From: Jack Heney (jheneyccie@xxxxxxxxxxx)
Date: Fri Oct 20 2000 - 20:02:33 GMT-3
Here's your problem:
1.) The ip local policy command tells the router to apply the policy to
packets that are generated by the router itself. When you use a route-map
for policy routing, the route-map has to go on the interface that the
traffic you want to policy route is coming IN on. Because of this, traffic
generated by the router itself is not policy routed unless you use the ip
local policy command, which you did.
2.) Policy routing can only be used to examine fields that exist in the IP
packet....Since "next-hop" is not a field in the IP header (the next-hop is
indicated by the destination MAC address), the router can't determine if
traffic is a match or not, so it ignores the match statement (match next-hop
is used with route-maps that are filtering routing protocol updates, where
the routes contained in the updates each have a next-hop value). Next-hop
can only be used with "set" for policy routing.
3.) Since the router is ignoring the match statement, your route-map is
basically telling the router to send all traffic that runs into the
route-map to the serial interface on R1....Since you also used the "ip local
policy" command, traffic generated by the router itself will all be sent to
R1 (including OSPF packets originally intended for R4). Therefore, no OSPF
packets are actually being sent to R4...No packets, no adjacency.
In order for your policy routing to work, you need to match a field in the
IP header...I would suggest destination address, which will require an
extended access-list in the match statement of the route-map. The
access-list (on R3) should be "permit ip any x.x.x.x y.y.y.y" where x.x.x.x
are all networks attached to R5 and y.y.y.y is the appropriate wildcard
mask, and the same should be configured on R5 (with x.x.x.x being all
networks attached to R3). That way, any traffic that enters R3 with a
destination that is attached to R5 will have its next hop set to R1, which
is what you want.
Hope this helps,
Jack
>From: "Fallon, Bill" <Bill.Fallon@getronics.com>
>Reply-To: "Fallon, Bill" <Bill.Fallon@getronics.com>
>To: "Jason T. Rohm" <jtrohm@athenet.net>, "Bell, Mark (Houston)"
><m.bell@wilcom.com>
>CC: CCIE List <ccielab@groupstudy.com>
>Subject: RE: Policy Routing and OSPF Adjacencies
>Date: Fri, 20 Oct 2000 16:52:02 -0400
>
>Jason,
>
>I ran into this problem as well. I could not figure out why as soon as
>enabled the loacl policy on Router 3, router 4 would lose his adjacency
>with
>router 3. Did you get any solution to this?
>
>Thanks,
>Bill
>
>-----Original Message-----
>From: Jason T. Rohm [mailto:jtrohm@athenet.net]
>Sent: Sunday, September 24, 2000 6:43 PM
>To: Bell, Mark (Houston)
>Cc: CCIE List
>Subject: RE: Policy Routing and OSPF Adjacencies
>
>
>Mark,
>
>I definately have an adjacency problem with R3-R4. As soon as I remove the
>local policy route, the routers connect.
>
>I am running 11.2(22) IP Plus on router 3 and 11.2(22) Enterprise on router
>4, both are Cisco 3104s.
>
>What are you running for IOS?
>
>-Jason
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>Bell, Mark (Houston)
>Sent: Sunday, September 24, 2000 4:44 PM
>To: 'Jason T. Rohm'
>Cc: CCIE List
>Subject: RE: Policy Routing and OSPF Adjacencies
>
>
>I have not given up on this! When I set up policy routing based on
>matching
>the next hop, I did a "debug ip policy" and saw that ALL traffic was
>matching. After some trial and error, I removed the "match" statement
>completely and saw the same results. It appears to me the "match ip
>next-hop x" does NOT really match based on the next hop in the routing
>table, which makes my original understanding of route maps/policy routing
>correct. Based on this, I am concluding that if the parameter specified in
>the match statement does not work with what you are trying to do (i.e. the
>scenario at hand), it will be ignored and the "set" statement will be
>applied to everything. Is this correct?
>
>Jason, I still have not been able to find out why policy routing would be
>affecting your OSPF adjacencies. No matter what I did with policy routing,
>my OSPF adjacencies were never affected. I even did a "clear ip ospf
>process" with policy routing enabled locally and on S1 to make both
>neighbors re-form the adjacencies but they formed with no problems.
>
>
>-----Original Message-----
>From: Jason T. Rohm [mailto:jtrohm@athenet.net]
>Sent: Sunday, September 24, 2000 13:35
>To: Derek Buelna
>Cc: CCIE List
>Subject: RE: Policy Routing and OSPF Adjacencies
>
>
>Derek,
>
>Thanks for the suggestion. This might work around the issue, but I am still
>wondering why the policy-route is affecting the serial link to router 4...
>do you have any ideas?
>
>-Jason
>
>-----Original Message-----
>From: Derek Buelna [mailto:dameon@aracnet.com]
>Sent: Sunday, September 24, 2000 11:07 AM
>To: 'Jason T. Rohm'; 'CCIE List'
>Subject: RE: Policy Routing and OSPF Adjacencies
>
>
>You need to configure ip ospf network point-to-multipoint on R1's s0.2
>(multi) , on R3 and R5.
>
>Make sure you use broadcast on map statements.
>
>Remember OSPF and NBMA:
>
>OSPF Net type Hello/Dead Election
>Broad 10/40 DR/BDR
>P-P 10/40 No Election
>Non-Broad 30/120 DR/BDR
>P-MP 30/120 No Election
>
>-Derek
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Jason T. Rohm
>Sent: Saturday, September 23, 2000 6:31 PM
>To: CCIE List
>Subject: Policy Routing and OSPF Adjacencies
>
>
>I am working on CCIE Bootcamp lab #3 (Those of you with copies please refer
>to the first diagram on lab 3).
>
>I have four routers (1,3,4,5), three are connected via a partial-mesh frame
>network. Routers 3 and 5 are connected via PVCs to router 1, while router 4
>is connected to router 3 via a direct serial cable.
>
>The requirements of the lab explicitly forbid the use of multiple frame-map
>statements to overcome the partial-mesh issues. I have used a route-map
>that
>forces traffic from router 3 to router 5 to be forced through router 1's
>frame interface. However, when the policy is applied to local packets (ip
>local policy...) router 3 fails to form an adjacency with router 4 (Sits in
>INIT state). I am however able to ping router 4 from router 3. If I remove
>the local policy, the routers form an adjacency.
>
>Has anyone else seen this?
>
>Configs:
>
>Router 1
>
>interface Serial0/0.2 multipoint
> ip address 137.20.30.1 255.255.255.0
> ip ospf priority 250
> frame-relay interface-dlci 103
> frame-relay interface-dlci 105
> no frame-relay inverse-arp
>!
>router ospf 137
> network 137.20.30.0 0.0.1.255 area 0
> neighbor 137.20.30.3
> neighbor 137.20.30.5
>!
>ip classless
>!
>
>Router 3
>
>!
>interface Serial0
> ip address 137.20.30.3 255.255.255.0
> encapsulation frame-relay
> ip ospf priority 0
> frame-relay interface-dlci 301
>!
>interface Serial1
> ip address 137.20.63.3 255.255.255.0
> encapsulation ppp
> ip policy route-map NBMAFRAME
>!
>router ospf 137
> network 137.20.30.0 0.0.1.255 area 0
> network 137.20.63.0 0.0.0.255 area 1
>!
>ip classless
>!
>ip local policy route-map NBMAFRAME
>!
>access-list 30 permit 137.20.30.5
>!
>route-map NBMAFRAME permit 10
> match ip next-hop 30
> set ip next-hop 137.20.30.1
>!
>
>Router 4
>
>interface Serial0
> ip address 137.20.63.4 255.255.255.0
> encapsulation ppp
> no fair-queue
> clockrate 250000
>!
>router ospf 137
> network 137.20.63.0 0.0.0.255 area 1
>!
>ip classless
>!
>
>Router 5
>
>interface Serial0
> ip address 137.20.30.5 255.255.255.0
> no ip directed-broadcast
> encapsulation frame-relay
> ip ospf interface-retry 0
> ip ospf priority 0
> no ip mroute-cache
> frame-relay interface-dlci 501
>!
>router ospf 137
> network 137.20.30.0 0.0.1.255 area 0
>!
>ip local policy route-map NBMAFRAME
>ip classless
>!
>access-list 30 permit 137.20.30.3
>!
>route-map NBMAFRAME permit 10
> match ip next-hop 30
> set ip next-hop 137.20.30.1
>!
>
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:28 GMT-3