Comware

 View Only
  • 1.  Policy based route not working inside a VRF

    Posted Apr 30, 2013 03:44 PM

    Hi,

     

    I have configure policy based routes in a comware device, this time, I try to place it inside a VRF and its not working,

     

    Basically its a 7510 device and have 3 vlans, all interfaces asociated with the respective VRF, but i have a default route to one server, but, i need some specific host to reach that server on a differernt path, but the policy-based-route is not working.

     

    Any Idea?



  • 2.  RE: Policy based route not working inside a VRF

    Posted May 02, 2013 09:40 AM

    May you have to modify your acl to match the vpn-instance.

     

    Best is to post you relevant configuration. Then we can help.

     

    br

    Manuel



  • 3.  RE: Policy based route not working inside a VRF

    Posted May 08, 2013 10:59 AM

    HI manuel, thanks ,

     

    here is the config,

     

    this is the VRF

     

    [USSVGCSLUXG01]display ip vpn-instance  instance-name WAN
    (...)
      Interfaces : Vlan-interface829,  Vlan-interface880,
                    Vlan-interface857

     

    as you see, its asociated with these two VLANS

     

    interface Vlan-interface857
     description Ext-devices
     ip binding vpn-instance WAN
     ip address 10.75.33.66 255.255.255.224


    interface Vlan-interface829
     description Transit-WAN
     ip binding vpn-instance WAN
     ip address 10.75.22.53 255.255.255.240

     

    the traffic is comming from a host on the vlan 857, this is the default route


     ip route-static vpn-instance WAN 10.75.64.0 255.255.192.0  10.75.22.55

     

    but i need some host to be directed to the 10.75.22.49, instead of the *.22.55,

     

    so,, here is the pbr i created:

     

    policy-based-route DSTR permit node 10
       if-match acl 3500
       apply ip-address next-hop 10.75.22.49
    policy-based-route DSTR permit node 20

     

    the traffic, as i say,, its comming from a device onthe vlan 857, so,, i aply that pbr to that vlan,,

     

    and this is the ACL,

     

     

    first it only was

     

    acl number 3500 name DSTR
     
     rule 15 permit ip source 172.30.0.0 0.0.255.255 destination 10.75.64.0 0.0.15.255
     rule 20 permit ip source 172.30.0.0 0.0.255.255 destination 10.75.68.60 0
     rule 25 permit ip source 172.30.0.0 0.0.255.255 destination 10.75.67.51 0
     rule 30 permit ip source 172.29.0.0 0.0.255.255 destination 10.75.68.60 0
     rule 35 permit ip source 172.29.0.0 0.0.255.255 destination 10.75.67.51 0

     

    then,, i added the following, since the bpr was not taking any effect

     

    rule 40 permit ip vpn-instance WAN source 172.30.0.0 0.0.255.255 destination 10.75.68.60 0
     rule 45 permit ip vpn-instance WAN source 172.30.0.0 0.0.255.255 destination 10.75.67.51 0
     rule 50 permit ip vpn-instance WAN source 172.29.0.0 0.0.255.255 destination 10.75.68.60 0
     rule 55 permit ip vpn-instance WAN source 172.29.0.0 0.0.255.255 destination 10.75.67.51 0
     rule 60 permit ip source 10.75.47.0 0.0.0.255 destination 10.75.64.0 0.0.15.255
     rule 65 permit ip vpn-instance WAN source 10.75.47.0 0.0.0.255 destination 10.75.64.0 0.0.15.255
     rule 70 permit ip vpn-instance WAN source 10.75.47.2 0

     

    i used before a couple of times ( a PBR) and it worked, but in this case its inside a VRF so,, not sure why its not working

     

     



  • 4.  RE: Policy based route not working inside a VRF

    Posted May 08, 2013 11:15 AM

    Hi

     

    You're right, all looks fine.

     

    How do you apply the PBR to the vlan?

    What is a stream (Source/Destination) you want to redirect?

    Have you conntected the HP support?

     

    br

    Manuel



  • 5.  RE: Policy based route not working inside a VRF

    Posted May 08, 2013 01:26 PM

    hi, yes,, i used this command ip policy-based-route,,,

     

     

    and no,, i havent contacted the hp support,

     

    also,, the source is a host with the ip address 172.29.128.113, which should be under the acl



  • 6.  RE: Policy based route not working inside a VRF

    Posted May 08, 2013 01:42 PM

    And I assume you are using the latest software release? Then I recommand you to call the local HP Support.

    Unfortunately I don't have the chance to test it.

     

    br

    Manue