[f-nsp] Policy based routing question

Joseph Hardeman jwhardeman at gmail.com
Tue Feb 16 08:55:02 EST 2010 

Hi everyone,

Here is a better example of what I am using on the primary to try to 
send traffic from one of the networks out just one of the connections.  
I hope this makes sense.  It was mentioned that its possible that I am 
announcing the VRRP address and not the interface address, but since I 
am using VRRP not VRRP-E {as of yet, but very possibly soon in the 
future I will be} the master has to announce the same IP as the interface.



router vrrp
!
ip route 192.168.18.0 255.255.255.0 null0
!
access-list 35 permit 192.168.18.0 0.0.0.255
!
route-map test-next-hop permit 10
match address 35
set ip next-hop 10.10.1.1
!
interface ve 210
 port-name "TestingIPPolicyRouting"
 ip address 192.168.18.1 255.255.255.248
 ip policy route-map test-next-hop
 ip vrrp vrid 210
  owner track-priority 20
  ip-address 192.168.18.1
  track-port e 1/2
  track-port e 1/7
  activate

I have simplified it and am only testing with a single part of a /24, 
which like I mentioned previously when I remove the "ip vrrp vrid 210" 
section from the vlan interface, the PBR starts working.  But when I put 
the vrrp config back in place for "ip vrrp vrid 210" then the PBR is 
ignored.

Thanks

Joe


Joseph Hardeman wrote:
> Actually no, I use bgp and the secondary router only has a single 
> circuit while the primary has multiple providers.  So while we have a 
> network that needs to be directed to only one of the outbound 
> circuits, I applied the IP Policy route-map to that vlan.  If we have 
> to fail over to the other router for any reason, all traffic is 
> outbound on that circuit.
>
> I just don't understand why VRRP would be stopping the route-map from 
> being used.   Here is an example of the vlan setup that I was using to 
> test tonight.
>
> interface ve 210
>  port-name "TestingIPPolicyRouting"
>  ip address 192.168.18.1 255.255.255.248
>  ip policy route-map test-next-hop
>  ip vrrp vrid 210
>   owner track-priority 20
>   ip-address 192.168.18.1
>   track-port e 1/2
>   track-port e 1/7
>   activate
>
> As soon as I apply the VRRP settings, my tests outbound are handled by 
> the BGP next hops instead of the next-hop set in my route-map.  As 
> soon as I remove the VRRP settings, the next-hop from the route-map is 
> applied to the outbound traffic.
>
> I hope someone will have an idea on what I can do to make this work, I 
> need to have the vrrp ability to fail over to our secondary router. 
>
> Thanks
>
> Joe
>
> On Mon, Feb 15, 2010 at 6:35 PM, Randy McAnally <rsm at fast-serv.com 
> <mailto:rsm at fast-serv.com>> wrote:
>
>     Dumb question maybe, but are you applying the same map to all VRRP
>     enabled routers?
>
>     -- 
>     Randy
>
>     *---------- Original Message -----------*
>     From: Joseph Hardeman <jwhardeman at gmail.com
>     <mailto:jwhardeman at gmail.com>>
>     To: foundry-nsp at puck.nether.net <mailto:foundry-nsp at puck.nether.net>
>     Sent: Mon, 15 Feb 2010 18:23:35 -0500
>     Subject: Re: [f-nsp] Policy based routing question
>
>     > Ok,
>     >
>     > I now have a little more idea on what is causing my problems. 
>     Its VRRP causing my ip policy route-map to not work.  When I
>     remove VRRP from a VLAN I am testing with my route-map works
>     properly but stops working when I re-apply the VRRP Config.
>     >
>     > Any ideas on why VRRP would break a ip policy route-map?
>     >
>     > Thanks everyone
>     >
>     > Joe
>     >
>     > On Mon, Feb 15, 2010 at 12:32 AM, Joseph Hardeman
>     <jwhardeman at gmail.com <mailto:jwhardeman at gmail.com>> wrote:
>     >
>
>         Hi Everyone,
>         >
>         > I have a question about Policy based routing.  I have setup
>         my access-list and route-map like the examples I have found
>         online and also tried it with the example in a Manual I have
>         for the Foundry.  On a VLAN with multiple subnets its not
>         working.  I have all of the subnets included right now in the
>         access-list I setup and I have set the next-hop in my
>         route-map, but I can't seem to get it to send that traffic
>         through the next hop I want too.  It is instead using BGP
>         routing to send the traffic out for these subnets.
>         >
>         > interface ve 200
>         > ip address a.a.a.a 255.255.255.128
>         > ip address b.b.b.b 255.255.255.128
>         > ip address c.c.c.c 255.255.255.0
>         > ip address d.d.d.d 255.255.255.128
>         > ip policy route-map test-next-hop
>         >
>         > access-list 30 permit a.a.a.a 0.0.0.127
>         > access-list 30 permit c.c.c.c 0.0.0.255
>         > access-list 30 permit b.b.b.b 0.0.0.127
>         > access-list 30 permit d.d.d.d 0.0.0.127
>         > access-list 30 permit e.e.e.e 0.0.0.127
>         >
>         > route-map  test-next-hop permit  10
>         > match ip address  30
>         > set ip next-hop z.z.z.z
>         >
>         > When I apply this route-map to a vlan with a single subnet
>         it works just fine and is sending the outbound traffic to the
>         next hop I told it to, just not on the vlan with multiple
>         subnets.  Anyone know why it might be having this problem?
>          And how to fix it?
>         >
>         > Thanks for any insight or help.
>         >
>         > Joe
>         > 
>
>
>     *------- End of Original Message -------*
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20100216/34511cd3/attachment.html>

More information about the foundry-nsp mailing list