07-08-2014 03:14 PM - edited 03-07-2019 07:59 PM
Hi Support Community
I have searched all over the web and cannot find a definitive answer to the question - " when using policy based routing and IP next hop parameter does this next hop take precedence over connected routes ? " I know it does over static and dynamic but not sure about connected routes.
For example i have a particular vlan that i want to route out of a different WAN link. I want to route all traffic from this vlan out of this WAN link except for locally connected traffic for example to another vlan on the same layer 3 switch.
Thanks, Carl Ratcliffe
07-08-2014 05:19 PM
Hi Carl,
when using policy based routing and IP next hop parameter does this next hop take precedence over connected routes?
Yes, it does. With PBR, you should stop thinking about "what does the routing table say about the traffic's destination". The PBR is extremely simple here: Is the traffic matched by the PBR route-map on the ingress interface? If yes then route the traffic according to the set command in the matching route-map block. That's it. No rocket science.
want to route all traffic from this vlan out of this WAN link except for locally connected traffic for example to another vlan on the same layer 3 switch.
I see. What kind of switch are you using? PBR is generally available across all multilayer switches from Cisco but on some of these platforms, there are certain caveats that should be avoided when configuring the PBR (such as "don't use ACLs that have entries with deny action as they cause high CPU utilization" or "route-map deny blocks are unsupported").
Best regards,
Peter
07-08-2014 05:46 PM
10-21-2014 05:12 PM
I have this same dilemma. Did you ever find an answer?
According to this post: https://supportforums.cisco.com/discussion/10976216/pbr-and-connected-route
"PBR cannot take precedence when destination is directly connected.", which in our case, is the desired effect.
11-05-2014 03:39 AM
Hi Vincent
In the end i went with a deny route-map statement for local traffic and permit for everything else and monitored the CPU utilization. This worked for me and and utilization didnt change but i was using 6509 VSS so this is why i might not have seen an issue, not sure if the impact would be different on say a Cisco 3750.
This method to me does seem like the logical one and does work although not recommended in documentation but as far as i can see i cant find another way which does seem strange.
All i want to do is send a user vlan out of a different hop for internet traffic therefore my destination has to be any but doing this then includes local routes which i want to deny ?
Thanks, Carl Ratcliffe
07-08-2014 05:49 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide