Category Archives: pbr

Multiple next-hops in policy routing

Imagine the following topology with routers 1 to 5:

         / (2) \
(4) - (1) (5)
         \ (3) /

There is Policy-based routing active on router 1, and the possible end-to-end paths are two:
4-1-2-5
4-1-3-5

Let us play around with the next-hop settings of PBR. Imagine we have a rudimentary PBR setup with the following:

route-map test permit 10
match ip address 100
set ip next-hop 10.0.12.2 10.0.13.3

10.0.12.2 is router 2 and 10.0.12.3 is router 3. We really don’t care about the access lists or anything else, let’s see what happens when we have multiple hops defined:

R1#debug ip policy
Policy routing debugging is on
R1#
*Jul 17 12:28:42.387: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 44, FIB policy match
*Jul 17 12:28:42.387: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.12.2, len 44, FIB policy routed
*Jul 17 12:28:42.447: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 40, FIB policy match
*Jul 17 12:28:42.447: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.12.2, len 40, FIB policy routed
*Jul 17 12:28:42.459: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 49, FIB policy match
*Jul 17 12:28:42.459: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.12.2, len 49, FIB policy routed
*Jul 17 12:28:42.467: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 40, FIB policy match
*Jul 17 12:28:42.467: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.12.2, len 40, FIB policy routed

There, so it keeps using the first next-hop no matter what. I guess the only way to nudge it to use the other one is to shutdown the interface connected to R2. Look what happens after I shut down that interface:

 *Jul 17 12:32:09.551: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 44, FIB policy match
*Jul 17 12:32:09.551: CEF-IP-POLICY: fib for address 10.0.12.2 is with flag 257
*Jul 17 12:32:09.551: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.13.3, len 44, FIB policy routed
*Jul 17 12:32:09.611: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 40, FIB policy match
*Jul 17 12:32:09.611: CEF-IP-POLICY: fib for address 10.0.12.2 is with flag 257
*Jul 17 12:32:09.611: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.13.3, len 40, FIB policy routed
*Jul 17 12:32:09.619: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 49, FIB policy match
*Jul 17 12:32:09.619: CEF-IP-POLICY: fib for address 10.0.12.2 is with flag 257
*Jul 17 12:32:09.619: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.13.3, len 49, FIB policy routed

The process sees that the route towards its next-hop is marked as down (flag 257) in the CEF tables (or non-existent), and goes on towards the next one.

Conclusion: Multiple next-hops in PBR are used for redundancy, not load-sharing/balancing.

Advertisements