Policy-Based Routing

balbeer.singh84 · ‎01-01-2013

Hello friends,

Happy New Year.

Please help me to understand the below :

•1. In my router I have two tunnels, Tunnel1 & Tunnel2. I have created a route-map named as “SMTP” to forward the traffic of port 25 (SMTP) through the Tunnel1 & if this is not available, the traffic may go through Tunnel2. I have applied this route-map in the inbound (LAN facing toward the internal network) interface.

•2. I have created another route-map named as “PBR” which will forward rest of the traffic through ISP1 if available, else it will forward the traffic through ISP2. I have applied this route-map “PBR” as global policy (IP LOCAL POLICY ROUTE-MAP PBR).

Now, please let me know,

•a. How the route-map “SMTP” & “PBR” will action? How both of these route-maps will get the preference?
•b. How my traffic of port 25 (SMTP) will be forwarded?
•c. How the traffic other than port 25 will be forwarded?

Looking forward for your kind response.

-Balbeer Singh.

shamax_1983 · ‎01-02-2013

Hi Balbeer,

Though you have 2 ISPs, you will have to have just 1 ISP as your default gateway at any given time.. That is, if you check your routing table, you should see only one default route and thats the path your normal traffic would take ( ei your "rest of the traffic"). As for the SMTP traffic, it will take the tunnel specified, but here the tricky part is to make sure the tunnels are tied to the proper ISP link. When the tunnels establish, they should use the correct ISP link for replying packets for the tunnel negotiation.. Because in this case, the packets leaving the router for the tunnel negotiation will be just normal traffic.

otherwise you'll run in to weird IPsec errors or when there is ISP fall back, your tunnels might not behave as expected..

hope this helps

mahmoodmkl · ‎01-02-2013

Hi,

In addition you can refer to below link.

https://supportforums.cisco.com/docs/DOC-8313

Thanks

Rahul Kukreja · ‎01-02-2013

In my opinion your config looks like following -

ip access-list ex 110
permit any any eq smtp

ip access-list ex 120
deny any any eq smtp
permit any any

route-map SMTP permit 10
match ip add 110
set interface tunnel 1 tunnel 2

route-map PBR permit 10
match ip add 120
set ip next-hop ISP1-physical-ip ISP2-physical-ip

int LAN
ip policy route-map SMTP

ip local policy route-map PBR

With the above configuration -

How the route-map “SMTP” & “PBR” will action? How both of these route-maps will get the preference?

>>> SMTP route-map will be checked only for the traffic coming in on LAN Interface.

>>> PBR route-map will be checked only for the traffic generated by the ROUTER as it applied locally on Router.

How my traffic of port 25 (SMTP) will be forwarded?

>>> Thr traffic coming from users in LAN will follow the PBR applied in the route-map SMTP and will go over tunnel 1 if available.

How the traffic other than port 25 will be forwarded?

>>> The traffic coming from users in in LAN other than SMTP will fall back to the RIB, and will be routed based on the routing table.

You may taked a look at the following links -

Sequence of operations when traffic comes in -
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml

Also based on the local PBR which is applied, so all the traffic generated by the Router will be sent to the ISP1 first.

- HTH
Rahul