05-25-2010 11:14 PM - edited 03-04-2019 08:35 AM
Hi Everyone,
I am having that kind of PBR issue in client side. Actually they want to do Policy Based Routing through their main office to branch. I change the ip address because of privacy policy.
This is the main office subnet scope. Their special subnet is 203.72.87.xx/25
203.72.87.0 /24
203.72.88.0/24
203.72.89.0/24
203.87.90.0/24
203.87.91.0/24
203.87.92.0/24
203.87.93.0/24
Main office have cisco 4507 switch connected to layer 3 ospf link with 2 juniper edge device.
The task is to trasfer packet from following address through juniper edge device1 to 203.72.87.0/25
203.72.90.3/32
203.72.90.4/32
203.72.90.5/32
xx.xx.xx.xx/16
xx.xx.xx.xx/24
To trasfer packet from following address through juniper edge device 2 to 203.72.87.0/25
203.72.87.3/32
203.72.87.4/32
203.72.87.5/32
If PBR is not enable by default , it is go through link2 (juniper device 2).
When i do show run, the address 203.72.90.3 , 203.72.90.4, 203.72.90.5 are already in the permit access list. That mean i don't need to put it on access list again. But 203.72.87.3 is in the ip helper list. But there is no vlan ip for 203.72.87.3, 203.72.87.4 , 203.72.87.5 ,203.72.90.3 , 203.72.90.4, 203.72.90.5 . When i do ip route command , the traffic are not involved either.
Eigrp is running on the list and it is /16 network.from what i know is doing acl 1st, and then routemap and redistribute . In my case, i think i should use ospf to redistribute.And the last thing is apply routemap to interface.But now I am very confuse that do i need to add this ip address to vlan 1st and doing this or I have no idea how to configure this switch to do policy based routing. Anyone please enlighten me.
05-26-2010 03:20 AM
Hi there!
To be honest your explanation is not very accurate, but I'll try to help based on what I understood.
So, what I think is that you want is that traffic from certain source (subnets, IP addresses) to take path 1 (Juniper device 1) to a destination. The same from some other sources to the same destination but on the path 2 (Juniper device 2).
Am I right?
If yes, the solution would be:
-match the source addresses (the ones that you want to make traffic over the path1) in a prefix-list or ACL
-configure a route-map in which you match the prefix-list or ACL in the previous step
-in the same route-map set next-hop IP address on the Juniper device 1
-configure PBR on the interface with ip policy route-map "Route-map NAME created above"
Please let me know if this is not clear enough for you.
Calin
05-26-2010 06:10 AM
Brother,
Thank you for your explanation. But how about OSPF? I think we need to run the traffic on OSPF redistribution cause it include
juniper . My job scope is only on cisco switch to configure. The customer already configure juniper. If you know the OSPF Redistribution
together with route map please explain more for me. i am new to policy routing. Hope for your reply soon.
05-26-2010 06:49 AM
If you are using EIGRP in your LAN, and OSPF on the links to Juniper devices, you have to redistribute somehow EIGRP in OSPF and OSPF in EIGRP or announce default routes from OSPF.
I don't know exactly the configuration that you have there, but anyway PBR and network reachability through IP routing protocols are different topics.
You can look at PBR like conditional routing based on policies.
Anyway following my first idea, or any idea that you have, you need somehow to achieve reachability between subnets, and only then to apply PBR.
Let me know if I can help you more.
05-26-2010 09:41 AM
Hi Calin,
thank you for your quick feedback. you are correct . they use eigrp in their lan. so the first thing i need to do is
#router ospf (area no)
#redistribute eigrp (autonomous no) subnets routemap ( routemap name)
#network ( 203.72.87.0) 0.0.128.255 area 0
#default metric 10
for acccess list
access-list 101 permit ip any host 203.72.87.3
route-map reroute10 traffic permit 10
match ip address 101
set (interface or ip address of the juniper device 1)
Ip policy route-map reroute10traffic
This is for one ip to 1 juniper. In my case , if i need to route so many ip, i have to add all those in every access-list .I can do access list 101 for juniper 1 and accesslist 102 for juniper 2. But what i am not sure is can it be work cause my ip from here is differnet subnets /16 , /32 , /24.
Thats my understanding. I am quite worry because i will get to complete this within 4 hrs. If i am mistake, plz show me the way .
05-27-2010 05:19 AM
Sorry for the late answer. This seems to be OK, just that in the route-map you use for PBR, you need to set there
set ip next-hop "IP_Juniper1"
Does it work?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide