Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6394
Views
0
Helpful
3
Replies

Troubleshooting PBR

acneurope
Level 1
Level 1

‎04-11-2007 03:03 AM - edited ‎03-03-2019 04:30 PM

Hello All,

We've implemented PBR between our main and branch offices. However, it seems to have issues - the packet losses (via ping is extremely high, the traffic gets interrupted, etc. Does anyone have any information on how to troubleshoot it?

Here're the pieces of the relative configuration:

interface Vlan11

description $FW_INSIDE$

ip address 10.130.11.252 255.255.255.0

ip access-group vlan11-in in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip inspect firewall in

ip virtual-reassembly

ip policy route-map RM-PBR-MPLS-VPN

no mop enabled

standby delay minimum 60 reload 60

standby version 2

standby 10 ip 10.130.11.250

standby 10 preempt delay minimum 60 reload 60 sync 60

standby 10 authentication md5 key-string 7 00211D0516421B120A250D

standby 10 name SNATHSRP

standby 10 track GigabitEthernet0/0

ip access-list extended PBR-MPLS

remark PBR Towards MPLS

permit ip 10.130.0.0 0.0.255.255 10.100.0.0 0.0.255.255

permit ip 10.130.0.0 0.0.255.255 10.120.0.0 0.0.255.255

permit ip 10.130.0.0 0.0.255.255 10.140.0.0 0.0.255.255

ip access-list extended PBR-MPLS-QoS

remark PBR Towards MPLS - Specific Applications

permit tcp host 10.130.12.30 eq telnet 10.140.0.0 0.0.255.255

permit tcp host 10.130.12.114 eq www 10.140.0.0 0.0.255.255

permit tcp host 10.130.12.145 eq 46997 host 10.140.20.25

ip access-list extended PBR-Tunnel0

remark PBR Towards Tunnel0

permit ip 10.130.0.0 0.0.255.255 10.140.0.0 0.0.255.255

route-map RM-PBR-MPLS-VPN permit 10

match ip address PBR-MPLS-QoS

set ip next-hop 10.130.11.253

!

route-map RM-PBR-MPLS-VPN permit 20

match ip address PBR-Tunnel0

set ip next-hop verify-availability 10.63.0.2 10 track 11

set ip next-hop 10.130.11.253

!

route-map RM-PBR-MPLS-VPN permit 30

match ip address PBR-MPLS

set ip next-hop 10.130.11.253

Labels:
0 Helpful
3 Replies 3

dgahm
Level 8
Level 8

‎04-11-2007 10:00 AM

You can start with a debug ip policy. If that doesn't help, you might want to debug ip packet 105. The 105 would be an access list defining the traffic you want to debug.

Your symptoms don't really sound like a PBR issue. Do non policy routed pings to the same destinations work OK? Have you tried turning off the IP Inspect?

Please rate helpful posts.

Dave

0 Helpful

acneurope
Level 1
Level 1
In response to dgahm

‎04-12-2007 12:11 AM

PBR works as expected, but after a day or two the above described sympthoms occur. I haven't tried desabling ip inspect. Will do that and will let you know.

Update: Just turned off ip inspect however, i can still see the packet loss. Weired thing is - if i remove PBR everything works just fine. Theres no errors on interfaces, cpu usage is very low..

Thx, Serge.

0 Helpful

connect101
Level 1
Level 1
In response to acneurope

‎11-06-2010 08:28 AM

Hi Serge,

I saw your post after lot of search about this problem of packtried et loss when using PBR.

We face the similar problem on our IP/MPLS Backbone, several solutions but no success.

So I'd like to know if you finally found the solution of this problem.

Kind regards.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card