08-27-2009 11:50 AM - edited 03-06-2019 07:28 AM
Hi,
If I apply the next configuration:
Differing Next Hops Example
The following example illustrates how to route traffic from different sources to different places (next hops). Packets arriving from source 1.1.1.1 are sent to the next hop at 3.3.3.3; packets arriving from source 2.2.2.2 are sent to the next hop at 3.3.3.5.
access-list 1 permit ip 1.1.1.1
access-list 2 permit ip 2.2.2.2
!
interface fastethernet 3/1
ip policy route-map Texas
!
route-map Texas permit 10
match ip address 1
set ip next-hop 3.3.3.3
!
route-map Texas permit 20
match ip address 2
set ip next-hop 3.3.3.5
If router 3.3.3.5 is down, can I apply a configuration where all traffic goes directly to another router,3.3.3.3?.
Thank you.
Solved! Go to Solution.
08-27-2009 12:00 PM
It is possible with PBR with object tracking feature using command 'set ip next-hop verify-availability' instead of 'set ip next-hop'. Sequence number in this command can be used to specify primary next-hope and backup next-hope for those matched packets.
set ip next-hop verify-availability 3.3.3.5 10 track 123
set ip next-hop verify-availability 3.3.3.3 20 track 124
Above command set the next-hop to 3.3.3.5 if object 123 is up. If object 123 is down then the next hop will be set to 3.3.3.3 if object 124 is up. If object 124 is also down, then policy routing fails and unicast routing will route the packet.
Refer:
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a0080211f5c.shtml
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtpbrtrk.html
08-27-2009 12:21 PM
Hi,
Besides using the Object tracking with PBR, you could apply the following which will also be applicable:
route-map Texas permit 20
match ip address 2
set ip next-hop 3.3.3.5 3.3.3.3
with the above config, If the nexthop 3.3.3.5 down, the next-hop 3.3.3.3 will be the second nexthop for all packet sources by access-list 2.
The Difference when using Object tracking, you will ensure the next-hop is reachable via ICMP as its possible to have the interface up, but the nexthop not reachable.
HTH
Mohamed
09-08-2009 12:35 PM
Using this new ACL 103, only communication sourcing from network 10.10.1.0/24 and destined to host 32.30.131.36 will be matched(and next-hope set to 10.10.3.252). Traffic sourced from 10.10.1.0/24 and going towards destination other than 32.30.131.36 will be still matched by ACL 100 and their primary next-hope will be set to 10.10.3.251. This is because of the order in which route-map will be processed by router.
Route-map will be processed in the order of its sequence number. So router will process statement- 'route-map BAD permit 5' first. This statement only match traffic defined by ACL 103(S=10.10.1.0/24 & D=32.30.131.36) and will set primary next to 10.10.3.252. Rest of the traffic will be run against second statement- 'route-map BAD permit 10'. This statement will only able to match traffic source from 10.10.1.0/24 and going to destination other than 32.30.131.36. Primay next-hope for this traffic will be set to 10.10.3.251.
I hope this can clear your understanding.
08-27-2009 12:00 PM
It is possible with PBR with object tracking feature using command 'set ip next-hop verify-availability' instead of 'set ip next-hop'. Sequence number in this command can be used to specify primary next-hope and backup next-hope for those matched packets.
set ip next-hop verify-availability 3.3.3.5 10 track 123
set ip next-hop verify-availability 3.3.3.3 20 track 124
Above command set the next-hop to 3.3.3.5 if object 123 is up. If object 123 is down then the next hop will be set to 3.3.3.3 if object 124 is up. If object 124 is also down, then policy routing fails and unicast routing will route the packet.
Refer:
http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a0080211f5c.shtml
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtpbrtrk.html
08-27-2009 12:21 PM
Hi,
Besides using the Object tracking with PBR, you could apply the following which will also be applicable:
route-map Texas permit 20
match ip address 2
set ip next-hop 3.3.3.5 3.3.3.3
with the above config, If the nexthop 3.3.3.5 down, the next-hop 3.3.3.3 will be the second nexthop for all packet sources by access-list 2.
The Difference when using Object tracking, you will ensure the next-hop is reachable via ICMP as its possible to have the interface up, but the nexthop not reachable.
HTH
Mohamed
09-01-2009 09:27 AM
Hi,
This configuration is working properly now, but I have a new request.
I need to add a static route for data traffic, but the gateway where I can find this new network is the secondary gateway.
I added the static route and it's not working.
Do you know what I can do?
09-01-2009 09:45 AM
Static route will not work in this scenario as PBR will take effect first. So first make sure that you are not including this network in your existing ACL which you are using for PBR. Then create separate ACL to match this new network and set secondary gateway as primary next hope.
09-08-2009 07:22 AM
Do you have any configuration example ?.
I don't understand how I can do it.
Thank you.
09-08-2009 08:09 AM
Hi Luis,
Let's say your new network is 10.10.10.0/24. So first edit your existing ACL 1 or 2(assuming they already include this network) to exclude this subnet. Next thing is to define new ACL 3 which only match this network. Then add new permit statement in your existing route-map.
Sample configuration look like this.
route-map Texas permit 10
match ip address 1
set ip next-hop verify-availability 3.3.3.5 10 track 123
set ip next-hop verify-availability 3.3.3.3 20 track 124
route-map Texas permit 20
match ip address 2
set ip next-hop verify-availability 3.3.3.3 10 track 124
set ip next-hop verify-availability 3.3.3.5 20 track 123
route-map Texas permit 30
match ip address 3
set ip next-hop verify-availability 3.3.3.3 10 track 124
Permit statement 30 in this route map will set next hope as your secondary gateway- 3.3.3.3 first if object 124 is up. If object 124 is down then unicast routing will takeover. You can set your primary gateway as backup nexthope depending on your requirement.
Please share your configuration if this does not help.
09-08-2009 08:43 AM
I understand, but I don't know where to apply in configuration.
Here is the current configuration:
interface Vlan1
ip address 10.10.1.254 255.255.255.0
ip policy route-map BAD
interface Vlan3
ip address 10.10.3.253 255.255.255.248
interface Vlan93
ip address 10.10.2.254 255.255.255.0
ip policy route-map BAV
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.3.251
ip route 0.0.0.0 0.0.0.0 10.10.3.252
ip route 32.30.131.36 255.255.255.252 10.10.3.252
ip route 32.30.131.42 255.255.255.255 10.10.3.252
!
!
access-list 100 permit ip 10.10.1.0 0.0.0.255 any
access-list 101 permit ip 10.10.2.0 0.0.0.255 any
route-map BAD permit 10
match ip address 100
set ip next-hop verify-availability 10.10.3.251 10 track 123
set ip next-hop verify-availability 10.10.3.252 20 track 124
!
route-map BAV permit 10
match ip address 101
set ip next-hop verify-availability 10.10.3.252 10 track 124
set ip next-hop verify-availability 10.10.3.251 20 track 123
I need that 10.10.1.0/24 source network can find 32.30.131.36 destination network with this gateway: 10.10.3.252.
Thank you.
09-08-2009 10:19 AM
Ok. Use ACL 103 to match this communication and add new permit statement above the existing statement in route-map BAD.
access-list 103 permit ip 10.10.1.0 0.0.0.255 host 32.30.131.36
route-map BAD permit 5
match ip address 103
set ip next-hop verify-availability 10.10.3.252 10 track 124
set ip next-hop verify-availability 10.10.3.251 20 track 123
09-08-2009 11:46 AM
Ok.
If I do this change, my default gateway will change to 10.10.3.252 or not ?, I don't need it.
Do you understand ?.
09-08-2009 12:35 PM
Using this new ACL 103, only communication sourcing from network 10.10.1.0/24 and destined to host 32.30.131.36 will be matched(and next-hope set to 10.10.3.252). Traffic sourced from 10.10.1.0/24 and going towards destination other than 32.30.131.36 will be still matched by ACL 100 and their primary next-hope will be set to 10.10.3.251. This is because of the order in which route-map will be processed by router.
Route-map will be processed in the order of its sequence number. So router will process statement- 'route-map BAD permit 5' first. This statement only match traffic defined by ACL 103(S=10.10.1.0/24 & D=32.30.131.36) and will set primary next to 10.10.3.252. Rest of the traffic will be run against second statement- 'route-map BAD permit 10'. This statement will only able to match traffic source from 10.10.1.0/24 and going to destination other than 32.30.131.36. Primay next-hope for this traffic will be set to 10.10.3.251.
I hope this can clear your understanding.
09-08-2009 12:51 PM
You're right, I understand.
I didn't see the 'route-map BAD permit 5'; I was thinking that it was replacing the number 10.
I really appreciate your help, thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide