Explain PBR on source address for replication! :)

Answered Question

I have an interesting dilemma that I need to segment the transport of several replication subnets. These subnets contain physical & VM servers that respond to production traffic but also need to send out replication traffic.

Have (1) replication link - Ethernet L2 optical private line circuit directly to other datacenter that I need to have reserved exclusively for the replication devices & their subnets.

Have (2) MPLS links that are laod balanced (multipath - max paths with BGP) used for all production data transport from datacenter to all 300 other sites.

I think I need to understand and enable PBR with source addressing to help guide my traffic where I want it to travel.

Static routing is not cutting it as non-destined traffic is getting blackholed when the link fails. (i.e. traffic from 10.1.90.x uses the static route when trying to get to 10.2.60.x) ---- need to fix that!

How do I enable a PBR on source and/or destination address and force the replication subnets to use the replication link and failover back to the MPLS?

MPLS link is using BGP to upstream provider.

L2 link is using static routes today, which are causing problems will "all" traffic destined for the remote subnets are using this link.

Subnets:

Source:

10.1.60.x

10.1.70.x

Destination:

10.2.60.x

10.2.70.x

Thanks!

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 7 years 4 months ago

Andy

PBR does sound like what you need.

Bear in mind with PBR that if the next-hop you specify is not reachable then it fail back to the routing table which will suit your needs exactly.

An example of PBR

source subnet = 192.168.5.0

destination subnet = 172.16.5.0

routing table next-hop for 172.16.5.0 is 192.168.10.1

next-hop you want for this traffic is 192.168.11.1

access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.5.0 0.0.0.255

route-map PBR permit 10

match ip address 101

set ip next-hop 192.168.11.1

then on the interface that the 192.168.5.0/24 arrives

int fa0/0

ip address 192.168.5.1 255.255.255.0

ip policy route-map PBR

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jon Marshall Mon, 07/13/2009 - 13:41

Andy

PBR does sound like what you need.

Bear in mind with PBR that if the next-hop you specify is not reachable then it fail back to the routing table which will suit your needs exactly.

An example of PBR

source subnet = 192.168.5.0

destination subnet = 172.16.5.0

routing table next-hop for 172.16.5.0 is 192.168.10.1

next-hop you want for this traffic is 192.168.11.1

access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.5.0 0.0.0.255

route-map PBR permit 10

match ip address 101

set ip next-hop 192.168.11.1

then on the interface that the 192.168.5.0/24 arrives

int fa0/0

ip address 192.168.5.1 255.255.255.0

ip policy route-map PBR

Jon

Jon Marshall Tue, 07/14/2009 - 21:48

Andy

Should have been more specific, sorry.

With a P2P link such as a serial connection you don't need to use the verify-availability command. If the next-hop on a P2P is not reachable then PBR will use the routing table.

With a multi-access network such as ethernet however you do need to use the verify-availability command and track the next-hop otherwise your PBR will still try and send the traffic to the configured next-hop.

Jon

Actions

This Discussion