RE: PBR for Local Originated Traffic and ISDN

From: gladston@br.ibm.com
Date: Fri Jun 17 2005 - 10:45:49 GMT-3

• Next message: George Cassels \(gcassels\): "Frame Relay traffic shaping VS GTS traffic shaping on a PVC"
• Previous message: ccie2be: "FW: IPv6 OSPF Support on Lab equipment?"
• Maybe in reply to: gladston@br.ibm.com: "PBR for Local Originated Traffic and ISDN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks for the reply,

I edited the dialer-list, and tested with access-list 188 permit ip any
any. Also tried standard access-list permit any.
It seems there is some IOS issue here.

As you can see IOS made the call:

Rack2R4#sh is ac
-----------------------------------------------------------------------------

---
                                ISDN ACTIVE CALLS
-----------------------------------------------------------------------------
---
Call    Calling      Called       Remote  Seconds Seconds Seconds Charges
Type    Number       Number       Name    Used    Left    Idle
Units/Currency
-----------------------------------------------------------------------------
---
Out   ---N/A---  5551111111      Rack2R5       80 Unavail   -          0
Out   ---N/A---  5551111111      Rack2R5       50 Unavail   -          0
-----------------------------------------------------------------------------
---
The traffic is police routed:
*Mar  1 01:58:52: IP: s=142.20.4.1 (local), d=142.20.5.1, len 100, policy
match
*Mar  1 01:58:52: IP: route map DLSW, item 10, permit
*Mar  1 01:58:52: IP: s=142.20.4.1 (local), d=142.20.5.1
(Virtual-Access3), len 100, policy routed
But for some reason IOS does not sent this traffic out BRI interface:
Rack2R4#pi
Protocol [ip]:
Target IP address: 142.20.5.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 142.20.4.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 142.20.5.1, timeout is 2 seconds:
Packet sent with a source address of 142.20.4.1
.....
Success rate is 0 percent (0/5)
Rack2R4#
Deb int bri 0/0 and debug ip packet on both sides shows traffic is not
exiting BRI on local router or enter BRI on remote router (supposing debug
ip packet fail to indicate the local router exiting local router, I
configured debug on remote router).
I am inclined to conclude it is a (wrong) behavior of the IOS 12.2T on
2600.  Any other tests appreciated.
Cordially,
------------------------------------------------------------------
 Gladston
"Geert Nijs" <geert.nijs@simac.be>
17/06/2005 04:07
To
Alaerte Gladston Vidali/Brazil/IBM@IBMBR
cc
Subject
RE: PBR for Local Originated Traffic and ISDN
Maybe a stupid suggestion, but have you checked the interesting traffic
definition on the bri interface ??
Also, do not check on source ip (i have read thread where it is really
hard to filter locally generated traffic based on
source ip and destination ip, it is really tricky, just try using:
permit ip any)
Geert
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: vrijdag 17 juni 2005 1:33
To: ccielab@groupstudy.com
Subject: PBR for Local Originated Traffic and ISDN
Do you have problems with ip local policy when the next-hop is ISDN?
It works fine for other interfaces, but not for ISDN. Debug shows PBR is
doing its job:
*Mar  1 00:49:46: IP: local to Virtual-Access2 142.20.45.5.
*Mar  1 00:49:48: IP: s=142.20.4.1 (local), d=142.20.5.1, len 100,
policy match *Mar  1 00:49:48: IP: route map Test, item 10, permit *Mar
1 00:49:48: IP: s=142.20.4.1 (local), d=142.20.5.1 (Virtual-Access2),
len 100, policy routed *Mar  1 00:49:48: IP: local to Virtual-Access2
142.20.45.5.
*Mar  1 00:49:50: IP: s=142.20.4.1 (local), d=142.20.5.1, len 100,
policy match *Mar  1 00:49:50: IP: route map Test, item 10, permit *Mar
1 00:49:50: IP: s=142.20.4.1 (local), d=142.20.5.1 (Virtual-Access2),
len 100, policy routed
...but debug ip packet on local router and remote router shows that
packets does not reach the BRI interface, although PBR shows it sends
the traffic to it.
The ISDN interface goes up
Ping to 142.20.45.5 (remote site) works fine.
PBR applyed to e0/0 forcing traffic goes to BRI works fine. The problem
is just for local traffic. (ping and telnet tested)
I tried to use dialer map for the destination address 142.20.5.1 on the
hope this was an encapsulation failed problem, but it did not help.
I reload the router, without changes.
interface BRI0/0
ip address 142.20.45.4 255.255.255.0
encapsulation ppp
ip ospf message-digest-key 10 md5 cisco  ip ospf cost 9999  dialer map
ip 142.20.45.5 name Rack2R5 broadcast 5551111111  dialer map ip
142.20.5.1 name Rack2R5 broadcast 5551111111  dialer load-threshold 1
outbound  dialer-group 1  isdn switch-type basic-ni  isdn spid1
444111111100  isdn spid2 444222222200  no cdp enable  ppp authentication
chap  ppp multilink end !
ip local policy route-map Test
!
route-map Test permit 10
match ip address 166
set ip next-hop 142.20.45.5
!
access-list 166 permit ip h 142.20.4.1 h 142.20.5.1

• Next message: George Cassels \(gcassels\): "Frame Relay traffic shaping VS GTS traffic shaping on a PVC"
• Previous message: ccie2be: "FW: IPv6 OSPF Support on Lab equipment?"
• Maybe in reply to: gladston@br.ibm.com: "PBR for Local Originated Traffic and ISDN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3