Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Troubleshooting PBR

Hello All,

We've implemented PBR between our main and branch offices. However, it seems to have issues - the packet losses (via ping is extremely high, the traffic gets interrupted, etc. Does anyone have any information on how to troubleshoot it?

Here're the pieces of the relative configuration:

interface Vlan11

description $FW_INSIDE$

ip address

ip access-group vlan11-in in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip inspect firewall in

ip virtual-reassembly

ip policy route-map RM-PBR-MPLS-VPN

no mop enabled

standby delay minimum 60 reload 60

standby version 2

standby 10 ip

standby 10 preempt delay minimum 60 reload 60 sync 60

standby 10 authentication md5 key-string 7 00211D0516421B120A250D

standby 10 name SNATHSRP

standby 10 track GigabitEthernet0/0

ip access-list extended PBR-MPLS

remark PBR Towards MPLS

permit ip

permit ip

permit ip

ip access-list extended PBR-MPLS-QoS

remark PBR Towards MPLS - Specific Applications

permit tcp host eq telnet

permit tcp host eq www

permit tcp host eq 46997 host

ip access-list extended PBR-Tunnel0

remark PBR Towards Tunnel0

permit ip

route-map RM-PBR-MPLS-VPN permit 10

match ip address PBR-MPLS-QoS

set ip next-hop


route-map RM-PBR-MPLS-VPN permit 20

match ip address PBR-Tunnel0

set ip next-hop verify-availability 10 track 11

set ip next-hop


route-map RM-PBR-MPLS-VPN permit 30

match ip address PBR-MPLS

set ip next-hop


Re: Troubleshooting PBR

You can start with a debug ip policy. If that doesn't help, you might want to debug ip packet 105. The 105 would be an access list defining the traffic you want to debug.

Your symptoms don't really sound like a PBR issue. Do non policy routed pings to the same destinations work OK? Have you tried turning off the IP Inspect?

Please rate helpful posts.


New Member

Re: Troubleshooting PBR

PBR works as expected, but after a day or two the above described sympthoms occur. I haven't tried desabling ip inspect. Will do that and will let you know.

Update: Just turned off ip inspect however, i can still see the packet loss. Weired thing is - if i remove PBR everything works just fine. Theres no errors on interfaces, cpu usage is very low..

Thx, Serge.

New Member

Re: Troubleshooting PBR

Hi Serge,

I saw your post after lot of search about this problem of packtried et loss when using PBR.

We face the similar problem on our IP/MPLS Backbone, several solutions but no success.

So I'd like to know if you finally found the solution of this problem.

Kind regards.