route-map question

marcusaureliusbrutusmarcusaureliusbrutus Member Posts: 73 ■■□□□□□□□□
Hi. I just wish to ask given i have a route-map which points to a wan next-hop ip that is online and applying this route-map to a lan interface, without using a default route, are all packets going through the lan interface still going to be routed to the wan router(the wan router has a route back to my router)?

The reason i am asking is that i noticed that i am unable to ping another interface on the WAN router using a route map with set ip next-hop "IP of WAN". Although the interface i am pinging is not directly connected to my router, there is a default route to the "WAN IP" of the WAN router which points to my router. If i put a default route on my router, i am able to ping this 'not directly' connected interface. I am just baffled cause the route map set next-hop ip instruction should forward all traffic on that interface to the next-hop ip granting that my interface connected to this next-hop ip is not down. Also, i am pinging from the router indicating the the source ip which is the ip address of the interface i have enabled the route-map on.

From what i understand, the set next-hop ip should forward all packets to this ip and since there is a default route set on the other router, the packet should echo back to my router.

I would appreciate any help on this.

Thanks in advance.


  • networker050184networker050184 Mod Posts: 11,962 Mod
    Might be an order of operations thing since the packet is not actually entering the interface so it is not having the route map applied. It would probably be a better test to connect a host (or another router) to the LAN interface and ping from there.
    An expert is a man who has made all the mistakes which can be made.
  • kryollakryolla Member Posts: 785
    route-maps behavior is dependent on they way it is being used. Where are you appling this route-map, is it for policy based routing, route-filtering or traffic engineering, etc.
    Studying for CCIE and drinking Home Brew
  • cowood2676cowood2676 Member Posts: 27 ■□□□□□□□□□
    This really sounds like policy based routing.

    When a router gets a packet it normally decides where to forward it based on the destination address in the packet, which is then used to look up a route in a routing table, since there is no route and you are not using a default route, pinging from within the router will not work. With policy based routing you can say something like when the data comes from this interface/ip address and wants to go to that WAN, then route to this next hop or out that interface. You are sourcing from within the router, I don't think that policy routing will be working. I have to agree with networker, try to source from outside the router.
  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    Why are you trying to specify a next hop? What are you trying to achieve? All traffic to hit this next hop or specific destination/source address?

    cowood2676 hit the nail on the head, you are trying to use Policy Based Routing.

    Usually need to use GRE tunnels for stuff like this where the next hop is not directly connected.

    It can be pretty complex depending on what you're trying to do but you will prob need a combination of the following;

    GRE Tunnel between the two sites
    an IGP routing protocol running over the GRE tunnel and the tunnel network advertised into this routing process
    access lists to specify interesting traffic to be sent down the tunnel (permit statements)
    A route map that matches the access list to define interesting traffic and also specifies the next hop for that traffic

    If you're using BGP over your WAN you also need to think about filtering out / de-pref'ing advertisements for these particular subnets so they traverse the tunnel as opposed to the WAN interface, using a prefix list.

    you also need to think about if you want to specify a next hop in both directions to avoid asymetrical or black hole routing. Usually config required at both sides of the WAN link, and possibly into your core LAN L3 switches depending on the amount of redundancy you have.

    As I say we use PBR to send email traffic up our backup WAN link to take the load off the primary and this is how we do it but it's a complicated subject. You need to know/explain what you're trying to achieve before anyone can give you a definitive answer.

    Hope this helps
Sign In or Register to comment.