Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
936
Views
0
Helpful
9
Replies

route map weird behaviour

donaghq_2
Level 1
Level 1

‎10-01-2009 08:17 AM - edited ‎03-04-2019 06:13 AM

Hello

I have 2 routers (A and B) with 2 tunnels (1 and 2) between them. OSPF is running and tunnel 1 is favoured due to a better metric. Router B has a route map on it's lan interface. This directs specific traffic to tunnel 2 - Host X to Host Y (route map has match access list 10 and set ip next-hop commands)

Now for the problem....

Host X sits on the LAN on router B. It matches the access list in the route map and is directed to tunnel 2....or so I believe. Trace route from Host X shows the path to the host is via tunnel 2 (which is correct)

To test this is working I have set up an access list on the tunnel 2 interface on router A. I am not seeing any matches for the Host X to Host Y traffic. On Router B I issue a show ip route to Host Y and it shows me that the route is via tunnel 1.

I then put a default route (ip route host Y tunnel 2) on Router B to be via tunnel 2 and then I see matches in the access-list on router A.

Anyone know how I can make sure the traffic obeys the route map?

THanks a lot.

D

Labels:
0 Helpful
9 Replies 9

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-01-2009 08:41 AM

Hello Donagh,

try to use debug ip policy on RB.

it should show you the redirection action

depending on the tunnel type what you have tried can work or not.

Hope to help

Giuseppe

0 Helpful

donaghq_2
Level 1
Level 1
In response to Giuseppe Larosa

‎10-01-2009 02:08 PM

Hi Giuseppe

Thanks for the reply. I did a debug ip policy (crashed the router!) and found lots of "FIB policy rejected(no match) normal forwarding. So it looks like the policy map is not working even though it looks as if it set correctly. Any ideas on how I should get it to work? you mentioned something about tunnel type?

I am intrigued as to why Host X reports from a trace route to be taking the correct path.

Many Thanks

DQ

0 Helpful

chinkevi_2
Level 1
Level 1
In response to donaghq_2

‎10-01-2009 05:41 PM

hi,

sound like config issue, can you post the relevent config for us to look?

router A would need pbr too if tunnel 1 is the default preferred path.

regards

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to donaghq_2

‎10-01-2009 09:38 PM

Hello Donagh,

I'm sorry for the crash I should have added do it under low traffic conditions.

I agree with Ting, at this point it is useful if you post the config.

Change public ip addresses in something else and remove any user/pwd commands.

Hope to help

Giuseppe

0 Helpful

donaghq_2
Level 1
Level 1
In response to Giuseppe Larosa

‎10-02-2009 04:28 AM

Hi Guys

Thanks for replies.

I have checked the route map on router A and it does not have HOST Y to HOST X in the access list.......but this should not matter as I have a static route to HOST X.

So have you any thoughts on why HOST X would be saying that tracert is saying one thing but the router is acutally doing something else. seems weird to me but as always there will be a logical explanation :-)

Donagh

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to donaghq_2

‎10-02-2009 04:52 AM

Hello Donagh,

As Ting and Giuseppe have pointed out, at this point, it would be very helpful if you could provide the configuration of your router - at least the portions related to your route-map issue and the IP addresses of your hosts that do not seem to be influenced by PBR. It is almost impossible to help you without knowing more detail.

Best regards,

Peter

0 Helpful

donaghq_2
Level 1
Level 1
In response to Peter Paluch

‎10-03-2009 12:57 AM

Hi All

Please see attached for the relevant config on both routers.

Thanks

Donagh

Preview file
4 KB
0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to donaghq_2

‎10-03-2009 01:27 AM

Hello Donagh,

>> #sh access-list DUBTUN2

Extended IP access list DUBTUN2

10 permit ip host 10.200.1.43 10.0.0.0 0.0.0.255 (691955 matches)

the ACL used in the route-map has matches so it looks like it is working your PBR.

what is the output of

sh route-map FE00?

does it reports stats for first clause the one using the ACL above?

note also that route-maps and ACLs on other side shows

RA:

sh access-list ODCTUN2

Extended IP access list ODCTUN2

10 permit ip host 10.0.0.10 host 10.200.1.20 (113657 matches)

sh route-map LAN

route-map LAN, permit, sequence 10

Match clauses:

ip address (access-lists): ODCTUN2

Set clauses:

ip next-hop 10.254.0.18

>>>Policy routing matches: 117260 packets, 22846256 bytes

this is clearly working from RA to RB

you cannot expect PBR to change ip routing table it is not its job.

It has to process traffic overriding IP routing table.

routing table will show via tunnel1 for its lowest OSPF metric.

Hope to help

Giuseppe

0 Helpful

donaghq_2
Level 1
Level 1
In response to Giuseppe Larosa

‎10-03-2009 01:58 AM

Hi Giuseppe

Thanks for reply.

The output shows that the route map is matching

#sh route-map FE00

route-map FE00, permit, sequence 10

Match clauses:

ip address (access-lists): DUBTUN2

Set clauses:

ip next-hop 10.254.0.17

Policy routing matches: 2257924 packets, 1219828926 bytes

route-map FE00, permit, sequence 20

Match clauses:

ip address (access-lists): BORTUN3

Set clauses:

ip next-hop 10.254.210.10

Policy routing matches: 1792 packets, 224409 bytes

route-map FE00, permit, sequence 30

Match clauses:

ip address (access-lists): CARTUN1

Set clauses:

ip next-hop 10.254.212.2

Policy routing matches: 0 packets, 0 bytes

but from the debug ip policy I did recently it says it is not using the policy map. maybe a bug....

Donagh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card