Re: ASR 9k ABF

JRU · ‎03-05-2022

Hi,

I was trying to convert PBR from IOS to IOS-XR based on ABF.

route-map RM-TRAFFIC permit 10

match ip address Source-via-Center-1

set ip next-hop 10.10.10.10

route-map RM-TRAFFIC permit 20

match ip address Source-via-Center-2

set ip next-hop 10.10.10.11

I have prepared access list on IOS XR and attached it to Bundle-ether sub interface.
ipv4 access-list ABF-ACL
10 permit ipv4 host 10.10.10.5 20.0.0.0/16 nexthop1 vrf vABC ipv4 10.10.10.10
20 permit ipv4 host 10.10.10.6 20.0.0.0/16 nexthop1 vrf vABC ipv4 10.10.10.11

!
interface Bundle-Ether20.162
ipv4 access-group ABF-ACL ingress

When I verified the access list i noticed that my traffic was matched by IMPLICIT DENY.

Any idea what i did wrong? Line card seems to support ABF - A9K-4X100GE I was able to reach next hop.

tkarnani · ‎03-05-2022

can you please check

show access-lists ipv4 ABF-ACL hardware ingress location 0/X/CPU0 (location where bundle members are hosted)

this will provide us the matches/hits on the acl we can see what line is being matched

we need to ensure that the statement is matching the traffic being hit

Thanks

JRU · ‎03-05-2022

At the end of implementation i removed the access list, but when issued this command before i had 1800 matches on IMPLICIT DENY.

JRU · ‎03-05-2022

I think I know what might be wrong. Our BE20.162 is 10.10.10.x/24 same as my next hops.
Due to legacy setup we were NATing all traffic into 10.10.10.5 and 6. I think that because ASR see address from its own network 10.10.10.0/24 - correct me if im wrong.

Not sure if this is not a limitation of ABF here. I will open a TAC case for this to verify it.