Policy based routing

Unanswered Question
Nov 18th, 2008
User Badges:
  • Cisco Employee,

Hi,


Is it possible to do PBR based on route tags or other attributes related to prefix?


My understanding is that we can do PBR only with attributes related to packet like IP precedence, packet length etc as for doing PBR device will check packet fields and not fields associated with a route.


Regards

Sourabh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
royalblues Tue, 11/18/2008 - 05:17
User Badges:
  • Green, 3000 points or more

PBR can be done by using route tags

route-map tag permit 10

match tag 10

set ip next-hop


But i cannot think of a scenario where you would be required to do this


PBR is applied at the input interface and if you are receiving the tags for some routes on the same interface, then traffic for these destinations would be directed away from that interface.


However you can test this via a simple topology

R1 -- R2 --- R3

R1 send a route 1.1.1.1 with tag 10 to R2 which is also sent to R3

You can have a PBR at the R2 interface connecting to R3 to match the tag and send to some other router


R1

interface Loopback1

ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0

ip address 10.10.10.1 255.255.255.0

ip ospf network point-to-point


router ospf 1

log-adjacency-changes

redistribute connected subnets tag 10

network 10.10.10.0 0.0.0.255 area 0


R2

interface Loopback1

ip address 2.2.2.2 255.255.255.255

!

interface FastEthernet0/0

ip address 10.10.10.2 255.255.255.0


interface FastEthernet0/1

ip address 20.20.20.1 255.255.255.0

ip policy route-map tag

ip ospf network point-to-point


router ospf 1

log-adjacency-changes

redistribute static subnets

network 10.10.10.0 0.0.0.255 area 0

network 20.20.20.0 0.0.0.255 area 0


route-map tag permit 10

match tag 10

set ip next-hop 4.4.4.4


R3


interface Loopback1

ip address 3.3.3.3 255.255.255.255


ip route 0.0.0.0 0.0.0.0 20.20.20.1


Debug policy at R2 when a ping is done from R1 to 3.3.3.3



licy match

*Mar 1 00:15:33.943: IP: route map tag, item 10, permit

*Mar 1 00:15:33.943: IP: s=10.10.10.1 (FastEthernet0/0), d=3.3.3.3 (Loopback10)

, len 100, policy routed

*Mar 1 00:15:33.947: IP: FastEthernet0/0 to Loopback10 4.4.4.4

*Mar 1 00:15:35.863: IP: s=10.10.10.1 (FastEthernet0/0), d=3.3.3.3, len 100, FI

B policy match

*Mar 1 00:15:35.863: IP: s=10.10.10.1 (FastEthernet0/0), d=3.3.3.3, len 100, po

licy match

*Mar 1 00:15:35.867: IP: route map tag, item 10, permit

*Mar 1 00:15:35.867: IP: s=10.10.10.1 (FastEthernet0/0), d=3.3.3.3 (Loopback10)

, len 100, policy routed


HTH

Narayan

Giuseppe Larosa Tue, 11/18/2008 - 05:41
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Narayan,

informative and complete post including tests.



Best Regards

Giuseppe





Actions

This Discussion