cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1662
Views
0
Helpful
17
Replies

Sourced based routing to selectivly route traffic accross different link

Jason Flory
Level 1
Level 1

Hello Everyone

We are getting a new point to point service from an ISP and our idea was to route our replication traffic across the new point to point service.   We do not want to route all traffic from these hosts across the point to point but only replication traffic.   For instance we want a few of the hosts to use new point to point for replication traffic which is on port 8080 but allow the hosts to still use the existing MPLS for all other traffic.  Can the PBR ACLs identity only port 8080 traffic to route across different link?

2 Accepted Solutions

Accepted Solutions

You don't use the local IP for the next hop.

So using your example on site 1 you apply the PBR configuration to the relevant SVI(s)  (not the SVI for vlan 100) and then the next hop IP is 10.10.10.2 at site 2.

This is fine because your site 1 switch knows how to get to 10.10.10.2 because it has an SVI in that subnet.

So basically at each site the next hop IP is the other sites SVI IP for vlan 100.

Does this make sense ?

Jon

View solution in original post

Sorry, didn't meant to confuse you.

You can assign an interface on a L3 switch an IP, you just have to make it a L3 port.

You need a new IP subnet just for the L3 link, so as an example -

site 1

int <x/y>
no switchport <-- this makes it L3
ip address 10.10.10.1 255.255.255.252

site 2

int <x/y>
no switchport
ip address 10.10.10.2 255.255.255.252

then you use the next hops for PBR as already covered.

Any queries etc. feel free to ask.

Jon

View solution in original post

17 Replies 17

Jon Marshall
Hall of Fame
Hall of Fame

Yes they can.

Jon

Thanks Jon

Let describe exactly what I want to do.  In site one we have a 3850 IP services stack and in Site 2 we have another 3850 stack with IP services.  Both sites already MPLS and we are adding a new point to point service from Cogent that is a layer 2 service.  My idea is to connect both sides with using a new VLAN say vlan 100 on both site one and site 2.  Will PBR be able to route traffic to that VLAN?   All I can see is it allows you to set next hop by IP.  

So if you create vlan 100 on both switches then each switch would need an SVI for that vlan with an IP address.

That IP would be your next hop IP address in your PBR configuration.

Unless I am misunderstanding your question ?

Jon

Thanks again

So PBR will allow me to route to an IP that is on an SVI on the same switch stack?   Say I configure a vlan 100 with 10.10.10.1 on site one and configure the same vlan on site 2 10.10.10.2.

Then setup an ACL that identifies traffic coming from a particular host on port 8080 and use PBR in site 1 to route all traffic to 10.10.10.1 and same thing on site 2 routing same traffic to 10.10.10.2.   Would that work?

You don't use the local IP for the next hop.

So using your example on site 1 you apply the PBR configuration to the relevant SVI(s)  (not the SVI for vlan 100) and then the next hop IP is 10.10.10.2 at site 2.

This is fine because your site 1 switch knows how to get to 10.10.10.2 because it has an SVI in that subnet.

So basically at each site the next hop IP is the other sites SVI IP for vlan 100.

Does this make sense ?

Jon

I think it makes sense

So create VLAN 100 on site 1 and give is an IP of 10.10.10.1 and create vlan 100 on site 2 and give it IP of 10.10.10.2 and then identify traffic and in site 1 I would route identified traffic to 10.10.10.2 which would be an SVI on other switch in site 2?

I guess I am going to have to play around with this.   We had another idea of just adding a nic to all the servers that have need to replicate traffic and adding the nic to vlan 100.  Then configure application to use that nic for replication.  A lot more invasive then above.    

Yes you have the right idea.

However unless you need the servers to be in the same vlan at both sites, and it sounds like you don't,  I would use L3 routed ports instead of vlans because each switch at the moment has it's own vlan database and they are not connected other than via an MPLS WAN.

If you connect them using a vlan you now have STP, VTP running across that link.

So make the ports routed ports instead and assign the IPs to the routed ports and then you don't have to worry about any of those issues.

The PBR etc. will still work fine.

Jon

Now I am confused again.

How can between the 2 switches?   Typically I would setup a router that had an inside interface and outside interface.  Give it a backbone subnet that route traffic to the IP assigned to the outside interface of the router.  With L3 switches there is no way to assign an interface an IP.  When I say no way I mean I do not know how to do this...

In our scenario we have site 1 and site 2 both have their own /16 subnet that is broken down into /24s which are currently connected via our MPLS.   Lets just say site 1 is 10.1.0.0 and site 2 is 10.2.0.0 each one has about 16 /24 vlans.    Then we will be introducing the point to point layer 2.   Can you walk me through this because I would much rather route then do a shared vlan.

Sorry, didn't meant to confuse you.

You can assign an interface on a L3 switch an IP, you just have to make it a L3 port.

You need a new IP subnet just for the L3 link, so as an example -

site 1

int <x/y>
no switchport <-- this makes it L3
ip address 10.10.10.1 255.255.255.252

site 2

int <x/y>
no switchport
ip address 10.10.10.2 255.255.255.252

then you use the next hops for PBR as already covered.

Any queries etc. feel free to ask.

Jon

Wow did not know you could do this.  This makes much more sense.

Yes were planning to remove that subnet from our OSPF route statements.  

Really appreciate your help. 

Jon

We got this going and pretty much worked right off the bat.  Thanks for the help.   

I now i want to add a secondary route to the policy based routes.  Each server has 2 paths it can take.  First path is the one PBR points which the servers are already using for traffic not defined by ACLs.  If the route PBR is using fails i would like it to fail back to the MPLS network which is where all the other traffic goes.

I tested to see if just by shutting down that path it fail back to the MPLS on its own but looks like i would need to set this up.  

Ideas?  

BTW 

Posted new discussion thread for this question

https://supportforums.cisco.com/discussion/12917791/how-add-secondary-route-policy-based-route

And there have been responses in that discussion. Thanks for starting a new discussion for this new question.

HTH

Rick

HTH

Rick

One last point on this.

If you are using a dynamic routing protocol on your switches do not add the new IP subnet to the routing protocol configuration.

If you do then routes will be exchanged via the new link and all traffic between sites will be going over the link.

So if you are using a routing protocol you need to make sure the new IP subnet you use does not fall within any network statements under the routing protocol configuration.

If you are unsure of what I am explaining then please come back before implementing.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco