Explain PBR on source address for replication! :)

Answered Question

I have an interesting dilemma that I need to segment the transport of several replication subnets. These subnets contain physical & VM servers that respond to production traffic but also need to send out replication traffic.


Have (1) replication link - Ethernet L2 optical private line circuit directly to other datacenter that I need to have reserved exclusively for the replication devices & their subnets.


Have (2) MPLS links that are laod balanced (multipath - max paths with BGP) used for all production data transport from datacenter to all 300 other sites.


I think I need to understand and enable PBR with source addressing to help guide my traffic where I want it to travel.

Static routing is not cutting it as non-destined traffic is getting blackholed when the link fails. (i.e. traffic from 10.1.90.x uses the static route when trying to get to 10.2.60.x) ---- need to fix that!


How do I enable a PBR on source and/or destination address and force the replication subnets to use the replication link and failover back to the MPLS?


MPLS link is using BGP to upstream provider.


L2 link is using static routes today, which are causing problems will "all" traffic destined for the remote subnets are using this link.


Subnets:


Source:

10.1.60.x

10.1.70.x


Destination:

10.2.60.x

10.2.70.x



Thanks!


Correct Answer by Jon Marshall about 8 years 1 month ago

Andy


PBR does sound like what you need.


Bear in mind with PBR that if the next-hop you specify is not reachable then it fail back to the routing table which will suit your needs exactly.


An example of PBR


source subnet = 192.168.5.0

destination subnet = 172.16.5.0


routing table next-hop for 172.16.5.0 is 192.168.10.1


next-hop you want for this traffic is 192.168.11.1


access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.5.0 0.0.0.255


route-map PBR permit 10

match ip address 101

set ip next-hop 192.168.11.1


then on the interface that the 192.168.5.0/24 arrives


int fa0/0

ip address 192.168.5.1 255.255.255.0

ip policy route-map PBR


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Mon, 07/13/2009 - 13:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Andy


PBR does sound like what you need.


Bear in mind with PBR that if the next-hop you specify is not reachable then it fail back to the routing table which will suit your needs exactly.


An example of PBR


source subnet = 192.168.5.0

destination subnet = 172.16.5.0


routing table next-hop for 172.16.5.0 is 192.168.10.1


next-hop you want for this traffic is 192.168.11.1


access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.5.0 0.0.0.255


route-map PBR permit 10

match ip address 101

set ip next-hop 192.168.11.1


then on the interface that the 192.168.5.0/24 arrives


int fa0/0

ip address 192.168.5.1 255.255.255.0

ip policy route-map PBR


Jon

Thanks for the response.

I thought that ip next-hop would keep forwarding packets when the route map was matched, even if the next-hop is not alive.


Have you ever setup "ip next-hop" with the verify-availability command? Do you have any insight or best practices with this configuration and setup?


Thanks!


Jon Marshall Tue, 07/14/2009 - 21:48
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Andy


Should have been more specific, sorry.


With a P2P link such as a serial connection you don't need to use the verify-availability command. If the next-hop on a P2P is not reachable then PBR will use the routing table.


With a multi-access network such as ethernet however you do need to use the verify-availability command and track the next-hop otherwise your PBR will still try and send the traffic to the configured next-hop.


Jon

Actions

This Discussion