[f-nsp] Route-Map Problem

Lazuardi Nasution mrxlazuardin at gmail.com
Tue Jun 15 12:01:58 EDT 2010 

Hi Scott,

I have tried at interface level previously, but still have problem
with DNS and PING. Any other suggestion ?

Best regards,

On Tue, Jun 15, 2010 at 10:45 PM, Scott T. Cameron <routehero at gmail.com> wrote:
> It looks like you're applying the PBR at the global level and not at the
> interface level.  Can't say I have any experience with that myself.
> Here's what works for me:
> ip policy prefer-direct-route
> ip route 0.0.0.0 0.0.0.0 172.30.69.1
> !
> interface ve 5
>  ip address 172.30.67.3 255.255.255.128
>  ip policy frag-match-src
>  ip policy route-map WWW-DMZ
>  ip vrrp-extended vrid 7
>   backup priority 210
>   ip-address 172.30.67.2
>   track-port e 2/1
>   track-port e 2/2
>   enable
> !
> access-list 100 permit ip 172.30.67.0 0.0.0.127 any
> !
> route-map  WWW-DMZ permit  10
>  match ip address  100
>  set ip next-hop 172.30.67.1
> Scott
> On Tue, Jun 15, 2010 at 11:34 AM, Lazuardi Nasution <mrxlazuardin at gmail.com>
> wrote:
>>
>> Hi Scott,
>>
>> Following is the related config. I can do HTTP on both VIP at the same
>> time but I only can do DNS and PING to VIP2 if VIP1 is disconnected.
>> Please help.
>>
>> Best regards,
>>
>>
>> <snip>
>>
>>
>> > From: "Scott T. Cameron" <routehero at gmail.com>
>> > To: foundry-nsp at puck.nether.net
>> > Date: Tue, 15 Jun 2010 10:29:25 -0400
>> > Subject: Re: [f-nsp] Route-Map Problem
>> > I don't know why you're seeing that, because the route-map's ACL
>> > shouldn't care about whether it's DNS or HTTP.  It should just care about
>> > src/dst networks at worst.
>> > Can you show the exact config you're using?
>> > Scott
>> >
>> > On Tue, Jun 15, 2010 at 12:36 AM, Lazuardi Nasution
>> > <mrxlazuardin at gmail.com> wrote:
>> >>
>> >> Hi Scott,
>> >>
>> >> I have done with HTTP, the PBR works for HTTP request. But, there is
>> >> problem with DNS. It seem that DNS reply doesn't follow PBR. I can see
>> >> that the VIP receives DNS
>> >> request but I think the reply is forwarded to the wrong gateway. Any
>> >> suggestion ? I have tried ip policy
>> >> frag-match-src/frag-match-dest/frag-match-src-dest with no success.
>> >>
>> >> Best regards,
>> >>
>> >> > From: "Scott T. Cameron" <routehero at gmail.com>
>> >> > To: foundry-nsp at puck.nether.net
>> >> > Date: Fri, 28 May 2010 06:47:23 -0400
>> >> > Subject: Re: [f-nsp] Route-Map Problem
>> >> > The ServerIron platform is generally very sensitive to the order of
>> >> > things.  I've had this exact same problem before -- and banged my head
>> >> > against the wall.
>> >> > However, you are missing one important thing on your config:  ip
>> >> > policy frag-match-source.  This will insure that all packets are treated.
>> >> >
>> >> > I'd start over, removing all the relevant PBR lines.  Enter in the
>> >> > ACL first, exit, write mem.  Enter in the route-map, exit, write mem.
>> >> >  Finally, add in the ip policy statements.
>> >> > Scott
>> >> >
>> >> > On Wed, May 26, 2010 at 12:51 PM, Lazuardi Nasution
>> >> > <mrxlazuardin at gmail.com> wrote:
>> >> >>
>> >> >> Dear you,
>> >> >>
>> >> >> I get some problem to do some demo of ServerIron with PBR
>> >> >> (route-map)
>> >> >> feature. It seem that route-map command give no effect so the link
>> >> >> become fail over, not active-active. My goal is each port can have
>> >> >> its
>> >> >> own next hop, disregard the routing table or default routes. Any
>> >> >> suggestion ?
>> >> >>
>> >> >> Best regards,
>> >> >>
>> >> >>
>> >> >> Following is the script of my configuration.
>> >> >>
>> >> >>
>> >> >> vlan 2 by port
>> >> >> untagged ethe 1
>> >> >> router-interface ve 2
>> >> >>
>> >> >> vlan 3 by port
>> >> >> untagged ethe 2
>> >> >> router-interface ve 3
>> >> >>
>> >> >> ip route 0.0.0.0 0.0.0.0 192.168.0.254 distance 10
>> >> >> ip route 0.0.0.0 0.0.0.0 192.168.255.254
>> >> >>
>> >> >> interface ve 2
>> >> >> ip address 192.168.0.1 255.255.255.0
>> >> >> ip policy route-map PBR
>> >> >>
>> >> >> interface ve 3
>> >> >> ip address 192.168.255.1 255.255.255.0
>> >> >>
>> >> >> access-list 2 permit 192.168.0.0 0.0.0.255
>> >> >> access-list 2 deny any
>> >> >>
>> >> >> route-map PBR permit 10
>> >> >> match ip address 2
>> >> >> set ip next-hop 192.168.0.254
>> >> >>
>> >> >>
>> >> >> Following is the "show version" command.
>> >> >>
>> >> >>
>> >> >> Copyright (c) 1996-2009 Brocade Communications Systems, Inc.
>> >> >> Boot Version 12.1.00T405 Oct 29 2009 10:12:19 PST label: dob12100
>> >> >> Monitor Version 12.1.00T405 Oct 29 2009 10:12:19 PST label: dob12100
>> >> >> System Version 12.1.00T403 Dec 17 2009 10:21:27 PST label: ASR12100
>> >> >> AXP Version: 1.12 Dated: 2009/12/01 10:22:32
>> >> >> PAX Version: 0.0 Dated: 2009/07/28 10:35:11
>> >> >> MBRIDGE Version: 000b, Device ID # bebe
>> >> >>
>> >> >>
>> >> >> ==========================================================================
>> >> >> Type:  Stackable 16GC
>> >> >> Backplane Serial #:  SA19091395
>> >> >> Chassis Serial #: Not-Present
>> >> >> Part #:  46458-00DB
>> >> >> Version #: 11b626-020202ff-111d8036-00
>> >> >>
>> >> >> ==========================================================================
>> >> >> Active management module:
>> >> >> 1499 MHz Power PC processor (version 00008021/0030) 599 MHz bus
>> >> >> 512 KB Boot flash
>> >> >> 131072 KB Code flash
>> >> >> 2048 MB DRAM
>> >> >> The system uptime is 9 minutes 39 seconds
>> >> >> The system started at 04:21:03, GMT+00, Wed May 26 2010
>> >> >>
>> >> >> The system - boot source: secondary, mode: warm startsoft reset,
>> >> >> total
>> >> >> resets:11  soft reset, total resets:11
>> >> >>
>> >> >>
>> >> >> Following is the "show flash" command.
>> >> >>
>> >> >>
>> >> >> Active management module:
>> >> >> Compressed Pri Code size = 23321502, Version 12.1.00T401 Dec 17 2009
>> >> >> 10:08:10 PST label: ASM12100
>> >> >> Compressed Sec Code size = 24392549, Version 12.1.00T403 Dec 17 2009
>> >> >> 10:21:27 PST label: ASR12100
>> >> >> Used Configuration Flash Size=4469, Max Configuration Flash
>> >> >> Size=1441790
>> >> >>
>> >> >> Code flash:
>> >> >> Size :  134217728 bytes
>> >> >> Bytes Used :  54544222 bytes
>> >> >> Bytes Free :  76808192 bytes
>> >> >>
>> >> >> USB 0 drive:
>> >> >> Size : 4102352896 bytes
>> >> >> Bytes Used :      4096 bytes
>> >> >> Bytes Free : 4102348800 bytes
>> >> >>
>> >> >> No external USB drive found in system

More information about the foundry-nsp mailing list