ip policy route-map

[plshlpme]

hi, ive gotten alot further in the last couple days searching on these forums but ive reached another stumbling block.

ive created the policy-maps to mark packets as they come in on their respective wan interface and it appearsto be working:

4500M#sho policy-map interface ethernet 0
Ethernet0

Service-policy input: isp1

Class-map: isp1 (match-all)
836098 packets, 60580496 bytes
5 minute offered rate 86000 bps, drop rate 0 bps
Match: any
QoS Set
precedence 5
Packets marked 836098

so i mark the packets with a precedence 5

i then have a route-map for outgoing packets to route based on the precedence value.

access-list 110 permit tcp any any precedence critical
access-list 110 permit udp any any precedence critical

route-map outgoing permit 10
match ip address 110
set ip next-hop b.c.d.e

and of course on my interface i have:
ip policy route-map outgoing.

so by my thinking any packets that come back into the router on eth4 shere the route-policy is defined should be routed to the set next hop.

but it is not the case:

4500M#sho route-map
route-map outgoing, permit, sequence 10
Match clauses:
ip address (access-lists): 110
Set clauses:
ip next-hop b.c.d.e
Policy routing matches: 666 packets, 149822 bytes
route-map outgoing, permit, sequence 20
Match clauses:
ip address (access-lists): 111
Set clauses:
ip next-hop 192.168.254.254
Policy routing matches: 526 packets, 80799 bytes

as you can see it has caught some packets... but 666 packets in 12 hours is not even 1% when 836098 packets have been marked incoming in the last 3 hours or so.

does anybody have any thoughts as to what i might be missing?

i can post more config if required.
thanks

 

[lui3]

try show mls qos statistics qos interfacenumber

 

[plshlpme]

show mls rp is my only option... no qos option there

 

[thebruge]

Policy routing can only be applied to packings coming into an interface, it's not possible to do it outbound.

It should be possible to do what you want another way, but can you paste a copy of you config to the forum, so that I can see exactley what you have configured now?

 

[plshlpme]

ok here is my config thus far... as you can see im trying to mark the packets as they come into the router the first time from the WAN... then then go to the respective LAN machine and then back out the router... so essentially i was trying to make my route based on the paclets as they come into my interface facing the LAN...

When i add specific hosts to the route map it works as intended for them... but will not route based on the tagged value.

I appreciate everybody taking a look at this:

Building configuration...

Current configuration : 5171 bytes
!
! Last configuration change at 15:24:10 EDT Mon Jun 21 2004 by
! NVRAM config last updated at 15:05:02 EDT Mon Jun 21 2004 by
!
version 12.2
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime localtime
service password-encryption
no service dhcp
!
hostname 4500M
!
no logging console
no logging monitor
aaa new-model
aaa authentication login default local
aaa authorization exec default local
enable secret 5
enable password 7
!
clock timezone est -5
clock summer-time EDT recurring
ip subnet-zero
ip name-server 10.0.0.2
!
no ip bootp server
ip cef
!
!
class-map match-all isp1_in
match input-interface Ethernet0
class-map match-all isp2_in
match input-interface Ethernet2
!
!
policy-map isp1_in
class isp1_in
set ip dscp cs2
policy-map isp2_in
class isp2_in
set ip dscp cs1
!
!
!
interface Ethernet0
description ISP1 3.5Mbit NonPPPOE
ip address a.b.c.d 255.255.255.248 secondary
ip address a.b.c.e 255.255.255.248 secondary
ip address a.b.c.f 255.255.255.252
no ip unreachables
ip nat outside
service-policy input isp1_in
no ip mroute-cache
media-type 10BaseT
no cdp enable
!
interface Ethernet1
no ip address
no ip mroute-cache
shutdown
media-type 10BaseT
no cdp enable
!
interface Ethernet2
description ISP2 4.0Mbit
ip address 10.10.10.253 255.255.255.252
service-policy input isp2_in
no ip mroute-cache
media-type 10BaseT
no cdp enable
!
interface Ethernet3
no ip address
no ip mroute-cache
shutdown
media-type 10BaseT
no cdp enable
!
interface Ethernet4
description LAN LINK TO FIREWALL
ip address 10.0.0.1 255.255.255.252
ip nat inside
no ip mroute-cache
ip policy route-map sickle
media-type 10BaseT
no cdp enable
!
interface Ethernet5
no ip address
no ip mroute-cache
shutdown
media-type 10BaseT
no cdp enable
!
ip nat translation timeout 600
ip nat translation tcp-timeout 1200
ip nat translation udp-timeout 30
ip nat translation max-entries 2500
ip nat pool WAN 192.75.104.252 192.75.104.252 prefix-length 7
ip nat inside source list 1 pool WAN overload
ip nat inside source static tcp 10.10.10.10 80 a.b.c.d 80 extendable
ip nat inside source static tcp 10.10.10.10 21 a.b.c.d 21 extendable
ip nat inside source static tcp 10.10.10.10 22 a.b.c.d 22 extendable
ip nat inside source static tcp 10.10.10.10 443 a.b.c.d 443 extendable
ip nat inside source static tcp 10.10.10.10 25 a.b.c.d 25 extendable
ip nat inside source static tcp 10.10.10.10 993 a.b.c.d 993 extendable
ip nat inside source static tcp 10.10.10.10 8000 a.b.c.d 8000 extendable
ip nat inside source static tcp 10.10.10.10 10000 a.b.c.d 10000 extendable
ip nat inside source static udp 10.0.0.2 53 a.b.c.d 53 extendable
ip nat inside source static tcp 10.0.0.2 53 a.b.c.d 53 extendable
ip nat inside source static tcp 10.10.10.52 6882 192.75.104.252 6882 extendable
ip nat inside source static tcp 10.10.10.52 6881 192.75.104.252 6881 extendable
ip nat inside source static tcp 10.10.10.52 6883 192.75.104.252 6883 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 192.75.104.1
ip route 10.10.10.0 255.255.255.0 10.0.0.2
no ip http server
!
logging trap debugging
logging 10.10.10.10
access-list 1 permit 10.10.10.10
access-list 1 permit 10.0.0.2
access-list 1 permit 10.10.10.0
access-list 1 permit 10.10.10.51
access-list 1 permit 10.10.10.52
access-list 50 permit 10.10.10.10
access-list 50 permit 10.0.0.2
access-list 50 permit 10.10.10.1
access-list 50 permit 10.10.10.51
access-list 50 permit 10.10.10.100
access-list 110 permit tcp any any dscp cs2
access-list 110 permit ip host 10.10.10.52 any
access-list 111 permit tcp any any dscp cs1
access-list 111 permit ip host 10.10.10.100 any
access-list 111 permit ip host 10.10.10.37 any
no cdp run
route-map sickle permit 10
description ISP1 ROUTE MAP
match ip address 110
set ip next-hop a.b.c.g
!
route-map sickle permit 20
description ISP2 ROUTE MAP
match ip address 111
set ip next-hop 10.10.10.254
!
snmp-server community cartman RO 20
no snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
line aux 0
transport input all
line vty 0 4
access-class 50 in
exec-timeout 15 0
password 7
!
ntp clock-period 17179886
ntp server 10.10.10.10
ntp server 10.0.0.2
end

 

[plshlpme]

just to add to the picture....


ISP1 ------ |
eth0
--- ROUTER ----eth4-> firewall --- LAN
eth2
ISP2 ------ |