Network Management

 View Only
  • 1.  AOS PBR Not Working

    Posted Nov 05, 2024 10:53 AM

    Hi,

    I have an AOS VMC Appliance and I need to configure PBR for traffic sourcing from a loopback on the VMC Appliance. I have PBR working for user traffic that is sourced from behind the VMC, but traffic from the VMC itself (tunnel IP & loopback IP) doesn't work. If I don't use PBR to do this, and just use static routes, everything works. 

    Does PBR not apply to traffic generated from the device itself? This makes sense to me since the access-list is applied to the VLAN, and if I'm sourcing traffic from that VLAN it would technically be 'out' traffic and not 'in' traffic. 


    Here's an example. I want the host routes to go through my IPsec tunnel. These IPs are used to establish the GRE tunnel inside the IPsec tunnel (because for the real config, I need a tunnel-group for traffic failover). The 'any' traffic routes through the tunnel fine (when it's up via static routes, which I dont want to use) but the host routes (which are the GRE & loopback IP) don't work when strictly doing PBR. 

    ip access-list route to_hubs
     any network 172.16.0.0 255.255.255.0 any route tunnel 1    <-works
     host 172.131.255.2 host 172.131.255.1 any route ipsec-map aruba-ipsec    <-doesn't work via PBR but the same routes via static routes works

    interface vlan 50
       ip access-group in "to_hubs"

    interface tunnel 1
        ip address 172.131.255.2 255.255.255.252

    Thanks for your help



  • 2.  RE: AOS PBR Not Working

    Posted Nov 06, 2024 06:38 AM

    I don't have a definitive answer for you, but there is a separation between the datapath (traffic flowing through the device) and management path (traffic to/from the device); so it may well be possible what you see. As this is quite deep in the inner working of the controller/gateway, you may need to work with TAC or your local Aruba SE to find the exact information from engineering. If you can workaround the situation, that may be preferred.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: AOS PBR Not Working

    Posted Nov 06, 2024 11:05 AM

    Thanks for reply & the sanity check