever start-time now

track 2 ip sla 2 reachability

route-map TEST
match ip address 2
match track 2
set ip next-hop 10.15.1.254 t

access-list 2 permit any

int g0/0.XXXXX
ip policy route map TEST

I can't seem to figure out how to get the match track to work. The track goes up and down when i shut and no shut the lo0 but the PBR remains active.

Any thoughts?

joshik · ‎03-12-2025

Ok I think I got it. You are correct about the "verify-availability" command. I thought that it would verify the availability of the specified next hop, but you specify a track for it to verify.

so I used:

"set ip next-hop verify-availability 10.15.1.254 1 track 2" and it worked like a charm!

View solution in original post

Richard Burts · ‎03-12-2025

I have not seen any Cisco document that says that PBR can match track. There is an option that might accomplish what you are trying to do. In the set statement there can be an optional parameter verify-availability. That parameter reacts when the address specified is not reachable. This is dependent on content of the routing table, not on the results of ping. And it is supported on some platforms and not supported on other platforms. Since we do not know what platform you are using we can not know whether this solution would work for you.

HTH

Rick

joshik · ‎03-12-2025

I do see documentation about route-maps and tracking but maybe not how I want to use it. However, the title of the Cisco article is PBR Match Track Object.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/xe-3s/iri-xe-3s-book/iri-pbr-match-track-object.pdf

The article doesn't talk about using a "set ip next-hop", match track and a match ip address [acl]. Although, I probably don't need the "match ip address" command as I want ALL traffic from that subinterface to route to the defined next-hop.

The device I am trying to do this on is a ISR2951 (yes, i know OLD!) on 15.7.3m8.

What I am trying to accomplish is this:

Router is route-on-a-stick with multiple subinterfaces. The global routing table has a default route plus OSPF learned routes out one path. However, I want ONE subinterface to use a different next hop for ALL traffic. That part is easy, but then I want the PBR to be ignored if that other path goes down.

I have seen references of the command "set ip next-hop x.x.x.x track y" command in some documents but the 2951 doesn't have that option.

Also, I did think about the "verify-availability" command but the next hop will always be available as it is a firewall. I am more concerned with the next hop of the firewall going down.

Any other ideas on how to achieve this?

joshik · ‎03-12-2025

Ok I think I got it. You are correct about the "verify-availability" command. I thought that it would verify the availability of the specified next hop, but you specify a track for it to verify.

so I used:

"set ip next-hop verify-availability 10.15.1.254 1 track 2" and it worked like a charm!

Richard Burts · ‎03-13-2025

Thanks for the update. I am glad that my suggestion was helpful and that you now have a solution to your issue.

HTH

Rick