Solved: Re: Route map configuration

johnny.schultz · ‎02-02-2010

I am creating a route map to enable us to specify the direction of outoing traffic on our router with 2 BGP sessions to our providers. Basically I want to direct our voice traffic out provider A and the rest of our traffic out provider B. Our voice is basically coming from 2 subnets and I'm using an ACL based on that to direct it out that provider. I just want to make sure I have the route map configured in a way to direct "everything else" out provider B. Currently I have the route map setup to match based on ACLs and send traffic out providers A and B based on those ACLs, however, I need to change it to match an ACL, send it to provider A, and then send everything else out provider B. I'm thinking I can just change my ACL 130 to match 0.0.0.0 255.255.255.255 since that will match everything after the 120 ACL. I just want to make sure I have this setup correctly before I put this into production since I don't want any trial and error. Here is what I have:

interface GigabitEthernet0/3
description Primary LAN Interface
ip policy route-map outbound

!

access-list 120 remark Filter for outbound to A
access-list 120 permit ip X.X.176.0 0.0.1.255 any
access-list 120 permit ip X.X.184.0 0.0.1.255 any
access-list 130 remark Filter for outbound to B
access-list 130 permit ip 0.0.0.0 255.255.255.255 any
!

route-map outbound permit 10
description force traffic to A
match ip address 120
set ip next-hop A.A.A.A
!
route-map outbound permit 20
description force traffic to B
match ip address 130
set ip next-hop B.B.B.B
!

Thanks in advance for any help.

Giuseppe Larosa · ‎02-02-2010

Hello Johnny,

you can remove the match ip address 130 in second route-map block it is not needed

or you can write a correct ACL like

access-list 130 permit ip any any

you could even remove the whole second block if you give preference to ISPB in BGP

router bgp yourASN

neigh ISPB-ipaddress weight 5000

Hope to help

Giuseppe

View solution in original post

Jon Marshall · ‎02-02-2010

johnny.schultz wrote:

I am creating a route map to enable us to specify the direction of outoing traffic on our router with 2 BGP sessions to our providers. Basically I want to direct our voice traffic out provider A and the rest of our traffic out provider B. Our voice is basically coming from 2 subnets and I'm using an ACL based on that to direct it out that provider. I just want to make sure I have the route map configured in a way to direct "everything else" out provider B. Currently I have the route map setup to match based on ACLs and send traffic out providers A and B based on those ACLs, however, I need to change it to match an ACL, send it to provider A, and then send everything else out provider B. I'm thinking I can just change my ACL 130 to match 0.0.0.0 255.255.255.255 since that will match everything after the 120 ACL. I just want to make sure I have this setup correctly before I put this into production since I don't want any trial and error. Here is what I have:

interface GigabitEthernet0/3
description Primary LAN Interface
ip policy route-map outbound

!

access-list 120 remark Filter for outbound to A
access-list 120 permit ip X.X.176.0 0.0.1.255 any
access-list 120 permit ip X.X.184.0 0.0.1.255 any
access-list 130 remark Filter for outbound to B
access-list 130 permit ip 0.0.0.0 255.255.255.255 any
!

route-map outbound permit 10
description force traffic to A
match ip address 120
set ip next-hop A.A.A.A
!
route-map outbound permit 20
description force traffic to B
match ip address 130
set ip next-hop B.B.B.B
!

Thanks in advance for any help.

Johnny

Bear in mind that if there is no match in the acl attached to the route-map then the traffic is routed normally by consulting the routing table. So if all traffic is to go to provider B except voice the easiest thing to do is -

1) have a default static route pointing to provider B ie.

ip route 0.0.0.0 0.0.0.0

2) then just have the first entry for your route-map ie.

access-list 120 remark Filter for outbound to A
access-list 120 permit ip X.X.176.0 0.0.1.255 any
access-list 120 permit ip X.X.184.0 0.0.1.255 any

route-map outbound permit 10
description force traffic to A
match ip address 120
set ip next-hop A.A.A.A

Jon

View solution in original post

Giuseppe Larosa · ‎02-02-2010

Hello Johnny,

you can remove the match ip address 130 in second route-map block it is not needed

or you can write a correct ACL like

access-list 130 permit ip any any

you could even remove the whole second block if you give preference to ISPB in BGP

router bgp yourASN

neigh ISPB-ipaddress weight 5000

Hope to help

Giuseppe

Jon Marshall · ‎02-02-2010

johnny.schultz wrote:

I am creating a route map to enable us to specify the direction of outoing traffic on our router with 2 BGP sessions to our providers. Basically I want to direct our voice traffic out provider A and the rest of our traffic out provider B. Our voice is basically coming from 2 subnets and I'm using an ACL based on that to direct it out that provider. I just want to make sure I have the route map configured in a way to direct "everything else" out provider B. Currently I have the route map setup to match based on ACLs and send traffic out providers A and B based on those ACLs, however, I need to change it to match an ACL, send it to provider A, and then send everything else out provider B. I'm thinking I can just change my ACL 130 to match 0.0.0.0 255.255.255.255 since that will match everything after the 120 ACL. I just want to make sure I have this setup correctly before I put this into production since I don't want any trial and error. Here is what I have:

interface GigabitEthernet0/3
description Primary LAN Interface
ip policy route-map outbound

!

access-list 120 remark Filter for outbound to A
access-list 120 permit ip X.X.176.0 0.0.1.255 any
access-list 120 permit ip X.X.184.0 0.0.1.255 any
access-list 130 remark Filter for outbound to B
access-list 130 permit ip 0.0.0.0 255.255.255.255 any
!

route-map outbound permit 10
description force traffic to A
match ip address 120
set ip next-hop A.A.A.A
!
route-map outbound permit 20
description force traffic to B
match ip address 130
set ip next-hop B.B.B.B
!

Thanks in advance for any help.

Johnny

Bear in mind that if there is no match in the acl attached to the route-map then the traffic is routed normally by consulting the routing table. So if all traffic is to go to provider B except voice the easiest thing to do is -

1) have a default static route pointing to provider B ie.

ip route 0.0.0.0 0.0.0.0

2) then just have the first entry for your route-map ie.

access-list 120 remark Filter for outbound to A
access-list 120 permit ip X.X.176.0 0.0.1.255 any
access-list 120 permit ip X.X.184.0 0.0.1.255 any

route-map outbound permit 10
description force traffic to A
match ip address 120
set ip next-hop A.A.A.A

Jon

johnny.schultz · ‎02-02-2010

Jon:

The only issue with falling back to the routing table is that there are routes to both providers in the routing table if the traffic does not match the ACL. We want *all* traffic to go to B if it is not matched in the route map for provider A. Do I still need to use the route map to get the remainder of the traffic to provider B? I know this kind of doesn't make sense since we are overrididing the BGP routes, but this is what I am being asked to do. Thanks for your help.

Jon Marshall · ‎02-02-2010

johnny.schultz wrote:

Jon:

The only issue with falling back to the routing table is that there are routes to both providers in the routing table if the traffic does not match the ACL. We want *all* traffic to go to B if it is not matched in the route map for provider A. Do I still need to use the route map to get the remainder of the traffic to provider B? I know this kind of doesn't make sense since we are overrididing the BGP routes, but this is what I am being asked to do. Thanks for your help.

Johnny

If you need to override the routing table for provider B traffic as well then yes you will need that second acl to match all the other traffic, as Giuseppe mentioned a "permit ip any any" will do the trick.

Jon

Giuseppe Larosa · ‎02-02-2010

Hello Johny,Jon

increasing the neighbor weight under BGP could be an alternate solution ?

probably not if provider A provides specific routes that are not provided by ISPB, that is a case of partial BGP tables.

if so using the second route-map block is needed to satisfy this requirement

I understand management they want to send voip traffic on one path and data on the other one.

And the return path?

Hope to help

Giuseppe

johnny.schultz · ‎02-02-2010

The return path is provided by advertising the prefixes to the 2 providers.

I was also thinking instead about putting a route map on the outgoing interface of the voice provider, matching the voice, setting something like IP precedence to 5, then making a second statement to set the next-hop to the data provider. That would work just as well right?

-Johnny

Giuseppe Larosa · ‎02-02-2010

Hello Johnny,

you can add the set ip precedence 5 in the same PBR route-map in the first block

marking VoIP traffic is right and helps provider in providing QoS.

Hope to help

Giuseppe

Jon Marshall · ‎02-02-2010

johnny.schultz wrote:
The return path is provided by advertising the prefixes to the 2 providers.
I was also thinking instead about putting a route map on the outgoing interface of the voice provider, matching the voice, setting something like IP precedence to 5, then making a second statement to set the next-hop to the data provider.  That would work just as well right?
-Johnny

Johnny

You can't apply PBR to an outgoing interface, it has to be on an ingress interface.

Jon

johnny.schultz · ‎02-02-2010

Thank you to John and Guislar for your responses, you both have helped me to resolve my issue.

-Johnny

johnny.schultz · ‎02-03-2010

I have created the route map with the default route, however packets are still taking the BGP routes that are in the system. What is the best way to override the BGP routes so that packets will take the route specified in the default route and route map?

Giuseppe Larosa · ‎02-03-2010

Hello Johnny,

if you have implemented the second block in the route-map with set ip next-hop B.B.B.B it should work.

if with moderate traffic you can use

debug ip policy

to see why the PBR is not triggered

note:

without second block most specific routes are used first and default route towards B.B.B.B is used only if no specific route exists for packet destination.

Hope to help

Giuseppe