Policy Based Routing advice
jeffpaz at gmail.com
Thu Aug 12 14:44:04 CDT 2010
A 'debug ip policy' should show if it's hitting or not...
IP: s=126.96.36.199 (Ethernet0/0/1), d=188.8.131.52, len 100,FIB flow policy match
IP: s=184.108.40.206 (Ethernet0/0/1), d=220.127.116.11, len 100,FIB PR flow accelerated!
IP: s=18.104.22.168 (Ethernet0/0/1), d=22.214.171.124, g=10.0.0.8, len 100, FIB
On Thu, Aug 12, 2010 at 2:33 PM, Andrey Khomyakov <
khomyakov.andrey at gmail.com> wrote:
> I dont' think this will work. Here is the formal description of "set
> interface" from cisco.com:
> This action specifies that the packet is forwarded out of the local
> interface. The interface must be a Layer 3 interface (no switchports), and
> the destination address in the packet must lie within the IP network
> assigned to that interface. If the destination address for the packet does
> not lie within that network, the packet is dropped.
> Since in my case the packets are destined to random addresses on the webz,
> my understanding that this will effectively be a drop statement for them.
> But, no, I have not tried it.
> On Thu, Aug 12, 2010 at 3:25 PM, Rogelio <rgamino at gmail.com> wrote:
> > Have you tried "set interface" instead of "set ip"?
> > Sent from my iPhone
> > On Aug 12, 2010, at 3:13 PM, Andrey Khomyakov <
> khomyakov.andrey at gmail.com>
> > wrote:
> > > I did try an extended ACL and had the same result.
> > > The way I know that it's not working is that I see these packets
> > on
> > > a wrong interface on the firewall and therefor being dropped.
> > > I actually had to open a CR with Cisco and they verified the config and
> > said
> > > nothing is wrong with it. They are escalating and will hopefully get
> > to
> > > me about this.
> > >
> > > Andrey
> Andrey Khomyakov
> [khomyakov.andrey at gmail.com]
More information about the NANOG