cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5347
Views
0
Helpful
9
Replies

connect to 2 ISP using route-map

dannan lin
Level 1
Level 1

hi:

i have a following  scenario.

2012-06-21_155538.jpg

both R2 and R3 act as ISPs. and R1 as company gateway router ,R4 as normal PCs.

R2 and R3 have same loopback interfaces with ip address 5.5.5.5 /24(emulate internet)  .

requirement :

1. traffic which  is sourced from 10.10.10.0/24 must go through s0/0 at R1

2. traffic from 20.20.20.0/24 must go through s0/1 at R1

here is what i have done

R1(config)#do show ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, Serial0/0

     2.0.0.0/24 is subnetted, 1 subnets

C       2.2.2.0 is directly connected, Serial0/1

     3.0.0.0/24 is subnetted, 1 subnets

C       3.3.3.0 is directly connected, FastEthernet1/0

     20.0.0.0/24 is subnetted, 1 subnets

S       20.20.20.0 [1/0] via 3.3.3.3

     10.0.0.0/24 is subnetted, 1 subnets

S       10.10.10.0 [1/0] via 3.3.3.3

S*   0.0.0.0/0 is directly connected, Serial0/0

               is directly connected, Serial0/1   /* i used default route to connect to 5.5.5.5.

Access lists

R1(config)#do show access-list

Standard IP access list 1

    10 permit 10.10.10.0, wildcard bits 0.0.0.255

Standard IP access list 2

    10 permit 20.20.20.0, wildcard bits 0.0.0.255

Route-map


R1(config)#do show route

route-map ISP_R3, permit, sequence 20

  Match clauses:

    ip address (access-lists): 2

  Set clauses:

    interface Serial0/1

  Policy routing matches: 0 packets, 0 bytes

route-map ISP_R2, permit, sequence 10

  Match clauses:

    ip address (access-lists): 1

  Set clauses:

    interface Serial0/0

  Policy routing matches: 0 packets, 0 bytes

i applied two policies on both serial links.

interface Serial0/0

ip address 1.1.1.1 255.255.255.0

ip policy route-map ISP_R2

serial restart-delay 0

!        

interface Serial0/1

ip address 2.2.2.2 255.255.255.0

ip policy route-map ISP_R3

serial restart-delay 0

!        

interface Serial0/2

no ip address

shutdown

serial restart-delay 0

!        

interface Serial0/3

no ip address

shutdown

serial restart-delay 0

!        

interface FastEthernet1/0

ip address 3.3.3.1 255.255.255.0

duplex auto

speed auto

!        

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 Serial0/0

ip route 0.0.0.0 0.0.0.0 Serial0/1

ip route 10.10.10.0 255.255.255.0 3.3.3.3

ip route 20.20.20.0 255.255.255.0 3.3.3.3

!        

!        

!        

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 2 permit 20.20.20.0 0.0.0.255

!        

route-map ISP_R3 permit 20

match ip address 2

set interface Serial0/1

!        

route-map ISP_R2 permit 10

match ip address 1

set interface Serial0/0

i have no ideas what's wrong with this setup. the route-map did not work.

below is trace route output

R4(config)#do trace 5.5.5.5 source 20.20.20.20

Type escape sequence to abort.

Tracing the route to 5.5.5.5

  1 3.3.3.1 36 msec 20 msec 24 msec

  2 2.2.2.22 48 msec

*Mar  1 01:35:35.403: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:35:35.427: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:35:35.455: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:35:35.503: ICMP: dst (20.20.20.20) port unreachable rcv from 2.2.2.22 *  48 msec

R4(config)#

*Mar  1 01:35:38.551: ICMP: dst (20.20.20.20) port unreachable rcv from 2.2.2.22

R4(config)#do trace 5.5.5.5 source 10.10.10.10                              

Type escape sequence to abort.

Tracing the route to 5.5.5.5

  1 3.3.3.1 52 msec 24 msec 20 msec

  2 2.2.2.22 48 msec

*Mar  1 01:37:17.351: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:37:17.379: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:37:17.399: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:37:17.447: ICMP: dst (10.10.10.10) port unreachable rcv from 2.2.2.22 *  56 msec

ping 5.5.5.5 had no problems but why did both traffic go through 2.2.2.22 ?

i have no ideas what's wrong with this setup. the route-map just did not work.

I hope some one could help me out here.

thank you in advance.

3 Accepted Solutions

Accepted Solutions

bava_ccna
Level 1
Level 1

Hi,

You have to apply the policy in the ingress interface of R1 (i.e fa1/0) and also you don't need two different route-map for acheiving this. Match the access-list in two different sequence of the same route-map and assign a different next-hop for each matching criteria..

-HTH

bava

View solution in original post

Hi Dannan,

route-maps are sequenced, like access lists. use the Same Name and different sequence numbers to apply different Match/Set clauses. and remeber there is an implicit Deny at the end of the route-map, just like access-lists.

plz Rate if it helped,

Soroush.

Hope it Helps!

Soroush.

View solution in original post

Hi,

No need for an empty permit clause at the end in a route-map used for PBR because the denied traffic will just simply routed based on the RIB.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

9 Replies 9

cadet alain
VIP Alumni
VIP Alumni

Hi,

the PBR policy must be applied to f0/1 interface of R3 not on the serials as it must be applied on the ingress interface of the source.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

thanks for your quick reply, i am still  new to policy routing. if i have to apply the policy on f0/1, how am i supposed to do that? everytime i wrote an ip policy , the new one overwrote the older one.  i thought one interface can have a only one route map policy applied.

much appreciated.

Hi,

Look at Bava's answer: you only need one route-map but with multiple clauses.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi Dannan,

route-maps are sequenced, like access lists. use the Same Name and different sequence numbers to apply different Match/Set clauses. and remeber there is an implicit Deny at the end of the route-map, just like access-lists.

plz Rate if it helped,

Soroush.

Hope it Helps!

Soroush.

thanks . i will try that.

Hi,

No need for an empty permit clause at the end in a route-map used for PBR because the denied traffic will just simply routed based on the RIB.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

bava_ccna
Level 1
Level 1

Hi,

You have to apply the policy in the ingress interface of R1 (i.e fa1/0) and also you don't need two different route-map for acheiving this. Match the access-list in two different sequence of the same route-map and assign a different next-hop for each matching criteria..

-HTH

bava

thanks for your help,i will try that later.

dannan lin
Level 1
Level 1

it worked, thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: