Re: PBR and traffic destined for the local router's loopback

Do a debug ip policy with and without the local policy and you'll see the
difference.

On Wed, Jan 15, 2014 at 1:45 PM, Andy LaPorte <andy_at_cloud9.net> wrote:

> Ron,
>
> I thought that local policy based routing was for outbound from the router
> not inbound to the router.
>
> Does local policy-based routing also affect inbound to the router?
>
> Andy
>
> Sent from my iPad
>
> On Jan 15, 2014, at 1:43 PM, ron wilkerson <ron.wilkerson_at_gmail.com>
> wrote:
>
> Hey,
> Try using the local policy based routing.
> You'll get the results you're looking for.
>
> Ron
>
>
> On Wed, Jan 15, 2014 at 1:05 PM, Andrew LaPorte <andy_at_cloud9.net> wrote:
>
>> Hi,
>>
>>
>>
>> I've been doing some studying on PBR and I'm having trouble finding out
>> why
>> traffic that destined for the local device bypasses the PBR policy.
>>
>>
>>
>> Example:
>>
>>
>>
>> ip access-list extended DROP-ACL
>>
>> permit icmp any any
>>
>> route-map DROP-MAP
>>
>> match ip address DROP-ACL
>>
>> set interface null 0
>>
>> inter ser 0/0/0.1
>>
>> ip policy route-map DROP-MAP
>>
>>
>>
>> According to debug ip packet the packet is being routed via the RIB and
>> would lead be to believe that PBR should affect it. (see below "routed via
>> RIB")
>>
>>
>>
>> IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, input feature,
>> Policy Routing(58), rtype 0, forus FALSE, sendself FALSE, mtu 0
>>
>> IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, input feature, MCI
>> Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0
>>
>> IP: tableid=0, s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6 (Loopback0),
>> routed
>> via RIB
>>
>> IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, rcvd 4
>>
>> IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, stop process pak
>> for
>> forus packet
>>
>> IP: s=150.1.6.6 (local), d=54.1.1.254 (Serial0/0/0.1), len 100, sending
>>
>> IP: s=150.1.6.6 (local), d=54.1.1.254 (Serial0/0/0.1), len 100, sending
>> full
>> packet
>>
>>
>>
>> I was expecting PBR to drop all ICMP traffic received on the ser 0/0/0.1
>> interface that needed to be routed but it does not seem to affect traffic
>> to
>> local loopback. I did some debugging (debug ip policy) and it appears the
>> traffic never hits the PBR.
>>
>>
>>
>> So my question is really does traffic destined for the local device bypass
>> the routing decision? Any if possible does anyone know where this is
>> document? Now before you say I should look it up, I just spent the last
>> hour looking for it and was unable to find any specific about how PBR
>> handles external traffic to the local device.
>>
>>
>>
>> Thanks for your help in advance.
>>
>>
>>
>> Andy
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Jan 15 2014 - 14:02:09 ART