PBR over VRF interface?

Unanswered Question
Feb 28th, 2010
User Badges:

Hi,


My requirement is to have PBR applied on VRF interface, is it possible? When I apply PBR on VRF interface I get following error:

% Policy Based Routing is NOT supported for VRF interfaces
% IP-Policy can be used ONLY for marking (set/clear DF bit) on VRF


In my case it is LAN interface where I have to apply PBR.

Please find the following config, this will help to understand the scenerio better.


******************************
ip cef
!
ip vrf VPN_C
rd 2:2
route-target export 10:10
route-target import 40:10
!
ip vrf VPN_A
rd 103:103
route-target export 20:20
route-target import 40:10
!
ip vrf LAN_VRF
rd 64513:40
route-target export 40:10
route-target import 10:10
route-target import 20:20
route-target import 30:30
!
ip vrf VPN_B

rd 102:102
route-target export 30:30
route-target import 40:10
!
interface FastEthernet0/0
ip vrf forwarding LAN_VRF
ip address 192.168.1.81 255.255.255.240
ip policy route-map PBR
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface Serial1/0
no ip address
encapsulation frame-relay IETF
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/0.1 point-to-point
!
interface Serial1/0.2 point-to-point
description VPN_B
ip vrf forwarding VPN_B
ip address 172.31.153.214 255.255.255.252
frame-relay interface-dlci 301
!
interface Serial1/0.3 point-to-point
description VPN_C

ip vrf forwarding VPN_C

ip address 172.31.153.166 255.255.255.252
frame-relay interface-dlci 302
!
interface Serial1/0.4 point-to-point
description VPN_A

ip vrf forwarding VPN_A

ip address 172.30.253.214 255.255.255.252
frame-relay interface-dlci 303
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
router eigrp 1
no auto-summary
!
address-family ipv4 vrf LAN_VRF
redistribute connected metric 10000 100 255 1 1500
redistribute bgp 64513 metric 10000 100 255 1 1500
network 192.168.1.81 0.0.0.0
auto-summary
autonomous-system 1
exit-address-family
!
router bgp 64513
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf VPN_B
neighbor 172.31.153.213 remote-as 65000
neighbor 172.31.153.213 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf LAN_VRF
redistribute eigrp 1
no synchronization
exit-address-family
!
address-family ipv4 vrf VPN_A

neighbor 172.30.253.213 remote-as 65000
neighbor 172.30.253.213 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf VPN_C
neighbor 172.31.153.165 remote-as 65000
neighbor 172.31.153.165 activate
no synchronization
exit-address-family
!
!
!
ip http server
no ip http secure-server
!
ip access-list extended VPN_B
permit ip host 90.0.0.1 host 150.0.0.1
ip access-list extended VPN_A
permit ip host 80.0.0.1 host 150.0.0.1
!
!
route-map PBR permit 10
match ip address VPN_A
set interface Serial1/0.4
!
route-map PBR permit 20
match ip address VPN_B

set interface Serial1/0.2
!
route-map PBR permit 30
**********************************************


Please advice how can I achive my purpose in this scenrio?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Tue, 03/02/2010 - 00:45
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi,


Following are the Prerequisites to configure a PBR in VRF:-


The VRF must be defined prior to the configuration of the route map; otherwise an error message is displayed on the console.


A receive entry must be added to the VRF selection table with the ip vrf receive command. If a match and set operation occurs in the route map but there is no receive entry in the local VRF table, the packet will be dropped if the packet destination is local.


and check out the below link for more information hope that helps.


http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fs_pbrsv.html#wp1061396


Ganesh.H

Actions

This Discussion