Hi,
I’ve been doing some studying on PBR and I’m having trouble finding out why traffic that destined for the local device bypasses the PBR policy.
Example:
ip access-list extended DROP-ACL
permit icmp any any
route-map DROP-MAP
match ip address DROP-ACL
set interface null 0
inter ser 0/0/0.1
ip policy route-map DROP-MAP
According to debug ip packet the packet is being routed via the RIB and would lead be to believe that PBR should affect it. (see below “routed via RIB”)
IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, input feature, Policy Routing(58), rtype 0, forus FALSE, sendself FALSE, mtu 0
IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, input feature, MCI Check(63), rtype 0, forus FALSE, sendself FALSE, mtu 0
IP: tableid=0, s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6 (Loopback0), routed via RIB
IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, rcvd 4
IP: s=54.1.1.254 (Serial0/0/0.1), d=150.1.6.6, len 100, stop process pak for forus packet
IP: s=150.1.6.6 (local), d=54.1.1.254 (Serial0/0/0.1), len 100, sending
IP: s=150.1.6.6 (local), d=54.1.1.254 (Serial0/0/0.1), len 100, sending full packet
I was expecting PBR to drop all ICMP traffic received on the ser 0/0/0.1 interface that needed to be routed but it does not seem to affect traffic to local loopback. I did some debugging (debug ip policy) and it appears the traffic never hits the PBR.
So my question is really does traffic destined for the local device bypass the routing decision? Any if possible does anyone know where this is document? Now before you say I should look it up, I just spent the last hour looking for it and was unable to find any specific about how PBR handles external traffic to the local device.
Thanks for your help in advance.
Andy