cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10581
Views
15
Helpful
22
Replies

ROUTE MAP and POLICY MAP vs PRL

HI

I need to  configure  ASR 9006 with  this configuration.

OLD and good configuration:

access-list 199 deny   ip any 186.32.128.0 0.0.31.255 log

access-list 199 deny   ip any 186.32.224.0 0.0.15.255 log

access-list 199 deny   ip any 190.53.48.0 0.0.15.255 log

access-list 199 deny   ip any 190.53.64.0 0.0.31.255 log

access-list 199 deny   ip any 190.53.76.0 0.0.3.255 log

access-list 199 deny   ip any 190.53.80.0 0.0.1.255 log

access-list 199 deny   ip any 190.53.92.0 0.0.3.255 log

access-list 199 permit ip any any

route-map 123456 permit 10

match ip address 199

set ip next-hop 144.224.115.81

interface FastEthernet1/14

  no switchport

ip address 10.206.1.1 255.255.255.252

ip policy route-map 123456

and my new config  but this is bad

prefix-set XX

  186.32.128.0/19,

  190.53.192.0/19,

  186.32.224.0/20,

  190.53.48.0/20,

  205.211.248.0/21,

  205.211.192.0/22,

  205.211.244.0/22,

  205.211.218.0/23,

  205.211.220.0/23,

  205.211.222.0/23,

  200.12.227.0/24

  end-set

route-policy salida-amnet-sps-cable

  if destination in XX then

    pass

  else

    set next-hop 144.224.115.81

  endif

  end-policy

!

I need know know how appliy  the route-policy to the interface

thanks.

22 REPLIES 22

Hello, thank you.

We don't use mpls and we need VRF for two independent routing tables on ASR.

We are going to use ABF for routing via source address on BVI and bundle interfaces.
Is it possible?

Hello Konstantin,

I do not believe ACL-based forwarding is supported on L2 interfaces (such as a BVI) at this time: http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.1/addr_serv/configuration/guide/ipaddr_cg41a9k_chapter1.html#concept_BF68E0C2D04E420B82E1BFC36F5A0B1F

I believe support is planned for 4.3, however.

Hello Charles,

Thank you.

Do you know date of announce release 4.3?

WBR,

Konstantin

That would be end of this year (2012) Konstantin. December time frame.

regards

xander


This is really not practical!
This is the only way to apply an ACL on an interface in global configuration mode?!
int Te
ipv4 access-group ABF in

I have 100 ip address that I can not summarize and I need to set them to a single nexthop? Do I need to write it 100 times?
permit x.x.x.x nexthop y.y.y.y
permit z.z.z.z nexthop y.y.y.y
....... 100 times ?

and I need also to use those Ip adresses in a route-policy so I have to write them all over again!


At least in IOS you make an ACL, use route-map to match the ACL (and use the ACL somewhere else if you want) and set a nexthop and then applied to an interface.

you define the acl globally, and you apply it to the interface on ingress.

it is indeed case that with a route-map approach, you can reuse the ACL.

for asr9k/xr you could, instead of ABF, if you want to re-use the ACL, define the ACL as you like with route-map and then use PBR to pull in that ACL into a class-map type traffic and in the pbr control policy set a next hop there.

that might be an alternate solution similar to route-map for you.

cheers!

xander

I really appreciate your reply !

This worked perfectly!!


ipv4 access-list acl1
 permit x.x.x.x
 permit z.z.z.z

class-map type traffic class1
   match access-group ipv4 acl1
end-class-map

policy-map type pbr policy1
   class type traffic class1
      set destination-address ipv4 y.y.y.y ( my nexthop)
end

int Te
 service-policy type pbr input policy1

thanks again

oh I forgot to mention that the pbr method is a true l3 redirect, meaning that with the set destination operation you rewrite the packets layer 3 address.

thsi is nice so that on next nodes, the new destination is followed, rather than needing to redirect at every hop from the original path to destination.

on the return we can reset the source address back to the original servers addr so that we did a perfect spoof.

cheers

xander