I have searched all over the web and cannot find a definitive answer to the question - " when using policy based routing and IP next hop parameter does this next hop take precedence over connected routes ? " I know it does over static and dynamic but not sure about connected routes.
For example i have a particular vlan that i want to route out of a different WAN link. I want to route all traffic from this vlan out of this WAN link except for locally connected traffic for example to another vlan on the same layer 3 switch.
when using policy based routing and IP next hop parameter does this next hop take precedence over connected routes?
Yes, it does. With PBR, you should stop thinking about "what does the routing table say about the traffic's destination". The PBR is extremely simple here: Is the traffic matched by the PBR route-map on the ingress interface? If yes then route the traffic according to the set command in the matching route-map block. That's it. No rocket science.
want to route all traffic from this vlan out of this WAN link except for locally connected traffic for example to another vlan on the same layer 3 switch.
I see. What kind of switch are you using? PBR is generally available across all multilayer switches from Cisco but on some of these platforms, there are certain caveats that should be avoided when configuring the PBR (such as "don't use ACLs that have entries with deny action as they cause high CPU utilization" or "route-map deny blocks are unsupported").
Thanks for your response. I have also read about not using deny acls and route map denys and this was the reason for my question.
With that in mind how would I pbr all destination traffic to a different next hop except for local connected traffic. I can't permit all because this will also send local traffic, I can't use deny because of what the documentation advises.
This doesn'tseem like it would be an uncommon request, for example in this case I want to route all wan traffic out of a particular next hop, easily done with an any acl however I have 10 plus local routes including voice traffic, it's not logical to send local traffic ie voice to voice local traffic to a different next hop then back again.
Thanks, Carl Ratcliffe
In the end i went with a deny route-map statement for local traffic and permit for everything else and monitored the CPU utilization. This worked for me and and utilization didnt change but i was using 6509 VSS so this is why i might not have seen an issue, not sure if the impact would be different on say a Cisco 3750.
This method to me does seem like the logical one and does work although not recommended in documentation but as far as i can see i cant find another way which does seem strange.
All i want to do is send a user vlan out of a different hop for internet traffic therefore my destination has to be any but doing this then includes local routes which i want to deny ?
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...