Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
567
Views
0
Helpful
5
Replies

Policy Based Routing

unixsurfer
Level 1
Level 1

‎11-28-2008 07:39 AM - edited ‎03-06-2019 02:43 AM

Hello there,

I have a question about implementing Policy Based Routing on a 7301 router which is being used as a LB (ip slb).

Currently, traffic is being sent to the farms and there are several static routes which make sure the traffic is routed correctly.

Now, I want traffic with specific destination ports to be routed to a specific next hop(router) and not to be sent to the farms.

So, I thought to create a access list for each destination port and then use route-map to send to the next hop.

But, there few things that aren't clear to me.

How can I make sure that the traffic which doesn't match the access list will be routed as being routed right now?

How will the packet travel through the stuck?

First it goes to slb stuck and then the access list is applied or the other way around?

Since the access list is applied on the inbound interface, I think first the access list is applied.

I hope I am clear,

Pavlos

Labels:
0 Helpful
5 Replies 5

Marwan ALshawi
VIP Alumni
VIP Alumni

‎11-28-2008 07:11 PM

hi

lets take this simple example

in this example we will route all traffic coming from 192.168.0.0/24 to any destination useing http we will send it to next hop 10.1.1.1

access-list 100 permit tcp 192.168.0.0 0.0.0.255 any eq 80

route-map map1 permit 10

match ip address 100

set next hope 10.1.1.1

route-map map1 permit 20

now apply it in the inbound interface

the line :

route-map map1 permit 20

will help you to make sure that any other traffic will be routed as normal

good luck

hope this helps

0 Helpful

unixsurfer
Level 1
Level 1
In response to Marwan ALshawi

‎11-29-2008 03:44 PM

Hi,

In this http://www.cisco.com/warp/public/732/Tech/plicy_wp.htm the following is mentioned

The route map statements can also be marked as permit or deny. If the statement is marked as a deny, the packets meeting the match criteria are sent back through the normal forwarding channels (in other words, destination-based routing is performed). Only if the statement is marked as permit and the packets meet the match criteria are all the set clauses applied. If the statement is marked as permit and the packets do not meet the match criteria, then those packets are also forwarded through the normal routing channel.

So, I think I don't need the last permit. But I am not sure. I think I have to play around in order to see how it works.

Furthermore, I am a bit confused about the difference between set ip next-hop and set ip default next-hop.

In this page http://www.cisco.com/en/US/partner/docs/ios/iproute/configuration/guide/irp_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056703

the following is mentioned.

The set ip next-hop and set ip default next-hop commands are similar but have a different order of operation. Configuring the set ip next-hop command causes the system to use policy routing first and then use the routing table. Configuring the set ip default next-hop causes the system to use the routing table first and then policy-route the specified next hop.

I can't understand how a packet will be routed when I have set ip next-hop A and there is route for the destination network of the packet which routes the packets to B.

According to the above the policy routing is used first so the packet will be routed to A.

But, if I have set ip default next-hop A and there is a route for the destination network of the packet which routes the packets to B, the packet will be routed to B because the routing table is used first.

Did I get it right?

Thank you very much for your reply, I am very much appreciated

Pavlos

0 Helpful

unixsurfer
Level 1
Level 1
In response to unixsurfer

‎11-29-2008 06:10 PM

Hi,

I setup 4 routes with 8 networks and used rip2 for routing. I configured my PBR

like this

interface Serial0/0

bandwidth 128

ip address 192.168.1.14 255.255.255.252

ip policy route-map telnet

no fair-queue

!

interface FastEthernet0/1

ip address 192.168.4.30 255.255.255.240

duplex auto

speed auto

!

interface Serial0/1

bandwidth 128

ip address 192.168.1.17 255.255.255.252

clockrate 128000

!

router rip

version 2

network 192.168.1.0

network 192.168.4.0

!

access-list 100 permit tcp any any eq telnet

route-map telnet permit 10

match ip address 100

set ip next-hop 192.168.4.29

and it worked as I wanted.

And I played around with the set ip default next-hop and it behaves as I understood it (see what I wrote on my previous spot).

Cheers,

Pavlos

0 Helpful

Marwan ALshawi
VIP Alumni
VIP Alumni
In response to unixsurfer

‎11-29-2008 08:58 PM

hi Pavlos

the info u have put very nice

however let me describe somthing

Route maps can be referenced by any redistribute command. The route map may actually let all

the routes through, setting different route attributes (for example, metrics) for different routes. Or,

it may match some routes with a deny clause, which prevents the route from being redistributed !!!

0 Helpful

unixsurfer
Level 1
Level 1
In response to Marwan ALshawi

‎11-30-2008 02:34 AM

Hi marwanshawi,

I see what you mean.

Thanks a lot,

Pavlos

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card