No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Redirect Next-hop does not work on AR router

Publication Date:  2014-09-30 Views:  49 Downloads:  0
Issue Description
1. Topology

2. Configure redirect traffic policy on MPLS AR router.
acl number 3000 
rule 5 permit ip vpn-instance test source 192.168.10.0 0.0.0.255

traffic classifier c-pbr operator or
if-match acl 3000

traffic behavior b-pbr
redirect ip-nexthop 172.20.0.254 vpn-instance test

traffic policy p-pbr
classifier c-pbr behavior b-pbr

interface GigabitEthernet0/0/0
traffic-policy p-pbr inbound

3. Using above configuration and test that redirect traffic policy does not work. Traffic from 192.168.10.0 should be redirected to FW (172.16.0.254)
<CE>tracert -a 192.168.10.1 1.1.1.1

traceroute to  1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break

1 172.20.0.1 50 ms  30 ms  40 ms

2 172.20.1.1 50 ms  30 ms  80 ms
<CE>
Alarm Information
None
Handling Process
1. According to the traceroute result, the redirect does not work. Check the ACL information and found that there is no packets hit acl 3000. It means there is no traffic
<MPLS1>display acl 3000
Advanced ACL 3000, 1 rules
Acl's step is 5
rule 5 permit ip source 192.168.10.0 0.0.0.255

2. Because customer configure redirect traffic policy in VPN instance scenario, customer already redirect nexthop in traffic behavior. Let customer change the ACL configuration to below:
acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255

And test it again, the problem is solved.
<CE>tracert -a 192.168.10.1 1.1.1.1

traceroute to  1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break

1 172.20.0.1 50 ms  30 ms  40 ms

2 172.20.0.254 50 ms  30 ms  80 ms
<CE>
Solution
Because customer configure redirect traffic policy in VPN instance scenario, customer already redirect nexthop in traffic behavior. Let customer change the ACL configuration to below:
acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255

And test it again, the problem is solved.
<CE>tracert -a 192.168.10.1 1.1.1.1

traceroute to  1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break

1 172.20.0.1 50 ms  30 ms  40 ms

2 172.20.0.254 50 ms  30 ms  80 ms
<CE>
Suggestions
None

END