From: Huan Pham (Huan.Pham@peopletelecom.com.au)
Date: Sat Aug 16 2008 - 23:27:10 ART
My understanding is that PBR decision is taken first, and if the next
hop IP address (used by PBR) is not avaible, then the traffic will take
the normal path (if availble).
In both cases, whether the Serial1/0 interface status is UP/DOWN or
DOWN/DOWN, the router should know that the next hop IP is not avaible,
and should NOT black hole traffic.
Trafic might be black holed in other cases where interface is Ethernet,
or Frame Physical interface where it does not go down, when the other
end is not reachable. You can use a new IOS feature (next hop
reachbility verification) to overcome this scenario.
http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_ip_p
rot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056703
Quoted:
"If the router is policy routing packets to the next hop and the next
hop happens to be down, the router will try unsuccessfully to use
Address Resolution Protocol (ARP) for the next hop (which is down). This
behavior can continue indefinitely.
To prevent this situation from occurring, you can configure the router
to first verify that the next hop, using a route map, are CDP neighbors
of the router before routing to that next hop."
Router(config-route-map)# set ip next-hop verify-availability
I am surprised as you see traffic black-holed even when the interface is
down/down. Please check your routing table, and see if you have a back
up route in this case or not. You can set up ACLs (make sure to have
permit ip any any at the end of ACL) on the outgoing interfaces, to
verify if the traffic take the normal route, or the route set by PBR.
Cheers,
Huan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Lala Lander
Sent: Sunday, 17 August 2008 8:38 AM
To: Cisco certification
Subject: How does set ip next-hop suppose to behave?
Hi guys,
Please help me with this little issue.
How does set ip next-hop suppose to work? let say I have R1 and R2. R1
has a s1/0 interface to ISP router and it is configured for PBR for any
traffic originating from internal lan say subnet 10.10.10.0/24. The next
hop is set for ISP interface i.e
route-map blah permit 10
match ip address 1
set ip next-hop 172.1.1.2
Now Scenario1>>assume ISP next hop is NOT reachable and interface s1/0
is in up/down state. Will router try PBR first and then normal routing
or kept trying PBR, hence dropping all 10.10.10.0/24 traffic?
Scenario2>> assume ISP next hop is NOT reachable and interface s1/0 is
Scenario2>> in
down/down state. Will router try PBR first and then normal routing or
kept trying PBR, hence dropping all 10.10.10.0/24
I am seeing traffic is blackholed ONLY when s1/0 is down/down otherwise
R1 uses normal routing and routes 10.10.10.0/24 network via iBGP etc.
Please help as according to doyle's book even with up/down, the traffic
should be blackholed.
I have no way of verifying it but appreciate your help here.
thnaks,
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:31 ART