<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi everyone,<br>
<br>
Here is a better example of what I am using on the primary to try to
send traffic from one of the networks out just one of the connections.
I hope this makes sense. It was mentioned that its possible that I am
announcing the VRRP address and not the interface address, but since I
am using VRRP not VRRP-E {as of yet, but very possibly soon in the
future I will be} the master has to announce the same IP as the
interface. <br>
<br>
<br>
<br>
router vrrp<br>
!<br>
ip route 192.168.18.0 255.255.255.0 null0<br>
!<br>
access-list 35 permit 192.168.18.0 0.0.0.255<br>
!<br>
route-map test-next-hop permit 10<br>
match address 35<br>
set ip next-hop 10.10.1.1<br>
!<br>
interface ve 210<br>
port-name "TestingIPPolicyRouting"<br>
ip address 192.168.18.1 255.255.255.248
<div class="im"> ip policy route-map test-next-hop<br>
</div>
ip vrrp vrid 210<br>
owner track-priority 20<br>
ip-address 192.168.18.1<br>
track-port e 1/2<br>
track-port e 1/7<br>
activate<br>
<br>
I have simplified it and am only testing with a single part of a /24,
which like I mentioned previously when I remove the "ip vrrp vrid 210"
section from the vlan interface, the PBR starts working. But when I
put the vrrp config back in place for "ip vrrp vrid 210" then the PBR
is ignored.<br>
<br>
Thanks<br>
<br>
Joe<br>
<br>
<br>
Joseph Hardeman wrote:
<blockquote
cite="mid:c396f43e1002152030u631f04ddmddc2c87246ea4e71@mail.gmail.com"
type="cite">Actually no, I use bgp and the secondary router only has a
single circuit while the primary has multiple providers. So while we
have a network that needs to be directed to only one of the outbound
circuits, I applied the IP Policy route-map to that vlan. If we have
to fail over to the other router for any reason, all traffic is
outbound on that circuit.<br>
<br>
I just don't understand why VRRP would be stopping the route-map from
being used. Here is an example of the vlan setup that I was using to
test tonight.<br>
<br>
interface ve 210<br>
port-name "TestingIPPolicyRouting"<br>
ip address 192.168.18.1 255.255.255.248<br>
ip policy route-map <font><font size="2">test-next-hop</font></font><br>
ip vrrp vrid 210<br>
owner track-priority 20<br>
ip-address 192.168.18.1<br>
track-port e 1/2<br>
track-port e 1/7<br>
activate<br>
<br>
As soon as I apply the VRRP settings, my tests outbound are handled by
the BGP next hops instead of the next-hop set in my route-map. As soon
as I remove the VRRP settings, the next-hop from the route-map is
applied to the outbound traffic.<br>
<br>
I hope someone will have an idea on what I can do to make this work, I
need to have the vrrp ability to fail over to our secondary router. <br>
<br>
Thanks<br>
<br>
Joe<br>
<br>
<div class="gmail_quote">On Mon, Feb 15, 2010 at 6:35 PM, Randy
McAnally <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rsm@fast-serv.com">rsm@fast-serv.com</a>></span> wrote:<br>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div bgcolor="#ffffff"><font size="2">Dumb question maybe, but are
you applying the same map to all VRRP enabled routers?
<br>
<br>
-- <br>
Randy <br>
<div>
<div class="h5"><br>
<b>---------- Original Message -----------</b>
<br>
From: Joseph Hardeman <<a moz-do-not-send="true"
href="mailto:jwhardeman@gmail.com" target="_blank">jwhardeman@gmail.com</a>>
<br>
To: <a moz-do-not-send="true" href="mailto:foundry-nsp@puck.nether.net"
target="_blank">foundry-nsp@puck.nether.net</a> <br>
Sent: Mon, 15 Feb 2010 18:23:35 -0500 <br>
Subject: Re: [f-nsp] Policy based routing question <br>
<br>
> Ok,
<br>
> <br>
> I now have a little more idea on what is causing my problems. Its
VRRP causing my ip policy route-map to not work. When I remove VRRP
from a VLAN I am testing with my route-map works properly but stops
working when I re-apply the VRRP Config.
<br>
> <br>
> Any ideas on why VRRP would break a ip policy route-map?
<br>
> <br>
> Thanks everyone
<br>
> <br>
> Joe
<br>
> <br>
> On Mon, Feb 15, 2010 at 12:32 AM, Joseph Hardeman <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:jwhardeman@gmail.com"
target="_blank">jwhardeman@gmail.com</a>></span> wrote:
<br>
>
<blockquote
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"
class="gmail_quote">Hi Everyone,
<br>
> <br>
> I have a question about Policy based routing. I have setup my
access-list and route-map like the examples I have found online and
also tried it with the example in a Manual I have for the Foundry. On
a VLAN with multiple subnets its not working. I have all of the
subnets included right now in the access-list I setup and I have set
the next-hop in my route-map, but I can't seem to get it to send that
traffic through the next hop I want too. It is instead using BGP
routing to send the traffic out for these subnets.
<br>
> <br>
> interface ve 200
<br>
> ip address a.a.a.a 255.255.255.128
<br>
> ip address b.b.b.b 255.255.255.128
<br>
> ip address c.c.c.c 255.255.255.0
<br>
> ip address d.d.d.d 255.255.255.128
<br>
> ip policy route-map test-next-hop
<br>
> <br>
> access-list 30 permit a.a.a.a 0.0.0.127
<br>
> access-list 30 permit c.c.c.c 0.0.0.255
<br>
> access-list 30 permit b.b.b.b 0.0.0.127
<br>
> access-list 30 permit d.d.d.d 0.0.0.127
<br>
> access-list 30 permit e.e.e.e 0.0.0.127
<br>
> <br>
> route-map test-next-hop permit 10
<br>
> match ip address 30
<br>
> set ip next-hop z.z.z.z
<br>
> <br>
> When I apply this route-map to a vlan with a single subnet it
works just fine and is sending the outbound traffic to the next hop I
told it to, just not on the vlan with multiple subnets. Anyone know
why it might be having this problem? And how to fix it?
<br>
> <br>
> Thanks for any insight or help.
<br>
> <br>
> Joe
<br>
> </blockquote>
<br>
</div>
</div>
<b>------- End of Original Message -------</b>
<br>
</font>
</div>
</blockquote>
</div>
<br>
</blockquote>
</body>
</html>