Median router default route normal behaviour

Discussion in 'Cisco' started by Daniel-G, May 17, 2009.

  1. Daniel-G

    Daniel-G Guest

    Hi to all,

    I have the following configuration
    Internet Internet
    TO 10.2.0.0/16 ^ ^
    BGP AS600 | | BGP AS600
    | 10.60.2.2 --+ +--10.64.2.2 |
    | | | |
    Left | Middle | Right
    10.60.2.10---- 10.60.2.3 (G0/0) (G0/1) 10.64.2.3 ----- 10.64.2.10

    Routers Left and Right announce 10.60 and 10.64 through BGP on the other
    side. BGP routes are distributes to the Middle router through EIGRP
    The router in the middle is the default gateway for hosts on subnets
    10.60 and 10.64 respectively

    on Middle I've set
    ip route default 0.0.0.0 0.0.0.0 10.60.2.2
    ip route default 0.0.0.0 0.0.0.0 10.64.2.2 (tried also to set a metric
    on the routes, but no change)

    And also to have hosts from 10.64.0.0 use 10.64.2.2 I've set a route map

    ip access-list extended from1064to1060
    permit ip 10.64.0.0 0.0.255.255 10.60.0.0 0.0.255.255
    permit ip 10.64.0.0 0.0.255.255 10.200.0.0 0.0.255.255
    ip access-list extended from1064toANY
    deny ip 10.60.0.0 0.0.255.255 any
    deny ip 10.200.0.0 0.0.255.255 any
    deny ip 10.64.0.0 0.0.255.255 10.15.0.0 0.0.255.255
    deny ip 10.64.0.0 0.0.255.255 10.16.0.0 0.0.255.255
    permit ip 10.64.0.0 0.0.255.255 any

    route-map toANY-RMAP permit 5
    match ip address from1064to1060
    set interface GigabitEthernet0/0
    !
    route-map toANY-RMAP permit 10
    match ip address from1064toANY
    set ip next-hop 10.64.2.2
    !


    I notice a traceroute go always through 10.60 despite it matches the policy

    example :
    traceroute 195.11.34.97 from 10.64.2.10
    10.64.2.3
    10.60.2.3
    10.64.2.3
    10.64.2.2

    Any clues ??
    Thanks in advance
    Daniel
    Daniel-G, May 17, 2009
    #1
    1. Advertising

  2. Daniel-G

    bod43 Guest

    On 17 May, 22:03, Daniel-G <free-news_no-replyATcasylde.fr> wrote:
    > Hi to all,
    >
    > I have the following configuration
    >                    Internet                 Internet
    > TO 10.2.0.0/16        ^                       ^
    >   BGP AS600           |                       |              BGP AS600
    >     |     10.60.2.2 --+                       +--10.64.2.2    |
    >     |        |                                      |         |
    >   Left       |                Middle                |       Right
    > 10.60.2.10---- 10.60.2.3 (G0/0)    (G0/1) 10.64.2.3 ----- 10.64.2.10


    I have not studied all of the information that you have
    presented in full however there are a couple of things that
    spring to mind.

    I have the idea that PBR cannot be applied to
    traffic originated by the router. So your test traffic will
    not be PBRed. I have a vague notion that
    this can be accomplished with recent IOS, maybe?
    A quick search turns up no results though.

    PBR is applied by a policy map applied on the
    inbound interface, do you have one so applied?

    Also:-
    Next hop interface has no meaning on an ethernet
    interface. It only has meaning on a point to point
    interface. Think about what arp entry the router
    will use to send the traffic to the next hop.
    On a point to point the router can just send the
    traffic out the interface since no L2 addresseing
    is used or needed.
    bod43, May 17, 2009
    #2
    1. Advertising

  3. Daniel-G

    Daniel-G Guest

    bod43 said the following on 05/18/2009 12:14 AM:
    > On 17 May, 22:03, Daniel-G <free-news_no-replyATcasylde.fr> wrote:
    >> Hi to all,
    >>
    >> I have the following configuration
    >> Internet Internet
    >> TO 10.2.0.0/16 ^ ^
    >> BGP AS600 | | BGP AS600
    >> | 10.60.2.2 --+ +--10.64.2.2 |
    >> | | | |
    >> Left | Middle | Right
    >> 10.60.2.10---- 10.60.2.3 (G0/0) (G0/1) 10.64.2.3 ----- 10.64.2.10

    >
    > I have not studied all of the information that you have
    > presented in full however there are a couple of things that
    > spring to mind.
    >
    > I have the idea that PBR cannot be applied to
    > traffic originated by the router. So your test traffic will
    > not be PBRed. I have a vague notion that
    > this can be accomplished with recent IOS, maybe?
    > A quick search turns up no results though.
    >
    > PBR is applied by a policy map applied on the
    > inbound interface, do you have one so applied?
    >

    You're right but here the trafic is originated from another point in the
    subnet (here the right side router) so PBR should apply

    > Also:-
    > Next hop interface has no meaning on an ethernet
    > interface. It only has meaning on a point to point
    > interface. Think about what arp entry the router
    > will use to send the traffic to the next hop.
    > On a point to point the router can just send the
    > traffic out the interface since no L2 addresseing
    > is used or needed.
    >


    Maybe but this clause is intended for consistency, maybe it's useless

    I think the problem is with the 2 static default routes. I've read
    somewhere that routing is applied in the order the routes are described
    in case of different metrics, in a kind of round robin with the same
    metrics.
    What I want is to force trfic originating from 10.64 to use the default
    gateway on 10.64 and same for 10.60 with which there is no problem why
    this route is the first declared

    Daniel
    Daniel-G, May 18, 2009
    #3
  4. Daniel-G

    Dan Lanciani Guest

    In article <>, (bod43) writes:

    | I have the idea that PBR cannot be applied to
    | traffic originated by the router. So your test traffic will
    | not be PBRed. I have a vague notion that
    | this can be accomplished with recent IOS, maybe?

    ip local policy route-map <map>

    will do this but it can be tricky. Let's say you have an L2TP tunnel
    terminating on a router with a local policy map. You might think that
    the local policy would apply to L2TP packets sent, and it does for
    control packets. But for data packets the map (if any) associated
    with the interface on which the encapsulated packet was received is
    used.

    Dan Lanciani
    ddl@danlan.*com
    Dan Lanciani, May 19, 2009
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. T.N.T.

    Nikon D70 firmware update and median filter

    T.N.T., Jan 20, 2005, in forum: Digital Photography
    Replies:
    6
    Views:
    430
    Owamanga
    Jan 20, 2005
  2. perimere
    Replies:
    0
    Views:
    1,083
    perimere
    Mar 27, 2007
  3. Replies:
    9
    Views:
    4,850
    Scott Perry
    Aug 7, 2008
  4. Replies:
    1
    Views:
    768
    Trendkill
    Apr 1, 2009
  5. Replies:
    0
    Views:
    515
Loading...

Share This Page