Re: Local Policy from garry baker on 2011-05-27 (Ccielab archives 05/2011)

From: garry baker <baker.garry_at_gmail.com>
Date: Fri, 27 May 2011 21:31:18 +0300

'ip local-policy' is not just for using the loopback interface, that is
usually one of the tricks for getting traffic to be checked by acls or other
order of operations work arounds, but it can do more...

in the following example i just simply changed the routing for destination
150.1.2.2:

NORMAL ROUTE:
Rack1R4#sh ip route 150.1.2.2
Routing entry for 150.1.2.0/24
  Known via "eigrp 100", distance 90, metric 2809856, type internal
  Redistributing via eigrp 100
  Last update from 130.1.124.1 on Serial0/0.124, 00:11:43 ago
  Routing Descriptor Blocks:
  * 130.1.124.1, from 130.1.124.1, 00:11:43 ago, via Serial0/0.124
      Route metric is 2809856, traffic share count is 1
      Total delay is 45000 microseconds, minimum bandwidth is 1544 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2

Rack1R4#ping 150.1.2.2 r 1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 150.1.2.2, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 12/12/12 ms
Rack1R4#
IP: tableid=0, s=130.1.124.4 (local), d=150.1.2.2 (Serial0/0.124), routed
via FIB
IP: s=130.1.124.4 (local), d=150.1.2.2 (Serial0/0.124), len 100, sending
IP: tableid=0, s=150.1.2.2 (Serial0/0.124), d=130.1.124.4 (Serial0/0.124),
routed via RIB
IP: s=150.1.2.2 (Serial0/0.124), d=130.1.124.4 (Serial0/0.124), len 100,
rcvd 3

CHANGE IT TO ROUTE USING LOCAL PBR:

ip local policy route-map TEST_IP_LOCAL_POLICY_RM

access-list 101 permit ip any host 150.1.2.2
!
route-map TEST_IP_LOCAL_POLICY_RM permit 10
match ip address 101
set ip next-hop 130.1.234.1

Rack1R4#sh ip route
130.1.0.0/16 is variably subnetted, 5 subnets, 2 masks
C 130.1.234.0/24 is directly connected, Serial0/0.234
D 150.1.2.0 [90/2809856] via 130.1.124.1, 00:25:38, Serial0/0.124

Rack1R4#ping 150.1.2.2 r 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 150.1.2.2, timeout is 2 seconds:
.
Success rate is 0 percent (0/1)
Rack1R4#
IP: s=130.1.124.4 (local), d=150.1.2.2 (Serial0/0.234), len 100,
encapsulation failed

--
Garry L. Baker
"With sufficient thrust, pigs fly just fine..." - RFC 1925
On Fri, May 27, 2011 at 1:58 PM, Ant <anthonize_at_gmail.com> wrote:
> Hi All,
>
>
>
> Do you know the reason why routers use its loopback interface to forward
> traffic when it configured for Local policy routing? I know since it's not
> following the normal routing table it cannot use outgoing interface. But,
> why it uses the loopback? What will happen if no loopback being configured?
>
>
>
> Thanks in advance
>
>
>
> Don
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Fri May 27 2011 - 21:31:18 ART

This archive was generated by hypermail 2.2.0 : Wed Jun 01 2011 - 09:01:12 ART