07-13-2009 12:06 PM - edited 03-04-2019 05:25 AM
I have an interesting dilemma that I need to segment the transport of several replication subnets. These subnets contain physical & VM servers that respond to production traffic but also need to send out replication traffic.
Have (1) replication link - Ethernet L2 optical private line circuit directly to other datacenter that I need to have reserved exclusively for the replication devices & their subnets.
Have (2) MPLS links that are laod balanced (multipath - max paths with BGP) used for all production data transport from datacenter to all 300 other sites.
I think I need to understand and enable PBR with source addressing to help guide my traffic where I want it to travel.
Static routing is not cutting it as non-destined traffic is getting blackholed when the link fails. (i.e. traffic from 10.1.90.x uses the static route when trying to get to 10.2.60.x) ---- need to fix that!
How do I enable a PBR on source and/or destination address and force the replication subnets to use the replication link and failover back to the MPLS?
MPLS link is using BGP to upstream provider.
L2 link is using static routes today, which are causing problems will "all" traffic destined for the remote subnets are using this link.
Subnets:
Source:
10.1.60.x
10.1.70.x
Destination:
10.2.60.x
10.2.70.x
Thanks!
Solved! Go to Solution.
07-13-2009 01:41 PM
Andy
PBR does sound like what you need.
Bear in mind with PBR that if the next-hop you specify is not reachable then it fail back to the routing table which will suit your needs exactly.
An example of PBR
source subnet = 192.168.5.0
destination subnet = 172.16.5.0
routing table next-hop for 172.16.5.0 is 192.168.10.1
next-hop you want for this traffic is 192.168.11.1
access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.5.0 0.0.0.255
route-map PBR permit 10
match ip address 101
set ip next-hop 192.168.11.1
then on the interface that the 192.168.5.0/24 arrives
int fa0/0
ip address 192.168.5.1 255.255.255.0
ip policy route-map PBR
Jon
07-13-2009 01:41 PM
Andy
PBR does sound like what you need.
Bear in mind with PBR that if the next-hop you specify is not reachable then it fail back to the routing table which will suit your needs exactly.
An example of PBR
source subnet = 192.168.5.0
destination subnet = 172.16.5.0
routing table next-hop for 172.16.5.0 is 192.168.10.1
next-hop you want for this traffic is 192.168.11.1
access-list 101 permit ip 192.168.5.0 0.0.0.255 172.16.5.0 0.0.0.255
route-map PBR permit 10
match ip address 101
set ip next-hop 192.168.11.1
then on the interface that the 192.168.5.0/24 arrives
int fa0/0
ip address 192.168.5.1 255.255.255.0
ip policy route-map PBR
Jon
07-14-2009 01:28 PM
Thanks for the response.
I thought that ip next-hop would keep forwarding packets when the route map was matched, even if the next-hop is not alive.
Have you ever setup "ip next-hop" with the verify-availability command? Do you have any insight or best practices with this configuration and setup?
Thanks!
07-14-2009 09:48 PM
Andy
Should have been more specific, sorry.
With a P2P link such as a serial connection you don't need to use the verify-availability command. If the next-hop on a P2P is not reachable then PBR will use the routing table.
With a multi-access network such as ethernet however you do need to use the verify-availability command and track the next-hop otherwise your PBR will still try and send the traffic to the configured next-hop.
Jon
07-15-2009 03:42 AM
Thanks, Jon for your insight on this issue. Really appreciate your support! :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: