Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1066
Views
0
Helpful
2
Replies

Policy Based Routing Based on Source and Destination IP

Go to solution
Dan Man
Level 1
Level 1

‎02-17-2016 08:17 AM - edited ‎03-05-2019 03:21 AM

I have a question about policy based routing.  To preface my question, I want to give a small overview of our setup.

We have a campus spread over a 5 mile area, where we have 5 sites.  Site A, B, C, D, and E.  Site A is our main data center.  We have two internet egress points out of Site A, Provider 1 and Provider 2.  The other four sites connect back to site A over fiber, using L3 addressing for the links.  Each site has its own /20, broken down to multiple VLAN's.  Their default routes point back to our Site A.  What I'd like to do is point a specific VLAN(let's say VLAN 100 for each site), to only go out through Provider 2 while all other VLAN's go out through Provider 1 circuit.  I understand how to build the PBR, but my question is, where do I apply the PBR?  Would it be on each L3 link at the core switch where all the L3 fiber terminates at Site A?  Thanks in advance for your help. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-17-2016 09:54 PM

The PBR needs to be applied at the place where the egress is happening (towards the two providers), because you have to set the "next hop".  Only the egress device has access to the next hops.

Can the egress device see the original subnet addressing, or tell the subnets apart?  If the egress device is after firewall(s) so that the source is hidden, then you may need to configure the firewalls to NAT those subnets into a magic unique IP address that PBR can then match on.  It may also be possible to QoS mark the traffic, and then use PBR to match the QoS markings.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎02-17-2016 09:54 PM

The PBR needs to be applied at the place where the egress is happening (towards the two providers), because you have to set the "next hop".  Only the egress device has access to the next hops.

Can the egress device see the original subnet addressing, or tell the subnets apart?  If the egress device is after firewall(s) so that the source is hidden, then you may need to configure the firewalls to NAT those subnets into a magic unique IP address that PBR can then match on.  It may also be possible to QoS mark the traffic, and then use PBR to match the QoS markings.

0 Helpful

Go to solution
dheeraj.kavoor.nagesh
Level 1
Level 1
In response to Philip D'Ath

‎05-07-2018 11:42 PM

Can the PBR be applied based on source and destination pair ACL,

say for example users on the network 10.10.10.0/24 are trying to access 8.8.8.8  then can they be directed to specific ISP based on PBR

 

Thanks

Dheeraj

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card