No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Analysis of Packet Redirection Failure on the NE80E Using Policy-Based Routing

Publication Date:  2012-07-27 Views:  51 Downloads:  0
Issue Description
In a network topology, the NE80E of version V300R003C02B253 is deployed to deliver packet redirection and thus some packets can reach a server for authentication; however, the NE80E cannot deliver packet redirection with policy-based routing configured as follows:
<NE80E>
……
#
acl number 3101
rule 5 permit ip source 192.168.1.0 0.0.0.255
rule 10 permit ip source 192.168.2.0 0.0.0.255
rule 15 permit ip source 192.168.3.0 0.0.0.255
#
interface GigabitEthernet3/0/1
description TO_MA5200G_G2/0/0
shutdown
ip address 192.168.100.1 255.255.255.248
ip policy-based-route CityHot
#
policy-based-route CityHot permit node 10
if-match acl 3101
apply ip-address next-hop 192.168.100.100 
 
Alarm Information
Null
Handling Process
The NE80E can redirect packets through the complicated flow classification.
<NE80E>
……
#
acl number 3101
rule 5 permit ip source 192.168.1.0 0.0.0.255
rule 10 permit ip source 192.168.2.0 0.0.0.255
rule 15 permit ip source 192.168.3.0 0.0.0.255
#
traffic classifier CityHot operator or
if-match acl 3001
#
traffic behavior CityHot
redirect ip-nexthop 192.168.100.100
#
traffic policy antivirus
classifier CityHot behavior CityHot
#
interface GigabitEthernet3/0/1
description TO_MA5200G_G2/0/0
shutdown
ip address 192.168.100.1 255.255.255.248
traffic-policy CityHot outbound 
 
Root Cause
The NE80E forwards packets based on NP which is a type of hardware-based forwarding. The configuration of the policy-based-route command implements software-based forwarding. Therefore, the NE80E cannot deliver packet redirection by using the policy-based-route command. 
Suggestions
To avoid such problems, ensure that the policy-based-route command cannot be configured on routers delivering NP-based forwarding. 

END