http://www.cisco.com/en/US/docs/ios/12_0/qos/configuration/guide/qcpolicy.html
according to this document pbr is supported in cef based switching since 12.0... the question is how well is cef supported in gns3 running ios... my guess is gns3 may choke a little here... i'm the last one to call out gns3; it's the best thing that ever happened to people like us, but...
here's the example:
r1#trace 6.6.6.6
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.1.2 32 msec
10.1.2.2 20 msec
r1 has a choice of two paths in this ospf/eigrp redistributed topology to get to the far end loopback 6.6.6.6... both paths are supported in the trace... i want to determine one path...
so i set up a pbr on r1 to force the path through r2...
r1(config)#access-list 1 permit 6.6.6.6
r1(config)#access-list 1 permit any
r1(config)#do sh access-list
Standard IP access list 1
10 permit 6.6.6.6
20 permit any
r1(config)#access-list 1 permit any
r1(config)#do sh access-list
Standard IP access list 1
10 permit 6.6.6.6
20 permit any
r1(config-route-map)#match ip add 1
r1(config-route-map)#set ip next-hop 10.1.1.2
r1(config-route-map)#exit
r1(config)#int f0/0
r1(config-if)#ip policy route-map this
r1(config-if)#
r1#ping 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/20 ms
r1#sh route-map
route-map this, permit, sequence 10
Match clauses:
ip address (access-lists): 1
Set clauses:
ip next-hop 10.1.1.2
Policy routing matches: 0 packets, 0 bytes
no matches...
turn off cef...
r1(config)#no ip cef
r1(config)#end
r1#ping 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/13/20 ms
r1#sh route-map
route-map this, permit, sequence 10
Match clauses:
ip address (access-lists): 1
Set clauses:
ip next-hop 10.1.1.2
Policy routing matches: 0 packets, 0 bytes
still no matches... so i turned cef back on...
if i debug the policy i get no hits as well...
r1#debug ip policy
Policy routing debugging is on
r1#ping 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/24 ms
nothing...
then there's this... ip local policy route-map (route-map name) see link above...
r1(config)#ip local policy route-map this
r1(config)#end
r1#
*Oct 28 12:34:29: %SYS-5-CONFIG_I: Configured from console by console
r1#ping 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/13/20 ms
r1#
*Oct 28 12:34:33: IP: s=10.1.2.1 (local), d=6.6.6.6, len 100, policy match
*Oct 28 12:34:33: IP: route map this, item 10, permit
*Oct 28 12:34:33: IP: s=10.1.2.1 (local), d=6.6.6.6 (FastEthernet0/0), len 100, policy routed
*Oct 28 12:34:33: IP: local to FastEthernet0/0 10.1.1.2
*Oct 28 12:34:33: IP: s=10.1.2.1 (local), d=6.6.6.6, len 100, policy match
*Oct 28 12:34:33: IP: route map this, item 10, permit
*Oct 28 12:34:33: IP: s=10.1.2.1 (local), d=6.6.6.6 (FastEthernet0/0), len 100, policy routed
*Oct 28 12:34:33: IP: local to FastEthernet0/0 10.1.1.2
*Oct 28 12:34:33: IP: s=10.1.2.1 (local), d=6.6.6.6, len 100, policy match
*Oct 28 12:34:33: IP: route map this, item 10, permit
*Oct 28 12:34:33: IP: s=10.1.2.1 (local), d=6.6.6.6 (FastEthernet0/0), len 100, policy routed
*Oct 28 12:34:33: IP: local to FastEthernet0/0 10.1.1.2
*Oct 28 12:34:33: IP: s=10.1.2.1 (local), d=6.6.6.6, len 100, policy match
*Oct 28 12:34:33: IP: route map this, item 10, permit
*Oct 28 12:34:33: IP: s=10.1.2.1 (local), d=6.6.6.6 (FastEthernet0/0), len 100, policy routed
*Oct 28 12:34:33: IP: local to FastEthernet0/0 10.1.1.2
*Oct 28 12:34:33: IP: s=10.1.2.1 (local), d=6.6.6.6, len 100, policy match
*Oct 28 12:34:33: IP: route map this, item 10, permit
*Oct 28 12:34:33: IP: s=10.1.2.1 (local), d=6.6.6.6 (FastEthernet0/0)
r1#, len 100, policy routed
*Oct 28 12:34:33: IP: local to FastEthernet0/0 10.1.1.2
now i don't feel like i'm losing my goddamn mind...
r1#sh route-map
route-map this, permit, sequence 10
Match clauses:
ip address (access-lists): 1
Set clauses:
ip next-hop 10.1.1.2
Nexthop tracking current: 0.0.0.0
10.1.1.2, fib_nh:0,oce:0,status:0
Policy routing matches: 5 packets, 500 bytes
that's a big difference...
r1#trace 6.6.6.6
Type escape sequence to abort.
Tracing the route to 6.6.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.1.2 8 msec 4 msec 8 msec
2 192.168.1.2 8 msec 8 msec 8 msec
3 172.16.1.1 12 msec 40 msec *
no big deal... i still love gns3...
No comments:
Post a Comment