11-28-2008 07:39 AM - edited 03-06-2019 02:43 AM
Hello there,
I have a question about implementing Policy Based Routing on a 7301 router which is being used as a LB (ip slb).
Currently, traffic is being sent to the farms and there are several static routes which make sure the traffic is routed correctly.
Now, I want traffic with specific destination ports to be routed to a specific next hop(router) and not to be sent to the farms.
So, I thought to create a access list for each destination port and then use route-map to send to the next hop.
But, there few things that aren't clear to me.
How can I make sure that the traffic which doesn't match the access list will be routed as being routed right now?
How will the packet travel through the stuck?
First it goes to slb stuck and then the access list is applied or the other way around?
Since the access list is applied on the inbound interface, I think first the access list is applied.
I hope I am clear,
Pavlos
11-28-2008 07:11 PM
hi
lets take this simple example
in this example we will route all traffic coming from 192.168.0.0/24 to any destination useing http we will send it to next hop 10.1.1.1
access-list 100 permit tcp 192.168.0.0 0.0.0.255 any eq 80
route-map map1 permit 10
match ip address 100
set next hope 10.1.1.1
route-map map1 permit 20
now apply it in the inbound interface
the line :
route-map map1 permit 20
will help you to make sure that any other traffic will be routed as normal
good luck
hope this helps
11-29-2008 03:44 PM
Hi,
In this http://www.cisco.com/warp/public/732/Tech/plicy_wp.htm the following is mentioned
The route map statements can also be marked as permit or deny. If the statement is marked as a deny, the packets meeting the match criteria are sent back through the normal forwarding channels (in other words, destination-based routing is performed). Only if the statement is marked as permit and the packets meet the match criteria are all the set clauses applied. If the statement is marked as permit and the packets do not meet the match criteria, then those packets are also forwarded through the normal routing channel.
So, I think I don't need the last permit. But I am not sure. I think I have to play around in order to see how it works.
Furthermore, I am a bit confused about the difference between set ip next-hop and set ip default next-hop.
the following is mentioned.
The set ip next-hop and set ip default next-hop commands are similar but have a different order of operation. Configuring the set ip next-hop command causes the system to use policy routing first and then use the routing table. Configuring the set ip default next-hop causes the system to use the routing table first and then policy-route the specified next hop.
I can't understand how a packet will be routed when I have set ip next-hop A and there is route for the destination network of the packet which routes the packets to B.
According to the above the policy routing is used first so the packet will be routed to A.
But, if I have set ip default next-hop A and there is a route for the destination network of the packet which routes the packets to B, the packet will be routed to B because the routing table is used first.
Did I get it right?
Thank you very much for your reply, I am very much appreciated
Pavlos
11-29-2008 06:10 PM
Hi,
I setup 4 routes with 8 networks and used rip2 for routing. I configured my PBR
like this
interface Serial0/0
bandwidth 128
ip address 192.168.1.14 255.255.255.252
ip policy route-map telnet
no fair-queue
!
interface FastEthernet0/1
ip address 192.168.4.30 255.255.255.240
duplex auto
speed auto
!
interface Serial0/1
bandwidth 128
ip address 192.168.1.17 255.255.255.252
clockrate 128000
!
router rip
version 2
network 192.168.1.0
network 192.168.4.0
!
access-list 100 permit tcp any any eq telnet
route-map telnet permit 10
match ip address 100
set ip next-hop 192.168.4.29
and it worked as I wanted.
And I played around with the set ip default next-hop and it behaves as I understood it (see what I wrote on my previous spot).
Cheers,
Pavlos
11-29-2008 08:58 PM
hi Pavlos
the info u have put very nice
however let me describe somthing
Route maps can be referenced by any redistribute command. The route map may actually let all
the routes through, setting different route attributes (for example, metrics) for different routes. Or,
it may match some routes with a deny clause, which prevents the route from being redistributed !!!
11-30-2008 02:34 AM
Hi marwanshawi,
I see what you mean.
Thanks a lot,
Pavlos
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide