Tshoot 300-135 (Infrastructure service) Policy-based routing and VRF

Leave a Comment / By /

Ticket #8
Traffic from the R9 is getting sub-optimally routed to R1 (10.12.12.1)
Ensure it takes the optimal path.

#### Verify the sub-optimal route
R9#traceroute 10.12.12.1
R9#traceroute 10.12.12.1 probe 1 timeout 1 ttl 1 11

#### Which path is R8 taking
R8#show ip cef 10.12.12.1
R8#traceroute 10.12.12.1
R8#traceroute 10.12.12.1 probe 1 timeout 1 ttl 1 11

#### Discovered R8 is taking optimal path
#### Go back to R9 to check if there is Policy-based routing going on
#### Verify sub-optimal path
R9#traceroute 10.12.12.1 source 192.0.2.9 probe 1 timeout 1 ttl 1 11
R9#traceroute 10.12.12.1 source 10.9.9.9 probe 1 timeout 1 ttl 1 11

#### Routing decision is based on source address
#### R8 is the common denominator here.
#### Check for Policy-based routing
R8#show ip policy
R8#show route-map RM_PBR
R8#show ip access-lists AS9
#### Simple fix is to remove PBR on the int
R8#show run int g0/9
#### Fix by removing RM_PBR
R8(config-if)#no ip policy route-map RM_PBR

#### Verify fix
R9#traceroute 10.12.12.12 source 10.9.9.9 probe 1 timeout 1 ttl 1 11 
R9#traceroute 10.12.12.12 source 192.0.2.9 probe 1 timeout 1 ttl 1 11

Ticket #9
Your colleague reports the Server can ping R3, but R3 can’t ping the server (10.9.9.100)

Diagnose and resolve.
Use the command tracepath -n 172.16.13.3 to run a traceroute

#### Verify the understanding of the problem
R3#ping 10.9.9.100
R3#traceroute 10.9.9.100 probe 1 timeout 1 ttl 1 11

#### traceroute fails at R1
R1#show ip cef 10.9.9.9

#### R1 is able to reach the server but how come producing host unreachable message?
#### Time for debug
R1(config)#access-list 113 permit ip host 172.16.13.3 host 10.9.9.100
R1#debug ip packet 113
R1#debug ip packet 113 detail

#### Generate traffic from source
R3#ping 10.9.9.100 repeat 1

#### Back to R1 for debug message
#### Check out the interface generating debug message
R1#show run int gi0/3
R1#show ip vrf gotcha!
#### Check out the vrf route
R1#show ip route vrf gotcha!

#### Discovered R3 vrf has static route dropping 0.0.0.0/0
#### Move this int out of vrf (put back to global IP routing instance)
R1(config)#int gx/x
R1(config-if)#no ip vrf forwarding gotcha!

#### When interface is removed from vrf, existing IP is lost
R1(config-if)#ip address 172.16.13.1 255.255.255.248

#### Discovered the IP is already in used by sub-interface
#### Same thing is happening on R3. Sub-interface is using 172.16.13.1
R3#show ip int br
R3#show ip int br | i 0/1
R3#show run int gi0/1.13
#### Remove the confusing sub-int
R3(config)#no int gi0/1.13

#### Remove the sub-int on R1 as well
R1(config)#no int gi0/3.13
#### Set IP address on physical int on R1
R1(config)#int g0/3
R1(config-if)#ip address 172.16.13.1 255.255.255.248

#### Verify fix
R3#ping 10.9.9.100
R3#traceroute 10.9.9.100

Leave a Comment

Your email address will not be published. Required fields are marked *