Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Silver

Policy Route Router GRE generated traffic

Hello,

I have a hub and spoke topology. The hub site has two ISPs with two different global subnets. From the HUB I have two tunnels eached tunnel is sourced from one ISP. Therefore, one tunnel has source interface IP from ISP1 and the other tunnel has source interface IP from ISP2.

I need to policy route traffic comming from TUnnel 1 to go to ISP1 as for TUnnel two no need because the default route points to ISP2.

I know that to match router generated traffic you've got to use "ip local policy routemaptag" however this don't match the GRE traffic generated from the router.

Anybody has an idea how to PBR the GRE router's generated traffic.

Thanks in advanced,

Regards,

  • WAN Routing and Switching
12 REPLIES
Hall of Fame Super Silver

Re: Policy Route Router GRE generated traffic

Mohamad

I would have thought that ip local policy would be able to handle the GRE traffic. Can you give us specifics of the route map that you used to identify traffic and send it to the right ISP? It would also be useful to know how you select which traffic goes into each tunnel.

HTH

Rick

Silver

Re: Policy Route Router GRE generated traffic

Hello Rick,

Thanks for the feedback. Yes, the PBR do not match the GRE generated traffic. However, if you try trace or extended ping it matches the traffic and you can see the PBR matching and policing the traffic. However, the GRE packets are still going through the unwanted ISP interface. Below you can find the config

route-map ISP1 permit 10

match ip address ISP1

set ip next-hop x.x.x.254

ip access-list extended ISP1

permit ip x.x.x.x 0.0.0.15 any

ip local policy route-map ISP1

Regards,

Silver

Re: Policy Route Router GRE generated traffic

I guess I figure out the problem. I changed the route-map to set default next-hop and it is now matching traffic.

Regards,

Silver

Re: Policy Route Router GRE generated traffic

Nope problem not solved still packets going to the default route. I set the route-map to use ip next hop.

Regards,

New Member

Re: Policy Route Router GRE generated traffic

This is the expected behavior. Local policy is intended for packets generated by the router, and despite the fact that GRE packets are stamped with the tunnel source, for this purpose are still considered 'forwarded' packets.

You can however use a host route (/32) to the second tunnel destination over the interface that does not have the default route. This should achieve the same result.

Hall of Fame Super Silver

Re: Policy Route Router GRE generated traffic

Mohamad

This is part of what I asked for but does not go quite far enough. In the access list ISP1 the "permit x.x.x.x 0.0.0.15 any" what addresses is it matching? Is it matching the original source address of the IP packet which is encapsulated in GRE or is it matching the address that is the source for the GRE packet?

It might also help if you could help us understand how you select which traffic goes into which tunnel.

HTH

Rick

Silver

Re: Policy Route Router GRE generated traffic

hello Rick,

IT is matching the source address of the GRE tunnel. My selection is based on the source address. If the packet come from Tunnel 1 source address it has to go to ISP1 and if the packet comes from Tunnel2 source address it has to go to tunnel 2.

Let me know your feedback,

Silver

Re: Policy Route Router GRE generated traffic

Hello Rick,

IT is matching the source address of the GRE tunnel. My selection is based on the source address. If the packet come from Tunnel 1 source address it has to go to ISP1 and if the packet comes from Tunnel2 source address it has to go to ISP 2.

Let me know your feedback,

Silver

Re: Policy Route Router GRE generated traffic

Should the traffic be as below arrangment ?

If the source address matched w/ the traffic within the tunnel 1 then go to tunnel 1's GRE address. And apply the policy map to your LAN interface.

What I believe you want to redirect the traffic before tunnel to the GRE and will go through specify GRE tunnel. Right ?

Sorry I don't have equipment on hand and prove it.

763
Views
15
Helpful
12
Replies