PBR "continue" problem

jackie_gx · ‎05-28-2012

there seem a problem with the "continue" with my pbr.

i want to match source and destination of a packet.

Refer to the pbr i capture below, i want it, if match the permit 10 it will go to permit 30.

But what i see my my capture data, there is no traffic at all at the permit 30.

What can be the problem?

route-map PBR, permit, sequence 10

Match clauses:

ip address (access-lists): SOU

Continue: sequence 30

Set clauses:

Policy routing matches: 4357054 packets, 1853382698 bytes

route-map PBR, permit, sequence 20

Match clauses:

Continue: sequence 40

Set clauses:

Policy routing matches: 3114521 packets, 879205075 bytes

route-map PBR, permit, sequence 30

Match clauses:

ip address (access-lists): DEST

Set clauses:

ip next-hop verify-availability x.x.x.x 1 track 1 [up]

Policy routing matches: 0 packets, 0 bytes

route-map PBR, permit, sequence 40

Match clauses:

Set clauses:

Policy routing matches: 0 packets, 0 bytes

Peter Paluch · ‎05-28-2012

Hi Jackie,

I am not 100% sure here but it has been my understanding that the continue clause in route-maps is only effective when route-maps are used in redistribution or BGP routing policies (attribute modification). The continue clause is not inteded to be used in policy-based routing. That may explain the fact that in your route-map, it does not have any effect.

Best regards,

Peter

jackie_gx · ‎05-29-2012

Hi Peter

Cos the ACL list is too long to write for every ACL with source and dest.

So i write a ACL that match source and other ACL that match dest.

How we write a route-map to macth both ACL?

TQ

from

jackie

Peter Paluch · ‎05-29-2012

Hello Jackie,

If you need to match two ACLs in a single route-map entry, you simply reference them in multiple match statements, as follows:

route-map Example permit 10

match ip address 101

match ip address 102

set ...

Best regards,

Peter

jackie_gx · ‎05-29-2012

Hi Peter

that match u mention above won't work cos when u type

match ip address 101

match ip address 102

it will show like this :

match ip address 101 102

TQ

from

jackie

Peter Paluch · ‎05-29-2012

Hello Jackie,

That is interesting. What platform and IOS version are you running?

Best regards,

Peter

jackie_gx · ‎05-29-2012

Hi Peter

think all ios will be the same behavior, when u match the same "type", it will always become logical OR.

only if u match the diff "type", it will become logical AND.

like:

match ip add 101

mtach tag

TQ

from

Chai

Peter Paluch · ‎05-29-2012

Jackie,

You are absolutely correct here. I apologize for my mistake.

Hmmmm, we have a problem here, then. For PBR, route-maps are the mandatory configuration component. However, specifying a multiple match of the same type will lead to a logical OR, exactly as you have shown. I was thinking of matching a class-map that can be configured in a match-all mode with multiple ACLs, but sadly, a route-map does not allow matching a class-map. And as you have demonstrated yourself, the continue clause is not working, either.

At this point, I am unable to provide any suggestion. I am not saying that there is no way of doing this but right now, I do not see any possible way of accomplishing that. If I come across anything useful I'll make sure to post it here.

Best regards,

Peter