Hi Peter

Carl Ratcliffe · ‎07-08-2014

Hi Support Community

I have searched all over the web and cannot find a definitive answer to the question - " when using policy based routing and IP next hop parameter does this next hop take precedence over connected routes ? " I know it does over static and dynamic but not sure about connected routes.

For example i have a particular vlan that i want to route out of a different WAN link. I want to route all traffic from this vlan out of this WAN link except for locally connected traffic for example to another vlan on the same layer 3 switch.

Thanks, Carl Ratcliffe

Peter Paluch · ‎07-08-2014

Hi Carl,

when using policy based routing and IP next hop parameter does this next hop take precedence over connected routes?

Yes, it does. With PBR, you should stop thinking about "what does the routing table say about the traffic's destination". The PBR is extremely simple here: Is the traffic matched by the PBR route-map on the ingress interface? If yes then route the traffic according to the set command in the matching route-map block. That's it. No rocket science.

want to route all traffic from this vlan out of this WAN link except for locally connected traffic for example to another vlan on the same layer 3 switch.

I see. What kind of switch are you using? PBR is generally available across all multilayer switches from Cisco but on some of these platforms, there are certain caveats that should be avoided when configuring the PBR (such as "don't use ACLs that have entries with deny action as they cause high CPU utilization" or "route-map deny blocks are unsupported").

Best regards,
Peter

Carl Ratcliffe · ‎07-08-2014

Hi Peter Thanks for your response. I have also read about not using deny acls and route map denys and this was the reason for my question. With that in mind how would I pbr all destination traffic to a different next hop except for local connected traffic. I can't permit all because this will also send local traffic, I can't use deny because of what the documentation advises. This doesn'tseem like it would be an uncommon request, for example in this case I want to route all wan traffic out of a particular next hop, easily done with an any acl however I have 10 plus local routes including voice traffic, it's not logical to send local traffic ie voice to voice local traffic to a different next hop then back again. Thanks, Carl Ratcliffe

Ralphy006 · ‎10-21-2014

I have this same dilemma. Did you ever find an answer?

According to this post: https://supportforums.cisco.com/discussion/10976216/pbr-and-connected-route

"PBR cannot take precedence when destination is directly connected.", which in our case, is the desired effect.

Carl Ratcliffe · ‎11-05-2014

Hi Vincent

In the end i went with a deny route-map statement for local traffic and permit for everything else and monitored the CPU utilization. This worked for me and and utilization didnt change but i was using 6509 VSS so this is why i might not have seen an issue, not sure if the impact would be different on say a Cisco 3750.

This method to me does seem like the logical one and does work although not recommended in documentation but as far as i can see i cant find another way which does seem strange.

All i want to do is send a user vlan out of a different hop for internet traffic therefore my destination has to be any but doing this then includes local routes which i want to deny ?

Thanks, Carl Ratcliffe

Carl Ratcliffe · ‎07-08-2014

Hi Peter Forgot to mention I have this scenario for a 6500 vss and also a 3750x. Thanks, Carl Ratcliffe

PBR - Connected Routes