Re: local policy route-map not working for me

From: Jian Gu (guxiaojian@gmail.com)
Date: Wed Nov 08 2006 - 15:07:14 ART

• Next message: Sean C: "OT: Job ops in the DC Metro area"
• Previous message: Jian Gu: "Re: local policy route-map not working for me"
• Maybe in reply to: Michael Zuo: "local policy route-map not working for me"
• Next in thread: Michael Zuo: "RE: local policy route-map not working for me"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Small correction, for traceroute you do need to match UDP, your
configuration works with ping.

On 11/8/06, Jian Gu <guxiaojian@gmail.com> wrote:
>
> This configuration should work (and it works in my setup), the reason your
> original configuration did not work is not because it is a prefix list, it
> is because your prefix list was not configured correctly. When Cisco IOS
> router does a ping it will consult its unicast routing table and use the IP
> address of outgoing interface's IP address as Ping packet's source IP
> address.
>
> On 11/7/06, Michael Zuo <mzuo@ixiacom.com> wrote:
> >
> > Still does not work, I change the configuration to:
> >
> > ip access-list extended PING
> > permit icmp any host 142.1.0.4
> > !
> > route-map PING permit 10
> > match ip address PING
> > set ip next-hop 142.1.46.4
> >
> > still:
> >
> >
> > R6(config-ext-nacl)#do trace 142.1.0.4
> >
> > Type escape sequence to abort.
> > Tracing the route to 142.1.0.4
> >
> > 1 204.12.1.3 4 msec 0 msec 4 msec
> > 2 142.1.0.4 32 msec * 28 msec
> >
> > Any ideas on how I can debug?
> >
> > Thanks...
> >
> > -----Original Message-----
> > From: Hafizur Rahman (Europe) [mailto:hafizur.rahman@uk.didata.com]
> > Sent: Monday, November 06, 2006 11:37 PM
> > To: Michael Zuo; ccielab@groupstudy.com
> > Subject: RE: local policy route-map not working for me
> >
> > Hi Michael
> >
> > Try using extended ACl instead of prefix list
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Michael Zuo
> > Sent: 07 November 2006 07:09
> > To: ccielab@groupstudy.com
> > Subject: local policy route-map not working for me
> >
> > Hi All,
> >
> >
> >
> > I am having a problem with my local policy routing and can not figure
> > out why it is not working:
> >
> >
> >
> > Topology:
> >
> > =======
> >
> > R3, R4 and R6 forms a triangle
> >
> >
> >
> > Networks:
> >
> > =======
> >
> > Between R3, R4: 142.1.34.0/24
> >
> > Between R3, R6: 204.12.1.0/24
> >
> > Between R4, R6: 142.1.46.0/24
> >
> >
> >
> > R4 also have IP address 142.1.0.4
> >
> >
> >
> > OSPF is configured in a way that ping from R6 to 142.1.0.4 would go thru
> > R3 first (R3 touches area 0)
> >
> >
> >
> > I am trying to use policy routing to route ICMP from R6 directly over
> > the connection between R4 and R6 which is not in OSPF
> >
> >
> >
> > Configuration
> >
> > =======
> >
> >
> >
> > R6:
> >
> >
> >
> > router ospf 1
> >
> > log-adjacency-changes
> >
> > network 54.1.3.6 0.0.0.0 area 3
> >
> > network 204.12.1.6 0.0.0.0 area 3
> >
> >
> >
> > ip local policy route-map PING
> >
> > !
> >
> >
> >
> > ip prefix-list 10 seq 5 permit 142.1.0.0/24
> >
> > !
> >
> > !
> >
> > route-map PING permit 10
> >
> > match ip address prefix-list 10
> >
> > set ip next-hop 142.1.46.4
> >
> >
> >
> > Result
> >
> > =====
> >
> >
> >
> > R6(config)#do trace 142.1.0.4
> >
> >
> >
> > Type escape sequence to abort.
> >
> > Tracing the route to 142.1.0.4
> >
> >
> >
> > 1 204.12.1.3 0 msec 0 msec 4 msec
> >
> > 2 142.1.0.4 28 msec * 28 msec
> >
> > R6(config)#
> >
> >
> >
> > R6#sh ip loc pol
> >
> > Local policy routing is enabled, using route map PING
> >
> > route-map PING, permit, sequence 10
> >
> > Match clauses:
> >
> > ip address prefix-lists: 10
> >
> > Set clauses:
> >
> > ip next-hop 142.1.46.4
> >
> > Policy routing matches: 5 packets, 320 bytes
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Which means R6 still go thru R3 first before getting to R4!! Also, the
> > packet count in "sh ip loc pol" does not increase
> >
> >
> >
> >
> >
> > Am I missing something obvious? How do I debug further?
> >
> >
> >
> >
> >
> >
> >
> > Thanks a bunch!!
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > -----------------------------------------
> > Dimension Data - providing global IP based solutions and services
> > for over 20 years supported locally from a single point of contact.
> >
> > This email is confidential. If you are not the intended recipient
> > then you must not copy it, forward it, use it for any purpose, or
> > disclose it to another person.
> >
> > Please also note that the author of this email is not authorised
> > to; make any offers capable of acceptance unless expressly stated
> > in a validly dated and attached document which shall be subject to
> > the terms and conditions stated therein or, conclude any contract
> > on behalf of Dimension Data by email.
> >
> > Although Dimension Data has taken reasonable precautions to ensure
> > no viruses are present in this email, the company cannot accept
> > responsibility for any loss or damage arising from the use of this
> > email or attachments.
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Sean C: "OT: Job ops in the DC Metro area"
• Previous message: Jian Gu: "Re: local policy route-map not working for me"
• Maybe in reply to: Michael Zuo: "local policy route-map not working for me"
• Next in thread: Michael Zuo: "RE: local policy route-map not working for me"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART