ROUTE MAP and POLICY MAP vs PRL

Unanswered Question
Sep 21st, 2011

HI

I need to  configure  ASR 9006 with  this configuration.

OLD and good configuration:

access-list 199 deny   ip any 186.32.128.0 0.0.31.255 log

access-list 199 deny   ip any 186.32.224.0 0.0.15.255 log

access-list 199 deny   ip any 190.53.48.0 0.0.15.255 log

access-list 199 deny   ip any 190.53.64.0 0.0.31.255 log

access-list 199 deny   ip any 190.53.76.0 0.0.3.255 log

access-list 199 deny   ip any 190.53.80.0 0.0.1.255 log

access-list 199 deny   ip any 190.53.92.0 0.0.3.255 log

access-list 199 permit ip any any

route-map 123456 permit 10

match ip address 199

set ip next-hop 144.224.115.81

interface FastEthernet1/14

  no switchport

ip address 10.206.1.1 255.255.255.252

ip policy route-map 123456

and my new config  but this is bad

prefix-set XX

  186.32.128.0/19,

  190.53.192.0/19,

  186.32.224.0/20,

  190.53.48.0/20,

  205.211.248.0/21,

  205.211.192.0/22,

  205.211.244.0/22,

  205.211.218.0/23,

  205.211.220.0/23,

  205.211.222.0/23,

  200.12.227.0/24

  end-set

route-policy salida-amnet-sps-cable

  if destination in XX then

    pass

  else

    set next-hop 144.224.115.81

  endif

  end-policy

!

I need know know how appliy  the route-policy to the interface

thanks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
dpothier Wed, 09/21/2011 - 21:18

hi Luis,

Are you trying to do PBR(Policy Based Routing) ? If so, PBR is not used on the ASR9K, rather we use a feature called ABF (ACL based Forwarding) which was introduced in IOS-XR 3.9.2 for the ASR9K series.

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r3.9.1/general/release/notes/rlse_a9k_392.html#wp433672

Have a look at that and see if that will meet your requirements.

regards,

David Pothier

Cisco Systems

lcoghi001 Thu, 09/22/2011 - 10:20

David thanks a lot,  my english y so bad,  Today at monrning  I did the configuration  and I hope that work fine. ( at nigh  we  have the installation). The ASR will be interconect Juniper router, then  IT's  will be connected to  1x stm1 and 3 x smt1 and the juniper will  be have  other sonet conection to other ISPs.

I just needed  the  ABF config Thanks.  

Thanks  again !!


xthuijs Sat, 09/24/2011 - 09:23

Hi Luis,

Here is an example ABF configuration:

ipv4 access-list ABF

10 permit ipv4 any any nexthop1 ipv4 141.1.1.2

!

And then application of this ABF to an interface:

RP/0/RSP0/CPU0:A9K-BNG(config)#int g0/0/0/0

RP/0/RSP0/CPU0:A9K-BNG(config-if)#ipv4 access-group ABF in

In this example every incoming packet is set forcefully to next hop 141.1.1.2

You can have multiple next hops also and you could use some EEM tricks to do next hop tracking.

One additional note, at this point in time, ABF is not vrf aware, what that means is the next hop in this configuration is always sought in the default routing table.

Soon we will have vrf aware abf that allows you to set the next hop in a particular vrf regardless of the vrf that the interface is in where this ABF ACL is applied to.

You can apply ABF to an interface today that is in a vrf, but the next hop is still found in the global Routing Table.

xander

lcoghi001 Wed, 09/28/2011 - 21:54

Thanks the last  saturday the  ASR was configured and migrated and the ABF   is working  very good.

Thansk alot.

Luis

kzryumov1 Tue, 11/08/2011 - 03:33

Hello collegaues,

Does ABF supports on BVI interfase in dedicated vrf?

Thanks in advance

Rjystantin

xthuijs Tue, 11/08/2011 - 04:16

Hi Konstantin,

Currently BVI doesn't do ACL and therefore also no ABF.

in XR 4.2.0 we will get ACL for BVI interfaces, but only ipv4

The extension to ABF is being scoped for XR 421. (can't make promises here)...

Also in XR 420, ABF will be vrf aware. that means that the next hop can be configured to be in any vrf.

Applying the ABF to an interface in a vrf we can already do today.

xander

kzryumov1 Tue, 11/08/2011 - 04:32

Ok. Thank you very much ))).

And last question.

Do you know date of announce release 4.2.0 and 4.2.1

WBR,

Konstantin

xthuijs Tue, 11/08/2011 - 04:43

XR 420 is december of this year (2011)

and XR 421 is 1H2012

xander

pstefanovpavel Mon, 03/10/2014 - 10:17

Hi Xander,

Is it possible to use the PBR feature above to route traffic through an MPLS TE tunnel? I see you can only specify a next hop and not an outbound interface so I presume we couldn't achieve this on IOS XR and we have to use either autoroute announce/destination or static routes.

If it works, does the feature support policy routing of VRF traffic over an MPLS TE tunnel?
 

Thanks,
Pavel

xthuijs Fri, 02/03/2012 - 11:55

This is not really RPL, but the vrf aware ABF is available in CCO 420.

This note you reference is from old ABF documentation pre 420 which could not find the next hop in a vrf.

You could submit feedback ont eh document to have it lifted and mention that vrf aware abf is supported in 420 for A9K xander

kzryumov1 Wed, 02/08/2012 - 06:03

Ok, thanks. We have created two BVI 1 and 2. There are two host 2.2.2.1 and 3.3.3.1 which connect to these BVI. But there is no traffic on sniffer.

What could be cause of the issue?

Thanks.

vrf Gb

address-family ipv4 unicast

  import route-target

   65100:4

  !

  export route-target

   65100:4

!

ipv4 access-list VRF_Gb

10 permit ipv4 2.2.2.0 0.0.0.255 any nexthop1 vrf Gb ipv4 3.3.3.1

interface BVI1

description Test_ABF_source

vrf Gb

ipv4 address 2.2.2.2 255.255.255.252

!

interface BVI2

description Test_ABF_destin

vrf Gb

ipv4 address 3.3.3.2 255.255.255.252

!

  bridge-domain VRF_Gb_Test

   interface GigabitEthernet0/0/0/9

   !

   routed interface BVI1

  !

  bridge-domain VRF_Gb_Test_2

   interface GigabitEthernet0/0/0/10

   !

   routed interface BVI2

vrf Gb

address-family ipv4 unicast

  import route-target

   65100:4

  !

  export route-target

   65100:4

!

ipv4 access-list VRF_Gb

10 permit ipv4 2.2.2.0 0.0.0.255 any nexthop1 vrf Gb ipv4 3.3.3.1

interface BVI1

description Test_ABF_source

vrf Gb

ipv4 address 2.2.2.2 255.255.255.252

!

interface BVI2

description Test_ABF_destin

vrf Gb

ipv4 address 3.3.3.2 255.255.255.252

!

  bridge-domain VRF_Gb_Test

   interface GigabitEthernet0/0/0/9

   !

   routed interface BVI1

  !

  bridge-domain VRF_Gb_Test_2

   interface GigabitEthernet0/0/0/10

   !

   routed interface BVI2

xthuijs Wed, 02/08/2012 - 06:57

I assume you have the ABF ACL applied to an ingress interface right that is likely MPLS tagged?

There could be 2 problems with your setup:

1) when traffic comes in mpls tagged, L3 ACL's can't be applied. this is a generic and as per design that L3 ACL's don't apply to tagged traffic

2) when you have tagged traffic /mpls-vpn you need to use per vrf labels with BVI. the reason is that you get an agg label then. otherwise with per prefix labels, traffic can't be forwarded as the per prefix label usually gives you a directly fib lookup, which can;t be done with BVI's (we need that extra pass an agg label gives us). this is an a9k specific implementation of VRF+BVI.

xander

kzryumov1 Fri, 02/10/2012 - 11:23

Hello, thank you.

We don't use mpls and we need VRF for two independent routing tables on ASR.

We are going to use ABF for routing via source address on BVI and bundle interfaces.
Is it possible?
kzryumov1 Sun, 02/12/2012 - 21:48

Hello Charles,

Thank you.

Do you know date of announce release 4.3?

WBR,

Konstantin

xthuijs Mon, 02/13/2012 - 05:16

That would be end of this year (2012) Konstantin. December time frame.

regards

xander

Actions

Login or Register to take actions

This Discussion

Posted September 21, 2011 at 7:32 PM
Stats:
Replies:18 Avg. Rating:5
Views:4573 Votes:0
Shares:1
Tags: ios, crs, asr, xr, asr900, prl
+

Related Content

Discussions Leaderboard