«

Hi to all,

I have the following configuration
Internet Internet
TO 10.2.0.0/16 ^ ^
BGP AS600 | | BGP AS600
| 10.60.2.2 --+ +--10.64.2.2 |
| | | |
Left | Middle | Right
10.60.2.10---- 10.60.2.3 (G0/0) (G0/1) 10.64.2.3 ----- 10.64.2.10

Routers Left and Right announce 10.60 and 10.64 through BGP on the other
side. BGP routes are distributes to the Middle router through EIGRP
The router in the middle is the default gateway for hosts on subnets
10.60 and 10.64 respectively

on Middle I've set
ip route default 0.0.0.0 0.0.0.0 10.60.2.2
ip route default 0.0.0.0 0.0.0.0 10.64.2.2 (tried also to set a metric
on the routes, but no change)

And also to have hosts from 10.64.0.0 use 10.64.2.2 I've set a route map

ip access-list extended from1064to1060
permit ip 10.64.0.0 0.0.255.255 10.60.0.0 0.0.255.255
permit ip 10.64.0.0 0.0.255.255 10.200.0.0 0.0.255.255
ip access-list extended from1064toANY
deny ip 10.60.0.0 0.0.255.255 any
deny ip 10.200.0.0 0.0.255.255 any
deny ip 10.64.0.0 0.0.255.255 10.15.0.0 0.0.255.255
deny ip 10.64.0.0 0.0.255.255 10.16.0.0 0.0.255.255
permit ip 10.64.0.0 0.0.255.255 any

route-map toANY-RMAP permit 5
match ip address from1064to1060
set interface GigabitEthernet0/0
!
route-map toANY-RMAP permit 10
match ip address from1064toANY
set ip next-hop 10.64.2.2
!


I notice a traceroute go always through 10.60 despite it matches the policy

example :
traceroute 195.11.34.97 from 10.64.2.10
10.64.2.3
10.60.2.3
10.64.2.3
10.64.2.2

Any clues ??
Thanks in advance
Daniel

On 17 May, 22:03, Daniel-G <free-news_no-replyATcasylde.fr> wrote:
> Hi to all,
>
> I have the following configuration
> * * * * * * * * * *Internet * * * * * * * * Internet
> TO 10.2.0.0/16 * * * *^ * * * * * * * * * * * ^
> * BGP AS600 * * * * * | * * * * * * * * * * * | * * * * * * *BGP AS600
> * * | * * 10.60.2.2 --+ * * * * * * * * * * * +--10.64.2.2 * *|
> * * | * * * *| * * * * * * * * * * * * * * * * * * *| * * * * |
> * Left * * * | * * * * * * * *Middle * * * * * * * *| * * * Right
> 10.60.2.10---- 10.60.2.3 (G0/0) * *(G0/1) 10.64.2.3 ----- 10.64.2.10

I have not studied all of the information that you have
presented in full however there are a couple of things that
spring to mind.

I have the idea that PBR cannot be applied to
traffic originated by the router. So your test traffic will
not be PBRed. I have a vague notion that
this can be accomplished with recent IOS, maybe?
A quick search turns up no results though.

PBR is applied by a policy map applied on the
inbound interface, do you have one so applied?

Also:-
Next hop interface has no meaning on an ethernet
interface. It only has meaning on a point to point
interface. Think about what arp entry the router
will use to send the traffic to the next hop.
On a point to point the router can just send the
traffic out the interface since no L2 addresseing
is used or needed.

bod43 said the following on 05/18/2009 12:14 AM:
> On 17 May, 22:03, Daniel-G <free-news_no-replyATcasylde.fr> wrote:
>> Hi to all,
>>
>> I have the following configuration
>> Internet Internet
>> TO 10.2.0.0/16 ^ ^
>> BGP AS600 | | BGP AS600
>> | 10.60.2.2 --+ +--10.64.2.2 |
>> | | | |
>> Left | Middle | Right
>> 10.60.2.10---- 10.60.2.3 (G0/0) (G0/1) 10.64.2.3 ----- 10.64.2.10
>
> I have not studied all of the information that you have
> presented in full however there are a couple of things that
> spring to mind.
>
> I have the idea that PBR cannot be applied to
> traffic originated by the router. So your test traffic will
> not be PBRed. I have a vague notion that
> this can be accomplished with recent IOS, maybe?
> A quick search turns up no results though.
>
> PBR is applied by a policy map applied on the
> inbound interface, do you have one so applied?
>
You're right but here the trafic is originated from another point in the
subnet (here the right side router) so PBR should apply

> Also:-
> Next hop interface has no meaning on an ethernet
> interface. It only has meaning on a point to point
> interface. Think about what arp entry the router
> will use to send the traffic to the next hop.
> On a point to point the router can just send the
> traffic out the interface since no L2 addresseing
> is used or needed.
>

Maybe but this clause is intended for consistency, maybe it's useless

I think the problem is with the 2 static default routes. I've read
somewhere that routing is applied in the order the routes are described
in case of different metrics, in a kind of round robin with the same
metrics.
What I want is to force trfic originating from 10.64 to use the default
gateway on 10.64 and same for 10.60 with which there is no problem why
this route is the first declared

Daniel

In article <7feecb58-5e09-405c-bab4->, (bod43) writes:

| I have the idea that PBR cannot be applied to
| traffic originated by the router. So your test traffic will
| not be PBRed. I have a vague notion that
| this can be accomplished with recent IOS, maybe?

ip local policy route-map <map>

will do this but it can be tricky. Let's say you have an L2TP tunnel
terminating on a router with a local policy map. You might think that
the local policy would apply to L2TP packets sent, and it does for
control packets. But for data packets the map (if any) associated
with the interface on which the encapsulated packet was received is
used.

Dan Lanciani
ddl@danlan.*com