cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
746
Views
10
Helpful
4
Replies

set ip next-hop verify-availability - on cat 9k

robad
Beginner
Beginner

Hi,

We have a new Catalyst 9600 that should replace an older Catalyst 6500 acting as our client's gateway.
Since we have dedicated uplink interfaces for each lab, we are using route-map to route traffic to them.

On the new 9600, we could not add the ip policy to the inteface vlan with the following error showing in the logs:
*Oct 11 08:08:56.427: %FMANRP_PBR-3-UNSUPPORTED_RMAP: Route-map wwsp has unsupported options for Policy-Based Routing. It has been removed from the interface, if applied


After speaking with TAC, they mentioned that verify-availability command is not supported on the 9600 and we should find another way.

This is an example of how our route-maps are configured:

route-map test, permit, sequence 40
Match clauses:
ip address (access-lists): test
Set clauses:
ip next-hop verify-availability 10.10.10.20 10 track 15 [up]
ip next-hop 10.10.20.20

track 15 interface GigabitEthernet1/3/8 line-protocol

Are there any good alternatives for verify-availability? For us it's a must. We use those configs for years on the 6500.

Thanks in advance.

4 Replies 4

Hello,

 

you could achieve the same result with an IP SLA and an EEM script that checks the availability of the next hop. If it is not reachable, the EEM script changes the next hop in the route map accordingly, and vice versa.

 

The config would look like this:

 

track 1 ip sla 1 reachability
!
ip sla 1
icmp-echo 10.10.10.20 source-ip 10.10.10.10
frequency 5
!
ip sla schedule 1 start-time now life forever

!

event maanger applet POLICY_MAP_DOWN
event track1 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "route-map test permit 40"
action 4.0 cli command "match ip address test"
action 5.0 cli command "ip next-hop 10.10.20.20"
action 6.0 cli command "end"
!
event maanger applet POLICY_MAP_UP
event track1 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "route-map test permit 40"
action 4.0 cli command "match ip address test"
action 5.0 cli command "ip next-hop 10.10.10.20"
action 6.0 cli command "end"

Hi Georg, sorry for the delay.

Thanks for your solution 

 

We've tried to run what you suggested.

Under : event maanger applet POLICY_MAP_DOWN
We can't run this : event track1 state down

 

There is no "event track" option

There is event ipsla, but there is no option for a name, only a group-name and some other options

 

We are running version 17.3.14

Hello,

 

I think you need DNA Advantage to have full EEM capability...can you check what license you have installed (sh lic) ?

pman
Spotlight
Spotlight

you ask "Are there any good alternatives for verify-availability? For us it's a must. We use those configs for years on the 6500."

if you configure simple PBR (match + ip next-hop) and the switch learn the 10.10.10.20 route from static route (for example)

then you can simply attach ip sla / track  to static route

and if the track goes down for this static route then both the static route and the ip next-hop command (inside the route-map) will no longer be used

 

The next-hop ip command works like this:


The set ip next-hop command verifies the existence of the next hop specified, and…

  1. if the next hop exists in the routing table, then the command policy routes the packet to the next hop.
  2. if the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: