09-21-2011 07:32 PM
HI
I need to configure ASR 9006 with this configuration.
OLD and good configuration:
access-list 199 deny ip any 186.32.128.0 0.0.31.255 log
access-list 199 deny ip any 186.32.224.0 0.0.15.255 log
access-list 199 deny ip any 190.53.48.0 0.0.15.255 log
access-list 199 deny ip any 190.53.64.0 0.0.31.255 log
access-list 199 deny ip any 190.53.76.0 0.0.3.255 log
access-list 199 deny ip any 190.53.80.0 0.0.1.255 log
access-list 199 deny ip any 190.53.92.0 0.0.3.255 log
access-list 199 permit ip any any
route-map 123456 permit 10
match ip address 199
set ip next-hop 144.224.115.81
interface FastEthernet1/14
no switchport
ip address 10.206.1.1 255.255.255.252
ip policy route-map 123456
and my new config but this is bad
prefix-set XX
186.32.128.0/19,
190.53.192.0/19,
186.32.224.0/20,
190.53.48.0/20,
205.211.248.0/21,
205.211.192.0/22,
205.211.244.0/22,
205.211.218.0/23,
205.211.220.0/23,
205.211.222.0/23,
200.12.227.0/24
end-set
route-policy salida-amnet-sps-cable
if destination in XX then
pass
else
set next-hop 144.224.115.81
endif
end-policy
!
I need know know how appliy the route-policy to the interface
thanks.
09-21-2011 09:18 PM
hi Luis,
Are you trying to do PBR(Policy Based Routing) ? If so, PBR is not used on the ASR9K, rather we use a feature called ABF (ACL based Forwarding) which was introduced in IOS-XR 3.9.2 for the ASR9K series.
Have a look at that and see if that will meet your requirements.
regards,
David Pothier
Cisco Systems
09-22-2011 10:20 AM
David thanks a lot, my english y so bad, Today at monrning I did the configuration and I hope that work fine. ( at nigh we have the installation). The ASR will be interconect Juniper router, then IT's will be connected to 1x stm1 and 3 x smt1 and the juniper will be have other sonet conection to other ISPs.
I just needed the ABF config Thanks.
Thanks again !!
09-24-2011 09:23 AM
Hi Luis,
Here is an example ABF configuration:
ipv4 access-list ABF
10 permit ipv4 any any nexthop1 ipv4 141.1.1.2
!
And then application of this ABF to an interface:
RP/0/RSP0/CPU0:A9K-BNG(config)#int g0/0/0/0
RP/0/RSP0/CPU0:A9K-BNG(config-if)#ipv4 access-group ABF in
In this example every incoming packet is set forcefully to next hop 141.1.1.2
You can have multiple next hops also and you could use some EEM tricks to do next hop tracking.
One additional note, at this point in time, ABF is not vrf aware, what that means is the next hop in this configuration is always sought in the default routing table.
Soon we will have vrf aware abf that allows you to set the next hop in a particular vrf regardless of the vrf that the interface is in where this ABF ACL is applied to.
You can apply ABF to an interface today that is in a vrf, but the next hop is still found in the global Routing Table.
xander
09-28-2011 09:54 PM
Thanks the last saturday the ASR was configured and migrated and the ABF is working very good.
Thansk alot.
Luis
11-08-2011 03:33 AM
Hello collegaues,
Does ABF supports on BVI interfase in dedicated vrf?
Thanks in advance
Rjystantin
11-08-2011 04:16 AM
Hi Konstantin,
Currently BVI doesn't do ACL and therefore also no ABF.
in XR 4.2.0 we will get ACL for BVI interfaces, but only ipv4
The extension to ABF is being scoped for XR 421. (can't make promises here)...
Also in XR 420, ABF will be vrf aware. that means that the next hop can be configured to be in any vrf.
Applying the ABF to an interface in a vrf we can already do today.
xander
11-08-2011 04:32 AM
Ok. Thank you very much ))).
And last question.
Do you know date of announce release 4.2.0 and 4.2.1
WBR,
Konstantin
11-08-2011 04:43 AM
XR 420 is december of this year (2011)
and XR 421 is 1H2012
xander
11-08-2011 05:00 AM
Great.
Thanks.
03-10-2014 10:17 AM
Hi Xander,
Is it possible to use the PBR feature above to route traffic through an MPLS TE tunnel? I see you can only specify a next hop and not an outbound interface so I presume we couldn't achieve this on IOS XR and we have to use either autoroute announce/destination or static routes.
If it works, does the feature support policy routing of VRF traffic over an MPLS TE tunnel?
Thanks,
Pavel
02-03-2012 11:43 AM
Hello,
We've got 4.2.0 release notes and:
"The nexthop functionality is not supported in VRF. Nexthop is looked at in the global table only."
Do anyone know when nexthop functionality will be support?
02-03-2012 11:55 AM
This is not really RPL, but the vrf aware ABF is available in CCO 420.
This note you reference is from old ABF documentation pre 420 which could not find the next hop in a vrf.
You could submit feedback ont eh document to have it lifted and mention that vrf aware abf is supported in 420 for A9K xander
02-08-2012 06:03 AM
Ok, thanks. We have created two BVI 1 and 2. There are two host 2.2.2.1 and 3.3.3.1 which connect to these BVI. But there is no traffic on sniffer.
What could be cause of the issue?
Thanks.
vrf Gb
address-family ipv4 unicast
import route-target
65100:4
!
export route-target
65100:4
!
ipv4 access-list VRF_Gb
10 permit ipv4 2.2.2.0 0.0.0.255 any nexthop1 vrf Gb ipv4 3.3.3.1
interface BVI1
description Test_ABF_source
vrf Gb
ipv4 address 2.2.2.2 255.255.255.252
!
interface BVI2
description Test_ABF_destin
vrf Gb
ipv4 address 3.3.3.2 255.255.255.252
!
bridge-domain VRF_Gb_Test
interface GigabitEthernet0/0/0/9
!
routed interface BVI1
!
bridge-domain VRF_Gb_Test_2
interface GigabitEthernet0/0/0/10
!
routed interface BVI2
vrf Gb
address-family ipv4 unicast
import route-target
65100:4
!
export route-target
65100:4
!
ipv4 access-list VRF_Gb
10 permit ipv4 2.2.2.0 0.0.0.255 any nexthop1 vrf Gb ipv4 3.3.3.1
interface BVI1
description Test_ABF_source
vrf Gb
ipv4 address 2.2.2.2 255.255.255.252
!
interface BVI2
description Test_ABF_destin
vrf Gb
ipv4 address 3.3.3.2 255.255.255.252
!
bridge-domain VRF_Gb_Test
interface GigabitEthernet0/0/0/9
!
routed interface BVI1
!
bridge-domain VRF_Gb_Test_2
interface GigabitEthernet0/0/0/10
!
routed interface BVI2
02-08-2012 06:57 AM
I assume you have the ABF ACL applied to an ingress interface right that is likely MPLS tagged?
There could be 2 problems with your setup:
1) when traffic comes in mpls tagged, L3 ACL's can't be applied. this is a generic and as per design that L3 ACL's don't apply to tagged traffic
2) when you have tagged traffic /mpls-vpn you need to use per vrf labels with BVI. the reason is that you get an agg label then. otherwise with per prefix labels, traffic can't be forwarded as the per prefix label usually gives you a directly fib lookup, which can;t be done with BVI's (we need that extra pass an agg label gives us). this is an a9k specific implementation of VRF+BVI.
xander
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide