Anyone use Cisco Policy Routing?
Hi, I'm trying to setup a platform that will send different types of packets over different routes, theres a good example of what I'm doing at http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/prodlit/dlsw5_rg.htm under 'Directing Traffic Flows with Policy Routing' Basically, it doesnt work, I'm on IOS 12.0(3) and not sure if its a bug or just me. I'm using policy routing and route-maps to identify certain types of traffic by tcp port number using extended access-lists and then change the next-hop. Whats happening is that it works okay until the above access-list makes a match, after that all packets to that IP address regardless of port number get sent via the modified next hop. I'm wondering if I've got a) an IOS bug or if b) I need to turn off some kind of route caching/cef that works at layer 3 altho I've disabled everything I could think of on the interface Any thoughts? Steve -- Stephen J. Wilcox IP Services Manager, Opal Telecom http://www.opaltelecom.co.uk/ Tel: 0161 222 2000 Fax: 0161 222 2008
This does not sound like a problem with IOS, but more like a problem with the configuration. Packets matching in your access list will go to the designated next hop. Those failing to match will not be discarded. These packets will take the course of the routing table. Where are you trying to apply the route map? The interface or the routing protocol? For what you're doing, you should apply the Route Map to an incoming interface. Try another matching statement with a lower precedence under your Policy. Ex: route-map Stephen_Policy permit 10 match ip address access_list_A set ip next hop A.A.A.A route-map Stephen_Policy permit 20 match ip address access_list_B set ip next hop B.B.B.B route-map Stephen_Policy permit 30 match ip address default_list set ip next hop C.C.C.C ~ Clarke ~ ----- Original Message ----- From: Stephen J. Wilcox <steve@opaltelecom.co.uk> To: <nanog@merit.edu> Sent: Friday, September 14, 2001 1:28 PM Subject: Anyone use Cisco Policy Routing?
Hi, I'm trying to setup a platform that will send different types of packets over different routes, theres a good example of what I'm doing at
http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/prodlit/dlsw5_rg.htm
under 'Directing Traffic Flows with Policy Routing'
Basically, it doesnt work, I'm on IOS 12.0(3) and not sure if its a bug or just me.
I'm using policy routing and route-maps to identify certain types of traffic by tcp port number using extended access-lists and then change the next-hop.
Whats happening is that it works okay until the above access-list makes a match, after that all packets to that IP address regardless of port number get sent via the modified next hop.
I'm wondering if I've got a) an IOS bug
or if
b) I need to turn off some kind of route caching/cef that works at layer 3 altho I've disabled everything I could think of on the interface
Any thoughts?
Steve
-- Stephen J. Wilcox IP Services Manager, Opal Telecom http://www.opaltelecom.co.uk/ Tel: 0161 222 2000 Fax: 0161 222 2008
This does not sound like a problem with IOS, but more like a problem with the configuration. Packets matching in your access list will go to the designated next hop. Those failing to match will not be discarded. These packets will take the course of the routing table. Where are you trying to apply the route map? The interface or the routing protocol? For what you're doing, you should apply the Route Map to an incoming interface. Try another matching statement with a lower precedence under your Policy. Ex: route-map Stephen_Policy permit 10 match ip address access_list_A set ip next hop A.A.A.A route-map Stephen_Policy permit 20 match ip address access_list_B set ip next hop B.B.B.B route-map Stephen_Policy permit 30 match ip address default_list set ip next hop C.C.C.C ~ Clarke ~ ----- Original Message ----- From: Stephen J. Wilcox <steve@opaltelecom.co.uk> To: <nanog@merit.edu> Sent: Friday, September 14, 2001 1:28 PM Subject: Anyone use Cisco Policy Routing?
Hi, I'm trying to setup a platform that will send different types of packets over different routes, theres a good example of what I'm doing at
http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/prodlit/dlsw5_rg.htm
under 'Directing Traffic Flows with Policy Routing'
Basically, it doesnt work, I'm on IOS 12.0(3) and not sure if its a bug or just me.
I'm using policy routing and route-maps to identify certain types of traffic by tcp port number using extended access-lists and then change the next-hop.
Whats happening is that it works okay until the above access-list makes a match, after that all packets to that IP address regardless of port number get sent via the modified next hop.
I'm wondering if I've got a) an IOS bug
or if
b) I need to turn off some kind of route caching/cef that works at layer 3 altho I've disabled everything I could think of on the interface
Any thoughts?
Steve
-- Stephen J. Wilcox IP Services Manager, Opal Telecom http://www.opaltelecom.co.uk/ Tel: 0161 222 2000 Fax: 0161 222 2008
Steve, I've seen this problem happen w/ policy routing and CEF enabled. You need to turn off CEF if this is happening to you. Cisco has a bug out on this, if I can find it in my notes I'll send it. Mark. On Fri, Sep 14, 2001 at 06:28:28PM +0100, Stephen J. Wilcox wrote:
Hi, I'm trying to setup a platform that will send different types of packets over different routes, theres a good example of what I'm doing at
http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/prodlit/dlsw5_rg.htm
under 'Directing Traffic Flows with Policy Routing'
Basically, it doesnt work, I'm on IOS 12.0(3) and not sure if its a bug or just me.
I'm using policy routing and route-maps to identify certain types of traffic by tcp port number using extended access-lists and then change the next-hop.
Whats happening is that it works okay until the above access-list makes a match, after that all packets to that IP address regardless of port number get sent via the modified next hop.
I'm wondering if I've got a) an IOS bug
or if
b) I need to turn off some kind of route caching/cef that works at layer 3 altho I've disabled everything I could think of on the interface
Any thoughts?
Steve
-- Stephen J. Wilcox IP Services Manager, Opal Telecom http://www.opaltelecom.co.uk/ Tel: 0161 222 2000 Fax: 0161 222 2008
At least Gnaps -- 7:45 PM our PRI's and hardware went dead. ========================================================== Chris Candreva -- chris@westnet.com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
We came back up at Old Slip at about 8:55 PM EDT. Our T1 is back too ! Life is good ! I'm going to have another beer. Make that a scotch. ========================================================== Chris Candreva -- chris@westnet.com -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
On Fri, 14 Sep 2001, Stephen J. Wilcox wrote:
Hi, I'm trying to setup a platform that will send different types of packets over different routes, theres a good example of what I'm doing at
http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/prodlit/dlsw5_rg.htm
under 'Directing Traffic Flows with Policy Routing'
Basically, it doesnt work, I'm on IOS 12.0(3) and not sure if its a bug or just me.
have you tried 12.0(7)? Many fixes to strange issues... -- Yours, J.A. Terranson sysadmin@mfn.org If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics. The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
How does this apply to Cisco's Policy Routing ? ----- Original Message ----- From: <measl@mfn.org> To: Stephen J. Wilcox <steve@opaltelecom.co.uk> Cc: <nanog@merit.edu> Sent: Saturday, September 15, 2001 3:09 AM Subject: Re: Anyone use Cisco Policy Routing?
On Fri, 14 Sep 2001, Stephen J. Wilcox wrote:
Hi, I'm trying to setup a platform that will send different types of
packets
over different routes, theres a good example of what I'm doing at
http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/prodlit/dlsw5_rg.htm
under 'Directing Traffic Flows with Policy Routing'
Basically, it doesnt work, I'm on IOS 12.0(3) and not sure if its a bug or just me.
have you tried 12.0(7)? Many fixes to strange issues...
-- Yours, J.A. Terranson sysadmin@mfn.org
If Governments really want us to behave like civilized human beings, they should give serious consideration towards setting a better example: Ruling by force, rather than consensus; the unrestrained application of unjust laws (which the victim-populations were never allowed input on in the first place); the State policy of justice only for the rich and elected; the intentional abuse and occassionally destruction of entire populations merely to distract an already apathetic and numb electorate... This type of demogoguery must surely wipe out the fascist United States as surely as it wiped out the fascist Union of Soviet Socialist Republics.
The views expressed here are mine, and NOT those of my employers, associates, or others. Besides, if it *were* the opinion of all of those people, I doubt there would be a problem to bitch about in the first place... --------------------------------------------------------------------
Stephen,
I'm wondering if I've got a) an IOS bug
Send me the configuration and a description of what you are trying to accomplish (ie. what packets you want to redirect where) and I'll tell you if it's broken.
or if
b) I need to turn off some kind of route caching/cef that works at layer 3 altho I've disabled everything I could think of on the interface
You should *never* have to disable a switching path to make a feature work. If you do it's a bug and please open a TAC case on it so the problem is fixed. Cisco IOS switching paths are designed such that if you enable a feature that is not supported in a particular switching path then that packet is punted to the next switching path to be handled. Thanks, Rodney Escalation Engineer Routing Protocols Cisco Systems Inc. On Fri, Sep 14, 2001 at 06:28:28PM +0100, Stephen J. Wilcox wrote:
Hi, I'm trying to setup a platform that will send different types of packets over different routes, theres a good example of what I'm doing at
http://www.cisco.com/warp/public/cc/pd/ibsw/ibdlsw/prodlit/dlsw5_rg.htm
under 'Directing Traffic Flows with Policy Routing'
Basically, it doesnt work, I'm on IOS 12.0(3) and not sure if its a bug or just me.
I'm using policy routing and route-maps to identify certain types of traffic by tcp port number using extended access-lists and then change the next-hop.
Whats happening is that it works okay until the above access-list makes a match, after that all packets to that IP address regardless of port number get sent via the modified next hop.
I'm wondering if I've got a) an IOS bug
or if
b) I need to turn off some kind of route caching/cef that works at layer 3 altho I've disabled everything I could think of on the interface
Any thoughts?
Steve
-- Stephen J. Wilcox IP Services Manager, Opal Telecom http://www.opaltelecom.co.uk/ Tel: 0161 222 2000 Fax: 0161 222 2008
participants (6)
-
Christopher X. Candreva -
clarke -
Mark O'Brien -
measl@mfn.org -
Rodney Dunn -
Stephen J. Wilcox