Re: Simple ePBR config to route traffic from one interface out another

coldstuff1 · ‎05-06-2022

Hi, I am trying to use ePBR to balance some outbound traffic on a running router. I want to take all the traffic received from one particular interface and make its next hop the BGP peer of one of my upstreams. I found the following example which seems like it would do pretty much what I wanted to do and I thought I could further customize from there once I got it working. The process makes sense, and I can configure it fine but when I try to apply the policy to the interface I want to redirect the traffic from I get an unhelpful error. This is the example I was using:

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r5-3/addr-serv/configuration/guide/b-ipaddr-cg53asr9k/b-ipaddr-cg53asr9k_chapter_01110.html

This the relvant part of my config, (IPs edited for security)

show run

ipv4 access-list INBOUND-ACL
10 permit ipv4 any host xx.xx.132.10

!
class-map type traffic match-any INBOUND-CLASS
match access-group ipv4 INBOUND-ACL
end-class-map
!
policy-map type pbr INBOUND-POLICY
class type traffic INBOUND-CLASS
redirect ipv4 nexthop xx.xx.62.209
!
class type traffic class-default
transmitcommi
!
end-policy-map
!

But then when I try to add to the interface and commit I get this:

RP/0/RSP0/CPU0:itchy#config
Fri May 6 18:50:05.244 Arizona
RP/0/RSP0/CPU0:itchy(config)#interface GigabitEthernet0/2/0/7
RP/0/RSP0/CPU0:itchy(config-if)#service-policy type pbr input INBOUND-POLICY
RP/0/RSP0/CPU0:itchy(config-if)#exit
RP/0/RSP0/CPU0:itchy(config)#commit
Fri May 6 18:50:46.388 Arizona

% Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed [inheritance]' from this session to view the errors
RP/0/RSP0/CPU0:itchy(config)#show conf failed
Fri May 6 18:50:55.669 Arizona
!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.

interface GigabitEthernet0/2/0/7
service-policy type pbr input INBOUND-POLICY
!!% 'CfgMgr' detected the 'fatal' condition 'This configuration has not been verified and can not be accepted by the system.'
!
end

RP/0/RSP0/CPU0:itchy(config)#show conf failed inheritance
Fri May 6 18:51:02.890 Arizona
!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.

interface GigabitEthernet0/2/0/7
service-policy type pbr input INBOUND-POLICY
!!% 'CfgMgr' detected the 'fatal' condition 'This configuration has not been verified and can not be accepted by the system.'
!
end

I'm sure it something dumb I am doing, but I don't see it. I've gone through every step in the config help to make sure this is the correct syntax but no-go. Any pointers anyone?

Also checked to make sure there is a path to the next hop ....

RP/0/RSP0/CPU0:itchy#show route local
Fri May 6 18:53:47.323 Arizona

L xx.xx.62.210/32 is directly connected, 7w2d, GigabitEthernet0/2/0/0

Thanks in advance.

tkarnani · ‎05-08-2022

can you advise what type of line card you are running? i believe PBR is not supported on the early trident based LC's

https://www.cisco.com/c/en/us/support/docs/routers/asr-9000-series-aggregation-services-routers/116726-qanda-product-00.html

in that case, maybe you can try access list based forwarding as an alternative

https://community.cisco.com/t5/service-providers-documents/asr9000-xr-abf-acl-based-forwarding/ta-p/3153403