04-27-2012 08:19 PM - edited 03-07-2019 06:23 AM
Hi any router expert,
I would like to ask the question about the Policy Base Routing.
At present, we have 3x Metroethernet to interconnected two main office. They are put into the same HSRP group. We have 3 VLANs on each office. One is for VoIP (10.105/106.x.x), One is for server farm (most server is on 173.105.x.x) , storage (one storage on each site are replicated on-demand which is handled by another computer) and user workstation (173.105/106.x.x), One is for email (10.5/6x.x, on-demand replication is going on). The internal interface of each of the circuit router is given with the IP 173.105/106.x.
One of the cirucits is designated for VoIP (10.5/6.x.x) only, another two are for data traffic (173.105/106.x.x). The main network equipmenet is connected to our L3 core switch. Recently, the circuits were sometimes saturated during peak hour. We found that the utilization significantly dropped when we stopped the replication. To relieve the problem, we are going to add one more Metroethernet circuit which is dedicated for replication traffic (storage on 173.105/106.x.x. and email server on 10.5/6.x.x).
If we are think of configuring the PDR to direct these replication traffic only to the new cirucit. We want the replication traffic can be held off and do not redirected to other circuits when the new circuit goes down. Until the circuit goes up again , the replication can resume.
We have the following doubts which I would like to ask for your advice:
1. Should I do the PDR on the core switch or on all the routers? Our vendor suggests us to apply the same PDR on the routers (to routing the replication traffic based on ip and tcp port to the new circuit).
2. Can PDR really do what we want that the replication traffic will not be redirected to others cirucits?
3. Can PDR differentiate the data traffic and the replication traffic on the same server and route to the corresponding cirucits?
4. If the new Metroethernet circuit goes down, the replication traffic will go to black hole, as the PBR next hop still shows up and PBR is still effective, but the path is actually down, is this true?
Please enlighten. Million thanks for your kind coaching in advance.
Anthony
05-01-2012 08:56 AM
Anthony,
Not an expert.
Here are (2) out of many links on Policy-Based Routing (PBR) from Cisco's site:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml
http://www.cisco.com/en/US/customer/products/ps6599/products_white_paper09186a00800a4409.shtml
Regarding your questions,
1. Should I do the PDR on the core switch or on all the routers? Our vendor suggests us to apply the same PDR on the routers (to routing the replication traffic based on ip and tcp port to the new circuit).
->Yes, put PBR on both the core switch and on the routers at each site. You can create policies to route based on a number of different criteria. Reading through some of the above documentation might help you decide which is best. Your vendor's suggestion to use IP and TCP port could work fine.
2. Can PDR really do what we want that the replication traffic will not be redirected to others cirucits?
-> Yes, PBR will redirect the traffic as you specify.
3. Can PDR differentiate the data traffic and the replication traffic on the same server and route to the corresponding cirucits?
-> Yes, PBR would be able to "split" the traffic coming from the same server, with data traffic going to one circuit and replication traffic out to another.
4. If the new Metroethernet circuit goes down, the replication traffic will go to black hole, as the PBR next hop still shows up and PBR is still effective, but the path is actually down, is this true?
-> Not sure what your intention is here. You can configure PBR to route after a failure whichever way you need. You can route it to a black hole, or you can configure a default interface that you can use when the primary circuit is down.
hth,
Dan
05-01-2012 10:58 PM
Policy-based routing basically means you can specify that if traffic is from/to a specific IP/port/etc, you can route it to a different gateway based on those parameters.
So if the traffic is from/to specific addresses and so forth, it should be a simple matter to force the traffic that way with PBR. You will need to put the PBR on any router that will be routing the traffic in question.
Andy
06-11-2012 05:47 AM
Hi there,
Thanks for your answer. After consideration, we are going to apply the PBR. I have another question regarding to the""route-map command". May I know if the sequence number at the end can be used with the dot number?
That is, route-map PBR_route permit 1.8.1.
Thank again.
Anthony
06-11-2012 06:01 AM
Anthony,
Nope. Using a sequence number with a decimal in it is not permitted. Positive whole numbers between 0 and 65535 only.
Dan
Sent from Cisco Technical Support iPhone App
06-20-2012 08:39 PM
Hi there,
Our storage team want to their disk-based backup servers' replication between two sites routed through the new link. The 5 DC servers will replicate the backup data to 1 WTC server. Therefore I added the access control list (at the bottom) into the previous PBR configuration as per attachment. Is it correct?
Please enlighten.
Thanks for your guidance.
Anthony
06-25-2012 08:16 AM
Anthony,
On the DC side,
maybe change the line
permit tcp 10.5.1.0 0.0.0.255 10.6.1.0 0.0.0.255 (Allow all ports forward)
to be
permit ip 10.5.1.0 0.0.0.255 10.6.1.0 0.0.0.255 (to be sure you don't miss anything)
and change the lines
permit tcp 173.105.1.202 255.255.255.255 173.106.1.202 255.255.255.255 (EMC RP)
permit tcp 173.105.1.204 255.255.255.255 173.106.1.204 255.255.255.255 (EMC RP)
to use the host key words, like you other lines. Makes it consistent and easier to read.
permit tcp host 173.105.1.202 host 173.106.1.202
permit tcp host 173.105.1.204 host 173.106.1.204
ALSO, your "set ip next-hop" is the same IP on each location. You should set this on each side to be the next hop IP towards the other side.
hth,
Dan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide