Policy Based routing

vokaycisco · ‎09-16-2008

I am trying to implement PBR on my network. Basically we have 2 LANs and 2ISPs. Business requirments that traffic from LAN1 would go to ISP1 and trafic from LAN2 go to ISP2. I implemented two route maps that match traffic from either LAN and set IP addresses of approprate ISP as next hop router. I also have two default routes to each ISP. The problem is that LAN1 has Internet access and LAN2 does not. Traceroute shows that traffic stops at the router, when I do show route-map the counter that shows matching packets and bytes increment for both route-maps.

Example:

access-list 101 ip deny LAN1 LAN2

access-list 101 ip permit LAN1 any

access-list 102 ip deny LAN2 LAN1

access-list 102 ip permit LAN2 any

route-map LAN1_internet permit 10

match ip address 101

set ip next-hop ISP1

route-map LAN2_internet permit 10

match ip address 102

set ip next-hop ISP2

ip route 0.0.0.0 0.0.0.0 ISP1

ip route 0.0.0.0 0.0.0.0 ISP2

What am I missing to get work? Do I need the static routes, or I better get rid of them?

satish_zanjurne · ‎09-16-2008

Hi,

1.Is it contradicting that

"business requirement that trafic from LAN2 go to ISP2"

and

"The problem is that LAN1 has Internet access and LAN2 does not."

2.Don't use default route here, you need to use BGP, otherwise , how will you apply the route maps.

3.Also , you don't have to deny traffic from LAN 1 to LAN 2 ,

Assuming you have 2 routers , dual homed to different service provider

------------------------------------------

access-list 10 permit LAN1

route-map LAN1-OUTGOING permit 10

match ip address 10

set ip next-hop ISP1

------------------------------------------

access-list 20 permit LAN2

route-map LAN2-UTGOING permit 10

match ip address 10

set ip next-hop ISP2

------------------------------------------

apply route map in

neigbor ISP1 route-map LAN1-OUTGOING

neigbor ISP2 route-map LAN2-OUTGOING

--------------------------------------------

3.Also apply incoming policy

4.run IBGP between your internal routers..

HTH...rate if helpful...

vokaycisco · ‎09-17-2008

There is one router. LAN2 cannot get on the Internet using either ISP; also ISP2 is what I need. I did same thing as you descibed. I guess I have to remove default routes. Any other thoughts? Also if this may help. I can ping from LAN2 to ISP2.

Richard Burts · ‎09-17-2008

Yakob

I wonder if the problem is not something different from a problem with PBR. Is it possible that the traffic going from lAN2 to ISP2 is not being translated when it should be (or is not being translated correctly)?

Perhaps a more comprehensive posting of the config (especially both input interfaces and both output interfaces, and any translations) would help us to identify the problem.

HTH

Rick

HTH

Rick

vokaycisco · ‎09-19-2008

Thanks everybody for your help. I got it working. Removed default routes and ensured that NAT is place.

Richard Burts · ‎09-20-2008

Yakob

I am glad that my suggestion that is was perhaps not a problem with PBR pointed you in the right direction for solving your problem. Thank you for posting back to the thread and indicating that you had solved the problem and how you solved it. It makes the forum more useful when people can read a problem and can know what solution resolved the problem.

HTH

Rick

HTH

Rick