Posted on July 22, 2020 9:54 am
 |  Asked by Fernando Silva
Print Friendly, PDF & Email

Can you help me to investigate with Arista a topic that I had with the operation of a PBR? In 5 class 400, try adding 2 next-hops as backup. But when I check the outgoing traffic flow with a trace, I realize that it always takes the 2nd next-hop and not the 1st. At the moment I had to leave it with a single next-hop… but I am concerned about leaving it for the moment without redundancy.



Posted by Alla Anunitya
Answered on July 22, 2020 1:01 pm

Hi Fernando,

Thank you for reaching us out on this platform.

When both the next-hops are configured could you please paste the #show policy-map type pbr PBR_CGNAT output to check if the active routing action is set correctly for each rule in the policy-map

For example if we have #set nexthop, Active routing action output should be as follows.

Active routing action:
VRF default
Route to nexthop default

Could you please check if the other next-hop IP which was not being used as expected by PBR is reachable from the device?

Additionally if multiple nexthops are configured, all the nexthop IP should belong to a single vrf. If vrf keyword is not specified in the set command then we use the vrf belonging to the incoming interface.


Anunitya A.


Posted by AKSHAYA S
Answered on July 23, 2020 8:36 am

Hello Fernando,

Thanks for reaching out .

We can achieve redundancy in PBR by configuring a list of next hops in set next hop

For example

policy-map type pbr PBR_CGNAT

   1 class 119

      set nexthop

If both the next hops in the list are reachable traffic would be redirected to any one of the next hops .

If any one of the next hops configured becomes unreachable traffic would be redirected to the active/reachable other nexthop in the list

We can confirm this with the output of show policy-map type pbr PBR_CGNAT

that would list the reachable next-hops as ACTIVE ROUTING ACTION.

arista(config)#sh policy-map type pbr PBR_CGNAT

Service policy PBR_CGNATl

  Configured on: Ethernet1

  Applied on:    Ethernet1

  1: Class-map: 119 (match-any)

    Match: 10 IP Access List acl1

        10 permit ip any

    Configured actions: set nexthop

    Active routing action:

    VRF default

        Route to nexthop default

In addition to “show policy-map type pbr PBR_CGNAT” ,

could you also share the product details - output of “show version

and the expected egress interface for the next hops you are trying to configure

 Output of

    “sh ip route <Nexthop1>

    “sh ip route <Nexthop2>




Post your Answer

You must be logged in to post an answer.