ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
PBR routing table will not fallback to main routing table
Article ID: 167987
Updated On:
Products
XOS
Issue/Introduction
PBR routing table will not fallback to main routing table and the packets will be droppedWhen Policy Based Routing (PBR) is configured on the system and there isn't an appropriate entry in the routing table defined by PBR rule, the packet will be dropped. ICMP Unreachable message will be generated and sent back to the source address.
Cause
When a PBR rule is matched by the packet all entries in the routing table defined by this rule are processed. In case there is no match with these entries, the packet will NOT fall back to the main routing table (eg. to the default route) and will be dropped.
EXAMPLE:
In the example bellow, only one entry is configured in the routing table. The ping command will send packets which will match the configured PBR RULE1 but they will not match the routing table entry. Thus, these packets will be dropped:
$ ping 172.16.0.1
------------------------------------------------------------------
EXAMPLE:
In the example bellow, only one entry is configured in the routing table. The ping command will send packets which will match the configured PBR RULE1 but they will not match the routing table entry. Thus, these packets will be dropped:
$ ping 172.16.0.1
------------------------------------------------------------------
ip policy-routing rule RULE1
vap-group FW
source-addr 191.168.1.0/24 255.255.225.0
table TABLE1
priority 10
activate
ip policy-routing table TABLE1
description "Table 1"
route 191.168.0.0/24 next-hop 10.0.0.2 vap-group FW egress-circuit OUTSIDE
Resolution
To add an appropriate entry in the particular routing table.
Workaround
NAFeedback
Yes
No
Powered by
