Help with some commands on Policy Based Routing

g-serghiou · ‎01-14-2009

Hi all,

I have a slight problem that i know i can sort out using Policy based routing. I just want to do something very simple.

If a packet comes from a specific subnet to destination A, then FORWARD it out a specific interface.

please note that i want to do this to bypass one route to destination A which is already configured on the and instead of routing it through one interface, to force it out another interface which is connected to another router which in turns takes care of routing to that destination A

Please explain when i use the following commands, having in mind the followin scenario:

1. The routing to destination A is STATIC ROUTE

2. The route to A is learned through OSPF

having in mind 1 and 2 what would the command MATCH ROUTE TYPE (internal, external, local) be...should i use it at all ???

Also in know i can use SET NEXT HOP, SET INTERFACE , SET DEFAULT INTERFACE and SET DEFAULT NEXT HOP !!!! What should i use , taking in consideration the 1 and 2 !!!

This is simple yest frustrating cause i have no access to the router itself and i talk over the phoen to someone else doing it, and then checnking on the phoen again with users with Tracert to see whether it worked or not !!!

So far we managed to make sure that the acess-list used to match the packets fomr the source is indeed working (has hits) but still the router forwards the packets out of the interface for which the routing table already exists and not the interface stated in the route map !!!

HELPPPPPPPPPPPPPP ;)

Thanks,

George

Jon Marshall · ‎01-14-2009

George

Not sure what you mean by

1. The routing to destination A is STATIC ROUTE

2. The route to A is learned through OSPF

A config example may help.

source network 192.168.5.0 255.255.255.0

remote network 172.16.5.0 255.255.255.0

In the routing table

ip route 172.16.5.0 255.255.255.0 192.168.10.1

where 192.168.10.1 is a next-hop router.

You however want all packets from 192.168.5.x going to 172.16.5.x to go to a different next-hop - 192.168.20.1.

access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.5.0 0.0.0.255

route-map PROUTE permit 10

match ip address 101

set ip next-hop 192.168.20.1

then on the interface for the 192.168.5.x network

int fa0/1

ip policy route-map PROUTE

Jon

g-serghiou · ‎01-14-2009

Hi Jon,

Thanks for the reply.

What i meant in 1 and 2 is if the configuration of policy based routing would be different in the case of 1. STATIC routing and 2. OSPF ???

this is what i meant !!! in my example we used SET IP INTERFACE instead of NEXT HOP ! how would theh router interpet these 2 commands !!!

basically i think i want someone to explain what excactly is the difference between these

SET IP INTERFACE

SET IP DEFAULT INTERFACE

SET IP NEXT HOP

SET IP DEFAULT NEXT HOP

and where (in what case should i use each one)

also the command MATCH ROYTE-TYPE [internal, external, local) what is it meant for !!!

I will try out your example using NEXT HOP instead of INTERFACE to see if it makes a difference, but i guess i would like to understan deeper the workings of the various commands than just getting it to work !!!

Thanks and any other help will be valuable !!

George

Jon Marshall · ‎01-15-2009

George

"What i meant in 1 and 2 is if the configuration of policy based routing would be different in the case of 1. STATIC routing and 2. OSPF ??? "

Fundamentally no because PBR is used when you want to override what is in the routing table whether that be static routes or routes learnt from an IGP like OSPF or EIGRP.

set interface = specify the outgoing interface to use (NOTE there is no "ip" in this command ie. it is "set interface" not "set ip interface"

set default interface = same as "set interface" except the routing table is consulted first. So if there is an explicit route to the destination in the routing table that will be used, if not then the interface you specify will be used.

set ip next-hop = specifies the ip address of the next-hop device. Note that this next-hop is normally L2 adjacent. If it is more than one hop away you would need support for PBR recursive next hop.

set ip default next-hop = same as "set ip next-hop" except the routing table is consulted for an explicit route match. If there isn't one then it will use the next-hop you specified.

"also the command MATCH ROYTE-TYPE [internal, external, local) what is it meant for !!! "

it is meant ot match certain types of routes eg. OSPF has internal and external routes so you could use this to match particular OSPF routes.

Attached is a link to configuring PBR with a lot more details -

http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_ip_prot_indep_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1056703

Jon

g-serghiou · ‎01-15-2009

Hi Jon,

Thank you for your help

My problem is that the traceroute from a PC would take the path stated in the routing tables.

i will have to check it again soon (i need to wait for someone else to work on that router cause its not under my authority !

Im, sure with what you told me it will be sorted. if not i will be back to ask and give you configs 9if the other party gives them to me)

thanks again

George

Jon Marshall · ‎01-15-2009

George

No problem, let me know how it goes and feel free to come back with config if you need to.

Jon