[c-nsp] PBR within MPLS VPN

Xu Hu jstuxuhu0816 at gmail.com
Tue Aug 28 23:23:44 EDT 2012 

Hi Bacon,

For the PBR hardware switched or software switched, it depends, please
check the detail as below website
https://supportforums.cisco.com/thread/2017902

For the question which you raised "Or can you not policy-route to a
non-directly-connected PE over MPLS using PBR?"
The answer is, of course, you can do.

HTH
Hu Xu

2012/8/29 Jeff Bacon <bacon at walleyesoftware.com>

> As I sit and write this, this starts to sound stupid even to me. Just
> stick with it, please, THEN tell me I'm being stupid. :)
>
>
> So, device A is a cat6500/sup720, global IP 172.31.1.1/32, a PE device in
> an MPLS mesh. device B is a cat6500/sup720, global IP 172.31.1.14/32, PE
> device in another city. there is a VRF "fred" defined. There's device C,
> also with VRF fred, global IP 172.31.2.3/32, publishing a default route.
>
>
> host1 (172.30.250.40) -> int vlan 49/vrf-fred/device-A <-> MPLS mesh <->
> int g3/1/vrf-fred/device-B -> <INTERNET>
>                                              |
>                                               ->
> device-C-publishing-default-route -> <OTHERINTERNET>
>
> so, the route table in VRF fred on device A looks like:
>
> C    172.31.250.32 is directly connected, Vlan49    <---- host1 is here
>      200.3.3.0/24 is variably subnetted, 3 subnets, 3 masks
> B       200.3.3.32/29 [200/0] via 172.31.1.14, 3d18h
> B*   0.0.0.0/0 [20/8192] via 64.1.1.1, 5d23h
>
> now, please don't ask why, but I want to be able to policy-route host1's
> traffic to make it use device-B and not follow the default route, e.g.:
>
> int vlan 49
>   ip policy route-map source-route-map
>
> route-map source-route-map permit 10
>    match ip address ACL-matching-172.30.250.40/32
>    set ip next-hop <something-making-it-go-to-B>
>
> I have no idea what <something> should be.
>
> Now, I can do "set ip next-hop recursive X" where X is a real IP in VRF
> fred on device B. Works fine. It's also software-switched - fast-path,
> "show ip cef switching stat feat" increments showing PBR is working via
> CEF, but "show int vlan49 switching" tells me that the packets are being
> fast-path-switched, not hardware-switched.
>
> Release notes say that "set ip next-hop" is supported in hardware. But
> that presumes I give it the right IP address.
>
> The problem is this: so what's the next-hop that I *can* use to specify
> CEF adjacency of "that specific other PE device over there, VRF fred"? It
> doesn't appear to be 172.31.1.14.
>
> Or can you not policy-route to a non-directly-connected PE over MPLS using
> PBR?
>
> (I can hear it now - "that's what TE is for" or "can't you split the
> traffic into separate VRFs and use source selection"... ok, yes, well... )
>
> Thanks for your indulgence,
> -bacon
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list