cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
644
Views
5
Helpful
3
Replies

ASR 9k ABF

JRU
Level 1
Level 1

Hi,

 

I was trying to convert PBR from IOS to IOS-XR based on ABF.

route-map RM-TRAFFIC permit 10

  match ip address Source-via-Center-1

  set ip next-hop 10.10.10.10

route-map RM-TRAFFIC permit 20

  match ip address Source-via-Center-2

  set ip next-hop 10.10.10.11

 

I have prepared access list on IOS XR and attached it to Bundle-ether sub interface.
ipv4 access-list ABF-ACL
10 permit ipv4 host 10.10.10.5 20.0.0.0/16 nexthop1 vrf vABC ipv4 10.10.10.10
20 permit ipv4 host 10.10.10.6 20.0.0.0/16 nexthop1 vrf vABC ipv4 10.10.10.11

!
interface Bundle-Ether20.162
ipv4 access-group ABF-ACL ingress

 

When I verified the access list i noticed that my traffic was matched by IMPLICIT DENY.

Any idea what i did wrong? Line card seems to support ABF - A9K-4X100GE I was able to reach next hop.

3 Replies 3

tkarnani
Cisco Employee
Cisco Employee

can you please check

 

show access-lists ipv4 ABF-ACL hardware ingress location 0/X/CPU0 (location where bundle members are hosted)

 

this will provide us the matches/hits on the acl we can see what line is being matched

 

we need to ensure that the statement is matching the traffic being hit

 

Thanks

 

At the end of implementation i removed the access list, but when issued this command before i had 1800 matches on IMPLICIT DENY.

I think I know what might be wrong. Our BE20.162 is 10.10.10.x/24 same as my next hops.
Due to legacy setup we were NATing all traffic into 10.10.10.5 and 6. I think that because ASR see address from its own network 10.10.10.0/24 - correct me if im wrong.

 

Not sure if this is not a limitation of ABF here. I will open a TAC case for this to verify it.