Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

route maps not applying all the time?

I am still working with route maps to make a particular route be the prefered route for certain destination addresses. My lab has 3750's for the switch at either end, 2-2800s for the routers at each end. The routers are all attached to a 7200 configured as a frame relay switch emulator in between. Pings back and forth work fine and the route map appears to work, if I ping from the switch at the "A" end to the switch at the "B" end of the link, and vice versa as well. Trace routes show that the routes are load balanced when they should be, and are prefering a special route when they should be...that is so long as I perform these operations from the switch.

But if I attach a workstation to one end and try to ping various addresses at the other end using that workstation it ALWAYS takes the least prefered route.

I thought at first it was not applying my route map statement. I checked, and the port to which my workstation is attached is configured in Vlan1 (by default) where the route map is applied. But even if that weren't set up right, then it *should* load balance and it doesn't even do that...

Below is key parts of config on the switch at the end where the workstation is, and the route table and traceroute results. Can anyone spot what is happening here?

SDM Prefer Routing was issued and the unit reset

IP Routing

interface Vlan1

ip address 10.1.1.11 255.255.0.0

ip policy route-map prefroute

router eigrp 1

network 10.1.0.0 0.0.255.255

no auto-summary

ip local policy route-map prefroute

ip route 0.0.0.0 0.0.0.0 10.1.2.103

access-list 118 permit ip any 10.128.0.0 0.63.255.255

access-list 118 deny ip any any

route-map prefroute permit 10

match ip address 118

set ip next-hop 10.1.1.33 10.1.1.22

SHOW IP ROUTE:

D EX 10.132.20.0/24 [170/442368] via 10.1.1.33, 2d04h, Vlan1

[170/442368] via 10.1.1.22, 2d04h, Vlan1

Traceroute from switch at 10.1.1.11 to 10.132.20.1:

1 10.1.1.33 0 msec 0 msec 8 msec

2 68.136.221.66 9 msec 8 msec 9 msec

3 10.32.1.1 8 msec * 0 msec

Tracert from workstation at 10.1.1.69 with def. gw = 10.1.1.11 to 10.132.20.1

1 <1 ms 2ms 2ms 10.1.1.11

2 1 ms 1ms 1ms 10.1.1.22

3 3 ms 3ms 3ms 172.20.45.153

4 5 ms 4ms 4ms 10.132.20.1

27 REPLIES

Re: route maps not applying all the time?

This may just be the way the load balancing is done. Generally "load-balancing" is a misnomer, and normally you have something that could be called "flow balancing". That is, traffic with any particular source and destination IP addresses will always take the same path. Change the source address, and it may take the other path. It just so happens that your router-to-destination flow takes one path, and your PC-to-destination takes another.

Have a look at show ip cef and show ip cef detail, and see if that gives you any clues.

Kevin Dorrell

Luxembourg

Hall of Fame Super Bronze

Re: route maps not applying all the time?

That's an odd behavior, according to:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hirp_r/rte_pih.htm#wp1125447

"If the interface associated with the first next hop specified with the set ip next-hop command is down, the optionally specified IP addresses are tried in turn."

__________________

Don't expect load balancing with route-maps.

Also, the set ip next-hop option bypasses the routing table, so EIGRP does not come into the equation when calculating best path.

If you want to use the routing table and then PBR, you need to use set ip default next-hop

New Member

Re: route maps not applying all the time?

thank you both. Good information in the show ip cef detail.

Answering the question about what outcome I'm wanting...I have the routes being built by EIGRP so I expect two equal cost routes in the table and by default, I would expect load balancing across them. Now that I understand load balancing is not by packet but by flow, at least it makes more sense that the packet would take the same route every time.

I wanted to try to make certain destinations take one path over the other, but still be able to use the 'less' prefered path if the interface for the prefered route is down. Hence the route amp and the use of the next-hop with two ip addresses in it. For those destinations I want to bypass the routing table and just use the hops listed in order of preference.

Here's the interesting thing: When I show the IP CEF table I do see two routes to 10.132.20.0; listed with the least prefered route (10.1.1.22) listed first and per-destination as the choice. So the fact that my workstation picks .22 and stays there is now not so perplexing....

Except that the route map should be overriding that. Debug route-map does not show an increase in packets when I trace from the workstation to the address on the other side of the net, although it does for a traceroute issued from the switch itself.

Adding to the confusion: from the router if I do SHOW IP CEF EXACT-ROUTE (ws ip) (dest IP) it indicates that the exact route is to take 10.1.1.33!! Which is NOT what the workstation does! I've cleared IP ROUTE on the switch hoping to rebuild CEF but it built back the same way. I've changed the IP address on the workstation but I still get the same route...through the lesser prefered 10.1.1.22.

The interface is up for both "next-hop" ip addresses....

It very clearly is NOT applying my route map for the workstation, I just don't know why...

Hall of Fame Super Bronze

Re: route maps not applying all the time?

Remove

ip local policy route-map prefroute

and try again from the workstation.

New Member

Re: route maps not applying all the time?

ah, no help with that but...I did turn on debug ip policy and...it's pretty interesting.

for one thing, I see NO entries where the source is 10.1.1.69, meaning indeed my policy map is not even being applied to the inbound interface where this workstation is connected.

I do however see entries for the response from 10.1.1.11 going out to 10.1.1.69, saying the policy is rejected and normal processing will occur. Which means the map works on the inbound interface of Vlan1 (10.1.1.11 is the IP assigned to int Vlan1).

So that means I have completely misunderstood how to apply my policy map.

I read in various docs that the policy map is applied to INBOUND traffic for the interface in question.

I read that to mean vlan1.

Is it possible there's some odd restriction to the route map where vlan1 (default vlan) is concerned? I have searched all over internet not finding anything to that effect.

Have I misunderstood the use of the word "inbound" in this context? From what interface would traffic generated by workstation on vlan1 be considered "inbound"?

Hall of Fame Super Bronze

Re: route maps not applying all the time?

No, you got it right. It needs to be place on the ingress interface, on this case Vlan1.

Can you post the debug ip policy output ?

New Member

Re: route maps not applying all the time?

Sure:

01:16:49: IP: s=10.1.1.11 (local), d=10.1.1.69, len 73, policy rejected -- norma

l forwarding

01:16:49: IP: s=10.1.1.11 (local), d=10.132.20.1, len 28, policy match

01:16:49: IP: route map VERIZON, item 10, permit

01:16:49: IP: s=10.1.1.11 (local), d=10.132.20.1 (Vlan1), len 28, policy routed

01:16:49: IP: local to Vlan1 10.1.1.33

Hall of Fame Super Bronze

Re: route maps not applying all the time?

I need to see packets with s=10.1.1.69

New Member

Re: route maps not applying all the time?

that's the problem...there aren't any....even though 10.1.1.69 is the address of the ws generating my tests. What I'm infering that to mean is, the policy is not being applied to the interface that unit connects to therefore, there is nothing in the ip policy debug output.

What I don't know is why that would be. Or maybe I'm barking up the wrong tree....

New Member

Re: route maps not applying all the time?

that's the problem...there aren't any....even though 10.1.1.69 is the address of the ws generating my tests. What I'm infering that to mean is, the policy is not being applied to the interface that unit connects to therefore, there is nothing in the ip policy debug output.

What I don't know is why that would be. Or maybe I'm barking up the wrong tree....

I changed the vlan my ws was on and gave it an appropriate IP address. It now takes the prefered route for everything....regardless of destination. Still debug ip policy does not show this new address a a source of traffic....I gotta be misunderstanding what the debug output represents...or at what point it is generating its output....

the output "debug ip policy" gives me after I ping from my workstation (now 10.10.16.2) is ALWAYS from 10.10.16.1 to 10.10.16.2...as if the only thing it outputs is the return traffic from that traceroute command....

grrr....I feel like I have a big brick in my head where my brain should be....

Hall of Fame Super Bronze

Re: route maps not applying all the time?

I did a recreate with your config (verbatim).

00:12:48: IP: s=10.1.1.69 (Vlan1), d=10.132.20.1, len 100, FIB policy match

00:12:48: IP: s=10.1.1.69 (Vlan1), d=10.132.20.1, g=10.1.1.33, len 100, FIB policy routed

00:12:50: IP: s=10.1.1.69 (Vlan1), d=10.132.20.1, len 100, FIB policy match

00:12:50: IP: s=10.1.1.69 (Vlan1), d=10.132.20.1, g=10.1.1.33, len 100, FIB policy routed

interface Vlan1

ip address 10.1.1.11 255.255.0.0

ip policy route-map prefroute

access-list 118 permit ip any 10.128.0.0 0.63.255.255

access-list 118 deny ip any any

route-map prefroute permit 10

match ip address 118

set ip next-hop 10.1.1.33 10.1.1.22

New Member

Re: route maps not applying all the time?

gee...so your's works and mine doesn't....

what version ios do you have running?

New Member

Re: route maps not applying all the time?

gee...so your's works and mine doesn't....

what version ios do you have running?

I noticed your debug output specified 10.1.1.69 is in vlan 1. All I ever get is the local stuff....

Hall of Fame Super Bronze

Re: route maps not applying all the time?

Version 12.2(25)SEE4

I don't think it's an IOS version.

Can you post a show tech-support from the switch ?

New Member

Re: route maps not applying all the time?

too large to post...looking for instructions on how to upload...

Hall of Fame Super Bronze

Re: route maps not applying all the time?

When you reply to a message, click on the 'Add Attachments' link.

New Member

Re: route maps not applying all the time?

dang it! I read that elsewhere but alas i have no such link....I've seen others post that same complaint. no blocker on this site and am using IE 6 with massive updates...will get out and try firefox i guess....

If I cant find it what specifically are you looking for, perhaps I can pare down the show tech.

Hall of Fame Super Bronze

Re: route maps not applying all the time?

That's very strange.

See the attached file on this post to see how my reply screen looks like :)

New Member

Re: route maps not applying all the time?

LOL!!!

I can't download anything either. I see the attachment listed but have no link with which to open. Clicking on it doesn't help.

I emailed the showtech to my home email address and tonight I will use Mozilla from home and see if maybe that will get me more access.

Thanks for all your so far and I hope to find this pesky problem. I'm past the point of learning the CCNP material, now I'm just driven by "why doesn't this work????!!"

Will post later and hope to hear back from you then or possibly tomorrow depending on where you are in the world.

New Member

Re: route maps not applying all the time?

well, I guess you have to be a CCIE to have access those functions because even from home with no firewall using firefox instead of IE I don't see a way to download the image you posted nor to post my file with the Showtech. There simply are no buttons or links for these functions.

I tried to pare it down by getting rid of all the references to the interfaces not connected to anything which is all but 3, still not small enough.

I really would like to understand what I'm doing wrong in my lab and why it won't work. Can I cut and paste sections of the show tech that would help you to help me?

Hall of Fame Super Bronze

Re: route maps not applying all the time?

Let's start by posting the output of show run

New Member

Re: route maps not applying all the time?

Thank you. I'm putting that in below, less the ports that don't matter any way. BUT...desparate times call for desparate measures. If you are inclined, I have posted the whole show tech on my road runner page... http://home.kc.rr.com/rogerandsue/. here is show run:

------------------ show running-config ------------------

Building configuration...

Current configuration : 15763 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log datetime

service password-encryption

!

hostname prf_switch

!

enable secret 5

!

username ciscoadmin privilege 15 password 7

no aaa new-model

switch 1 provision ws-c3750g-48ts

system mtu routing 1500

ip subnet-zero

ip routing

no ip domain-lookup

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

!

interface Loopback1

ip address 137.135.128.232 255.255.255.255

!

interface GigabitEthernet1/0/1

description router a

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

switchport port-security maximum 8

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

spanning-tree portfast disable

spanning-tree bpduguard disable

spanning-tree link-type point-to-point

!

!

interface GigabitEthernet1/0/3

description router b

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

switchport port-security maximum 8

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

spanning-tree portfast disable

spanning-tree bpduguard disable

spanning-tree link-type point-to-point

!

!

interface GigabitEthernet1/0/5

switchport mode access

switchport port-security maximum 8

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

spanning-tree portfast

!

interface Vlan1

ip address 10.1.1.50 255.255.0.0 secondary

ip address 10.1.1.11 255.255.0.0

ip policy route-map prefroute

!

interface Vlan5

ip address 10.10.16.1 255.255.255.0

ip policy route-map prefroute

!

interface Vlan6

ip address 192.201.1.194 255.255.255.224

!

router eigrp 1

network 10.1.0.0 0.0.255.255

no auto-summary

!

ip local policy route-map prefroute

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.2.103

ip http server

ip http secure-server

!

!

access-list 118 permit ip any 10.128.0.0 0.63.255.255

access-list 118 deny ip any any

route-map prefroute permit 10

match ip address 118

set ip next-hop 10.1.1.33 10.1.1.22

!

!

control-plane

!

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

exec-timeout 0 0

logging synchronous

no login

line vty 5 15

password 7

logging synchronous

login local

!

end

Hall of Fame Super Bronze

Re: route maps not applying all the time?

- Remove

ip local policy route-map prefroute

(please leave it off)

- Turn debug on ip policy

- Initiate a ping from host 10.1.1.69 to a device located in 10.128.0.0/18 subnet

- Please post the output from this debug

_______________

Based on the show tech, the log displays that the source is 10.1.1.11 and the destination is 10.1.1.69.

It also shows the policy does not match (ACL 118 does not cover the source and destination network, on this example) which makes a lot of sense.

New Member

Re: route maps not applying all the time?

Thank you and you are right about 118 not applying to the traffic between 10.1.1.11 and .69.

When I turn off ip local policy route-map prefroute I get no debug output whatsoever from traces or pings on 10.1.1.69 to 10.132.20.1.

If I turn it back on, I get the packets which you saw earlier where 10.1.1.11 is the source and 10.1.1.69 is the destination. Those are caused by the fact that my workstation (.69) is telneted into the switch (.11) in order to issue commands and observe the output. I believe the local policy, when on, applies to the traffic generated by the switch, in this case the return packets for the telnet session. Of course I would expect them to be rejected by the route map because that address, understandably is not in the range to be routed via one path or the other to the opposite side of the network. Thus they fall right through to the normal processing, and the set is not applied.

But the fact that there is no debug output apart from that local policy indicates that my route map, for whatever reason is NOT even being invoked in spite of the fact that there is a policy for it applied to vlan 1. I've tried other vlans as well just for grins but to no avail.

What would keep a route-map from even being invoked?

I wish there was something to post but there is nothing with that local policy removed.

Hall of Fame Super Bronze

Re: route maps not applying all the time?

Try downgrading to an earlier IOS version.

New Member

Re: route maps not applying all the time?

EUREAKA!!! I found it!!!

It's upper/lower case. When I put in the route map I used all upper case. When I applied the statement to the local policy using upper case that is how it stored it. But when I applied it to the VLAN interface it is in lower case.

I just deleted the ip policy from vlan1 and put it back, forcing the name to all upper case but, when I do a show run it comes back all lower case. SOOOOO...the name of the policy isn't technically the same.

Since I can't force the interface to save my name in all uppercase, I deleted my policy and recreated using all lower case for the name. It's working like it should now!

Funny I was about to backrev from 122.40 SE to your version for grins when I happened to notice this and thought...what the heck????

Something else that is odd: the showtech displays in lower case but the show run does not...I dunno what's up with that.

AH.....Thanks so much for all your help. I'm curious you can reproduce the problem by naming your route-map in all upper, trying to apply it in all upper to vlan1 only to have it convert to lower and thus...not work there any more. But I realize you are busy and probably don't have time.

Hall of Fame Super Bronze

Re: route maps not applying all the time?

I don't even have to test it, route-maps are case sensitive.

I find it very strange that it didn't show on the output you posted.

One lesson learned, keep track of upper/lower case when creating anything in the configuration. That is, route-maps - ACLs - among other things.

I usually go with Upper case for any labeling on the router (route-maps, ACLs, etc).

Glad you were able to solve the problem, I'm sure you learned a lot from this :)

187
Views
0
Helpful
27
Replies