Forcing traffic to pass through a route-map

Unanswered Question
Oct 19th, 2008
User Badges:

I would like to know if it is possible to force traffic through a route-map in OSPF & EIGRP within the particular area/AS so i can manupilate their cost/metric if needed ???

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Sun, 10/19/2008 - 05:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ryel,

costs and metrics are attributes of IP routes and not of user traffic.

There are some ways to influence a routing protocol decision by manipulating the cost/metric of outgoing interface.

But this cannot happen selectively using a route-map.


ospf

int type x/y

ip ospf cost OR bandwidth xxxx


EIGRP: the most secure way is to increase delay on path that is to become a backup path


take sh int type x/y read the delay value and then increase it


int type x/y

delay yyyy


If you want to influence the path for only some type of traffic:


a) route-maps in redistribution points can be used : when redistributing between two routing protocols you can use differentiated seed metric and change metric type with route-maps but this requires the usage of two routing protocols with two border routers.


b)

You can forward traffic in a selective way overriding unicast routing decisions using PBR (policy based routing)


the command is applied inbound on the interface that receives the traffic to be diverted


the route-map will use an extended ACL to define traffic to be diverted and a set action that will provide an outgoing interface or an ip next-hop (one or more used in a ordered manner)


example

access-list 121 permit tcp 10.10.10.0 0.0.0.255 any eq 80


route-map pbr_web permit 10

match ip adddress 121

set ip next-hop 10.10.20.2


int fa0/0

ip policy route-map pbr_web


notes:

if multiple rx ifs are possible the command has to be applied to all of them

traffic generated on router is not affected


if the specified next-hop/outgoing interface is not available traffic is routed normally


all traffic not matched by PBR route-map is normally routed (no discarding effects)


The effect is local to the node:

if you have to build a multi-hop alternate path you need to configure PBR on all nodes on the path


Hope to help

Giuseppe


ryel.dsouza Sun, 10/19/2008 - 07:49
User Badges:

Hello Giuseppe,

Thanks for replying i tried using "ip policy route-map" but was unable to get what i needed. I am sending the sh run of the 4 routers that i am currrently using kindly have a look at it and give me your input. What i want is that on R4 the loopback on R5 6.6.6.6 should be reached via 24.0.0.1 currently the primary path is through 45.0.0.2. I know this can be acheived by "ip ospf cost" but wanted to know if it can be done by route-maps. Using a route-map with a distribute list i am able to deny (i am unable to chage the metric) 6.6.6.6 via 45.0.0.2 but the path through 24.0.0.1 does not come up.


R4 s1/2 - R5 s1/2

R4 s1/1 - R2 s1/2


R2 s1/3 - R3 s1/3


R3 s1/1 - R5 s1/1


Anyway have a look at the sh run .



ryel.dsouza Sun, 10/19/2008 - 07:52
User Badges:

R4(config-if)#do sh run

Building configuration...


Current configuration : 1059 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R4

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

ip multicast-routing

!


!

!

!

interface Loopback0

ip address 5.5.5.5 255.255.255.0

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

ip address 24.0.0.2 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/2

ip address 45.0.0.1 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

router ospf 1

log-adjacency-changes

network 5.5.5.5 0.0.0.0 area 1

network 24.0.0.2 0.0.0.0 area 1

network 45.0.0.1 0.0.0.0 area 1

!

ip http server


!

control-plane

!

!


!

!

line con 0

line aux 0

line vty 0 4

login

!

!

end







R2#sh run

Building configuration...


Current configuration : 1236 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

ip multicast-routing

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Loopback0

ip address 1.1.1.1 255.255.255.0

!

interface Loopback1

ip address 3.3.3.3 255.255.255.0

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

ip address 12.0.0.2 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/2

ip address 24.0.0.1 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/3

ip address 23.0.0.1 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

router ospf 1

log-adjacency-changes

network 1.1.1.1 0.0.0.0 area 1

network 3.3.3.3 0.0.0.0 area 1

network 12.0.0.2 0.0.0.0 area 1

network 23.0.0.1 0.0.0.0 area 1

network 24.0.0.1 0.0.0.0 area 1

!

ip http server

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

login

!

!

end





ryel.dsouza Sun, 10/19/2008 - 07:53
User Badges:


R3#sh run

Building configuration...


Current configuration : 1306 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R3

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

ip multicast-routing

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Loopback0

ip address 2.2.2.2 255.255.255.0

ip pim sparse-dense-mode

!

interface Loopback1

ip address 4.4.4.4 255.255.255.0

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

ip address 35.0.0.1 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

ip address 23.0.0.2 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

router ospf 1

log-adjacency-changes

network 2.2.2.2 0.0.0.0 area 1

network 4.4.4.4 0.0.0.0 area 1

network 23.0.0.2 0.0.0.0 area 1

network 35.0.0.1 0.0.0.0 area 1

!

ip http server

!

!

ip pim send-rp-announce Loopback0 scope 10 group-list 10

ip pim send-rp-discovery Loopback0 scope 10

!

access-list 10 permit 226.0.0.1

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

login

!

!

end





R5#sh run

Building configuration...


Current configuration : 1175 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R5

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

ip multicast-routing

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Loopback0

ip address 6.6.6.6 255.255.255.0

ip igmp join-group 226.0.0.1

!

interface Loopback1

ip address 7.7.7.7 255.255.255.0

ip igmp join-group 227.0.0.1

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

ip address 35.0.0.2 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/2

ip address 45.0.0.2 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

router ospf 1

log-adjacency-changes

network 6.6.6.6 0.0.0.0 area 1

network 35.0.0.2 0.0.0.0 area 1

network 45.0.0.2 0.0.0.0 area 1

!

ip http server

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

login

!

!

end


ryel.dsouza Sun, 10/19/2008 - 07:58
User Badges:

Also kindly let me know how u would use "ip policy route-map" in this case to influence 6.6.6.6 path through 24.0.0.1 on R4 just to check to see if i made a mistake.


Thanks,


Ryel

Giuseppe Larosa Sun, 10/19/2008 - 12:28
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ryel,

your topology with default settings is a symmetric square.


two notes are important here :


a)

packets locally generated by the router can be redirected only by applying the route-map in global config mode:


ip local policy route-map


there's no external input interface for locally generated traffic so this command is needed.


b)


The effect is local to the node:

if you have to build a multi-hop alternate path you need to configure PBR on all nodes on the path


even if R4 uses the command described above the result could be different then expected:


from the point of view of R2 net 6.6.6.6/32 is reachable via two equal cost paths:

one via R3 and one via R4 itself !


so you need :


on R4 the route-map applied with ip local policy that will send the packets out R4:s1/1 (set interface s1/1)

on R2 a route-map defined in the same way applied on s1/2 with action set interface s1/3 to R3.


Once packets are sent to R3 it will forward them to R5 on their direct link.


Hope to help

Giuseppe


Actions

This Discussion