Solved: Re: policy based routing and locally generated ospf-hello

sarahr202 · ‎12-02-2011

HI everybody

Please consider the following :

R1 s1/0----200.200.200.0----s1/0--R2--- f2/0-10.10.10.2/8

s1/1-----199.199.199.9----s1/1

R1 and R2 are running ospf.R1 can reach 10.0.0.0/8 via:

R1:

199.199.199.1/24 s1/1

200.200.200.1/24 s1/0

R2:

199.199.199.2/24 s1/1

200.200.200.2/24 s1/0

Next I change the ospf cost on s1/1,R1 as shown below:

R1(config)# int s1/1

R1(config-if) ip ospf cost 100

As a result," show ip route" on R1 shows only one path to reach 10.0.0.0/8 as shown below:

R1#show ip route

O 10.0.0.0/8 [110/65] via 200.200.200.2, 00:38:50, Serial1/0

199.199.199.0/24 is variably subnetted, 2 subnets, 2 masks

C 199.199.199.0/24 is directly connected, Serial1/1

L 199.199.199.1/32 is directly connected, Serial1/1

200.200.200.0/24 is variably subnetted, 2 subnets, 2 masks

C 200.200.200.0/24 is directly connected, Serial1/0

L 200.200.200.1/32 is directly connected, Serial1/0

The goal is to cause R1 to use 199.199.199.2 as next hop for locally generated packets.

We will use PBR.

R1 config:

ip local policy route-map sarah

route-map sarah permit 10

set ip next-hop 199.199.199.2

===========================================

R1 will generate

Hello src ip 200.200.200.1 dst 224.0.0.5 for s1/0

Hello src ip 199.199.199.1 dst 224.0.0.5 for s1/1

These hellos are locally generated so R1 will see if they are matched by route-map. Since these hellos are matched by route-map sarah therefore next hop is set to 199.199.199.2, Consequently we should find hellos with src ip 200.200.200.1 dst 224.0.0.0.5, are being sent over s1/1 as dictated by PBR.

But when I performed the lab, I found hellos srcip 200.200.200.1 dstip 224.0.0.5 were being sent via s1/0 200.200.200.2 rather than via s1/1 199.199.199.2.

The question is why?

thanks and have a great weekend.

lgijssel · ‎12-03-2011

OSPF hello's will always be sent on every interface for which OSPF is enabled, regardless of any policy routing.

On the other interface, the source address will be different but destination will be the same.

Your test lab should have shown this behavior.

Please also note that the destination is a multicast address and hence not affected by the policy route map.

regards,

Leo

View solution in original post

Kishore Chennupati · ‎12-03-2011

Hi sarah,

Hope you well.

Leo is absolutely right. The HELLO's are sent on the interfaces where ospf ie enabled.If you dont want HELLO's to be sent out that interfaces then you can use"passive-interace ".

In case of PBR, it doesn't affect the multicast traffic that ospf keeps sending for hello's. Also to note is that PBR uses the traffic not localy generated but transit traffic.

Note: Policy routing is specified on the interface that receives the packets, not on the interface from which the packets are sent.

Regards,

Kishore

View solution in original post

Richard Burts · ‎12-04-2011

Kishore is describing the usual usage of PBR which is to modify the routing decision for traffic that is transit through the router. You are absolutely correct that there is a possibility of using local PBR to modify the routing decision for traffic that is generated by the router itself (local policy based routing).

The thing to remember is that PBR is for unicast traffic. PBR will not affect the forwarding of multicast traffic.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎12-05-2011

Kishore

Yes hello packets, update/LSA packets, arp requests, IP SLA probes would be local. Other examples of local would include syslog being sent to a server, aaa authentication packets being sent to an authorization server, TFTP packets sending the running config for backup, ICMP packets sent by the router in response to ping, traceroute, etc., SNMP traps and responses to requests from SNMP servers, ntp requests being sent from the router to an NTP server, DNS requests being sent from the router, netflow packets sent from the router to a server. These are not a complete list but are what occur to me at this point.

HTH

Rick

HTH

Rick

View solution in original post

JohnTylerPearce · ‎12-03-2011

The goal is to cause R1 to use 199.199.199.2 as next hop for locally generated packets.

Why not change the ospf cost from 100 to 1, therefore the other path should be chosen to reach the 10.0.0.0/8 network.

On a side note, you should go to the specific interface, and put the 'ip local policy' command there.

int s0/0

ip local policy route-map [in|out]

etc etc

lgijssel · ‎12-03-2011

OSPF hello's will always be sent on every interface for which OSPF is enabled, regardless of any policy routing.

On the other interface, the source address will be different but destination will be the same.

Your test lab should have shown this behavior.

Please also note that the destination is a multicast address and hence not affected by the policy route map.

regards,

Leo

JohnTylerPearce · ‎12-03-2011

Excellent point about the multicast address. You are right, as OSPF sends updates to 224.0.0.5.

Kishore Chennupati · ‎12-03-2011

Hi sarah,

Hope you well.

Leo is absolutely right. The HELLO's are sent on the interfaces where ospf ie enabled.If you dont want HELLO's to be sent out that interfaces then you can use"passive-interace ".

In case of PBR, it doesn't affect the multicast traffic that ospf keeps sending for hello's. Also to note is that PBR uses the traffic not localy generated but transit traffic.

Note: Policy routing is specified on the interface that receives the packets, not on the interface from which the packets are sent.

Regards,

Kishore

sarahr202 · ‎12-04-2011

Hi Kishore.

How are you doing?

"Also to note is that PBR uses the traffic not localy generated but transit traffic."

My understanding is pbr can also affect locally generated packets not just transit.

Fore example, we can use :

ip local policy route-map sarah

The word local in above command causes router to apply pbr to locally generated packets except for packets sent at multicast address ( I just learned from you guys)

Please correct me if iam wrong.

I want to thanks everyone for taking the time out to answer my weird questions

Richard Burts · ‎12-04-2011

Kishore is describing the usual usage of PBR which is to modify the routing decision for traffic that is transit through the router. You are absolutely correct that there is a possibility of using local PBR to modify the routing decision for traffic that is generated by the router itself (local policy based routing).

The thing to remember is that PBR is for unicast traffic. PBR will not affect the forwarding of multicast traffic.

HTH

Rick

HTH

Rick

JohnTylerPearce · ‎12-05-2011

Question about Locally Generated Packets Richard...

Lets say RA has PBR configured, and a packet that matches that PBR, comes in, I'm assuming that

isn't a locally generated packet?

What exactly would be a locally generated packet? Would it be if I have a host configured to a router?

Kishore Chennupati · ‎12-05-2011

Hi John,

Lets say RA has PBR configured, and a packet that matches that PBR, comes in, I'm assuming that

isn't a locally generated packet?

What exactly would be a locally generated packet? Would it be if I have a host configured to a router?

If you are talking about the traffic local to the "Router" then locally generated packets would be traffic originating from the router; i.e the hellos packets, update packets, LSA's in case of routing protocols.

ARP by the router also can be looked as local traffic. IP SLA probes are also generated by the router itself.

Will wait for Rick's expert opinion on this.

HTH

Kishore

Richard Burts · ‎12-05-2011

Kishore

Yes hello packets, update/LSA packets, arp requests, IP SLA probes would be local. Other examples of local would include syslog being sent to a server, aaa authentication packets being sent to an authorization server, TFTP packets sending the running config for backup, ICMP packets sent by the router in response to ping, traceroute, etc., SNMP traps and responses to requests from SNMP servers, ntp requests being sent from the router to an NTP server, DNS requests being sent from the router, netflow packets sent from the router to a server. These are not a complete list but are what occur to me at this point.

HTH

Rick

HTH

Rick

Kishore Chennupati · ‎12-05-2011

Hi sarah,

My understanding is pbr can also affect locally generated packets not just transit.

Fore xample, we can use :

ip local policy route-map sarah

The word local in above command causes router to apply pbr to locally generated packets except for packets sent at multicast address ( I just learned from you guys)

You are right. I overlooked that. Thanks for correcting me I haven't seen any deployments that use the PBR for local traffic hence i went in the other direction.

 I want to thanks everyone  for taking the time out to answer my weird questions

Sarah, your questions are always a pleasure to answer.Your questions are very thought provoking and I must admit that they definetly make us think( atleast me ). Please keep continuing to shoot your questions. This forum is for sharing knowledge and you are actually helping us to refresh key concepts and learn more via your posts.

Regards,

Kishore

JohnTylerPearce · ‎12-05-2011

Kishore, I kinda figured that's what you meant. Thanks for clarifying it for me.