RE: Policy routing woes!

From: Coleman, Jason (ColemaJ@netsolve.net)
Date: Thu Dec 12 2002 - 02:17:56 GMT-3

• Next message: Erick B.: "Re: Why does broadcast still trigger the call?"
• Previous message: William Wong Kun Sing: "RE: SPIDs in ISDN"
• Maybe in reply to: Jason Cash: "Policy routing woes!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I believe that your problem is that you don't have any data link layer
information about the 153.1.204.4 destination on the frame relay interface.
Looking at the encaps failed message, the packet is destined for this addr,
however there is no entry in the frame map table for that destination.

Try changing your policy rules to set the next hop instead of using the
interface. You could also add a frame-relay map statement that points the
204.4 address to the same DLCI.

I believe both should work.
I'll try to setup in a lab tomorrow and see if I get the expected results.

Jason Coleman
 (email) colemaj@netsolve.com

 -----Original Message-----
From: Jason Cash [mailto:cash2001@swbell.net]
Sent: Tuesday, December 10, 2002 11:33 PM
To: ccielab@groupstudy.com
Subject: Policy routing woes!

Trying to setup policy routing, and I am a bit confused I have R3
policing incoming packets from R5.
 
153.1.204.4 (Lo1 on R4) is set to goto S0
153.1.244.4 (Lo2 on R4) is set to goto E0
 
             R5
              |
              | \
 R2 (S0) R3 (S1)
   \ \ /
    \ /
     \ /
     / \
    / \
   / \
 R1 R4
 
Here is the config on R3:
 
interface Serial0
 ip address 153.1.200.3 255.255.255.0
 encapsulation frame-relay
 no ip route-cache
 ip ospf network point-to-point
 no ip mroute-cache
 frame-relay map ip 153.1.200.4 304 broadcast
 no frame-relay inverse-arp
!
interface Serial1
 ip address 153.1.53.67 255.255.255.224
 no ip route-cache
 no ip mroute-cache
 ip policy route-map new
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
ip classless
no ip http server
!
access-list 101 permit ip any host 153.1.204.4
access-list 102 permit ip any host 153.1.244.4
 
route-map new permit 10
 match ip address 101
 set interface Serial0
!
route-map new permit 20
 match ip address 102
 set interface Ethernet0
 
route-map new permit 30
 
Here is the config on R4:
 
interface Loopback0
 ip address 153.1.104.1 255.255.255.0
!
interface Loopback1
 ip address 153.1.204.4 255.255.255.0
 ip ospf network point-to-point
!
interface Loopback2
 ip address 153.1.244.4 255.255.255.0
 ip ospf network point-to-point
!
interface Ethernet0
 ip address 153.1.43.44 255.255.255.128
 no ip route-cache
 no ip mroute-cache
 no keepalive
!
interface Serial0
 ip address 153.1.200.4 255.255.255.0
 encapsulation frame-relay
 no ip route-cache
 ip ospf network point-to-point
 no ip mroute-cache
 frame-relay map ip 153.1.200.3 403 broadcast
 no frame-relay inverse-arp
!
interface Serial1
 no ip address
 no ip route-cache
 no ip mroute-cache
 shutdown
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
 
Without the 'ip policy route-map new' the packets get to R4: (with E0
shut down on R3)
 
r3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
r3(config)#int s1
r3(config-if)#no ip policy route-map new
r3(config-if)#
ts#5
[Resuming connection 5 to r5 ... ]
 
r5#trace 153.1.204.4
 
Type escape sequence to abort.
Tracing the route to 153.1.204.4
 
  1 153.1.53.67 8 msec 4 msec 4 msec
  2 153.1.200.4 12 msec * 12 msec
 
When I implement the route policy it just times out:
 
r3(config-if)# ip policy route-map new
r3(config-if)#^Z
ts#5
[Resuming connection 5 to r5 ... ]
 
r5#trace 153.1.204.4
 
Type escape sequence to abort.
Tracing the route to 153.1.204.4
 
  1 153.1.53.67 8 msec 8 msec 8 msec
  2 * *
 
Don't know what the deal is.here is the 'debug ip policy 101' on R3 with
the policy enable on S1:
 
r3#sh log
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0
flushes, 0 overruns)
    Console logging: level debugging, 1245 messages logged
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 1245 messages logged
    Logging Exception size (4096 bytes)
    Trap logging: level informational, 99 message lines logged
          
Log Buffer (4096 bytes):
 
05:58:56: %SYS-5-CONFIG_I: Configured from console by console
05:59:14: IP: s=153.1.53.68 (Serial1), d=153.1.204.4, len 28, policy
match
05:59:14: IP: route map new, item 10, permit
05:59:14: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0), len 28,
policy routed
05:59:14: IP: Serial1 to Serial0 153.1.204.4
05:59:17: IP: s=153.1.53.68 (Serial1), d=153.1.204.4, len 28, policy
match
05:59:17: IP: route map new, item 10, permit
05:59:17: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0), len 28,
policy routed
05:59:17: IP: Serial1 to Serial0 153.1.204.4
05:59:20: IP: s=153.1.53.68 (Serial1), d=153.1.204.4, len 28, policy
match
05:59:20: IP: route map new, item 10, permit
05:59:20: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0), len 28,
policy routed
05:59:20: IP: Serial1 to Serial0 153.1.204.4
 
Here is the 'deb ip pack 101 det' output: I see an encap failed, but
what am I missing?
 
r3#sh log
 
Log Buffer (4096 bytes):
 
05:58:56: %SYS-5-CONFIG_I: Configured from console by console
05:59:14: IP: s=153.1.53.68 (Serial1), d=153.1.204.4, len 28, policy
match
05:59:14: IP: route map new, item 10, permit
05:59:14: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0), len 28,
policy routed
05:59:14: IP: Serial1 to Serial0 153.1.204.4
05:59:17: IP: s=153.1.53.68 (Serial1), d=153.1.204.4, len 28, policy
match
05:59:17: IP: route map new, item 10, permit
05:59:17: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0), len 28,
policy routed
05:59:17: IP: Serial1 to Serial0 153.1.204.4
05:59:20: IP: s=153.1.53.68 (Serial1), d=153.1.204.4, len 28, policy
match
05:59:20: IP: route map new, item 10, permit
05:59:20: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0), len 28,
policy routed
05:59:20: IP: Serial1 to Serial0 153.1.204.4
06:03:29: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0),
g=153.1.204.4, len 28, forward
06:03:29: UDP src=36186, dst=33437
06:03:29: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0), len 28,
encapsulation failed
06:03:29: UDP src=36186, dst=33437
06:03:32: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0),
g=153.1.204.4, len 28, forward
06:03:32: UDP src=41743, dst=33438
06:03:32: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0), len 28,
encapsulation failed
06:03:32: UDP src=41743, dst=33438
06:03:35: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0),
g=153.1.204.4, len 28, forward
06:03:35: UDP src=38450, dst=33439
06:03:35: IP: s=153.1.53.68 (Serial1), d=153.1.204.4 (Serial0), len 28,
encapsulation failed
06:03:35: UDP src=38450, dst=33439
.
.

• Next message: Erick B.: "Re: Why does broadcast still trigger the call?"
• Previous message: William Wong Kun Sing: "RE: SPIDs in ISDN"
• Maybe in reply to: Jason Cash: "Policy routing woes!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:44 GMT-3