Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1000
Views
10
Helpful
8
Replies

Policy Based Routing for Zerto

AnthonySMillsIT
Level 1
Level 1

‎11-02-2020 12:41 PM

At our DR branch we have two ISPs running currently. I am trying to get all the Zerto traffic to go on one ISP and everything else to go to the other. I have attached the Packet Tracer picture to see the topology. I have never done PBR before but talking with Cisco has lead me down this path, unfortunetly the engineer I have is unable or unwilling to help me with the actual configuration so I'm trying to watch some free CBT Nuggets to see what I can do. This is what I have so far:

 

Create ACL

#IP access-List Extended Match-Zerto-ACL

#permit ip 10.100.10.131 255.255.255.255 any

#permit ip 10.100.10.132 255.255.255.255 any

#permit ip 10.100.10.133 255.255.255.255 any

#permit ip 10.100.10.134 255.255.255.255 any

#exit

If I am correct this creates the list of allowed IPs to apply to the PBR, this would be our Zerto server and the Z-VRAs that we have on each ESX server. I am unsure here if I want IP, UDP, or TCP. To be safe I guess I could go back and permit each one for all three. This is my first question.

 

Then create the Route Map

#route-map Zerto-QX permit 10

#match ip address Match-Zerto-ACL

#set ip next hop 10.213.0.199

#exit

This one seems simple enough. I think this is all I need to add on this one. If not please let me know.

 

Then apply the PBR to an interface. 

#int gig0/0/0

#ip policy route map Zerto-QX

#end

This is my second question. As we have a single in and out on this router to a switch I am unsure if it would work as I know you are supposed to apply to the closest interface to the device. I supposed I would just have to apply this to the only interface we have and see what happens.

 

Could anyone give a little advice on any of this?

Labels:
Preview file
57 KB
0 Helpful
8 Replies 8

paul driver
VIP
VIP

‎11-02-2020 04:12 PM

Hello

At our DR branch we have two ISPs running currently. I am trying to get all the Zerto traffic to go on one ISP and everything else to go to the other.

Your configuration looks okay however you could specify, but you don’t have too "host" in the acl when you wish for a certain device to be called and when you apply PBR you usually apply the policy on the L3 interface of traffic originating from that interface that you want to policy route, but looking at your topology I cannot see what device or interface this will be, but you do have the correct syntax to policy route those hosts

 

example of alternative acl:
ip access-list extended PBR-ACL
permit ip host 10.100.10.131 any
permit ip host 10.100.10.132 any
permit ip host 10.100.10.133 any
permit ip host 10.100.10.134 any


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

AnthonySMillsIT
Level 1
Level 1
In response to paul driver

‎11-02-2020 05:58 PM

So what you are saying is that the ACL that you have would allow TCP and UDP? The layer 3 device is the Cyn Rtr, On the way in they usually bypass it but on the way out the computers always hit that router. So I guess I just enable it on that single interface?

0 Helpful

paul driver
VIP
VIP
In response to AnthonySMillsIT

‎11-03-2020 12:09 PM

Hello

Yes Ip = udp & tcp

 

As for where to apply it the polciy do you have a simplified topology showing both the ISP rtrs and your site rtr and an subnets


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

AnthonySMillsIT
Level 1
Level 1
In response to paul driver

‎11-04-2020 05:49 AM

I am unsure what all you would need to see. Our setup is pretty barebones out there. Vlan 1 is default and voice is on vlan 100.

Preview file
117 KB

paul driver
VIP
VIP
In response to AnthonySMillsIT

‎11-04-2020 11:55 AM

Hello

It looks like the rtr and the ISPs are in the same subnet, and you dont have any internal Lan interface which is very unusual, is this a production topology or a lab?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

AnthonySMillsIT
Level 1
Level 1
In response to paul driver

‎11-04-2020 12:20 PM

This is a production topology I inherited. It is very unusually and the only one of our branches that are configured that way. I had never seen a setup like that before starting here either.

0 Helpful

paul driver
VIP
VIP
In response to AnthonySMillsIT

‎11-04-2020 03:39 PM

Hello

Can you post the config of the rtr in a file and attach it to this post please.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

AnthonySMillsIT
Level 1
Level 1
In response to paul driver

‎11-05-2020 05:23 AM

Added

Preview file
9 KB
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card