01-11-2016 01:34 PM - edited 03-08-2019 03:22 AM
Hello Everyone
We are getting a new point to point service from an ISP and our idea was to route our replication traffic across the new point to point service. We do not want to route all traffic from these hosts across the point to point but only replication traffic. For instance we want a few of the hosts to use new point to point for replication traffic which is on port 8080 but allow the hosts to still use the existing MPLS for all other traffic. Can the PBR ACLs identity only port 8080 traffic to route across different link?
Solved! Go to Solution.
01-11-2016 03:45 PM
You don't use the local IP for the next hop.
So using your example on site 1 you apply the PBR configuration to the relevant SVI(s) (not the SVI for vlan 100) and then the next hop IP is 10.10.10.2 at site 2.
This is fine because your site 1 switch knows how to get to 10.10.10.2 because it has an SVI in that subnet.
So basically at each site the next hop IP is the other sites SVI IP for vlan 100.
Does this make sense ?
Jon
01-12-2016 09:01 AM
Sorry, didn't meant to confuse you.
You can assign an interface on a L3 switch an IP, you just have to make it a L3 port.
You need a new IP subnet just for the L3 link, so as an example -
site 1
int <x/y>
no switchport <-- this makes it L3
ip address 10.10.10.1 255.255.255.252
site 2
int <x/y>
no switchport
ip address 10.10.10.2 255.255.255.252
then you use the next hops for PBR as already covered.
Any queries etc. feel free to ask.
Jon
01-11-2016 01:39 PM
Yes they can.
Jon
01-11-2016 01:49 PM
Thanks Jon
Let describe exactly what I want to do. In site one we have a 3850 IP services stack and in Site 2 we have another 3850 stack with IP services. Both sites already MPLS and we are adding a new point to point service from Cogent that is a layer 2 service. My idea is to connect both sides with using a new VLAN say vlan 100 on both site one and site 2. Will PBR be able to route traffic to that VLAN? All I can see is it allows you to set next hop by IP.
01-11-2016 01:52 PM
So if you create vlan 100 on both switches then each switch would need an SVI for that vlan with an IP address.
That IP would be your next hop IP address in your PBR configuration.
Unless I am misunderstanding your question ?
Jon
01-11-2016 03:05 PM
Thanks again
So PBR will allow me to route to an IP that is on an SVI on the same switch stack? Say I configure a vlan 100 with 10.10.10.1 on site one and configure the same vlan on site 2 10.10.10.2.
Then setup an ACL that identifies traffic coming from a particular host on port 8080 and use PBR in site 1 to route all traffic to 10.10.10.1 and same thing on site 2 routing same traffic to 10.10.10.2. Would that work?
01-11-2016 03:45 PM
You don't use the local IP for the next hop.
So using your example on site 1 you apply the PBR configuration to the relevant SVI(s) (not the SVI for vlan 100) and then the next hop IP is 10.10.10.2 at site 2.
This is fine because your site 1 switch knows how to get to 10.10.10.2 because it has an SVI in that subnet.
So basically at each site the next hop IP is the other sites SVI IP for vlan 100.
Does this make sense ?
Jon
01-11-2016 04:34 PM
I think it makes sense
So create VLAN 100 on site 1 and give is an IP of 10.10.10.1 and create vlan 100 on site 2 and give it IP of 10.10.10.2 and then identify traffic and in site 1 I would route identified traffic to 10.10.10.2 which would be an SVI on other switch in site 2?
I guess I am going to have to play around with this. We had another idea of just adding a nic to all the servers that have need to replicate traffic and adding the nic to vlan 100. Then configure application to use that nic for replication. A lot more invasive then above.
01-11-2016 04:56 PM
Yes you have the right idea.
However unless you need the servers to be in the same vlan at both sites, and it sounds like you don't, I would use L3 routed ports instead of vlans because each switch at the moment has it's own vlan database and they are not connected other than via an MPLS WAN.
If you connect them using a vlan you now have STP, VTP running across that link.
So make the ports routed ports instead and assign the IPs to the routed ports and then you don't have to worry about any of those issues.
The PBR etc. will still work fine.
Jon
01-12-2016 08:42 AM
Now I am confused again.
How can between the 2 switches? Typically I would setup a router that had an inside interface and outside interface. Give it a backbone subnet that route traffic to the IP assigned to the outside interface of the router. With L3 switches there is no way to assign an interface an IP. When I say no way I mean I do not know how to do this...
In our scenario we have site 1 and site 2 both have their own /16 subnet that is broken down into /24s which are currently connected via our MPLS. Lets just say site 1 is 10.1.0.0 and site 2 is 10.2.0.0 each one has about 16 /24 vlans. Then we will be introducing the point to point layer 2. Can you walk me through this because I would much rather route then do a shared vlan.
01-12-2016 09:01 AM
Sorry, didn't meant to confuse you.
You can assign an interface on a L3 switch an IP, you just have to make it a L3 port.
You need a new IP subnet just for the L3 link, so as an example -
site 1
int <x/y>
no switchport <-- this makes it L3
ip address 10.10.10.1 255.255.255.252
site 2
int <x/y>
no switchport
ip address 10.10.10.2 255.255.255.252
then you use the next hops for PBR as already covered.
Any queries etc. feel free to ask.
Jon
01-12-2016 09:31 AM
Wow did not know you could do this. This makes much more sense.
Yes were planning to remove that subnet from our OSPF route statements.
Really appreciate your help.
02-17-2016 07:45 PM
Jon
We got this going and pretty much worked right off the bat. Thanks for the help.
I now i want to add a secondary route to the policy based routes. Each server has 2 paths it can take. First path is the one PBR points which the servers are already using for traffic not defined by ACLs. If the route PBR is using fails i would like it to fail back to the MPLS network which is where all the other traffic goes.
I tested to see if just by shutting down that path it fail back to the MPLS on its own but looks like i would need to set this up.
Ideas?
02-17-2016 08:08 PM
BTW
Posted new discussion thread for this question
https://supportforums.cisco.com/discussion/12917791/how-add-secondary-route-policy-based-route
02-18-2016 07:14 AM
And there have been responses in that discussion. Thanks for starting a new discussion for this new question.
HTH
Rick
01-12-2016 09:16 AM
One last point on this.
If you are using a dynamic routing protocol on your switches do not add the new IP subnet to the routing protocol configuration.
If you do then routes will be exchanged via the new link and all traffic between sites will be going over the link.
So if you are using a routing protocol you need to make sure the new IP subnet you use does not fall within any network statements under the routing protocol configuration.
If you are unsure of what I am explaining then please come back before implementing.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide