PBR and set ip next-hop recursive

Answered Question
Mar 19th, 2007
User Badges:

Can someone tell me if I have a route map and i set the following


set ip next-hop recursive 192.168.144.1

set ip next-hop recursive 192.168.134.1


will it by default us the first entry or will the router look at both ip's and then decide which to use. If it does what does the router base it's decision on. The reason I ask is that both 144.1 and 134.1 are seperate GRE tunnels to other routers. I would like it to use the first entry and then the second is the GRE keepalives put the 144 tunnel down due to line failure etc.



Andy

Correct Answer by mohmmad.imran about 10 years 2 months ago

Hi Andy,


As per the configuration the PBR is working fine, it is doing its job to route the packet towards the default route when the next-hop IP is not rechable.


The configuration sequence, which affects PBR routing decision process is as follows:


1. Next-hop


2. Next-hop recursive


3. Interface


4. Default next-hop


5. Default interface



what I would suggest is to configure the route-map for both the conditions:-


1) when the next-hop is having an entry in routing table.

2) when the next-hop is not having an entry in routing table.




set ip next-hop recursive 192.168.144.1

set ip default next-hop 192.168.134.1


Hope it will Help!


Mohmmad Imran


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
dgahm Mon, 03/19/2007 - 13:16
User Badges:
  • Blue, 1500 points or more

Andy,

Check out this document:


http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080457b9c.html


Only one recursive next-hop IP address is supported per route-map entry.



If both a next-hop and a recursive next-hop IP address are present in the same route-map entry, the next-hop is used. If the next-hop is not available, the recursive next-hop is used. If the recursive next-hop is not available and no other IP address is present, the packet is routed using the default routing table; it is not dropped. If the packet is supposed to be dropped, use the set next-hop recursive command followed by a set interface null0 configuration.


Please rate helpful posts.


Dave

openipltd Mon, 03/19/2007 - 13:42
User Badges:

Dave


Thansk for that. I hope you can help a little further if possible. I have the followinf scenario


Mail Server 10.0.0.1 GW 10.0.0.102

HQ MPLS Router 10.0.0.102 (default gateway) with MPLS Link ROUTER A 192.168.134.1 GRE Link

HQ Internet 10.0.0.101 Internet connection ROUTER B 192.168.144.1 GRE Link


Branch MPLS Router 192.168.104.3 (default gateway)with MPLS Link ROUTER C 192.168.134.2 GRE Link

Branch Internet ROuter 192.168.104.2 ROUTER D 192.168.144.2 GRE Link


What I have is router maps on Router C that does


set ip next-hop recursive 192.168.144.1


which will then go via ROUTER D to HQ


and then on ROUTER A


set ip next-hop recursive 192.168.144.2


this should go via ROUTER B



If i cut the internet Link the internet GRE tunnels on ROUTER B and D go to UP/DOWN on both routers. However the traffic does not go out via the MPLS link which is the preferred route via EIGRP.


Have you any ideas why this would be the case ?



Andy


openipltd Mon, 03/19/2007 - 14:06
User Badges:

Just to add even if I turn off ROUTER C 192.168.104.2 and then I try to collect my e-mail it does no go via the normal default route and I get this in the log


Mar 19 21:07:24.308: IP: s=192.168.104.64 (FastEthernet0/0), d=10.0.0.1, len 48, FIB policy match

Mar 19 21:07:24.308: IP: s=192.168.104.64 (FastEthernet0/0), d=10.0.0.1, len 48, policy match

Mar 19 21:07:24.308: IP: route map clever-routing, item 10, permit

Mar 19 21:07:24.308: IP: s=192.168.104.64 (FastEthernet0/0), d=10.0.0.1 (FastEthernet0/0), len 48, policy routed

Mar 19 21:07:24.308: IP: FastEthernet0/0 to FastEthernet0/0 192.168.104.2




Andy

mohmmad.imran Mon, 03/19/2007 - 14:22
User Badges:

kindly provide if possible the sh ip route output when you shutdown the router 192.168.104.2 for the next-hop recursive(192.168.144.1) and also mentioned the IOS Image your using on that router.



openipltd Mon, 03/19/2007 - 14:56
User Badges:

ROUTER A



S 192.168.106.0/24 [1/0] via 81.144.126.49

C 192.168.132.0/24 is directly connected, Tunnel2

D 192.168.104.0/24 [90/12828160] via 192.168.134.2, 06:26:57, Tunnel1

C 192.168.134.0/24 is directly connected, Tunnel1

D 192.168.105.0/24 [90/12828160] via 192.168.135.2, 06:27:02, Tunnel0

C 192.168.135.0/24 is directly connected, Tunnel0

81.0.0.0/32 is subnetted, 1 subnets

S 81.144.126.49 is directly connected, Serial0/0/0.1

192.168.110.0/32 is subnetted, 5 subnets

S 192.168.110.6 is directly connected, Serial0/0/0.1

S 192.168.110.4 is directly connected, Serial0/0/0.1

S 192.168.110.5 is directly connected, Serial0/0/0.1

S 192.168.110.3 is directly connected, Serial0/0/0.1

C 192.168.110.1 is directly connected, Loopback0

D 192.168.145.0/24 [90/12828160] via 10.0.0.101, 06:06:12, FastEthernet0/0

C 192.168.131.0/24 is directly connected, Tunnel3

D 192.168.141.0/24 [90/12828160] via 10.0.0.101, 02:29:15, FastEthernet0/0

D 192.168.142.0/24 [90/12828160] via 10.0.0.101, 06:06:12, FastEthernet0/0

10.0.0.0/24 is subnetted, 1 subnets

C 10.0.0.0 is directly connected, FastEthernet0/0

D 192.168.102.0/24 [90/12828160] via 192.168.132.2, 06:27:11, Tunnel2

S 192.168.103.0/24 [1/0] via 81.144.126.49

S 192.168.2.0/24 [1/0] via 10.0.0.99

D 192.168.101.0/24 [90/12828160] via 192.168.131.2, 02:29:14, Tunnel3

S* 0.0.0.0/0 [1/0] via 10.0.0.101



ROUTER C


S 192.168.106.0/24 [1/0] via 81.144.126.43

D 192.168.132.0/24 [90/25619968] via 192.168.134.1, 06:28:18, Tunnel0

C 192.168.104.0/24 is directly connected, FastEthernet0/0

C 192.168.134.0/24 is directly connected, Tunnel0

S 192.168.105.0/24 [1/0] via 81.144.126.43

D 192.168.135.0/24 [90/25619968] via 192.168.134.1, 06:28:18, Tunnel0

81.0.0.0/32 is subnetted, 1 subnets

S 81.144.126.43 is directly connected, Serial0/0/0.1

192.168.110.0/32 is subnetted, 2 subnets

C 192.168.110.4 is directly connected, Loopback0

S 192.168.110.1 is directly connected, Serial0/0/0.1

D 192.168.145.0/24 [90/25628160] via 192.168.134.1, 01:54:56, Tunnel0

D 192.168.131.0/24 [90/25619968] via 192.168.134.1, 06:28:18, Tunnel0

D 192.168.141.0/24 [90/25628160] via 192.168.134.1, 01:54:59, Tunnel0

D 192.168.142.0/24 [90/25628160] via 192.168.134.1, 01:54:59, Tunnel0

10.0.0.0/24 is subnetted, 1 subnets

D 10.0.0.0 [90/12828160] via 192.168.134.1, 06:28:22, Tunnel0

S 192.168.102.0/24 [1/0] via 81.144.126.43

S 192.168.103.0/24 [1/0] via 81.144.126.43

S 192.168.101.0/24 [1/0] via 81.144.126.43

S* 0.0.0.0/0 [1/0] via 192.168.104.2



As you can see no mention of 192.168.144.0 network. What it seems to be doing is using the default route to send the back which effectively blackholes it and it ignores the EIGRP routes. Looking at a show ip cef seems to back this theory up.


Not sure what I can do though about it. The versions are

ROUTER A,B and D


(C1841-ADVIPSERVICESK9-M), Version 12.4(9)T, RELEASE SOFTWARE (fc1)


ROUTER C


C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(9)T, RELEASE SOFTWARE (fc1)



Andy


Correct Answer
mohmmad.imran Mon, 03/19/2007 - 15:56
User Badges:

Hi Andy,


As per the configuration the PBR is working fine, it is doing its job to route the packet towards the default route when the next-hop IP is not rechable.


The configuration sequence, which affects PBR routing decision process is as follows:


1. Next-hop


2. Next-hop recursive


3. Interface


4. Default next-hop


5. Default interface



what I would suggest is to configure the route-map for both the conditions:-


1) when the next-hop is having an entry in routing table.

2) when the next-hop is not having an entry in routing table.




set ip next-hop recursive 192.168.144.1

set ip default next-hop 192.168.134.1


Hope it will Help!


Mohmmad Imran


openipltd Mon, 03/19/2007 - 16:10
User Badges:

hi Mohmmad


Thanks for the advice and I got it working by doing


ROUTER A

set ip next-hop recursive 192.168.144.2

set interface tunnel1


ROUTER C

set ip next-hop recursive 192.168.144.1

set interface tunnel0



Much appreciated

openipltd Tue, 03/20/2007 - 05:18
User Badges:

Hi All


As per my last post I thought I had it working but it seems that it prefers the set interface tunnel0 to the set ip next-hop recursive command and it is putting the traffic down the wrong line.


I was under the impression that the set ip next-hop recursive would be the first thing the route map looked at before the set interface command as per previous posts.


Is there a way of forcing this.


Andy

mohmmad.imran Tue, 03/20/2007 - 09:06
User Badges:

Set Clauses---Defining the Route


if the match clauses are satisfied, one of the following set clauses can be used to specify the criteria for forwarding packets through the router; they are evaluated in the order listed:



1) List of interfaces through which the packets can be routed---If more than one interface is specified, then the first interface that is found to be up will be used for forwarding the packets.



2) List of specified IP addresses---The IP address can specify the adjacent next hop router in the path toward the destination to which the packets should be forwarded. The first IP address associated with a currently "up" connected interface will be used to route the packets.



3) List of default interfaces---If there is no explicit route available to the destination address of the packet being considered for policy routing, then route it to the first up interface in the list of specified default interfaces.



5) List of default next hop IP addresses---Route to the interface or the next hop specified by this set clause only if there is no explicit route for the destination address of the packet in the routing table.



5) IP TOS---A value or keyword can be specified to set the type of service in the IP packets.



6) IP precedence---A value or keyword can be specified to set the precedence in the IP packets.


The set commands can be used in conjunction with each other.



IP PBR can now be fast-switched. Prior to Cisco IOS Release 12.0, PBR could only be process-switched, which meant that on most platforms the switching rate was approximately 1000 to 10,000 packets per second. This speed was not fast enough for many applications. Users who need PBR to occur at faster speeds can now implement PBR without slowing down the router.


Fast-switched PBR supports all of the match commands and most of the set commands, with the following restrictions:


The set ip default next-hop and set default interface commands are not supported.

The set interface command is supported only over point-to-point links, unless a route-cache entry exists using the same interface specified in the set interface command in the route map. Also, at the process level, the routing table is consulted to determine if the interface is on a reasonable path to the destination. During fast switching, the software does not make this check. Instead, if the packet matches, the software blindly forwards the packet to the specified interface. PBR must be configured before you configure fast-switched PBR. Fast switching of PBR is disabled by default. To enable fast-switched PBR, use the following command in interface configuration mode:

ip route-cache policy"


if you have Fast switching of PBR enabled kindly try to disable the FAST PBR and configure the set clause with set default interface or default next-hop.


HTH


Imran

Actions

This Discussion