cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6755
Views
15
Helpful
5
Comments
ashirkar
Level 7
Level 7

 

 

Introduction

 

Policy Based Routing (PBR) provides a flexible means of routing packets by configuring defined policy for traffic flows. PBR gives more control over routing, for example in case of high-cost link; you can specify a path for certain traffic as priority traffic. Normal routing is destination based but PBR gives you flexibility in the terms of routing packets by extending and complementing the existing mechanisms provided by routing protocols.

 

PBR routing can be based on

 

1) Source IPv6 address

2) Destination IPv6 address

3) Input interface

4) Protocols types (FTP, TFTP, http...Etc)

5) Port based (source and destination) or can be length of packets.

 

This document explains with an example how to do IPV6 policy routing to control traffic in internetwork.

 

Prerequisite:

Understanding of route-map

Understanding of IPv6 Addressing

Understanding of IPv6 Unicast Routing

 

Policy Based routing packet forwarding overview

 

A) Traffic criteria in PBR are defined by route-map by using "match" statement.

 

  “route-map” is used to identify interesting traffic passing through or generated by router.

 

   It is similar like if.....then statement, if certain condition gets true then we does something.

 

1) Permit means packets are policy route.

2) Deny means packets needs to be normal route.

 

Example:

 

Match ipv6 address/prefix-list..           (Matching of IPV6 packet based on access-list or prefix-list)

Match length..                             (We can also match the based on its length in bytes)

 

B) Action is taken by route-map set statement.

 

Set ipv6 next-hop ..(global-ipv6 address)

Set interface …….. (Use only when you have point to point interface)

 

C) Apply this route-map to incoming interface

 

Ipv6 policy route-map (route-map-name)

 

 

D) (Optional) configure local PBR; Packets generated by router are not policy routed. If you  want to policy route traffic generated by router, you  must globally use the following command.

 

Ipv6 local policy route-map

 

 

E) CEF PBR for IPV6……No special configuration is required to enable cef PBR for IPv6 it will enable default once we enable cef and PBR on the router.

 

Background:

 

In this network setup a policy route is configured on R1 to control prefixes that exist on SW1 (i.e. vlan2 and vlan3).

 

We have 2 route-map instances.

 

1) In First instance match the packet from the VLAN2 of SW1 and set the next hop to be R2 global address 2222::2

2) In second instance match the packet from the VLAN3 of SW1 and set the next hop to be R3 global address 2222::3

 

Note: Rest of the traffic from SW1 will be normal routing

 

Topology Diagram:

pbr.jpg

 

 

Routing table of R1:

 

The routing table on R1 shows there are two paths for R1 to reach the prefix present on R4 end (2001::1, 2001::2).

 

R1#sh ipv6 route

IPv6 Routing Table - 12 entries

Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP

       U - Per-user Static route, M - MIPv6

       I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary

       O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2

       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2

       D - EIGRP, EX - EIGRP external

O   2001::1/128 [110/74]

     via FE80::2, FastEthernet0/0

     via FE80::3, FastEthernet0/0

O   2001::2/128 [110/74]

     via FE80::2, FastEthernet0/0

     via FE80::3, FastEthernet0/0

O   2001::3/128 [110/74]

     via FE80::2, FastEthernet0/0

     via FE80::3, FastEthernet0/0

O   2012:0:0:1::/64 [110/11]

     via FE80::C204:12FF:FE48:0, FastEthernet0/1

O   2012:0:0:2::/64 [110/11]

     via FE80::C204:12FF:FE48:0, FastEthernet0/1

O   2012:0:0:3::/64 [110/11]

     via FE80::C204:12FF:FE48:0, FastEthernet0/1

O   2012:0:0:4::/64 [110/11]

     via FE80::C204:12FF:FE48:0, FastEthernet0/1

 

Traceroute from R1 (2222::1) to subnets of R4 (2001::1)

 

R1#traceroute 2001::1

Type escape sequence to abort.

Tracing the route to 2001::1

 

  1 2222::3 48 msec

    2222::2 36 msec

    2222::3 20 msec

  2 2001::1 48 msec 40 msec 72 msec

 

 

Policy based configuration on R1:

 

 

First  configure ipv6 access-list to match ipv6 source subnets i.e vlan 2 and vlan 3, and then configure route-map with 2 instances, where first  will match vlan 2 traffic and send it to R2 and second matches vlan 3 traffic send to R3.Once you  create route-map you  need to apply this to incoming interface, In our case it's  fa0/1.

 

R1(config)#ipv6 access-list VLAN2_PBR

R1(config-ipv6-acl)# permit ipv6 2012:0:0:1::/64 any

R1(config-ipv6-acl)#ipv6 access-list VLAN3_PBR

R1(config-ipv6-acl)# permit ipv6 2012:0:0:2::/64 any

R1(config-ipv6-acl)#exit

R1(config)#

R1(config)#

R1(config)#route-map IPV6_PBR permit 10

R1(config-route-map)# match ipv6 address VLAN2_PBR

R1(config-route-map)# set ipv6 next-hop 2222::2

R1(config-route-map)#route-map IPV6_PBR permit 20

R1(config-route-map)# match ipv6 address VLAN3_PBR

R1(config-route-map)# set ipv6 next-hop 2222::3

R1(config-route-map)#exit

R1(config)#

R1(config)#

R1(config)#int fa0/1

R1(config-if)#ipv6 policy route-map IPV6_PBR

R1(config-if)#

 

Verification:

 

 

To test new policy, issue extended traceroute commands on SW1 for VLAN2 having source address 2012:0:0:1::1 and destination address as 2001::1 (which is the subnet present on R router 4 (). The below output shows traffic passing through R2 (2222::2)

 

1pbr.jpeg.png

 

Similarly, issue extended traceroute commands on SW1 for VLAN3 having source address 2012:0:0:2::1and destination address as 2001::1 (which is the subnet present  on R router 4. The below output shows traffic passing through R3 (2222::3)

2pbr.jpg

Verification Command:

 

R1#sh ipv6 access-list

IPv6 access list VLAN2_PBR

    permit ipv6 host 2012:0:0:1::/64 any (27 matches) sequence 10

IPv6 access list VLAN3_PBR

    permit ipv6 2012:0:0:2::/64 any (9 matches) sequence 10

R1#sh route-map

route-map IPV6_PBR, permit, sequence 10

  Match clauses:

     ipv6 address VLAN2_PBR

  Set clauses:

     ipv6 next-hop 2222::2

  Policy routing matches: 153 packets, 7604 bytes

route-map IPV6_PBR, permit, sequence 20

  Match clauses:

     ipv6 address VLAN3_PBR

  Set clauses:

     ipv6 next-hop 2222::3

  Policy routing matches: 72 packets, 3456 bytes

R1#

 

Reference:

Understanding Policy Routing

Policy-Based Routing through IPv6 Configuration Example

IP Version 6 (IPv6) Support Page

Comments
fm network
Level 1
Level 1

Good Explanation

ashirkar
Level 7
Level 7

Hello,

Thanks for your feedback

Regards,

Ashish Shirkar

akshay_w24
Community Member

Excellent............

SunilKhanna
Level 1
Level 1

Nice Document Ashish. An Older version is also available at

Policy-Based Routing through IPv6 Configuration Example

http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a0080b5e90e.shtml

ashirkar
Level 7
Level 7

Dear Sunil,

Thank you for your positive feedback.

Keep on sharing your views and knowledge on community.

Regards,

Ashish Shirkar

Technical community manager (Network Infrastructure)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: