cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
652
Views
5
Helpful
3
Replies

Policy based routing

khaled alodat
Level 1
Level 1

Hi ,

i hope that someone can help me with this .

im planning to configure a PBR on the core switch to route traffic coming from /24 subnet to a group of subnets the can be summarize 10.128.0.0/9 for traffic on port tcp/5900 only .

the process is simple , an access list that matches the traffic and assign it to route-map . here is the problem :

from what i know , in order to use set ip next-hop a route have to exist in the routing table .

in order to use ip default next-hop the routing table must not have a route that match the policed traffic.

the summery address 10.128.0.0/9 is to match ip addresses the fall in this range . to make my case more clear . the reason i will be suing PBR is that we do have conflict in IP addresses (cannot be resolved) all the traffic to 10.0.0.0/8 must have router A as a gateway and all 10.128.0.0/9 on port 5900 must have router B as a gateway.

the 10.0.0.0/8 is NOT listed as one subnet in the routing table . we have more than 15 routes that fall in the 10.0.0.0/8 .

 so there will be no exact match between 10.128.0.0/9 and any other route but a match will be there with a smaller subnet .

after all which command do i need to use the next-hop or the dafault next-hop

I hope the problem was clear enough .

Thanks,

Khaled

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

You need to use "set ip next-hop ...".

When you use this command the traffic is sent to the next hop IP before the routing table is consulted although the next hop IP does need to be valid. You are in effect overriding the routing table.  And from your description, this is exactly what you want ie. if the IP falls within that range then send it to a different next hop but it it doesn't then use the IP routing table.

Is this what you were asking ?

Jon

View solution in original post

3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

You need to use "set ip next-hop ...".

When you use this command the traffic is sent to the next hop IP before the routing table is consulted although the next hop IP does need to be valid. You are in effect overriding the routing table.  And from your description, this is exactly what you want ie. if the IP falls within that range then send it to a different next hop but it it doesn't then use the IP routing table.

Is this what you were asking ?

Jon

does it perform the next-hop even if there was no valid route for the required traffic in the routing table ? if yes , this is exactly what i need .

 i dont need the routing table to be involved in the decision . 

As far as I know yes it does because the routing table is not consulted as long as the next hop IP you have used is valid ie. there is a route to that in the routing table.

Jon

Review Cisco Networking for a $25 gift card