IP local policy routing does not consult routing table

Hello

I’ve generated the following ip local policy routing config:

R1(config)#ip access-list ext TO_R3
R1(config-ext-nacl)#permit ip 150.1.1.1 0.0.0.0 150.1.3.3 0.0.0.0
R1(config-ext-nacl)#exit
R1(config)#ip acces
R1(config)#ip access-list ext TO_R5
R1(config-ext-nacl)#permit ip host 150.1.1.1 host 150.1.5.5
R1(config-ext-nacl)#exit

R1(config)#ip local policy route-map MYPOLICY

R1(config)#route-map MYPOLICY permit 10
R1(config-route-map)#match ip address TO_R3
R1(config-route-map)#set ip next-hop 155.1.0.5
R1(config-route-map)#exit
R1(config)#route-map MYPOLICY permit 20
R1(config-route-map)#match ip address TO_R5
R1(config-route-map)#set ip next-hop 155.1.13.3
R1(config-route-map)#exit
R1(config)#exit

Now let’s traceroute to R3 and R5
R1#traceroute 150.1.3.3

1 155.1.0.5 6 msec 1 msec 0 msec
2 155.1.0.3 1 msec 0 msec 1 msec
R1#traceroute 150.1.5.5

1 155.1.13.3 3 msec 0 msec 1 msec
2 155.1.0.5 6 msec 1 msec 1 msec

As you can, see the policies work so locally generated traffic to R3 is routed through the DMVPN cloud, while locally generated traffic to R5 is routed through the common vlan 13 interface, but notice a strange thing…

R1#debug ip packet
IP packet debugging is on
R1#ping 150.1.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1#
*Oct 25 18:18:43.836: IP: s=150.1.1.1 (local), d=150.1.3.3 (Tunnel0), len 100, local feature, Policy Routing(3), rtype 2, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 25 18:18:43.836: IP: s=150.1.1.1 (local), d=150.1.3.3 (Tunnel0), len 100, local feature, Logical MN local(14), rtype 2, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Oct 25 18:18:43.836: IP: s=150.1.1.1 (local), d=150.1.3.3 (Tunnel0), len 100, sending
*Oct 25 18:18:43.836: IP: s=150.1.1.1 (local), d=150.1.3.3 (Tunnel0), len 100, sending full packet

Why is the source interface the loopback of R1, and not its outgoing interface towards R3 ???

Have a look at the routing table, too

R1#show ip route 150.1.3.3
% Subnet not in table
R1#show ip route

150.1.0.0/32 is subnetted, 1 subnets
C 150.1.1.1 is directly connected, Loopback0
155.1.0.0/16 is variably subnetted, 9 subnets, 2 masks
C 155.1.0.0/24 is directly connected, Tunnel0
L 155.1.0.1/32 is directly connected, Tunnel0
H 155.1.0.3/32 is directly connected, 00:11:54, Tunnel0
C 155.1.13.0/24 is directly connected, Ethernet0/0.13
L 155.1.13.1/32 is directly connected, Ethernet0/0.13
C 155.1.100.0/24 is directly connected, Ethernet0/0.100
L 155.1.100.1/32 is directly connected, Ethernet0/0.100
C 155.1.146.0/24 is directly connected, Ethernet0/0.146
L 155.1.146.1/32 is directly connected, Ethernet0/0.146
R1#

As you can see, the destination is not in the routing table and there is no default route.

What is the conclusion?

The routing table is NOT consulted for destinations of local policy routing, so the source interface may not be consistent. In this case i have a loopback and i configured the local policy to have the loopback as the packet source in the ACL.

 

Skomentuj

Wprowadź swoje dane lub kliknij jedną z tych ikon, aby się zalogować:

Logo WordPress.com

Komentujesz korzystając z konta WordPress.com. Wyloguj /  Zmień )

Zdjęcie na Google

Komentujesz korzystając z konta Google. Wyloguj /  Zmień )

Zdjęcie z Twittera

Komentujesz korzystając z konta Twitter. Wyloguj /  Zmień )

Zdjęcie na Facebooku

Komentujesz korzystając z konta Facebook. Wyloguj /  Zmień )

Połączenie z %s