Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1077
Views
0
Helpful
5
Replies

Policy Based Routing

Go to solution
Alain Desnoyers
Level 1
Level 1

‎03-02-2011 07:55 AM - edited ‎03-04-2019 11:37 AM

We have a Data Center that has 2 routers, 1 Router is connected to an MPLS ISP network and the other router is connected to an Internet ISP, we use an IPSEC tunnel across the Internet ISP for a backup for our main MPLS ISP connection. We have a branch site configured the same way, 1 router conencted to an MPLS ISP and another router connected to an Internet ISP. All the routers are running BGP. Router 1 and 2 at each site are IBGP peers.

The MPLS connection at the Branch office is relatively low at 2M whereas the Internet connection is at 100M. We want to take advantage of the Internet connection to direct "Interesting" traffic such as FTP for example, out the Internet connection so that it doesnt chew up all the 2M MPLS bandwidth, but we want to insure that the return path is via the Internet connection as well. We want to be able to apply this to other sites that have larger Internet connections compared to their MPLS.

What is the best and least complicated way to accomplish this. I was thinking PBR using route maps, perhaps even Reverse Route Injection. I am just not sure how to put this into a configuration. We just want to avoid having to keep making changes to the HUB site everytime we want to implement this setup for additional Branch offices.

We have a simple backup plan in the meantime but we want to explore if there is a more effecient way to do it.

The backup plan would involve nating the "interesting" traffic at the Internet router at the Branch office and having a static route at the Internet router at the Hub site pointing to the nated address block. I am not sure if I have to whole picture here. Any help would be appreciated. I can create a diagram if needed.

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
IAN WHITMORE
Level 4
Level 4
In response to Alain Desnoyers

‎03-04-2011 12:14 AM

But you can apply the route map to an SVI. Maybe you have valn interfaces you can apply it to?

View solution in original post

0 Helpful
5 Replies 5

Go to solution
IAN WHITMORE
Level 4
Level 4

‎03-03-2011 12:43 AM

PBR is probably your best bet because you can classify the traffic you want and add/remove as you wish.

First you would create access-lists to classify the traffic.

#access-list 100 permit any any range 21 22 --> match ftp traffic

Create your route map.

#route-map myMap permit 10

#match ip address 100

#set ip next-hop x.x.x.x (there are other options available)

#route-map myMap permit 20

Then apply to your interface.

#ip policy route-map myMap

Here's an example. There are many on google and in this forum.

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml

HTH,

Ian

0 Helpful

Go to solution
Alain Desnoyers
Level 1
Level 1
In response to IAN WHITMORE

‎03-03-2011 06:09 AM

Thanks, was thinking of using the set ip next-hop verify-availability command to have the route map route that traffic only if a defined tracking object is up. The question I have is does the tracking object have to be the actual next hop or can it be any other interface on any other router. In other words I want to have the traffic use a  next hop of let's say 10.10.10.1 but I want the route map to send the packets to that 10.10.10.1 next hop ONLY if the tracked object is up (the tracked object being let's say 198.168.0.1)

Thanks

0 Helpful

Go to solution
Alain Desnoyers
Level 1
Level 1
In response to Alain Desnoyers

‎03-03-2011 07:39 AM

Just realized I have an issue. The router (layer 3 3750G) connects to a 2811 (Internet Router) as well as a to another 2811 (MPLS WAN Router). I cannot assign a route-map on the 3750 as this is where all the LAN traffic originates therefore I cannot assign a route-map to any interfaces since from what I read is route maps for PBR are assigned to interfaces where the traffic is entering. Which means I need to create the PBR on the MPLS WAN Router since all traffic is entering this router as per routing protocols. So my dilema is now my next hop to the Internet Router is now 2 hops away (from the MPLS WAN it has to go to the 3750 and then from the 3750 to the Internet router. How would I get the ftp traffic to ultimately hit the desired next hop of the Internet Router using PBR. If I do nothing on the 3750 it will just send that ftp traffic back to the MPLS WAN router in eseence creating a loop.

Thanks

0 Helpful

Go to solution
IAN WHITMORE
Level 4
Level 4
In response to Alain Desnoyers

‎03-04-2011 12:14 AM

But you can apply the route map to an SVI. Maybe you have valn interfaces you can apply it to?

0 Helpful

Go to solution
Alain Desnoyers
Level 1
Level 1
In response to IAN WHITMORE

‎03-09-2011 08:47 AM

I was wondering if as an alternative to applying the route map to a vlan

interface, if using the following would be good. Docs mention that it's used when traffic is generated by the router itself, what if I have more than 1 vlan that traffic will be sourced from, would it make sense to apply a route-map to each vlan interface as needed or just enter the command below. Just not sure if traffic from the vlan interface on the router is considered as being generated by the router.

ip local policy route-map

Thanks

0 Helpful
Customers Also Viewed These Support Documents