[f-nsp] Policy based routing question

Joseph Hardeman jwhardeman at gmail.com
Mon Feb 15 23:30:11 EST 2010


Actually no, I use bgp and the secondary router only has a single circuit
while the primary has multiple providers.  So while we have a network that
needs to be directed to only one of the outbound circuits, I applied the IP
Policy route-map to that vlan.  If we have to fail over to the other router
for any reason, all traffic is outbound on that circuit.

I just don't understand why VRRP would be stopping the route-map from being
used.   Here is an example of the vlan setup that I was using to test
tonight.

interface ve 210
 port-name "TestingIPPolicyRouting"
 ip address 192.168.18.1 255.255.255.248
 ip policy route-map test-next-hop
 ip vrrp vrid 210
  owner track-priority 20
  ip-address 192.168.18.1
  track-port e 1/2
  track-port e 1/7
  activate

As soon as I apply the VRRP settings, my tests outbound are handled by the
BGP next hops instead of the next-hop set in my route-map.  As soon as I
remove the VRRP settings, the next-hop from the route-map is applied to the
outbound traffic.

I hope someone will have an idea on what I can do to make this work, I need
to have the vrrp ability to fail over to our secondary router.

Thanks

Joe

On Mon, Feb 15, 2010 at 6:35 PM, Randy McAnally <rsm at fast-serv.com> wrote:

>  Dumb question maybe, but are you applying the same map to all VRRP
> enabled routers?
>
> --
> Randy <http://www.fastserv.com/>
>
> *---------- Original Message -----------*
> From: Joseph Hardeman <jwhardeman at gmail.com>
> To: foundry-nsp at puck.nether.net
> Sent: Mon, 15 Feb 2010 18:23:35 -0500
> Subject: Re: [f-nsp] Policy based routing question
>
> > Ok,
> >
> > I now have a little more idea on what is causing my problems.  Its VRRP
> causing my ip policy route-map to not work.  When I remove VRRP from a VLAN
> I am testing with my route-map works properly but stops working when I
> re-apply the VRRP Config.
> >
> > Any ideas on why VRRP would break a ip policy route-map?
> >
> > Thanks everyone
> >
> > Joe
> >
> > On Mon, Feb 15, 2010 at 12:32 AM, Joseph Hardeman <jwhardeman at gmail.com>wrote:
> >
>>
>> Hi Everyone,
>> >
>> > I have a question about Policy based routing.  I have setup my
>> access-list and route-map like the examples I have found online and also
>> tried it with the example in a Manual I have for the Foundry.  On a VLAN
>> with multiple subnets its not working.  I have all of the subnets included
>> right now in the access-list I setup and I have set the next-hop in my
>> route-map, but I can't seem to get it to send that traffic through the next
>> hop I want too.  It is instead using BGP routing to send the traffic out for
>> these subnets.
>> >
>> > interface ve 200
>> > ip address a.a.a.a 255.255.255.128
>> > ip address b.b.b.b 255.255.255.128
>> > ip address c.c.c.c 255.255.255.0
>> > ip address d.d.d.d 255.255.255.128
>> > ip policy route-map test-next-hop
>> >
>> > access-list 30 permit a.a.a.a 0.0.0.127
>> > access-list 30 permit c.c.c.c 0.0.0.255
>> > access-list 30 permit b.b.b.b 0.0.0.127
>> > access-list 30 permit d.d.d.d 0.0.0.127
>> > access-list 30 permit e.e.e.e 0.0.0.127
>> >
>> > route-map  test-next-hop permit  10
>> > match ip address  30
>> > set ip next-hop z.z.z.z
>> >
>> > When I apply this route-map to a vlan with a single subnet it works just
>> fine and is sending the outbound traffic to the next hop I told it to, just
>> not on the vlan with multiple subnets.  Anyone know why it might be having
>> this problem?  And how to fix it?
>> >
>> > Thanks for any insight or help.
>> >
>> > Joe
>> >
>
>
> *------- End of Original Message -------*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20100215/1fc1d35d/attachment.html>


More information about the foundry-nsp mailing list