Example of using a PBR for gateway of last resort

TRACY HARTMANN · ‎01-10-2019

I would like to setup a site with a specific gateway of last resort if they are coming from a specific subnet. I am assuming the best way to do that is on our layer 3 switch with a PBR.

I am looking for an example of how to set that up.

Thanks

Tracy

Georg Pauwen · ‎01-10-2019

Hello,

here is an example. Traffic from 192.168.1.0/24 will go to whatever you define in the 'set' clause of the route map"

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

!

route-map LAST_RESORT permit 10

match ip address 101

set ip next-hop x.x.x.x

or

set interfaces X

!

interface GigabitEthernet0/0/0

ip policy route-map LAST_RESORT

paul driver · ‎01-10-2019

Hello Tracy

Can you confirm if you would want resiliency in case this alternative gateway became unavailable - if not then @Georg Pauwen example would be applicable.

However is you do want resiliency then as it stands the supplied example would black hole your define PBR traffic if that alternative gateway failed.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

TRACY HARTMANN · ‎01-14-2019

Sorry this won't work since I don't want all my traffic to go that next-hop. I need just traffic I don't have a route to so my gateway of last resort. What was suggested will send all my traffic to that hop.

For example I have ip address 10.20.0.1 and I have many routes to get anywhere but if there is not route I want my gateway of last resort for this ip address to go to a different gateway of last resort then what is configured by default.

Deepak Kumar · ‎01-14-2019

Hi,

Example:

Traffic from 192.168.1.0/24 will go to 10.10.10.0/24 subnet by using next-hop xxx.xxx.xxx.xxx

ip access-list extended pbr_acl

permit ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255

!

route-map pbr_map permit 10

match ip address pbr_acl

set ip next-hop x.x.x.x <Next hop IP address>

!

route-map pbr_map permit 20

!

interface GigabitEthernet0/0/0

IP address 192.168.1.1 255.255.255.0

ip policy route-map pbr_map

!

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Georg Pauwen · ‎01-14-2019

Hello,

post a schematic drawing of what you want to accomplish, including all the gateways you have, and indicate which traffic you want to get where under which condition...

TRACY HARTMANN · ‎01-14-2019

I am just adding another internet connection that i want to send a specific group of IP addresses out. However only the internet traffic so I thought we could make a specific subnet go out a different gateway of last resort.

I have a layer 3 switch with many Vlans . The gateway of last resort was going to the current internet. I want to leave that but send specific subnets to go to the new internet. Would that be better with a static route ?

paul driver · ‎01-14-2019

Hello

@TRACY HARTMANN wrote:

Sorry this won't work since I don't want all my traffic to go that next-hop. I need just traffic I don't have a route to so my gateway of last resort. What was suggested will send all my traffic to that hop.

For example I have ip address 10.20.0.1 and I have many routes to get anywhere but if there is not route I want my gateway of last resort for this ip address to go to a different gateway of last resort then what is configured by default.

PBR will do this for you - what i am saying is if you don't have any verification on this additional gateway then any traffic PBR'd towards this gateway will be blackholed if that gateway is lost, now if that's acceptable then @Georg Pauwen example would be applicable.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Jon Marshall · ‎01-15-2019

Use Georg's example but use -

"set ip default next-hop x.x.x.x"

which will use the routing table first but if there is no specific route ie. only a default route matches then it will use x.x.x.x as the next hop instead which I think is what you are after.

Jon

TRACY HARTMANN · ‎01-15-2019

This will work with the default in it thanks. Now how can I apply it? I see it more as a routing statement so do I put it under my EIGRP statement like

redistrubute static Last-resort ?

Jon Marshall · ‎01-16-2019

See the example given.

You apply it to the L3 interface whether the traffic is inbound to the device.

Jon

TRACY HARTMANN · ‎01-22-2019

Thanks for the help, tried to enter the commands last night and could not apply the ip policy to the interface. Looked up issues on it and it says I need ip routing on, which it is. Next it mentioned something about the SDM prefer . Right now this states desktop default. Do I need to change this to routing? If I do what does it affect, I don't want to break anything.

Tracy

Jon Marshall · ‎01-22-2019

Yes you need to enable the routing template and you will need a reboot of your device.

You should be fine to change it.

Jon

TRACY HARTMANN · ‎01-22-2019

Do you know if it changes the memory allocations?

TRACY HARTMANN · ‎01-22-2019

Also I noticed I have ip base do I need ip services?