**Problem:**
Policy Based Routing doesn't work on VRRP interfaces.
**Reason:**
PBR rules are applied to origin interface while VRRP creates another one for itself purposes.
**Example:**
I'm going to apply routing policy to incoming interface with VRRP feature. Let's imagine it's **eth1**:
```
high-availability {
vrrp {
group vrrp.1 {
interface eth1
priority 220
rfc3768-compatibility
virtual-address 192.0.0.1/24
vrid 1
}
}
}
interfaces {
...
ethernet eth1 {
address 192.0.0.100/24
hw-id 50:00:00:01:00:01
policy {
route pbr.TEST
}
...
}
```
In result, it creates a rule in predefined hook:
```
Chain VYATTA_FW_IN_HOOK (1 references)
pkts bytes target prot opt in out source destination
21 1448 pbr.TEST all -- eth1 * 0.0.0.0/0 0.0.0.0/0
```
But, in fact, VRRP creates another interface - **eth1v1**:
```
Name Interface VRID State Last Transition
------ ----------- ------ ------- -----------------
vrrp.1 eth1v1 1 MASTER 10m26s
```
As result, the rule above doesn't affect to real traffic flow and there is no way to add policy to the eth1v1 directly:
```
set interfaces ethernet eth1v1 policy route pbr.TEST
interface ethernet eth1v1: not a valid name
Value validation failed
Set failed
```
**Workaround:**
I can add the next rule manually and it will work:
```
sudo iptables -t mangle -A VYATTA_FW_IN_HOOK -i eth1v1 -j pbr.TEST
```
**Proposed solutions** (both aren't mutually exclusive):
1. The internal logic should check if there are PBR and VRRP on the same parent interface. If yes, additional changes in iptables' rules must be applied.
2. There should be a possibility to add rule directly to VRRP interface.
P.S. I see slightly different behavior on 1.2.5 and 1.3, when last one doesn't propose to specify **eth1v1** in the //set interfaces ethernet// command white the first one (1.2.5) does. Anyway, there is no rule to handle the traffic on the both versions.