Skip to main content

A Simple Test for IOS XR ABF

·750 words·4 mins
Rory
Author
Rory
Step by step the ladder is ascended

Prerequisites
#

  • The topology shows as above , the DUT ASR9000B has 3 sub-interface to ASR9000C

  • we has a route for 8.8.8.8/32 was through port Ten0/0/2/1.30 next-hop 10.102.12.2

  • We will has ABF apply at ASR9000B and match DA 8.8.8.8 and set next-hop to 10.100.12.2 port Ten0/0/2/1.10

  • We also have a default route and destination to 10.101.12.2 port Ten0/0/2/1.20

  • ASR9000B LC was tyohon base card and run at 6.2.3

Here is our ABF config and static config setup:

RP/0/RSP0/CPU0:ASR-9000-B#show run ipv4 access-list PBR
Wed Jan 10 03:38:36.663 UTC
ipv4 access-list SDS-PBR
480 permit ipv4 any host 8.8.8.8 nexthop1 ipv4 10.100.12.2
490 permit ipv4 any any


RP/0/RSP0/CPU0:ASR-9000-B#show run router static
Wed Jan 10 03:38:51.581 UTC
router static
address-family ipv4 unicast
  0.0.0.0/0 10.101.12.2
  8.8.8.8/32 10.102.12.2

ABF NextHop Available
#

if the ABF NextHop available, ABF will take effect, traffic will forward to ABF NextHop 10.100.12.2 port TenGigE0/0/2/1.10.

RP/0/RSP0/CPU0:ASR-9000-A#trace 8.8.8.8
Wed Jan 10 10:40:31.858 GMT

Type escape sequence to abort.
Tracing the route to 8.8.8.8

1  10.1.12.2 1 msec  0 msec  0 msec
 2  10.100.12.2 2 msec  *  0 msec

# Check the ACL hardware program , you will also see the ABF take effect and has a next-hop disapplay

RP/0/RSP0/CPU0:ASR-9000-B#show access-lists SDS-PBR hardware ingress location 0/0/cPU0
Wed Jan 10 03:07:54.451 UTC
ipv4 access-list SDS-PBR
 480 permit ipv4 any host 8.8.8.8 (1220 hw matches) (next-hop: addr=10.100.12.2, vrf name=default)
 490 permit ipv4 any any (18111 hw matches)

ABF NextHop Not Available
#

ABF NH recursive to default route
#

Let’s shut down the port TenGigE0/0/2/1.10, then ABF NextHop will not available , but we hava a default router point to 0/0/2/1.20 10.101.12.2. in this situation how the ABF work ?

The Answer is ABF will not take effect , traffic will forward base the packet DA, in this case it’s 8.8.8.8.

RP/0/RSP0/CPU0:ASR-9000-B(config)#int te0/0/2/1.10
RP/0/RSP0/CPU0:ASR-9000-B(config-subif)#shutdown
RP/0/RSP0/CPU0:ASR-9000-B(config-subif)#commit
Wed Jan 10 03:41:31.208 UTC
RP/0/RSP0/CPU0:ASR-9000-B(config-subif)#end
RP/0/RSP0/CPU0:ASR-9000-B#
RP/0/RSP0/CPU0:ASR-9000-B#
RP/0/RSP0/CPU0:ASR-9000-B#show cef 10.100.12.2 detail
Wed Jan 10 03:41:46.692 UTC
0.0.0.0/0, version 147, proxy default, internal 0x1000011 0x0 (ptr 0x9deec068) [1], 0x0 (0x0), 0x0 (0x0)
 Updated Jan 10 02:53:49.907
 Prefix Len 0, traffic index 0, precedence n/a, priority 3
  gateway array (0x9dd5d2cc) reference count 1, flags 0x2210, source rib (7), 1 backups
                [1 type 3 flags 0x4a441 (0x9ddfbd90) ext 0x0 (0x0)]
  LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
  gateway array update type-time 1 Jan 10 02:53:49.907
 LDI Update time Jan 10 02:53:49.908

  Level 1 - Load distribution: 0
  [0] via 10.101.12.2/32, recursive

   via 10.101.12.2/32, 3 dependencies, recursive [flags 0x0]
    path-idx 0 NHID 0x0 [0x9deec860 0x0]
    next hop 10.101.12.2/32 via 10.101.12.2/32

    Load distribution: 0 (refcount 1)

    Hash  OK  Interface                 Address
    0     Y   TenGigE0/0/2/1.20         remote

if you check the ACL hardware program, you will also see no next-hop option.

RP/0/RSP0/CPU0:ASR-9000-B#show access-lists PBR hardware ingress location 0/0/cPU0
Thu Jan 11 07:35:30.570 UTC
ipv4 access-list SDS-PBR
 480 permit ipv4 any host 8.8.8.8 (1256 hw matches)
 490 permit ipv4 any any (47082 hw matches)


RP/0/RSP0/CPU0:ASR-9000-A#trace 8.8.8.8
Wed Jan 10 10:43:19.790 GMT

Type escape sequence to abort.
Tracing the route to 8.8.8.8

1  10.1.12.2 2 msec  0 msec  0 msec
 2  10.102.12.2 1 msec  *  0 msec

ABF NH recursive to normal route
#

if we add a 10.100.12.0/24 route and make the ABF Nexthop recursive to this route , how the ABF work ?

The answer is , ABF will take effect again, traffic will forward base the ABF Nexthop.

RP/0/RSP0/CPU0:ASR-9000-B(config)#router static
RP/0/RSP0/CPU0:ASR-9000-B(config-static)#address-family ipv4 unicast
RP/0/RSP0/CPU0:ASR-9000-B(config-static-afi)# 10.100.12.0/24 10.101.12.2
RP/0/RSP0/CPU0:ASR-9000-B(config-static-afi)#commit
Thu Jan 11 07:41:49.029 UTC
RP/0/RSP0/CPU0:ASR-9000-B(config-static-afi)#end
RP/0/RSP0/CPU0:ASR-9000-B#show access-lists PBR hardware ingress location 0/0/cPU0
Thu Jan 11 07:41:53.622 UTC
ipv4 access-list SDS-PBR
 480 permit ipv4 any host 8.8.8.8 (1256 hw matches) (next-hop: addr=10.100.12.2, vrf name=default)
 490 permit ipv4 any any (47191 hw matches)
RP/0/RSP0/CPU0:ASR-9000-B#show cef 10.100.12.2 detail
Thu Jan 11 07:42:16.439 UTC
10.100.12.0/24, version 38, internal 0x1000001 0x0 (ptr 0x9deecef0) [1], 0x0 (0x9dea58c4), 0xa00 (0x9e4031e4)
 Updated Jan 11 07:41:49.202
 Prefix Len 24, traffic index 0, precedence n/a, priority 3
  gateway array (0x9dd5cc3c) reference count 2, flags 0x8078, source lsd (5), 1 backups
                [3 type 4 flags 0x108441 (0x9e43a388) ext 0x0 (0x0)]
  LW-LDI[type=1, refc=1, ptr=0x9dea58c4, sh-ldi=0x9e43a388]
  gateway array update type-time 1 Jan 11 07:41:49.202
 LDI Update time Jan 11 07:41:49.203
 LW-LDI-TS Jan 11 07:41:49.203
   via 10.101.12.2/32, 5 dependencies, recursive [flags 0x0]
    path-idx 0 NHID 0x0 [0x9deec860 0x0]
    next hop 10.101.12.2/32 via 10.101.12.2/32
     local label 24001
     next hop 10.101.12.2/32 Te0/0/2/1.20 labels imposed {None}


    Load distribution: 0 (refcount 3)

    Hash  OK  Interface                 Address
    0     Y   recursive                 10.101.12.2
RP/0/RSP0/CPU0:ASR-9000-A#trace 8.8.8.8
Wed Jan 10 10:45:15.549 GMT

Type escape sequence to abort.
Tracing the route to 8.8.8.8

1  10.1.12.2 1 msec  0 msec  0 msec
 2  10.101.12.2 1 msec