Policy Based Routing advice

Jeffrey Pazahanick jeffpaz at gmail.com
Thu Aug 12 14:44:04 CDT 2010


A 'debug ip policy' should show if it's hitting or not...

IP: s=30.0.0.1 (Ethernet0/0/1), d=40.0.0.7, len 100,FIB flow policy match

 IP: s=30.0.0.1 (Ethernet0/0/1), d=40.0.0.7, len 100,FIB PR flow accelerated!

 IP: s=30.0.0.1 (Ethernet0/0/1), d=40.0.0.7, g=10.0.0.8, len 100, FIB
policy routed



On Thu, Aug 12, 2010 at 2:33 PM, Andrey Khomyakov <
khomyakov.andrey at gmail.com> wrote:

> I dont' think this will work. Here is the formal description of "set
> interface" from cisco.com:
>
> This action specifies that the packet is forwarded out of the local
> interface. The interface must be a Layer 3 interface (no switchports), and
> the destination address in the packet must lie within the IP network
> assigned to that interface. If the destination address for the packet does
> not lie within that network, the packet is dropped.
>
>
> Since in my case the packets are destined to random addresses on the webz,
> my understanding that this will effectively be a drop statement for them.
>
> But, no, I have not tried it.
>
> On Thu, Aug 12, 2010 at 3:25 PM, Rogelio <rgamino at gmail.com> wrote:
>
> > Have you tried "set interface" instead of "set ip"?
> >
> >
> > Sent from my iPhone
> >
> > On Aug 12, 2010, at 3:13 PM, Andrey Khomyakov <
> khomyakov.andrey at gmail.com>
> > wrote:
> >
> > > I did try an extended ACL and had the same result.
> > > The way I know that it's not working is that I see these packets
> arriving
> > on
> > > a wrong interface on the firewall and therefor being dropped.
> > > I actually had to open a CR with Cisco and they verified the config and
> > said
> > > nothing is wrong with it. They are escalating and will hopefully get
> back
> > to
> > > me about this.
> > >
> > > Andrey
> >
>
>
>
> --
> Andrey Khomyakov
> [khomyakov.andrey at gmail.com]
>



More information about the NANOG mailing list