Prerequisites #
-
The topology shows as above , the DUT ASR9000B has 3 sub-interface to ASR9000C
-
we has a route for 8.8.8.8/32 was through port Ten0/0/2/1.30 next-hop 10.102.12.2
-
We will has ABF apply at ASR9000B and match DA 8.8.8.8 and set next-hop to 10.100.12.2 port Ten0/0/2/1.10
-
We also have a default route and destination to 10.101.12.2 port Ten0/0/2/1.20
-
ASR9000B LC was tyohon base card and run at 6.2.3
Here is our ABF config and static config setup:
RP/0/RSP0/CPU0:ASR-9000-B#show run ipv4 access-list PBR
Wed Jan 10 03:38:36.663 UTC
ipv4 access-list SDS-PBR
480 permit ipv4 any host 8.8.8.8 nexthop1 ipv4 10.100.12.2
490 permit ipv4 any any
RP/0/RSP0/CPU0:ASR-9000-B#show run router static
Wed Jan 10 03:38:51.581 UTC
router static
address-family ipv4 unicast
0.0.0.0/0 10.101.12.2
8.8.8.8/32 10.102.12.2
ABF NextHop Available #
if the ABF NextHop available, ABF will take effect, traffic will forward to ABF NextHop 10.100.12.2 port TenGigE0/0/2/1.10.
RP/0/RSP0/CPU0:ASR-9000-A#trace 8.8.8.8
Wed Jan 10 10:40:31.858 GMT
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 10.1.12.2 1 msec 0 msec 0 msec
2 10.100.12.2 2 msec * 0 msec
# Check the ACL hardware program , you will also see the ABF take effect and has a next-hop disapplay
RP/0/RSP0/CPU0:ASR-9000-B#show access-lists SDS-PBR hardware ingress location 0/0/cPU0
Wed Jan 10 03:07:54.451 UTC
ipv4 access-list SDS-PBR
480 permit ipv4 any host 8.8.8.8 (1220 hw matches) (next-hop: addr=10.100.12.2, vrf name=default)
490 permit ipv4 any any (18111 hw matches)
ABF NextHop Not Available #
ABF NH recursive to default route #
Let’s shut down the port TenGigE0/0/2/1.10, then ABF NextHop will not available , but we hava a default router point to 0/0/2/1.20 10.101.12.2. in this situation how the ABF work ?
The Answer is ABF will not take effect , traffic will forward base the packet DA, in this case it’s 8.8.8.8.
RP/0/RSP0/CPU0:ASR-9000-B(config)#int te0/0/2/1.10
RP/0/RSP0/CPU0:ASR-9000-B(config-subif)#shutdown
RP/0/RSP0/CPU0:ASR-9000-B(config-subif)#commit
Wed Jan 10 03:41:31.208 UTC
RP/0/RSP0/CPU0:ASR-9000-B(config-subif)#end
RP/0/RSP0/CPU0:ASR-9000-B#
RP/0/RSP0/CPU0:ASR-9000-B#
RP/0/RSP0/CPU0:ASR-9000-B#show cef 10.100.12.2 detail
Wed Jan 10 03:41:46.692 UTC
0.0.0.0/0, version 147, proxy default, internal 0x1000011 0x0 (ptr 0x9deec068) [1], 0x0 (0x0), 0x0 (0x0)
Updated Jan 10 02:53:49.907
Prefix Len 0, traffic index 0, precedence n/a, priority 3
gateway array (0x9dd5d2cc) reference count 1, flags 0x2210, source rib (7), 1 backups
[1 type 3 flags 0x4a441 (0x9ddfbd90) ext 0x0 (0x0)]
LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
gateway array update type-time 1 Jan 10 02:53:49.907
LDI Update time Jan 10 02:53:49.908
Level 1 - Load distribution: 0
[0] via 10.101.12.2/32, recursive
via 10.101.12.2/32, 3 dependencies, recursive [flags 0x0]
path-idx 0 NHID 0x0 [0x9deec860 0x0]
next hop 10.101.12.2/32 via 10.101.12.2/32
Load distribution: 0 (refcount 1)
Hash OK Interface Address
0 Y TenGigE0/0/2/1.20 remote
if you check the ACL hardware program, you will also see no next-hop option.
RP/0/RSP0/CPU0:ASR-9000-B#show access-lists PBR hardware ingress location 0/0/cPU0
Thu Jan 11 07:35:30.570 UTC
ipv4 access-list SDS-PBR
480 permit ipv4 any host 8.8.8.8 (1256 hw matches)
490 permit ipv4 any any (47082 hw matches)
RP/0/RSP0/CPU0:ASR-9000-A#trace 8.8.8.8
Wed Jan 10 10:43:19.790 GMT
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 10.1.12.2 2 msec 0 msec 0 msec
2 10.102.12.2 1 msec * 0 msec
ABF NH recursive to normal route #
if we add a 10.100.12.0/24 route and make the ABF Nexthop recursive to this route , how the ABF work ?
The answer is , ABF will take effect again, traffic will forward base the ABF Nexthop.
RP/0/RSP0/CPU0:ASR-9000-B(config)#router static
RP/0/RSP0/CPU0:ASR-9000-B(config-static)#address-family ipv4 unicast
RP/0/RSP0/CPU0:ASR-9000-B(config-static-afi)# 10.100.12.0/24 10.101.12.2
RP/0/RSP0/CPU0:ASR-9000-B(config-static-afi)#commit
Thu Jan 11 07:41:49.029 UTC
RP/0/RSP0/CPU0:ASR-9000-B(config-static-afi)#end
RP/0/RSP0/CPU0:ASR-9000-B#show access-lists PBR hardware ingress location 0/0/cPU0
Thu Jan 11 07:41:53.622 UTC
ipv4 access-list SDS-PBR
480 permit ipv4 any host 8.8.8.8 (1256 hw matches) (next-hop: addr=10.100.12.2, vrf name=default)
490 permit ipv4 any any (47191 hw matches)
RP/0/RSP0/CPU0:ASR-9000-B#show cef 10.100.12.2 detail
Thu Jan 11 07:42:16.439 UTC
10.100.12.0/24, version 38, internal 0x1000001 0x0 (ptr 0x9deecef0) [1], 0x0 (0x9dea58c4), 0xa00 (0x9e4031e4)
Updated Jan 11 07:41:49.202
Prefix Len 24, traffic index 0, precedence n/a, priority 3
gateway array (0x9dd5cc3c) reference count 2, flags 0x8078, source lsd (5), 1 backups
[3 type 4 flags 0x108441 (0x9e43a388) ext 0x0 (0x0)]
LW-LDI[type=1, refc=1, ptr=0x9dea58c4, sh-ldi=0x9e43a388]
gateway array update type-time 1 Jan 11 07:41:49.202
LDI Update time Jan 11 07:41:49.203
LW-LDI-TS Jan 11 07:41:49.203
via 10.101.12.2/32, 5 dependencies, recursive [flags 0x0]
path-idx 0 NHID 0x0 [0x9deec860 0x0]
next hop 10.101.12.2/32 via 10.101.12.2/32
local label 24001
next hop 10.101.12.2/32 Te0/0/2/1.20 labels imposed {None}
Load distribution: 0 (refcount 3)
Hash OK Interface Address
0 Y recursive 10.101.12.2
RP/0/RSP0/CPU0:ASR-9000-A#trace 8.8.8.8
Wed Jan 10 10:45:15.549 GMT
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 10.1.12.2 1 msec 0 msec 0 msec
2 10.101.12.2 1 msec