Solved: Re: Route-Maps Issue

azibnaseem · ‎09-26-2017

hey Community Team'

Recently I am observing an issue with route-maps. Two links from different service providers are terminated on Router 2911. Default route is set to ISP1 & all traffic is working normally. When I applied route-map to send some traffice through an ISP2, then some of websites like (yahoo.com, cisco.com etc) are not opening with ERR-Connection-Timed-Out through ISP2 but at the same time some of websites like (facebook.com, twitter.com, youtube.com etc) are working normally.

any respone will be highly appreciated.

Regards'

Azib.

azibnaseem · ‎09-28-2017

Hey Community Members'

I have figured out the problem & solved it. Actually I have applied a wrong access-list cisin in right dierection like ip access-group cisin out. After applying right access-list in right direction issue has been solved. Thanks for your suggestions & advises.

Regards'

View solution in original post

paul driver · ‎09-27-2017

Hello

Was you trying to policy route traffic? - Can you poist the configuration of what you applied?

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

azibnaseem · ‎09-27-2017

Hey @paul driver'

Network Diagram has been attached. Route-map command has been applied on interface Gi 0/2. As earlier I mentioned that default route set to ISP1 & through ISP1 everything has been working well. I have advertised 6 class c networks 4 through ISP1 & 2 through ISP2 using BGP. By default all 6 networks traffic passing through ISP1. I want to pass one of my network or some host traffic through ISP2 using route-map & after applying route-map traffic start passing through ISP2 but as earlier I mentioned that some of websites are not opening through ISP2. Route-Map configuration is given below for the review.

show running-config | section route-map
ip policy route-map wateen-gw
route-map wateen-gw permit 10
match ip address wateenroute
set ip next-hop 58.27.222.101

interface GigabitEthernet0/1
description "70 Mbps UP-Link to Wateen Telecom"
ip address 58.27.222.102 255.255.255.252
ip access-group cisin in
ip access-group cisin out
duplex auto
speed auto
no cdp enable
end

show running-config interface gigabitEthernet 0/2
Building configuration...

Current configuration : 286 bytes
!
interface GigabitEthernet0/2
description "Point to Pint Link Between R2911 to SKT-3750G"
ip address 255.255.255.252 secondary
ip address 172.16.30.101 255.255.255.252
ip policy route-map wateen-gw
ip ospf 7590 area 0
load-interval 30
duplex auto
speed auto
end

Regards'

paul driver · ‎09-27-2017

Hello

What do the access-lists state?
Also can you post the bgp routing stanza config?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

azibnaseem · ‎09-27-2017

Hello,

Three hosts IP Address has been added into Access-lists to forward traffic to ISP2 using Route-Map.

I didn't understand your second question. is bgp config required or bgp routing table required? Please brief.

Regards'

Richard Burts · ‎09-27-2017

You have multiple access lists. In addition to the access list used for policy based routing you also have an access list applied to the interface cisin. I would like to see the content of that access list.

I have seen situations where some web sites worked ok while other web sites had issues that were caused by MTU issues. Is it possible that there is something on the link for ISP2 that impacts MTU? Perhaps some encapsulation, or some tunneling, or QinQ processing? You might try using ip tcp adjust-mss to set a lower negotiated MTU and see if it helps.

HTH

Rick

HTH

Rick

azibnaseem · ‎09-28-2017

Hey Community Members'

I have figured out the problem & solved it. Actually I have applied a wrong access-list cisin in right dierection like ip access-group cisin out. After applying right access-list in right direction issue has been solved. Thanks for your suggestions & advises.

Regards'

Richard Burts · ‎09-28-2017

Azib

Thank you for posting back to the forum and letting us know that you have solved your own problem and that the problem was incorrect application of the access list. It is always nice to see an issue where the original poster was able to find their own solution and to share that with the forum.

HTH

Rick

HTH

Rick