PBR route maps

Unanswered Question
May 7th, 2008
User Badges:

Hi, we've just recently changed the way that we route traffic outbound to our organization's firewalls because of increasing load and cpu utilization on our primary firewall handling web traffic. The change was from 100% static routes to the use of route-maps.


My question is this...we currently have several maps that direct traffic to certain next hop ips based on ips/ip blocks and type of traffic, but the last map we have in place is a type of catch-all gateway of last resort type map. I need to know if this is really needed as we also still have a static that points 0/0 traffic to a destination?


Another question: Does the router look at and use route maps before any statics in place?


If I'm unclear in any way please let me know so that I can restate my questions.


Thanks in advance.


/rls

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Wed, 05/07/2008 - 22:37
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

If there is no match in the PBR route-map then the packet will be routed via the normal process ie. the routing table. So no you don't really need a catch all.


The route-map will be consulted before any routes in the routing table whether they are statics or learnt via a dynamic routing protocol.


Jon

rsamuel708 Thu, 05/08/2008 - 07:15
User Badges:

Thanks Jon. So as long as the default route is in place the route map can go away with no ill effect. The static is as follows:


ip route 0.0.0.0 0.0.0.0 172.31.233.100


and the route-map is as follows:


route-map inet_policy permit 700

description Gateway of last resort

match ip address 108

set ip next-hop 172.31.233.100


ACL108 is simply a 'permit ip any any' statement to catch all.


Also, do you or anyone else have any experience or knowledge with web caches and the wccp command? I have a couple of follow-up questions if so.


Thanks again.


/rls


thiru.vel10 Thu, 05/08/2008 - 10:01
User Badges:

Hi you please create ip access-list group and call the that Access-list in PBR. So that it can be easy to route the traffic through the backup firewall.

lamav Thu, 05/08/2008 - 10:43
User Badges:
  • Blue, 1500 points or more

Samuel:


The route map is going to forward all traffic to the next hop specified, whether there is a specific route in the routing table for the destination or not. Is that what you want?


A Cisco router will perform PBR before destination-based routing. You must understand this. So, if you're expectation is that all traffic will be destined for the Internet, then, yes, you can remove the PBR and allow the default route to take over.


HTH


Victor

Actions

This Discussion