Policy based route not working inside a VRF

Adrian_Alberto · ‎04-30-2013

Hi,

I have configure policy based routes in a comware device, this time, I try to place it inside a VRF and its not working,

Basically its a 7510 device and have 3 vlans, all interfaces asociated with the respective VRF, but i have a default route to one server, but, i need some specific host to reach that server on a differernt path, but the policy-based-route is not working.

Any Idea?

manuel.bitzi · ‎05-02-2013

May you have to modify your acl to match the vpn-instance.

Best is to post you relevant configuration. Then we can help.

br

Manuel

H3CSE, MASE Network Infrastructure [2011], Switzerland

Adrian_Alberto · ‎05-08-2013

HI manuel, thanks ,

here is the config,

this is the VRF

[USSVGCSLUXG01]display ip vpn-instance instance-name WAN
(...)
Interfaces : Vlan-interface829, Vlan-interface880,
Vlan-interface857

as you see, its asociated with these two VLANS

interface Vlan-interface857
description Ext-devices
ip binding vpn-instance WAN
ip address 10.75.33.66 255.255.255.224

interface Vlan-interface829
description Transit-WAN
ip binding vpn-instance WAN
ip address 10.75.22.53 255.255.255.240

the traffic is comming from a host on the vlan 857, this is the default route

ip route-static vpn-instance WAN 10.75.64.0 255.255.192.0 10.75.22.55

but i need some host to be directed to the 10.75.22.49, instead of the *.22.55,

so,, here is the pbr i created:

policy-based-route DSTR permit node 10
if-match acl 3500
apply ip-address next-hop 10.75.22.49
policy-based-route DSTR permit node 20

the traffic, as i say,, its comming from a device onthe vlan 857, so,, i aply that pbr to that vlan,,

and this is the ACL,

first it only was

acl number 3500 name DSTR

rule 15 permit ip source 172.30.0.0 0.0.255.255 destination 10.75.64.0 0.0.15.255
rule 20 permit ip source 172.30.0.0 0.0.255.255 destination 10.75.68.60 0
rule 25 permit ip source 172.30.0.0 0.0.255.255 destination 10.75.67.51 0
rule 30 permit ip source 172.29.0.0 0.0.255.255 destination 10.75.68.60 0
rule 35 permit ip source 172.29.0.0 0.0.255.255 destination 10.75.67.51 0

then,, i added the following, since the bpr was not taking any effect

rule 40 permit ip vpn-instance WAN source 172.30.0.0 0.0.255.255 destination 10.75.68.60 0
rule 45 permit ip vpn-instance WAN source 172.30.0.0 0.0.255.255 destination 10.75.67.51 0
rule 50 permit ip vpn-instance WAN source 172.29.0.0 0.0.255.255 destination 10.75.68.60 0
rule 55 permit ip vpn-instance WAN source 172.29.0.0 0.0.255.255 destination 10.75.67.51 0
rule 60 permit ip source 10.75.47.0 0.0.0.255 destination 10.75.64.0 0.0.15.255
rule 65 permit ip vpn-instance WAN source 10.75.47.0 0.0.0.255 destination 10.75.64.0 0.0.15.255
rule 70 permit ip vpn-instance WAN source 10.75.47.2 0

i used before a couple of times ( a PBR) and it worked, but in this case its inside a VRF so,, not sure why its not working

manuel.bitzi · ‎05-08-2013

Hi

You're right, all looks fine.

How do you apply the PBR to the vlan?

What is a stream (Source/Destination) you want to redirect?

Have you conntected the HP support?

br

Manuel

H3CSE, MASE Network Infrastructure [2011], Switzerland

Adrian_Alberto · ‎05-08-2013

hi, yes,, i used this command ip policy-based-route,,,

and no,, i havent contacted the hp support,

also,, the source is a host with the ip address 172.29.128.113, which should be under the acl

manuel.bitzi · ‎05-08-2013

And I assume you are using the latest software release? Then I recommand you to call the local HP Support.

Unfortunately I don't have the chance to test it.

br

Manue

H3CSE, MASE Network Infrastructure [2011], Switzerland