From: Ben Holko (ben.holko@datacom.com.au)
Date: Thu Aug 16 2007 - 09:05:47 ART
Hey all,
Consider the following policy routing config:
ip access-list extended IP_PHONES
permit ip 10.89.8.0 0.0.1.255 10.100.57.0 0.0.0.255
permit ip 10.89.72.0 0.0.1.255 10.100.57.0 0.0.0.255
!
route-map IP_PHONES permit 5
match ip address IP_PHONES
set ip next-hop 10.89.71.4
!
route-map IP_PHONES permit 10
!
And I apply policy routing on selected interfaces with "ip policy
route-map IP_PHONES"
The policy routing appears to be working when I test from the relevant
subnet, but "show route-map" fails to include pings in the counters, but
traceroute does increase the counters:
Router1#show route-map
route-map IP_PHONES, permit, sequence 5
Match clauses:
ip address (access-lists): IP_PHONES
Set clauses:
ip next-hop 10.89.71.4
Policy routing matches: 9 packets, 540 bytes <----this does not
increase with ping traffic, but it goes up with traceroute packets
route-map IP_PHONES, permit, sequence 10
Match clauses:
Set clauses:
Policy routing matches: 16 packets, 1539 bytes <---- this does not go
up with ping packets either
Router1#
"debug ip policy" fails to show anything for the ICMP packets, but does
show the traceroute packets being policy routed
Router1#debug ip policy
<move to router 2 and send some traffic which should be policy routed>
Router2#ping 10.100.57.1 source 10.89.8.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.57.1, timeout is 2 seconds:
Packet sent with a source address of 10.89.8.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Router2#
<no debug output on Router1?>
<back to router2>
Router2#traceroute
Protocol [ip]:
Target IP address: 10.100.57.1
Source address: 10.89.8.2
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 10.100.57.1
1 10.89.254.1 0 msec 0 msec 0 msec
2 10.89.71.4 0 msec * *
Router2#
<yay! Debug output on router1>
*Mar 1 01:07:12: IP: s=10.89.8.2 (GigabitEthernet1/0/28),
d=10.100.57.1, len 28, policy match
*Mar 1 01:07:12: IP: route map IP_PHONES, item 5, permit
*Mar 1 01:07:12: IP: s=10.89.8.2 (GigabitEthernet1/0/28), d=10.100.57.1
(Vlan320), len 28, policy routed
*Mar 1 01:07:12: IP: GigabitEthernet1/0/28 to Vlan320 10.89.71.4
*Mar 1 01:07:12: IP: s=10.89.8.2 (GigabitEthernet1/0/28),
d=10.100.57.1, len 28, policy match
*Mar 1 01:07:12: IP: route map IP_PHONES, item 5, permit
*Mar 1 01:07:12: IP: s=10.89.8.2 (GigabitEthernet1/0/28), d=10.100.57.1
(Vlan320), len 28, policy routed
*Mar 1 01:07:12: IP: GigabitEthernet1/0/28 to Vlan320 10.89.71.4
*Mar 1 01:07:12: IP: s=10.89.8.2 (GigabitEthernet1/0/28),
d=10.100.57.1, len 28, policy match
*Mar 1 01:07:12: IP: route map IP_PHONES, item 5, permit
*Mar 1 01:07:12: IP: s=10.89.8.2 (GigabitEthernet1/0/28), d=10.100.57.1
(Vlan320), len 28, policy routed
*Mar 1 01:07:12: IP: GigabitEthernet1/0/28 to Vlan320 10.89.71.4
Router1#
Why isn't my PING traffic seemingly being policy routed?
Ben
This archive was generated by hypermail 2.1.4 : Sat Sep 01 2007 - 11:32:11 ART