Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1407
Views
10
Helpful
17
Replies

PBR/Static routes or other? Help!

Go to solution
Ableton34
Level 1
Level 1

‎05-21-2015 05:19 AM - edited ‎03-05-2019 01:31 AM

Hi all,

After some advice, we have a project where I work to divert traffic across a back up link as a test.

Basically we have two campus sites with 2 links between them,a WAN link provided by standard ISP and a back up link direct between the 2 sites which is 1gb compared to the 100mb WAN.

 

We have been asked to come up with implementation to divert all traffic from campus 2 to campus 1 (core) on the back up link.

We are using EIGRP in the LAN to route all traffic currently over the WAN.

Now would I use PBR to push all traffic originating at campus 2 across the back up, would this be the best option? If so would the access list used be something like eg:

access-list 1 permit 192.168.10.0 0.0.0.255

route-map (name) permit 10

match ip address 1

set ip next-hop (ip address of the router at the campus 2 end of the back up link)

interface vlan 10

ip policy route-map (name)

 

Presumably if the back up link fails then normal EIGRP would resume and push traffic back over the WAN? Is this correct or do I need IP sla?

 

Or is there another way, the customer wants us to use routing priorities and supernets but I am not sure this is the way to go, simple PBR should do this right?

 

thanks in advance

Ableton

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ableton34

‎05-22-2015 04:08 AM

Steve

As long as PBR can tell the next hop has gone down it will then fall back to the routing table.

The issue is if PBR doesn't know the next hop is down and that depends on the topology of your network ie. if the backup link was literally a point to point so if the remote end went down so did the local end you wouldn't  need to track anything.

So it depends on your network and if you are testing simply by shutting the local port on the switch down that isn't necessarily going to work.

That would have been the advantage of using EIGRP on both links ie. with any dynamic routing if the link fails anywhere the neighborship is lost so the other link is automatically used.

If you weren't sharing a common vlan it would be relatively easy to use EIGRP.

Paul's suggestion above may work but if you want to use PBR then whether you need IP SLA depends on the actual network layout.

Jon

View solution in original post

17 Replies 17

Go to solution
vivek srivastava
Level 7
Level 7

‎05-21-2015 05:29 AM

What protocols you are using for two links i.e. WAN and backup link ?? 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎05-21-2015 05:36 AM

You generally use PBR when you need to route based on something other than the destination IP address.

However you are simply wanting to send all traffic over a certain link ie. you are still routing on destination IP so you just need to manipulate the routing metrics so the backup link is the preferred route.

You could use PBR but it wouldn't really be the right tool for the job.

Edit - unless you don't run a routing protocol over the backup link ?

In which case you could use PBR but it might be easier to just run EIGRP across the backup link as well and modify the metrics.

Jon

0 Helpful

Go to solution
Ableton34
Level 1
Level 1
In response to Jon Marshall

‎05-21-2015 05:54 AM

Hi Jon,

 

yes we do use EIGRP in the whole network including the back up link. So presumably the metrics get manipulated there and then also create some supernets for each of the subnets within campus 2?

 

thanks a lot

 

Steve

0 Helpful

Go to solution
Ableton34
Level 1
Level 1
In response to Ableton34

‎05-21-2015 05:57 AM

Could I use the admin distance or is that risky?

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ableton34

‎05-21-2015 06:00 AM

See previous post ie. the easiest is to advertise a summary on the main link.

Basically there are multiple ways to do this (including PBR), you just want to try and use the easiest.

Jon

0 Helpful

Go to solution
Ableton34
Level 1
Level 1
In response to Jon Marshall

‎05-21-2015 06:09 AM

I think the issue I will have Jon is that campus 2 is a flat network, only 1 subnet in use here for the whole campus. Obviously I wouldnt be able to advertise the more specific subnets as there arent any!

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ableton34

‎05-21-2015 06:13 AM

Okay.

Perhaps the easiest solution is simply to manipulate the metrics at either end so that the backup link is preferred.

Do both links terminate on the same router at each site ?

Jon

0 Helpful

Go to solution
Ableton34
Level 1
Level 1
In response to Jon Marshall

‎05-21-2015 06:19 AM

No, the ISP provides and manages the routers for the primary and we own the switches that terminate each end of the point to point back up link

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ableton34

‎05-21-2015 06:24 AM

So the switches are L3 switches ?

And you receive EIGRP routes from the ISP routers and via the backup link ?

If so it may be easiest to use delay on the interface connecting to the ISP router unless you have both the primary and backup links in a common vlan in which case that won't work.

If they are using L3 routed ports on the switches though it would.

Jon

0 Helpful

Go to solution
Ableton34
Level 1
Level 1
In response to Jon Marshall

‎05-21-2015 06:34 AM

ok thats a good start.

yes the back up link switches are L3 routed. and yes both primary and back up are in the same vlan.

EIGRP is  in use in the whole network, ISP and back up etc.

So you think a simple delay setting on the interface facing the ISP will influence campus 2 to send all traffic via the back up?

 

thanks

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ableton34

‎05-21-2015 10:09 AM

Steve

Apologies for the delay in replying, had to do something else.

If they are in the same vlan then no you can't use delay because they share the same L3 interface on the switch.

Adding delay to the L2 interfaces on the switch will do nothing.

And using a summary address is not an option either if there are sharing the same L3 SVI on the switch.

You may be able to do something with the distance command but perhaps PBR is the simplest solution after all.

Jon

 

 

0 Helpful

Go to solution
Ableton34
Level 1
Level 1
In response to Jon Marshall

‎05-22-2015 01:23 AM

Hi Jon,

We have discussed this and we think PBR will be the way to go. We do have other PBR in the network and this seems to work well routing the traffic that we require.

I do have another question on PBR itself. When we create the route maps, if the traffic was already routing on the back up link and for some reason the back up link failed. Presumably the normal EIGRP route selection would take place and the traffic would re-direct back over the WAN link? Or would we need IP SLA tracking to make sure of this?

The customer would want to make sure the traffic has a sure failover before we implement this and in testing I have seen EIGRP take over once a link fails but would IP SLA be more effective?

 

thanks a lot for all your help

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Ableton34

‎05-22-2015 04:08 AM

Steve

As long as PBR can tell the next hop has gone down it will then fall back to the routing table.

The issue is if PBR doesn't know the next hop is down and that depends on the topology of your network ie. if the backup link was literally a point to point so if the remote end went down so did the local end you wouldn't  need to track anything.

So it depends on your network and if you are testing simply by shutting the local port on the switch down that isn't necessarily going to work.

That would have been the advantage of using EIGRP on both links ie. with any dynamic routing if the link fails anywhere the neighborship is lost so the other link is automatically used.

If you weren't sharing a common vlan it would be relatively easy to use EIGRP.

Paul's suggestion above may work but if you want to use PBR then whether you need IP SLA depends on the actual network layout.

Jon

Go to solution
Ableton34
Level 1
Level 1
In response to Jon Marshall

‎05-22-2015 04:19 AM

Thanks Jon, yes it is point to point.

Ok great looks like we have a plan!

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card