PBR in OSPF

Binu Steephen · ‎09-03-2010

Hi,

need your help.

I have a network set up of running OSPF accross the network.

need to send some traffic over one WAN link and some traffic over another WAN link.These links are not connected directly to the branches.

i will explain in details.

Branch A wan to communicate with Branch B

Primary path - A-C-B

Secondary path- A-C-D-B

need to do PBR on router C

Jon Marshall · ‎09-03-2010

stephen.binu@gmail.com

Hi,

need your help.

I have a network set up of running OSPF accross the network.

need to send some traffic over one WAN link and some traffic over another WAN link.These links are not connected directly to the branches.

i will explain in details.

Branch A wan to communicate with Branch B

Primary path - A-C-B

Secondary path- A-C-D-B

need to do PBR on router C

Binu

Fairly straightforward with PBR eg.

2 subnets in A = 192.168.5.0/24 & 192.168.6.0/24

you want to send 192.168.5.0/24 via primary path and 192.168.6.0 via secondary path to destination subnet 192.168.7.0/24

access-list 101 permit ip 192.168.5.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 102 permit ip 192.168.6.0 0.0.0.255 192.168.7.0 0.0.0.255

route-map PBR permit 10

match ip address 101

set ip next-hop

route-map PBR permit 20

match ip address 102

set ip next-hop

finally on the C interface that connects to A -

int s0/0

ip policy route-map PBR

Jon

francisco_1 · ‎09-03-2010

Jon responded before me but anyway i still post my suggestion

With policy-based routing yes you get the option to implement policies that selectively cause packets to take different paths. Additionally, PBR can mark packets so that certain types of traffic get prioritized. One example of PBR is, say that your OSPF routing protocol says that a packet with a destination of 10.1.1.1 should go out 192.168.1.1, you could create a policy so that packets destined to 10.1.1.1, instead, go to next hop 192.168.2.1

Let's look at an example of how we could use PBR. Say that we wanted to find any traffic that is destined for IP device 10.1.1.1 and, instead of sending it wherever the routing protocol says it should go, we are going to send it 192.168.2.1 next hop.

Router(config)# access-list 101 permit ip any host 10.1.1.1

Router(config)# route-map reroute10traffic permit 10

Router(config-route-map)#match ip address 101

Router(config-route-map)set ip next-hop 192.168.2.1

Router(config-route-map)#set interface Fa3/0

Router(config)# interface Fast Ethernet 3/0

Router(config-if)#ip policy route-map reroute10traffic

Hope that helps.

Francisco

Binu Steephen · ‎09-03-2010

Thanks Francisco.. but "set ip next-hop 192.168.2.1" whould be attached to the router where we apply policy-map..correct?..or can we configure remote IP as next hop IP in the local router.

Binu Steephen · ‎09-03-2010

Will PBR successful if we configure "set metric " for a particular segment ? Please help

Binu Steephen · ‎09-03-2010

PBR Recursive Next Hop, please advise how it works

Jon Marshall · ‎09-03-2010

Binu

What is wrong with what i have supplied as config ? Have you tried it, does it not work or do you need something else.

Jon

Binu Steephen · ‎09-04-2010

Hi Jon,

Thank you for your prompt help..It is not working to meet my requirement because traffic is again getting routed to the core link due to low ospf cost[even can't fine tune the ospf cost as that will affect all other routes]..

Is it possible to configure loopback or WAN IP of 4th hop as IP next-hop [recrusive] in 1st hop router,that will meet the requirement ?

Please advise..

IP next-hop recrusive, how it works?

Thanks in advance,

Stephen

Jon Marshall · ‎09-04-2010

stephen.binu@gmail.com

Hi Jon,

Thank you for your prompt help..It is not working to meet my requirement because traffic is again getting routed to the core link due to low ospf cost[even can't fine tune the ospf cost as that will affect all other routes]..

Is it possible to configure loopback or WAN IP of 4th hop as IP next-hop [recrusive] in 1st hop router,that will meet the requirement ?

Please advise..

IP next-hop recrusive, how it works?

Thanks in advance,

Stephen

Can you be more explicit in terms of what is not working ie. which path does traffic take and what it should take and also share config.

PBR overrides the routing table so it makes no difference what the OSPF costs are because the routing table is not consulted so either something is wrong with your config or you want to do something different than you explained in you original post.

Jon

Binu Steephen · ‎09-04-2010

Hi Jon, I have attached one network diagarm shows the set up, please advise on which router we need to do PBR configuration as per you suggested to meet the requirement in the attached diagram.

can we do this by enabling policy route map on routers B, H, E, J

Jon Marshall · ‎09-05-2010

Stephen

It would have helped if you had included the full topology with your original question because clearly it is nothing like the topology in your original thread.

In the mumbai branch office, is there a router/L3 switch behind the 2 wan routers ie. where is the routed interface for the network 10.10.10.x ?

Jon

Binu Steephen · ‎09-05-2010

Hi Jon, L3 switches [2nos] present at Mumbai branch as well as at Chennai branch.L3 swithes are connected together and each L3 switch is having uplink to WAN headned routers at branch.

Jon Marshall · ‎09-05-2010

Stephen

You can do this with PBR but you would need to apply it to any router where the path taken is not the one you want. With the routers you may be able to use PBR recursive next-hop although it depends on the routing table as the way to get to the recursive next hop may not be the path you want. The L3 switches would also need PBR to make sure the traffic went to the right router and i don't think, from memory, that they support recursive next-hop.

It is doable but as Giuseppe quite rightly points out, it will require a fair bit of configuration on a number of routers for both the outbound and return path. MPLS is a much better solution but that is not just additional config it involves a fair bit of redsign of your network which amy or may not be practical.

So yes it can be done with PBR but it will be messy.

Another way may be to look at OER/Pfr which may allow you to direct certain traffic down one path rather than the other but without knowing more details it's not possible to say whether that would work or not.

Whichever you choose will involve quite a lot of work.

Jon

Jon Marshall · ‎09-05-2010

Actually i'm not sure OER/Pfr would help because i don't think you can route based on source IP.

Jon

Giuseppe Larosa · ‎09-05-2010

Hello Stephen,

Edit:

with the network diagram is more clear as noted by Jon you should have posted it before

>> can we do this by enabling policy route map on routers B, H, E, J

you need to do so as PBR can divert traffic on a single router ( hop by hop paradigm), but it does not provide the desired effect if applied on a single router as you have seen in an IP cloud as next router could send the traffic on best path if not configured to divert to desired path.

In this kind of scenarios, a possible alternative to multiple PBR rules on multiple routers is MPLS:

or better to use MPLS Traffic engineering tunnels. With MPLS TE you move behind hop by hop routing and you can specify an end-to-end path that is chosen by first router in the cloud.

But if you haven't MPLS enabled it would be quite a big change to enable MPLS and MPLS TE on your network.

Hope to help

Giuseppe