Re: PBR and traffic destined for the local router's loopback from ron wilkerson on 2014-01-15 (Ccielab archives 01/2014)

From: ron wilkerson <ron.wilkerson_at_gmail.com>
Date: Wed, 15 Jan 2014 13:43:10 -0500

Hey,
Try using the local policy based routing.
You'll get the results you're looking for.

Ron

On Wed, Jan 15, 2014 at 1:05 PM, Andrew LaPorte <andy_at_cloud9.net> wrote:

> Hi,
>
>
>
> I've been doing some studying on PBR and I'm having trouble finding out why
> traffic that destined for the local device bypasses the PBR policy.
>
>
>
> Example:
>
>
>
> ip access-list extended DROP-ACL
>
> permit icmp any any
>
> route-map DROP-MAP
>
> match ip address DROP-ACL
>
> set interface null 0
>
> inter ser 0/0/0.1
>
> ip policy route-map DROP-MAP
>
>
>
> According to debug ip packet the packet is being routed via the RIB and
> would lead be to believe that PBR should affect it. (see below "routed via
> RIB")
>
>
>
> IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, input feature,
> Policy Routing(58), rtype 0, forus FALSE, sendself FALSE, mtu 0
>
> IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, input feature, MCI
> Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0
>
> IP: tableid=0, s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6 (Loopback0),
> routed
> via RIB
>
> IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, rcvd 4
>
> IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, stop process pak
> for
> forus packet
>
> IP: s=150.1.6.6 (local), d=54.1.1.254 (Serial0/0/0.1), len 100, sending
>
> IP: s=150.1.6.6 (local), d=54.1.1.254 (Serial0/0/0.1), len 100, sending
> full
> packet
>
>
>
> I was expecting PBR to drop all ICMP traffic received on the ser 0/0/0.1
> interface that needed to be routed but it does not seem to affect traffic
> to
> local loopback. I did some debugging (debug ip policy) and it appears the
> traffic never hits the PBR.
>
>
>
> So my question is really does traffic destined for the local device bypass
> the routing decision? Any if possible does anyone know where this is
> document? Now before you say I should look it up, I just spent the last
> hour looking for it and was unable to find any specific about how PBR
> handles external traffic to the local device.
>
>
>
> Thanks for your help in advance.
>
>
>
> Andy
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jan 15 2014 - 13:43:10 ART

This archive was generated by hypermail 2.2.0 : Sat Feb 01 2014 - 10:24:52 ART