PBR loop

omoplatata · ‎03-08-2013

Hello,

I'm writing a config that requires me to forward all network traffic comming to a router interface back to it's source, thus creating a small loop. For instance the configuration would look like this:

ip route 10.0.0.1 255.255.255.255 FastEthernet 0/0

ip access list extended LIST

permit ip host 10.0.0.1 any

route-map MAP permit 10

match ip address LIST

set ip next-hop 10.0.0.1

interface FastEthernet 0/0

ip address 10.1.0.1 255.255.255.252

ip policy route-map MAP

I try to test it by sending packets from 10.0.0.1 having 10.1.0.1 as it's destination address. My problem is that while I can verify that I recive inound traffic on the interface and I see policy routing matches, I don't see any outbound traffic on FastEthernet 0/0. I really can't figure it out, I've tried many PBR config variation but still no dice. Any help would be much appreciated.

.

blau grana · ‎03-09-2013

Hello omoplatata,

Configuration looks OK, it should work. Check if your static route is in routing table, if routing table contain some specific route for 10.0.0.1/32, PBR traffic will be routed based on rules of routing table.

Also I would change this static route:

ip route 10.0.0.1 255.255.255.255 FastEthernet 0/0

to this:

ip route 10.0.0.1 255.255.255.255 10.1.0.2

You can have ARP issues with previous format, check ->

http://blog.ioshints.info/2009/10/my-stupid-moments-interface-default.html

http://blog.ioshints.info/2009/10/follow-up-interface-default-route.html

To check outbound traffic, you can configure ACL:

From 10.0.0.1 device ping some IP, f.e. 8.8.8.8

On router add this ACL:

ip access-list extended TEST

permit icmp host 10.0.0.1 host 8.8.8.8

permit ip any any

interface FastEthernet0/0

ip access-group TEST out

But if you have access to 10.0.0.1 device, you should be able to see looped traffic there.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions