Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Policy Routing

When using a route-map, set next-hop. What happens if the next hop goes down or the link to the next hop goes down? Will the packet be dropped out of the policy and be routed normally, or will it still be sent to a non existent next-hop?


Re: Policy Routing

It should be routed normally.

You do have the option of specifying two next hops (actually u can specify more that 2...i m not sure abt upper limit). In case the first next-hop specified fails...the packet is routed to second next-hop and so on.

Re: Policy Routing

If the interface associated with the first next hop specified with the "set ip next-hop" command is down, the optionally specified second or third IP addresses are tried in turn. If the link is down but there are no other set statements, packets are routed normally (i.e. the router uses policy routing first and then the routing table).

For eg.

route-map traffic_source permit 10

match ip address 101

set ip next-hop 172.16.x.x 172.32.x.x

If the next hop goes down but the link is still up, the router will continually ARP for that downed router (i.e. you are black holed).

An alternative is the command "set ip next-hop verify-availability" which will verify the next hop is up using CDP. See link:

From this link in regards to if the host is down but the link up: "If this command is not set, the packets are either successfully policy routed or remain forever unrouted."

Configuring the "set ip default next-hop" command causes the system to use the routing table first and if the route isn't there then policy route to the specified next hop.

The "set" order of operation is: set ip next-hop, set interface, set ip default next-hop, and then set default interface.

Hope it helps.


Community Member

Re: Policy Routing

Hi Steve,

i wanted to ask something relevant, but i think i'm loosing something in your words...

So, in your exmple if 172.16.x.x is down, but the link is up, will172.32.x.x be used instead?

What about if 172.16.x.x is a PC running WIN2K and ICS (aka NAT) and the internet connection (not the 172.16.x.x) of the PC fails?

What happens then?

Are the packets sent back from the PC to the router and then rerouted to 172.32.x.x?

CreatePlease to create content