Route map question

Leonardo Pena Davila · ‎07-08-2008

I have the following config :

access-list 100 remark ** Net_1 **

access-list 100 permit ip 10.60.64.0 0.0.7.255 any

access-list 101 remark ** Net_2 **

access-list 101 permit ip 10.60.80.0 0.0.15.255 any

access-list 102 remark ** Net_3 **

access-list 102 permit ip 172.30.130.0 0.0.0.255 any

route-map EEMM permit 10

match ip address 100

set ip next-hop 167.175.1.1

!

route-map EEMM permit 20

match ip address 101

set ip next-hop 167.175.1.1

!

route-map EEMM permit 30

match ip address 102

set ip next-hop 167.175.1.1

!

route-map EEMM permit 40

interface FastEthernet2/2

no switchport

ip address xxx.xxx.xxx.xxx 255.255.255.248

ip policy route-map EEMM

â€¦

When I apply the ip policy route-map EEMM on the interface it works good because I can see on the firewaall that traffics from ACL 100-102 go to next-hop 167.175.1.1.

But when I do a show route-map I dont see any match.

Any idea of what is happening?

I am using a Catalyst 4000 L3 Switch Software (cat4000-I5S-M), Version 12.1(20)EW1

Giuseppe Larosa · ‎07-08-2008

Hello Leonardo,

you are using a multilayer switch.

What happens is that the route-map is used to build / rebuild the CEF entries in the CEF table and the actions of the route-map are actually performed on the TCAM tables of the switch.

This allows for high performance PBR but actually traffic is not processed by the route-map but some TCAM entries are built following the route-map instructions.

So you could see the route-map that doesn't match even if traffic flows are correctly sent to the right next hop as you see.

This behaviuor can change on another platform and/or IOS release, simply because when building the sh route-map the IOS code can look for the flow counters of the TCAM entries built on the route-map and give us the effect that the route-map matches.

However, PBR works on incoming traffic so it has to be configured on the interfaces where the traffic flows enter at the node.

Hope to help

Giuseppe