Forcing traffic to pass through a route-map

ryel.dsouza · ‎10-19-2008

I would like to know if it is possible to force traffic through a route-map in OSPF & EIGRP within the particular area/AS so i can manupilate their cost/metric if needed ???

Giuseppe Larosa · ‎10-19-2008

Hello Ryel,

costs and metrics are attributes of IP routes and not of user traffic.

There are some ways to influence a routing protocol decision by manipulating the cost/metric of outgoing interface.

But this cannot happen selectively using a route-map.

ospf

int type x/y

ip ospf cost OR bandwidth xxxx

EIGRP: the most secure way is to increase delay on path that is to become a backup path

take sh int type x/y read the delay value and then increase it

int type x/y

delay yyyy

If you want to influence the path for only some type of traffic:

a) route-maps in redistribution points can be used : when redistributing between two routing protocols you can use differentiated seed metric and change metric type with route-maps but this requires the usage of two routing protocols with two border routers.

b)

You can forward traffic in a selective way overriding unicast routing decisions using PBR (policy based routing)

the command is applied inbound on the interface that receives the traffic to be diverted

the route-map will use an extended ACL to define traffic to be diverted and a set action that will provide an outgoing interface or an ip next-hop (one or more used in a ordered manner)

example

access-list 121 permit tcp 10.10.10.0 0.0.0.255 any eq 80

route-map pbr_web permit 10

match ip adddress 121

set ip next-hop 10.10.20.2

int fa0/0

ip policy route-map pbr_web

notes:

if multiple rx ifs are possible the command has to be applied to all of them

traffic generated on router is not affected

if the specified next-hop/outgoing interface is not available traffic is routed normally

all traffic not matched by PBR route-map is normally routed (no discarding effects)

The effect is local to the node:

if you have to build a multi-hop alternate path you need to configure PBR on all nodes on the path

Hope to help

Giuseppe

ryel.dsouza · ‎10-19-2008

Hello Giuseppe,

Thanks for replying i tried using "ip policy route-map" but was unable to get what i needed. I am sending the sh run of the 4 routers that i am currrently using kindly have a look at it and give me your input. What i want is that on R4 the loopback on R5 6.6.6.6 should be reached via 24.0.0.1 currently the primary path is through 45.0.0.2. I know this can be acheived by "ip ospf cost" but wanted to know if it can be done by route-maps. Using a route-map with a distribute list i am able to deny (i am unable to chage the metric) 6.6.6.6 via 45.0.0.2 but the path through 24.0.0.1 does not come up.

R4 s1/2 - R5 s1/2

R4 s1/1 - R2 s1/2

R2 s1/3 - R3 s1/3

R3 s1/1 - R5 s1/1

Anyway have a look at the sh run .

ryel.dsouza · ‎10-19-2008

R4(config-if)#do sh run

Building configuration...

Current configuration : 1059 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R4

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 5

!

ip cef

!

ip multicast-routing

!

interface Loopback0

ip address 5.5.5.5 255.255.255.0

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

ip address 24.0.0.2 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/2

ip address 45.0.0.1 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

router ospf 1

log-adjacency-changes

network 5.5.5.5 0.0.0.0 area 1

network 24.0.0.2 0.0.0.0 area 1

network 45.0.0.1 0.0.0.0 area 1

!

ip http server

!

control-plane

!

line con 0

line aux 0

line vty 0 4

login

!

end

R2#sh run

Building configuration...

Current configuration : 1236 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 5

!

ip cef

!

ip multicast-routing

!

interface Loopback0

ip address 1.1.1.1 255.255.255.0

!

interface Loopback1

ip address 3.3.3.3 255.255.255.0

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

ip address 12.0.0.2 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/2

ip address 24.0.0.1 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/3

ip address 23.0.0.1 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

router ospf 1

log-adjacency-changes

network 1.1.1.1 0.0.0.0 area 1

network 3.3.3.3 0.0.0.0 area 1

network 12.0.0.2 0.0.0.0 area 1

network 23.0.0.1 0.0.0.0 area 1

network 24.0.0.1 0.0.0.0 area 1

!

ip http server

!

control-plane

!

line con 0

line aux 0

line vty 0 4

login

!

end

ryel.dsouza · ‎10-19-2008

R3#sh run

Building configuration...

Current configuration : 1306 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R3

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 5

!

ip cef

!

ip multicast-routing

!

interface Loopback0

ip address 2.2.2.2 255.255.255.0

ip pim sparse-dense-mode

!

interface Loopback1

ip address 4.4.4.4 255.255.255.0

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

ip address 35.0.0.1 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

ip address 23.0.0.2 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

router ospf 1

log-adjacency-changes

network 2.2.2.2 0.0.0.0 area 1

network 4.4.4.4 0.0.0.0 area 1

network 23.0.0.2 0.0.0.0 area 1

network 35.0.0.1 0.0.0.0 area 1

!

ip http server

!

ip pim send-rp-announce Loopback0 scope 10 group-list 10

ip pim send-rp-discovery Loopback0 scope 10

!

access-list 10 permit 226.0.0.1

!

control-plane

!

line con 0

line aux 0

line vty 0 4

login

!

end

R5#sh run

Building configuration...

Current configuration : 1175 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R5

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 5

!

ip cef

!

ip multicast-routing

!

interface Loopback0

ip address 6.6.6.6 255.255.255.0

ip igmp join-group 226.0.0.1

!

interface Loopback1

ip address 7.7.7.7 255.255.255.0

ip igmp join-group 227.0.0.1

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

ip address 35.0.0.2 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/2

ip address 45.0.0.2 255.255.255.252

ip pim sparse-dense-mode

serial restart-delay 0

clock rate 64000

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

router ospf 1

log-adjacency-changes

network 6.6.6.6 0.0.0.0 area 1

network 35.0.0.2 0.0.0.0 area 1

network 45.0.0.2 0.0.0.0 area 1

!

ip http server

!

control-plane

!

line con 0

line aux 0

line vty 0 4

login

!

end

ryel.dsouza · ‎10-19-2008

Also kindly let me know how u would use "ip policy route-map" in this case to influence 6.6.6.6 path through 24.0.0.1 on R4 just to check to see if i made a mistake.

Thanks,

Ryel

Giuseppe Larosa · ‎10-19-2008

Hello Ryel,

your topology with default settings is a symmetric square.

two notes are important here :

a)

packets locally generated by the router can be redirected only by applying the route-map in global config mode:

ip local policy route-map

there's no external input interface for locally generated traffic so this command is needed.

b)

The effect is local to the node:

if you have to build a multi-hop alternate path you need to configure PBR on all nodes on the path

even if R4 uses the command described above the result could be different then expected:

from the point of view of R2 net 6.6.6.6/32 is reachable via two equal cost paths:

one via R3 and one via R4 itself !

so you need :

on R4 the route-map applied with ip local policy that will send the packets out R4:s1/1 (set interface s1/1)

on R2 a route-map defined in the same way applied on s1/2 with action set interface s1/3 to R3.

Once packets are sent to R3 it will forward them to R5 on their direct link.

Hope to help

Giuseppe