Route-Map and PBR

Unanswered Question

We recently installed a new DS3 circuit, and I am having a monster of a time getting a route-map to work properly. I know I am missing something simple,  but I can't find it.  I've changed this so many times I have a headache, but nothing.

Setup is as  follows:

***T3 controller card installed as serial1/0 interface with outside IP addresses (DS3)

interface Serial1/0
description Connected to DS3
ip address 11.11.11.11 255.255.255.252
ip nbar protocol-discovery
ip virtual-reassembly
encapsulation ppp
ip route-cache policy
ip route-cache flow
dsu bandwidth 44210

**Physical Interface connecting to VLAN65

interface FastEthernet0/2/1
description Connected to DS3 LAN Block as Gateway
switchport access vlan 65
speed 100

**Virtual Interface for inside IP addresses

interface Vlan65
description Local Gateway for DS3
ip address 22.22.22.22 255.255.255.240
ip nbar protocol-discovery
ip route-cache policy
ip route-cache flow
ip policy route-map DS3

** ACL for trafic (picking one address (my test PC) for simplicity)

access-list 10 permit 22.22.22.23

** route map directing all traffic from source address 22.22.22.23 through DS3 circuit

route-map DS3 permit 65
match ip address 10
set interface Serial1/0

From the .23 test PC address, I can ping the serial interface and WAN interface off the serial side, which are all connected routes.  Nothing else beyond that.

I have turned on debug packet 10 with detail and all I see is routing to the broadcast domain on VLAN65 via RIB and no counter increments on the sh route-map.  I don't see any debug lines come accross for any address I try to ping from the test PC.

If I add a route for any address and point it to the serial1/0 interface, than it works fine, obviously.  Without a hardcoded route, nothing. For some reason, the rotue-map match is not being hit, which means my ACL is incorrect? I've changed the ACL several times with extended attribs as well, permit ip, permit ip host, etc...

What am I doing wrong?  Please advise...

Thanks in advance,

Lewis

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 03/15/2010 - 14:57

Lewis

Sure you have tried this but can you modify config -

access-list 101 permit ip host 22.22.22.23 any

route-map DS3 permit 65

match ip address 101

set ip next-hop 11.11.11.10

Jon

I tried that, but no difference.

I expanded the debug to the policies, and I see some interesting results.  The packets I am sending out are being rejected by another policy on vlan64, which is another line altogether.  Similiar, but not the same subnets.  Not sure why it would reject on the other policy.  I am reposting the config using (almost) correct addresses for better understanding.  BTW, the vlan64 network does route fine.

!
interface GigabitEthernet0/1
description Connected to XO MetroE
ip address 65.47.142.86 255.255.255.252
ip nbar protocol-discovery
ip virtual-reassembly
ip route-cache policy
ip route-cache flow
duplex full
speed 10
media-type rj45
negotiation auto
crypto map GWVPN
!
interface FastEthernet0/2/0
description Connected to XO LAN Block as
switchport access vlan 64
speed 100
!
interface FastEthernet0/2/1
description Connected to XO DS3 LAN Block
switchport access vlan 65
speed 100
!
interface Serial1/0
description Connected to XO DS3
ip address 65.47.143.178 255.255.255.252
ip nbar protocol-discovery
ip virtual-reassembly
encapsulation ppp
ip route-cache policy
ip route-cache flow
dsu bandwidth 44210

interface Vlan64
description Local Gateway for XO MetroE
ip address 64.245.143.33 255.255.255.224
ip nbar protocol-discovery
ip route-cache policy
ip route-cache flow
ip policy route-map XO
!
interface Vlan65
description Local Gateway for XO DS3
ip address 64.244.228.129 255.255.255.240
ip nbar protocol-discovery
ip route-cache policy
ip route-cache flow
ip policy route-map XODS3

access-list 164 permit ip 64.245.143.32 0.0.0.27 any
access-list 165 permit ip host 64.244.228.131 any

route-map XO permit 64
match ip address 164
set ip next-hop 65.47.142.85
!
route-map XODS3 permit 65
match ip address 165
set ip next-hop 65.47.143.177
!

router rip
version 2
redistribute static
network 10.0.0.0
neighbor 10.0.200.2
neighbor 10.0.1.5
no auto-summary
!
ip local pool goodwillpool 10.0.111.101 10.0.111.199
ip route 0.0.0.0 0.0.0.0 10.0.200.2
ip route 10.253.24.242 255.255.255.255 10.0.5.1
ip route 64.90.182.55 255.255.255.255 65.47.142.85
ip route 67.202.249.200 255.255.255.248 GigabitEthernet0/1
ip route 172.16.0.0 255.255.0.0 10.0.1.38
ip route 209.51.161.238 255.255.255.255 65.47.142.85
ip route 216.203.12.106 255.255.255.255 GigabitEthernet0/1
!

*** debug ***  I actually got one packet to go out, and then it switched to vlan64 and killed them.  It does that sometimes, starts out vlan65 and switches to vlan64.

Mar 16 14:57:51.492: IP: s=64.244.228.131 (Vlan65), d=72.163.4.161, len 60, FIB policy match
Mar 16 14:57:51.492: IP: s=64.244.228.131 (Vlan65), d=72.163.4.161, g=65.47.143.177, len 60, FIB policy routed
Mar 16 14:57:52.492: IP: s=64.244.228.131 (Vlan64), d=72.163.4.161, len 60, FIB policy rejected(no match) - normal forwarding
Mar 16 14:57:57.800: IP: s=64.244.228.131 (Vlan64), d=72.163.4.161, len 60, FIB policy rejected(no match) - normal forwarding
Mar 16 14:58:02.803: IP: s=64.244.228.131 (Vlan64), d=72.163.4.161, len 60, FIB policy rejected(no match) - normal forwarding

*** SH IP ROUTE ***


     64.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
C       64.245.143.32/27 is directly connected, Vlan64
S       64.90.182.55/32 [1/0] via 65.47.142.85
C       64.244.228.128/28 is directly connected, Vlan65
     209.45.128.0/30 is subnetted, 4 subnets
     65.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
R       65.120.25.12/30 [120/2] via 10.0.200.2, 00:00:10, GigabitEthernet0/0
C       65.47.143.177/32 is directly connected, Serial1/0
C       65.47.143.176/30 is directly connected, Serial1/0
R       65.114.215.132/30 [120/2] via 10.0.200.2, 00:00:10, GigabitEthernet0/0
C       65.47.142.84/30 is directly connected, GigabitEthernet0/1

I even changed the scheme altogether just in case it was confused on the name, and I created a map DS3 and match 10, but it did not do anything.

Thanks,

Lewis

nqtran1979 Tue, 03/16/2010 - 03:52

Stupid question, but what does your routing table look like?

Nhat

Actions

This Discussion