PBR routing table will not fallback to main routing table

Article Id: 167987

Status: Published

Updated On: 13-05-2017 11:07

Legacy Id: TECH244217

Products:

XOS

Issue/Introduction:

PBR routing table will not fallback to main routing table and the packets will be droppedWhen Policy Based Routing (PBR) is configured on the system and there isn't an appropriate entry in the routing table defined by PBR rule, the packet will be dropped. ICMP Unreachable message will be generated and sent back to the source address.

Cause:

When a PBR rule is matched by the packet all entries in the routing table defined by this rule are processed. In case there is no match with these entries, the packet will NOT fall back to the main routing table (eg. to the default route) and will be dropped.

EXAMPLE:
In the example bellow, only one entry is configured in the routing table. The ping command will send packets which will match the configured PBR RULE1 but they will not match the routing table entry. Thus, these packets will be dropped:

$ ping 172.16.0.1
------------------------------------------------------------------

ip policy-routing rule RULE1

vap-group FW

source-addr 191.168.1.0/24 255.255.225.0

table TABLE1

priority 10

activate

ip policy-routing table TABLE1

description "Table 1"

route 191.168.0.0/24 next-hop 10.0.0.2 vap-group FW egress-circuit OUTSIDE

Resolution:

To add an appropriate entry in the particular routing table.

Workaround

NA