Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
510
Views
0
Helpful
4
Replies

Policy based Routing

Go to solution
Mokhalil82
Level 4
Level 4

‎08-26-2015 12:01 PM - edited ‎03-08-2019 01:32 AM

Hi

I am wondering if I am on the right lines with this config. When I receive packets on my router from certain subnets, instead of following the default route, I want them to be sent to the next hop of 10.10.50.1 which is on interface G0/2. I have prepared the following config.

ip access-list extended TEST_SUBNETS

permit ip 10.10.10.0 0.0.0.255 any

permit ip 10.10.20.0 0.0.0.255 any

permit ip 10.10.30.0 0.0.0.255 any

 

Route-map REDIRECT_SUBNET permit 10

match ip address TEST_SUBNET

set ip default next-hop 10.10.50.1

 

Interface G0/1

ip policy route-map REDIRECT_SUBNET

 

Thanks

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎08-26-2015 12:45 PM

Hello

Looks like you are .

However my understanding of PBR is the default next hop command looks in the rib first and if  any matches are found then the prefixes wont be policy routed.

I would change that to set ip next-hop and add some resilency to PBR  through verifying a tracked destination which is reachable via the defined nexthop,  and if it goes down then the next hop wont be considered has reachable.
 

ip sla 10
icmp-echo x.x.x.x( tracked destination)
frequency 5
ip sla schedule 10 life forever start-time now


track 1 sla 10 reachability

 

Route-map REDIRECT_SUBNET permit 10
match ip address TEST_SUBNET
set ip next-hop verify-availability 10.10.50.1 1 track 1

res

Paul

 

 

.

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎08-26-2015 04:19 PM

Just to clarify -

"set ip next-hop x.x.x.x"  means, as Paul says, use the specified next hop before looking into the IP routing table.

"set ip default next-hop x.x.x.x" means look into the IP routing table first and if there is a matching route, then use that.

However the default route does not count as a matching route ie. there must be a more specific route.

So if you use "set ip next-hop .."  then that means all traffic is sent to the next hop IP including any traffic for other vlans within your network.

If you want traffic between your internal vlans to be routed normally then you should use what you were originally going to use ie. "set ip default next-hop x.x.x.x" because then traffic between internal vlans will use the routing table and any traffic for destinations that do not have a specific route ie. they would normally use the default route, will be policy routed.

From your original description I believe that is what you want to happen.

Jon

View solution in original post

0 Helpful
4 Replies 4

Go to solution
paul driver
VIP
VIP

‎08-26-2015 12:45 PM

Hello

Looks like you are .

However my understanding of PBR is the default next hop command looks in the rib first and if  any matches are found then the prefixes wont be policy routed.

I would change that to set ip next-hop and add some resilency to PBR  through verifying a tracked destination which is reachable via the defined nexthop,  and if it goes down then the next hop wont be considered has reachable.
 

ip sla 10
icmp-echo x.x.x.x( tracked destination)
frequency 5
ip sla schedule 10 life forever start-time now


track 1 sla 10 reachability

 

Route-map REDIRECT_SUBNET permit 10
match ip address TEST_SUBNET
set ip next-hop verify-availability 10.10.50.1 1 track 1

res

Paul

 

 

.

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Mokhalil82
Level 4
Level 4
In response to paul driver

‎08-26-2015 01:05 PM

Hi Paul

Thanks for verifying that, guess il use ip next hop. I have used ipsla before but not with a pbr so thats excellent advice, il be using ipsla as well then with my pbrs :-)

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎08-26-2015 04:19 PM

Just to clarify -

"set ip next-hop x.x.x.x"  means, as Paul says, use the specified next hop before looking into the IP routing table.

"set ip default next-hop x.x.x.x" means look into the IP routing table first and if there is a matching route, then use that.

However the default route does not count as a matching route ie. there must be a more specific route.

So if you use "set ip next-hop .."  then that means all traffic is sent to the next hop IP including any traffic for other vlans within your network.

If you want traffic between your internal vlans to be routed normally then you should use what you were originally going to use ie. "set ip default next-hop x.x.x.x" because then traffic between internal vlans will use the routing table and any traffic for destinations that do not have a specific route ie. they would normally use the default route, will be policy routed.

From your original description I believe that is what you want to happen.

Jon

0 Helpful

Go to solution
Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎08-27-2015 07:14 AM

At this point I wanted to the subnets to be routed to the next hop without looking at the RIB so ip next-hop will do for me. These are test users that need to be hitting a different gateway and not have access to local resources. 

 

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card