Policy routing on cat3750E

Unanswered Question
May 12th, 2009
User Badges:

Hello,


device: WS-C3750E-24TD 12.2(44)SE2 C3750E-UNIVERSAL-M


have any SVI interfaces ...

i want FORWARD certain traffic to DEST_NET if NOT FOUND in local route table, other traffic forward bt default ... this task NOT complex if command: ip-policy route-map <...> use on any SVI interfaces...but this not normal solution


i'm prob:


ip route DEST_NET lo0


int lo0

ip policy route-map <..>


route-map <..>

match from ACL (sources for policy)

set ip next-hop (router for DEST_NET)

...

but traffic not received on interface Lo0

pbr no work


main task:

1. If traffic from <SOURCE_IP> local route table (RT) NOT route to <DEST_NET> - FORWARD traffic to specified next-hop

2. If traffic from <SOURCE_IP> to <LOCAL_NET> (network lean local router) found in RT traffic must forward default

3. All other traffic forward by default


solution ONLY for many SVI (10-30)


example BAD solution:


route-map ONE permit 10

desc __ALLOW_local_traffic__

match acl <SOURCE_IP_LOCAL_NET>

!

route-map ONE permit 15

desc __FORWARD SOURCE_IP traffic to R2

match ACL <SOURCE_IP>

set ip next-hop <R2>

!

route-map ONE permit 20

desc DEFAULT forward other traffic

!


acl: SOURCE_IP - list of clients for policy

acl: SOURCE_IP_LOCAL_NET - trafic from SOURCE_IP -> LOCAL_net


conf t int vlan20x

ip policy route-map ONE

exit

...

many many SVI

...

conf t int vlan299

ip policy route-map ONE



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 05/12/2009 - 04:34
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Alexandr,

if you want PBR to use routing table first you need to use the set action


set ip default next-hop


in your route-maps clauses



Hope to help

Giuseppe


alexandr.novikov Tue, 05/12/2009 - 04:45
User Badges:

set ip default next-hop not support:


Policy-based routing based on packet length, TOS, set interface, set default next hop, or set default

interface are not supported. Policy maps with no valid set actions or with set action set to Don't

Fragment are not supported.

Giuseppe Larosa Tue, 05/12/2009 - 04:52
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Alexandr,

I was afraid of this I haven't checked the config guide before posting.


I don't see any other way to do this: may be you could use floating static (with high AD)routes pointing to the intended next-hop.


Hope to help

Giuseppe


alexandr.novikov Tue, 05/12/2009 - 05:15
User Badges:

No,

only SOURCE routing...


traffic from certain must be forward R2, if destination in exist RT forward default.


now testing:


ip route Lo0


now result - now traffic in lo0

then add:

ip route null0


i see traffic on lo0 in pbr:

[[email protected] s_sn="4101374" s_tc="4132879"]: 4127611: May 12 17:13:48.746: IP: route map TEST, item 10, permit

[[email protected] s_sn="4101375" s_tc="4132880"]: 4127612: May 12 17:13:48.746: IP: Loopback0 to Vlan51 x.x.x.x


but traffic forward with problem (every seconds packets loss)...




Actions

This Discussion