Thought I understood prefix-list...

pham0329pham0329 Member Posts: 556
in CCNP
Yea, like the title says. I thought I had a pretty good understanding of prefix lists as everything I've read/labbed up until now have worked like I expected. However, I'm running into a problem with a PBR lab that I just can't seem to figure out.

The lab have 2 subnets, 192.168.4.0/25 and 192.168.4.128/25. The 192.168.4.128/25 subnet needs to be policy routed to a different router (set ip next hop). I accomplished this using an ACL, but figure I try it with a prefix list, so I created a prefix-list as follows:
  • ip prefix-list POLICY seq 10 permit 192.168.4.128/25

Alright, here's what I expect the prefix list to do. When no le or ge option is set, the "/25" specifies how many bits must match, as well as the subnet mask that needs to match. In other word, for a packet to match my prefix list, the first 25 bits must match, and it must have a subnet mask of 25. Is that wrong?

Why is it that packets with a source of 192.168.4.1/25 is also being matched to the prefix-list?
· Share on FacebookShare on Twitter

Comments

  • DPGDPG Member Posts: 780 ■■■■■□□□□□
    I don't think you can use prefix lists for PBR.
    · Share on FacebookShare on Twitter
  • mattaumattau Member Posts: 218
    what about the path that both those networks normally take?

    If whatever you are trying to match for the PBR isnt matched by the prefix / acl or something like that, it just gets routed per the normal routing table. Could it be that it so happens that both next hop addresses for the 4.0 and 4.128 network happen to be going to the same next hop regardless of the policy applied? which means even though you specifically wanted the 4.128 to go via next hop X both go to next hop X because thats the way they would go anyway without the policy.

    Im assuming you have the prefix list called from inside a route map ?

    Another thing is if you are trying to locally originate traffic for the PBR then you need to specify the ip local policy command
    other wise pbr only works from traffic coming into the router from another source.

    Anyway this is just a thought i am not an expert :)
    _____________________________________
    CCNP ROUTE - passed 20/3/12
    CCNP SWITCH - passed 25/10/12
    CCNP TSHOOT - passed 11/12/12




    · Share on FacebookShare on Twitter
  • drkatdrkat Banned Posts: 703
    The prefix-list feature was designed to perform routing protocol route filtering and it is therefore not supported in a PBR context.

    debug ip policy should give you the info you need - you'll need to use an ACL
    · Share on FacebookShare on Twitter
  • pham0329pham0329 Member Posts: 556
    I don't think you can use prefix lists for PBR.
    what about the path that both those networks normally take?

    Default route is different than the PBR route. If the packet are "rejected" by the policy, it would take a different route, which is not the case here.

    @drkat, I had debug ip policy on when testing, and it says that the packets were being matched to my policy, and it's being "FIB Policy Routed". Additionally, show route-map shows that packets being matched to the route-map.
    · Share on FacebookShare on Twitter
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    pham0329 wrote: »
    Why is it that packets with a source of 192.168.4.1/25 is also being matched to the prefix-list?

    Oh, I think you'll find it's a little bit worse than that. I suspect that you'll find it's matching on the policy for *every* prefix.
    · Share on FacebookShare on Twitter
  • pham0329pham0329 Member Posts: 556
    Drkat, did you google my question or are you Harold Ritter? I did a quick search of my problem and came upon https://supportforums.cisco.com/thread/195931 in which a poster by the name of Harrold Ritter posted on April, 2007:
    "The prefix-list feature was designed to perform routing protocol route filtering and it is therefore not supported in a PBR context."
    icon_lol.gif (not bagging on you or anything, just thought it was a bit funny!)

    Hm, so prefix-lists are not supported for PBR? Bummer. I've read several CCIE blogs and posts that all suggested that a PBR route-map can be configured with an ACL or prefix-list.

    Is there a technical/logical reason as to why prefix lists aren't supported for used with PBR?
    · Share on FacebookShare on Twitter
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    pham0329 wrote: »
    Hm, so prefix-lists are not supported for PBR? Bummer. I've read several CCIE blogs and posts that all suggested that a PBR route-map can be configured with an ACL or prefix-list.

    Is there a technical/logical reason as to why prefix lists aren't supported for used with PBR?

    I'm just spitballing here, but I'm guessing it's because prefix-lists are there to identify prefixes, whereas PBR is more concerned with actual traffic. it makes sense to me that prefix-lists should work with PBR, but I can't find any actual working examples of it being used as such, except as applied to VRF's in an MPLS setup. The quick scenario I labbed up had the prefix list policy routing everything, not just the prefixes I defined in the prefix list, which is obviously very very wrong.
    · Share on FacebookShare on Twitter
  • DPGDPG Member Posts: 780 ■■■■■□□□□□
    Forsaken_GA wrote: »
    I'm just spitballing here, but I'm guessing it's because prefix-lists are there to identify prefixes, whereas PBR is more concerned with actual traffic. it makes sense to me that prefix-lists should work with PBR, but I can't find any actual working examples of it being used as such, except as applied to VRF's in an MPLS setup. The quick scenario I labbed up had the prefix list policy routing everything, not just the prefixes I defined in the prefix list, which is obviously very very wrong.

    I can confirm the same behavior here as well.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.