PBR and set ip next-hop recursive

Answered Question
Mar 19th, 2007

Can someone tell me if I have a route map and i set the following

set ip next-hop recursive 192.168.144.1

set ip next-hop recursive 192.168.134.1

will it by default us the first entry or will the router look at both ip's and then decide which to use. If it does what does the router base it's decision on. The reason I ask is that both 144.1 and 134.1 are seperate GRE tunnels to other routers. I would like it to use the first entry and then the second is the GRE keepalives put the 144 tunnel down due to line failure etc.

Andy

I have this problem too.
0 votes
Correct Answer by mohmmad.imran about 9 years 10 months ago

Hi Andy,

As per the configuration the PBR is working fine, it is doing its job to route the packet towards the default route when the next-hop IP is not rechable.

The configuration sequence, which affects PBR routing decision process is as follows:

1. Next-hop

2. Next-hop recursive

3. Interface

4. Default next-hop

5. Default interface

what I would suggest is to configure the route-map for both the conditions:-

1) when the next-hop is having an entry in routing table.

2) when the next-hop is not having an entry in routing table.

set ip next-hop recursive 192.168.144.1

set ip default next-hop 192.168.134.1

Hope it will Help!

Mohmmad Imran

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
dgahm Mon, 03/19/2007 - 13:16

Andy,

Check out this document:

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080457b9c.html

Only one recursive next-hop IP address is supported per route-map entry.

If both a next-hop and a recursive next-hop IP address are present in the same route-map entry, the next-hop is used. If the next-hop is not available, the recursive next-hop is used. If the recursive next-hop is not available and no other IP address is present, the packet is routed using the default routing table; it is not dropped. If the packet is supposed to be dropped, use the set next-hop recursive command followed by a set interface null0 configuration.

Please rate helpful posts.

Dave

openipltd Mon, 03/19/2007 - 13:42

Dave

Thansk for that. I hope you can help a little further if possible. I have the followinf scenario

Mail Server 10.0.0.1 GW 10.0.0.102

HQ MPLS Router 10.0.0.102 (default gateway) with MPLS Link ROUTER A 192.168.134.1 GRE Link

HQ Internet 10.0.0.101 Internet connection ROUTER B 192.168.144.1 GRE Link

Branch MPLS Router 192.168.104.3 (default gateway)with MPLS Link ROUTER C 192.168.134.2 GRE Link

Branch Internet ROuter 192.168.104.2 ROUTER D 192.168.144.2 GRE Link

What I have is router maps on Router C that does

set ip next-hop recursive 192.168.144.1

which will then go via ROUTER D to HQ

and then on ROUTER A

set ip next-hop recursive 192.168.144.2

this should go via ROUTER B

If i cut the internet Link the internet GRE tunnels on ROUTER B and D go to UP/DOWN on both routers. However the traffic does not go out via the MPLS link which is the preferred route via EIGRP.

Have you any ideas why this would be the case ?

Andy

openipltd Mon, 03/19/2007 - 14:06

Just to add even if I turn off ROUTER C 192.168.104.2 and then I try to collect my e-mail it does no go via the normal default route and I get this in the log

Mar 19 21:07:24.308: IP: s=192.168.104.64 (FastEthernet0/0), d=10.0.0.1, len 48, FIB policy match

Mar 19 21:07:24.308: IP: s=192.168.104.64 (FastEthernet0/0), d=10.0.0.1, len 48, policy match

Mar 19 21:07:24.308: IP: route map clever-routing, item 10, permit

Mar 19 21:07:24.308: IP: s=192.168.104.64 (FastEthernet0/0), d=10.0.0.1 (FastEthernet0/0), len 48, policy routed

Mar 19 21:07:24.308: IP: FastEthernet0/0 to FastEthernet0/0 192.168.104.2

Andy

mohmmad.imran Mon, 03/19/2007 - 14:22

kindly provide if possible the sh ip route output when you shutdown the router 192.168.104.2 for the next-hop recursive(192.168.144.1) and also mentioned the IOS Image your using on that router.

openipltd Mon, 03/19/2007 - 14:56

ROUTER A

S 192.168.106.0/24 [1/0] via 81.144.126.49

C 192.168.132.0/24 is directly connected, Tunnel2

D 192.168.104.0/24 [90/12828160] via 192.168.134.2, 06:26:57, Tunnel1

C 192.168.134.0/24 is directly connected, Tunnel1

D 192.168.105.0/24 [90/12828160] via 192.168.135.2, 06:27:02, Tunnel0

C 192.168.135.0/24 is directly connected, Tunnel0

81.0.0.0/32 is subnetted, 1 subnets

S 81.144.126.49 is directly connected, Serial0/0/0.1

192.168.110.0/32 is subnetted, 5 subnets

S 192.168.110.6 is directly connected, Serial0/0/0.1

S 192.168.110.4 is directly connected, Serial0/0/0.1

S 192.168.110.5 is directly connected, Serial0/0/0.1

S 192.168.110.3 is directly connected, Serial0/0/0.1

C 192.168.110.1 is directly connected, Loopback0

D 192.168.145.0/24 [90/12828160] via 10.0.0.101, 06:06:12, FastEthernet0/0

C 192.168.131.0/24 is directly connected, Tunnel3

D 192.168.141.0/24 [90/12828160] via 10.0.0.101, 02:29:15, FastEthernet0/0

D 192.168.142.0/24 [90/12828160] via 10.0.0.101, 06:06:12, FastEthernet0/0

10.0.0.0/24 is subnetted, 1 subnets

C 10.0.0.0 is directly connected, FastEthernet0/0

D 192.168.102.0/24 [90/12828160] via 192.168.132.2, 06:27:11, Tunnel2

S 192.168.103.0/24 [1/0] via 81.144.126.49

S 192.168.2.0/24 [1/0] via 10.0.0.99

D 192.168.101.0/24 [90/12828160] via 192.168.131.2, 02:29:14, Tunnel3

S* 0.0.0.0/0 [1/0] via 10.0.0.101

ROUTER C

S 192.168.106.0/24 [1/0] via 81.144.126.43

D 192.168.132.0/24 [90/25619968] via 192.168.134.1, 06:28:18, Tunnel0

C 192.168.104.0/24 is directly connected, FastEthernet0/0

C 192.168.134.0/24 is directly connected, Tunnel0

S 192.168.105.0/24 [1/0] via 81.144.126.43

D 192.168.135.0/24 [90/25619968] via 192.168.134.1, 06:28:18, Tunnel0

81.0.0.0/32 is subnetted, 1 subnets

S 81.144.126.43 is directly connected, Serial0/0/0.1

192.168.110.0/32 is subnetted, 2 subnets

C 192.168.110.4 is directly connected, Loopback0

S 192.168.110.1 is directly connected, Serial0/0/0.1

D 192.168.145.0/24 [90/25628160] via 192.168.134.1, 01:54:56, Tunnel0

D 192.168.131.0/24 [90/25619968] via 192.168.134.1, 06:28:18, Tunnel0

D 192.168.141.0/24 [90/25628160] via 192.168.134.1, 01:54:59, Tunnel0

D 192.168.142.0/24 [90/25628160] via 192.168.134.1, 01:54:59, Tunnel0

10.0.0.0/24 is subnetted, 1 subnets

D 10.0.0.0 [90/12828160] via 192.168.134.1, 06:28:22, Tunnel0

S 192.168.102.0/24 [1/0] via 81.144.126.43

S 192.168.103.0/24 [1/0] via 81.144.126.43

S 192.168.101.0/24 [1/0] via 81.144.126.43

S* 0.0.0.0/0 [1/0] via 192.168.104.2

As you can see no mention of 192.168.144.0 network. What it seems to be doing is using the default route to send the back which effectively blackholes it and it ignores the EIGRP routes. Looking at a show ip cef seems to back this theory up.

Not sure what I can do though about it. The versions are

ROUTER A,B and D

(C1841-ADVIPSERVICESK9-M), Version 12.4(9)T, RELEASE SOFTWARE (fc1)

ROUTER C

C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(9)T, RELEASE SOFTWARE (fc1)

Andy

Correct Answer
mohmmad.imran Mon, 03/19/2007 - 15:56

Hi Andy,

As per the configuration the PBR is working fine, it is doing its job to route the packet towards the default route when the next-hop IP is not rechable.

The configuration sequence, which affects PBR routing decision process is as follows:

1. Next-hop

2. Next-hop recursive

3. Interface

4. Default next-hop

5. Default interface

what I would suggest is to configure the route-map for both the conditions:-

1) when the next-hop is having an entry in routing table.

2) when the next-hop is not having an entry in routing table.

set ip next-hop recursive 192.168.144.1

set ip default next-hop 192.168.134.1

Hope it will Help!

Mohmmad Imran

openipltd Mon, 03/19/2007 - 16:10

hi Mohmmad

Thanks for the advice and I got it working by doing

ROUTER A

set ip next-hop recursive 192.168.144.2

set interface tunnel1

ROUTER C

set ip next-hop recursive 192.168.144.1

set interface tunnel0

Much appreciated

openipltd Tue, 03/20/2007 - 05:18

Hi All

As per my last post I thought I had it working but it seems that it prefers the set interface tunnel0 to the set ip next-hop recursive command and it is putting the traffic down the wrong line.

I was under the impression that the set ip next-hop recursive would be the first thing the route map looked at before the set interface command as per previous posts.

Is there a way of forcing this.

Andy

mohmmad.imran Tue, 03/20/2007 - 09:06

Set Clauses---Defining the Route

if the match clauses are satisfied, one of the following set clauses can be used to specify the criteria for forwarding packets through the router; they are evaluated in the order listed:

1) List of interfaces through which the packets can be routed---If more than one interface is specified, then the first interface that is found to be up will be used for forwarding the packets.

2) List of specified IP addresses---The IP address can specify the adjacent next hop router in the path toward the destination to which the packets should be forwarded. The first IP address associated with a currently "up" connected interface will be used to route the packets.

3) List of default interfaces---If there is no explicit route available to the destination address of the packet being considered for policy routing, then route it to the first up interface in the list of specified default interfaces.

5) List of default next hop IP addresses---Route to the interface or the next hop specified by this set clause only if there is no explicit route for the destination address of the packet in the routing table.

5) IP TOS---A value or keyword can be specified to set the type of service in the IP packets.

6) IP precedence---A value or keyword can be specified to set the precedence in the IP packets.

The set commands can be used in conjunction with each other.

IP PBR can now be fast-switched. Prior to Cisco IOS Release 12.0, PBR could only be process-switched, which meant that on most platforms the switching rate was approximately 1000 to 10,000 packets per second. This speed was not fast enough for many applications. Users who need PBR to occur at faster speeds can now implement PBR without slowing down the router.

Fast-switched PBR supports all of the match commands and most of the set commands, with the following restrictions:

The set ip default next-hop and set default interface commands are not supported.

The set interface command is supported only over point-to-point links, unless a route-cache entry exists using the same interface specified in the set interface command in the route map. Also, at the process level, the routing table is consulted to determine if the interface is on a reasonable path to the destination. During fast switching, the software does not make this check. Instead, if the packet matches, the software blindly forwards the packet to the specified interface. PBR must be configured before you configure fast-switched PBR. Fast switching of PBR is disabled by default. To enable fast-switched PBR, use the following command in interface configuration mode:

ip route-cache policy"

if you have Fast switching of PBR enabled kindly try to disable the FAST PBR and configure the set clause with set default interface or default next-hop.

HTH

Imran

Actions

This Discussion