No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

Analysis of Packet Redirection Failure on the NE80E Using Policy-Based Routing

Publication Date:  2012-07-27  |   Views:  150  |   Downloads:  0  |   Author:  z00105507  |   Document ID:  EKB0000345387

Contents

Issue Description

In a network topology, the NE80E of version V300R003C02B253 is deployed to deliver packet redirection and thus some packets can reach a server for authentication; however, the NE80E cannot deliver packet redirection with policy-based routing configured as follows:
<NE80E>
……
#
acl number 3101
rule 5 permit ip source 192.168.1.0 0.0.0.255
rule 10 permit ip source 192.168.2.0 0.0.0.255
rule 15 permit ip source 192.168.3.0 0.0.0.255
#
interface GigabitEthernet3/0/1
description TO_MA5200G_G2/0/0
shutdown
ip address 192.168.100.1 255.255.255.248
ip policy-based-route CityHot
#
policy-based-route CityHot permit node 10
if-match acl 3101
apply ip-address next-hop 192.168.100.100 
 

Alarm Information

Null

Handling Process

The NE80E can redirect packets through the complicated flow classification.
<NE80E>
……
#
acl number 3101
rule 5 permit ip source 192.168.1.0 0.0.0.255
rule 10 permit ip source 192.168.2.0 0.0.0.255
rule 15 permit ip source 192.168.3.0 0.0.0.255
#
traffic classifier CityHot operator or
if-match acl 3001
#
traffic behavior CityHot
redirect ip-nexthop 192.168.100.100
#
traffic policy antivirus
classifier CityHot behavior CityHot
#
interface GigabitEthernet3/0/1
description TO_MA5200G_G2/0/0
shutdown
ip address 192.168.100.1 255.255.255.248
traffic-policy CityHot outbound 
 

Root Cause

The NE80E forwards packets based on NP which is a type of hardware-based forwarding. The configuration of the policy-based-route command implements software-based forwarding. Therefore, the NE80E cannot deliver packet redirection by using the policy-based-route command. 

Suggestions

To avoid such problems, ensure that the policy-based-route command cannot be configured on routers delivering NP-based forwarding.