Issue Description
1. Topology
![]()
2. Configure redirect traffic policy on MPLS AR router.
acl number 3000
rule 5 permit ip vpn-instance test source 192.168.10.0 0.0.0.255
traffic classifier c-pbr operator or
if-match acl 3000
traffic behavior b-pbr
redirect ip-nexthop 172.20.0.254 vpn-instance test
traffic policy p-pbr
classifier c-pbr behavior b-pbr
interface GigabitEthernet0/0/0
traffic-policy p-pbr inbound
3. Using above configuration and test that redirect traffic policy does not work. Traffic from 192.168.10.0 should be redirected to FW (172.16.0.254)
<CE>tracert -a 192.168.10.1 1.1.1.1
traceroute to 1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 172.20.0.1 50 ms 30 ms 40 ms
2 172.20.1.1 50 ms 30 ms 80 ms
<CE>
Handling Process
1. According to the traceroute result, the redirect does not work. Check the ACL information and found that there is no packets hit acl 3000. It means there is no traffic
<MPLS1>display acl 3000
Advanced ACL 3000, 1 rules
Acl's step is 5
rule 5 permit ip source 192.168.10.0 0.0.0.255
2. Because customer configure redirect traffic policy in VPN instance scenario, customer already redirect nexthop in traffic behavior. Let customer change the ACL configuration to below:
acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255
And test it again, the problem is solved.
<CE>tracert -a 192.168.10.1 1.1.1.1
traceroute to 1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 172.20.0.1 50 ms 30 ms 40 ms
2 172.20.0.254 50 ms 30 ms 80 ms
<CE>
Solution
Because customer configure redirect traffic policy in VPN instance scenario, customer already redirect nexthop in traffic behavior. Let customer change the ACL configuration to below:
acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255
And test it again, the problem is solved.
<CE>tracert -a 192.168.10.1 1.1.1.1
traceroute to 1.1.1.1(1.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 172.20.0.1 50 ms 30 ms 40 ms
2 172.20.0.254 50 ms 30 ms 80 ms
<CE>