cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2577
Views
0
Helpful
4
Replies

Policy based routing to host in same vlan/subnet

scottyschafer
Level 1
Level 1

Hello i have nexus 7k that i have a policy based routing setup as follows for 2 vlans, 802 and 803, to set default route out to a host in vlan 802. i have applied my policy to the vlans and everything works fine for a host in vlan 803, it routes over and out properly. However when im in vlan 802 my host traffic never gets to 172.21.1.237 when pointed at the gateway 172.21.1.1. I can see the pbr statistics incrementing indicating that i am initially hitting the policy but im not sure where my traffic goes after that. I can talk to .237 direct in the vlan but i would like this to work through pbr to utilize all of my other routes and default gateway.

vlans 802

172.21.1.1/24

ip policy route-map West

vlan 803

172.21.17.1/24

ip policy route-map West

route-map West permit 10

  match vlan 802-803

  set ip default next-hop 172.21.1.237

Im thinking there is some kind of hairpinning problem or maybe im creating some kind of blackhole.

any help is appreciated.

thanks, scott

4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

Scott

If the destination IP is in the same subnet as source IP then it won't be routed it will be L2 switched so it would never use the default gateway ie.

src IP 172.21.1.10 255.255.255.0

dst IP 172.21.1.237 255.255.255.0

src compares it's own IP with it's subnet mask and sees it is on the 172.21.1.x network. src then compares the destination IP with it's own subnet mask and sees it is also on the 172.21.1.x network so it simply arps out for that address and when it gets the mac address it sends it direct to the destination. It would only use the default gateway if the destination IP was on a different network.

So i don't see how you will be able to do this and i'm not sure why you are seeing hits in your PBR acl for the host in the 172.21.1.x network.

Edit - what exactly do you mean when you say -

However when im in vlan 802 my host traffic never gets to 172.21.1.237 when pointed at the gateway 172.21.1.1.

How are you doing this ie. pointing it to the default gateway because as i say it should always be able to communicate with 172.21.1.237 as it is in the same subnet.

Jon

Thanks Jon ,

I could see this being the case when destination is 172.21.1.237, however this is routing to internet so default gateway is used, hits pbr, then seems to vanish....I would think it would hit pbr then send back to 172.21.1.237...like any other default route.

Scott

Scott

That makes more sense.

I have done what you are trying to do with a router using IOS 12.4 but i have also seen problems with people trying to do in on L3 switches. In theory it should work fine but on some switches it just doesn't seem to work.

I'm not familiar with Nexus switches but is there any sort of debugging you can run to see exactly what the policy routing is doing ?

Jon

Hi Scott,

As your PBR redirection for VLAN 802, the next-hop is part of the same subnet.  Try to configure something like " ip route-cache policy" and "ip route-cache same-interface" on vlan802 SVI

Let me know if it helps.

Rgds,

Review Cisco Networking for a $25 gift card