No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
MENU
Knowledge Base

Redirect Next-hop does not work on AR router

Publication Date:  2014-09-30  |   Views:  256  |   Downloads:  0  |   Author:  l00509000  |   Document ID:  EKB1000054651

Contents
Issue Description Alarm Information Handling Process Solution Suggestions

Issue Description

1. Topology

2. Configure redirect traffic policy on MPLS AR router.
acl number 3000 
rule 5 permit ip vpn-instance test source 192.168.10.0 0.0.0.255

traffic classifier c-pbr operator or
if-match acl 3000

traffic behavior b-pbr
redirect ip-nexthop 172.20.0.254 vpn-instance test

traffic policy p-pbr
classifier c-pbr behavior b-pbr

interface GigabitEthernet0/0/0
traffic-policy p-pbr inbound

3. Using above configuration and test that redirect traffic policy does not work. Traffic from 192.168.10.0 should be redirected to FW (172.16.0.254)
<CE>tracert -a 192.168.10.1 1.1.1.1

traceroute to  1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break

1 172.20.0.1 50 ms  30 ms  40 ms

2 172.20.1.1 50 ms  30 ms  80 ms
<CE>

Alarm Information

None

Handling Process

1. According to the traceroute result, the redirect does not work. Check the ACL information and found that there is no packets hit acl 3000. It means there is no traffic
<MPLS1>display acl 3000
Advanced ACL 3000, 1 rules
Acl's step is 5
rule 5 permit ip source 192.168.10.0 0.0.0.255

2. Because customer configure redirect traffic policy in VPN instance scenario, customer already redirect nexthop in traffic behavior. Let customer change the ACL configuration to below:
acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255

And test it again, the problem is solved.
<CE>tracert -a 192.168.10.1 1.1.1.1

traceroute to  1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break

1 172.20.0.1 50 ms  30 ms  40 ms

2 172.20.0.254 50 ms  30 ms  80 ms
<CE>

Solution

Because customer configure redirect traffic policy in VPN instance scenario, customer already redirect nexthop in traffic behavior. Let customer change the ACL configuration to below:
acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255

And test it again, the problem is solved.
<CE>tracert -a 192.168.10.1 1.1.1.1

traceroute to  1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break

1 172.20.0.1 50 ms  30 ms  40 ms

2 172.20.0.254 50 ms  30 ms  80 ms
<CE>

Suggestions

None
Feedback
Related resources
Documentation Software Download Bulletins Tools
Related searches
By Author
Help us to improve
Write an article
Enterprise APP

Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.