cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
366
Views
5
Helpful
5
Replies

PBR route maps

rsamuel708
Level 1
Level 1

Hi, we've just recently changed the way that we route traffic outbound to our organization's firewalls because of increasing load and cpu utilization on our primary firewall handling web traffic. The change was from 100% static routes to the use of route-maps.

My question is this...we currently have several maps that direct traffic to certain next hop ips based on ips/ip blocks and type of traffic, but the last map we have in place is a type of catch-all gateway of last resort type map. I need to know if this is really needed as we also still have a static that points 0/0 traffic to a destination?

Another question: Does the router look at and use route maps before any statics in place?

If I'm unclear in any way please let me know so that I can restate my questions.

Thanks in advance.

/rls

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

If there is no match in the PBR route-map then the packet will be routed via the normal process ie. the routing table. So no you don't really need a catch all.

The route-map will be consulted before any routes in the routing table whether they are statics or learnt via a dynamic routing protocol.

Jon

Thanks Jon. So as long as the default route is in place the route map can go away with no ill effect. The static is as follows:

ip route 0.0.0.0 0.0.0.0 172.31.233.100

and the route-map is as follows:

route-map inet_policy permit 700

description Gateway of last resort

match ip address 108

set ip next-hop 172.31.233.100

ACL108 is simply a 'permit ip any any' statement to catch all.

Also, do you or anyone else have any experience or knowledge with web caches and the wccp command? I have a couple of follow-up questions if so.

Thanks again.

/rls

Hi you please create ip access-list group and call the that Access-list in PBR. So that it can be easy to route the traffic through the backup firewall.

Samuel:

The route map is going to forward all traffic to the next hop specified, whether there is a specific route in the routing table for the destination or not. Is that what you want?

A Cisco router will perform PBR before destination-based routing. You must understand this. So, if you're expectation is that all traffic will be destined for the Internet, then, yes, you can remove the PBR and allow the default route to take over.

HTH

Victor

Jon, Victor:

Thank you.

/rls

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco