Category Archives: Tiny Bits

Multiple next-hops in policy routing

Imagine the following topology with routers 1 to 5:

         / (2) \
(4) - (1) (5)
         \ (3) /

There is Policy-based routing active on router 1, and the possible end-to-end paths are two:
4-1-2-5
4-1-3-5

Let us play around with the next-hop settings of PBR. Imagine we have a rudimentary PBR setup with the following:

route-map test permit 10
match ip address 100
set ip next-hop 10.0.12.2 10.0.13.3

10.0.12.2 is router 2 and 10.0.12.3 is router 3. We really don’t care about the access lists or anything else, let’s see what happens when we have multiple hops defined:

R1#debug ip policy
Policy routing debugging is on
R1#
*Jul 17 12:28:42.387: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 44, FIB policy match
*Jul 17 12:28:42.387: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.12.2, len 44, FIB policy routed
*Jul 17 12:28:42.447: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 40, FIB policy match
*Jul 17 12:28:42.447: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.12.2, len 40, FIB policy routed
*Jul 17 12:28:42.459: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 49, FIB policy match
*Jul 17 12:28:42.459: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.12.2, len 49, FIB policy routed
*Jul 17 12:28:42.467: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 40, FIB policy match
*Jul 17 12:28:42.467: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.12.2, len 40, FIB policy routed

There, so it keeps using the first next-hop no matter what. I guess the only way to nudge it to use the other one is to shutdown the interface connected to R2. Look what happens after I shut down that interface:

 *Jul 17 12:32:09.551: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 44, FIB policy match
*Jul 17 12:32:09.551: CEF-IP-POLICY: fib for address 10.0.12.2 is with flag 257
*Jul 17 12:32:09.551: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.13.3, len 44, FIB policy routed
*Jul 17 12:32:09.611: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 40, FIB policy match
*Jul 17 12:32:09.611: CEF-IP-POLICY: fib for address 10.0.12.2 is with flag 257
*Jul 17 12:32:09.611: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.13.3, len 40, FIB policy routed
*Jul 17 12:32:09.619: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, len 49, FIB policy match
*Jul 17 12:32:09.619: CEF-IP-POLICY: fib for address 10.0.12.2 is with flag 257
*Jul 17 12:32:09.619: IP: s=10.0.14.4 (GigabitEthernet1/0), d=5.5.5.5, g=10.0.13.3, len 49, FIB policy routed

The process sees that the route towards its next-hop is marked as down (flag 257) in the CEF tables (or non-existent), and goes on towards the next one.

Conclusion: Multiple next-hops in PBR are used for redundancy, not load-sharing/balancing.

Playing around with OSPF

I did some fooling around with OSPF priorities and here’s what I learned:

If you have multiple routers on an Ethernet segment,  and all routers have priority 0 – there will be no DR, no BDR, and only 2way connectivity between all of them.

If you have just one router has with priority >0, then that router will be the DR, but there will still be no bdr, and the only full connection would be, obviously, between the DR and the others.

With P2P links, OSPF doesn’t care about priority, but does care about area mismatches:

An area mismatch, for example (r1:normal)-(r2:stub) would tear down neighborship due to the mismatch, and it’s possible it won’t even show up on the error logs. Fun fun 🙂

Cisco Command Prompt Tricks and Gotchas part 2

Shall you ever be unfortunate enough to come across a device with a setup similar to

exec-timeout 0 1

or maybe you’re just doing a CCIE exam, then you’ll need a little bit of practical trickstery to overcome the one second timeout – just use notepad or whatever text editor you have to type something like

enable
conf t
line vty 0 4/line con 0
exec-timeout 10

and then quickly paste it in the window of 1 second. Done! 🙂