IP local policy routing does not consult routing table


I’ve generated the following ip local policy routing config:

R1(config)#ip access-list ext TO_R3
R1(config-ext-nacl)#permit ip
R1(config)#ip acces
R1(config)#ip access-list ext TO_R5
R1(config-ext-nacl)#permit ip host host

R1(config)#ip local policy route-map MYPOLICY

R1(config)#route-map MYPOLICY permit 10
R1(config-route-map)#match ip address TO_R3
R1(config-route-map)#set ip next-hop
R1(config)#route-map MYPOLICY permit 20
R1(config-route-map)#match ip address TO_R5
R1(config-route-map)#set ip next-hop

Now let’s traceroute to R3 and R5

1 6 msec 1 msec 0 msec
2 1 msec 0 msec 1 msec

1 3 msec 0 msec 1 msec
2 6 msec 1 msec 1 msec

As you can, see the policies work so locally generated traffic to R3 is routed through the DMVPN cloud, while locally generated traffic to R5 is routed through the common vlan 13 interface, but notice a strange thing…

R1#debug ip packet
IP packet debugging is on
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
*Oct 25 18:18:43.836: IP: s= (local), d= (Tunnel0), len 100, local feature, Policy Routing(3), rtype 2, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 25 18:18:43.836: IP: s= (local), d= (Tunnel0), len 100, local feature, Logical MN local(14), rtype 2, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 25 18:18:43.836: IP: s= (local), d= (Tunnel0), len 100, sending
*Oct 25 18:18:43.836: IP: s= (local), d= (Tunnel0), len 100, sending full packet

Why is the source interface the loopback of R1, and not its outgoing interface towards R3 ???

Have a look at the routing table, too

R1#show ip route
% Subnet not in table
R1#show ip route is subnetted, 1 subnets
C is directly connected, Loopback0 is variably subnetted, 9 subnets, 2 masks
C is directly connected, Tunnel0
L is directly connected, Tunnel0
H is directly connected, 00:11:54, Tunnel0
C is directly connected, Ethernet0/0.13
L is directly connected, Ethernet0/0.13
C is directly connected, Ethernet0/0.100
L is directly connected, Ethernet0/0.100
C is directly connected, Ethernet0/0.146
L is directly connected, Ethernet0/0.146

As you can see, the destination is not in the routing table and there is no default route.

What is the conclusion?

The routing table is NOT consulted for destinations of local policy routing, so the source interface may not be consistent. In this case i have a loopback and i configured the local policy to have the loopback as the packet source in the ACL.



Wprowadź swoje dane lub kliknij jedną z tych ikon, aby się zalogować:

Logo WordPress.com

Komentujesz korzystając z konta WordPress.com. Wyloguj /  Zmień )

Zdjęcie z Twittera

Komentujesz korzystając z konta Twitter. Wyloguj /  Zmień )

Zdjęcie na Facebooku

Komentujesz korzystając z konta Facebook. Wyloguj /  Zmień )

Połączenie z %s

%d blogerów lubi to: