policy routing strangeness

From: jlewis@lewis.org
Date: Fri Nov 02 2001 - 12:35:10 EST


Are there known issues with policy routing and rsp-k3pv-mz.120-11.S3?

We're running an FTP mirror site that we only want utilizing one of our
upstream providers, so I had setup the following:

ip access-list extended mirror_to_inet
 deny ip any 209.208.0.0 0.0.127.255
 deny ip any 216.98.0.0 0.0.15.255
 permit ip host 209.208.0.69 any
 deny ip any any

route-map mirror-inet-policy permit 10
 match ip address mirror_to_inet
 set interface Serial2/0/0
!
route-map mirror-inet-policy permit 20

interface Serial2/1/1
 ip policy route-map mirror-inet-policy

The idea being, if traffic from 209.208.0.69 got into the router above
through Serial2/1/1 and was destined for an IP outside our 2 IP blocks, it
would be sent out (to the internet) through Serial2/0/0. It seemed to
work, but I just noticed that some traffic from other source IPs was also
being policy routed out Serial2/0/0, even though according to show ip bgp
the best route was elsewhere.

I changed the route-map to use an identical numbered access-list instead
of the named one and it seems to be working properly now.

BTW...what happens in a setup like this if Serial2/0/0 goes down? Do
policy routed packets get dropped? If so, is there a way to set this up
such that if the interface you're trying to policy route through goes
down, packets still get routed?

-- 
----------------------------------------------------------------------
 Jon Lewis *jlewis@lewis.org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:21 EDT