cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1106
Views
0
Helpful
6
Replies

Asking about the PBR

anthonypoon
Level 1
Level 1

Hi any router expert,

I would like to ask the question about the Policy Base Routing.

At present, we have 3x Metroethernet to interconnected two main office. They are put into the same HSRP group. We have 3 VLANs on each office. One is for VoIP (10.105/106.x.x), One is for server farm (most server is on 173.105.x.x) , storage (one storage on each site are replicated on-demand which is handled by another computer) and user workstation (173.105/106.x.x), One is for email (10.5/6x.x, on-demand replication is going on). The internal interface of each of the circuit router is given with the IP 173.105/106.x.

One of the cirucits is designated for VoIP (10.5/6.x.x) only, another two are for data traffic (173.105/106.x.x). The main network equipmenet is connected to our L3 core switch. Recently, the circuits were sometimes saturated during peak hour. We found that the utilization significantly dropped when we stopped the replication. To relieve the problem, we are going to add one more Metroethernet circuit which is dedicated for replication traffic (storage on 173.105/106.x.x. and email server on 10.5/6.x.x).

If we are think of configuring the PDR to direct these replication traffic only to the new cirucit. We want the replication traffic can be held off and do not redirected to other circuits when the new circuit goes down. Until the circuit goes up again , the replication can resume.

We have the following doubts which I would like to ask for your advice:

1. Should I do the PDR on the core switch or on all the routers? Our vendor suggests us to apply the same PDR on the routers (to routing the replication traffic based on ip and tcp port to the new circuit).

2. Can PDR really do what we want that the replication traffic will not be redirected to others cirucits?

3. Can PDR differentiate the data traffic and the replication traffic on the same server and route to the corresponding cirucits?

4. If the new Metroethernet circuit goes down, the replication traffic will go to black hole, as the PBR next hop still shows up and PBR is still effective, but the path is actually down, is this true?

Please enlighten. Million thanks for your kind coaching in advance.

Anthony

6 Replies 6

danielmcollins
Level 1
Level 1

Anthony,

Not an expert.

Here are (2) out of many links on Policy-Based Routing (PBR) from Cisco's site:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml

http://www.cisco.com/en/US/customer/products/ps6599/products_white_paper09186a00800a4409.shtml

Regarding your questions,

1. Should I do the PDR on the core switch or on all the routers? Our vendor suggests us to apply the same PDR on the routers (to routing the replication traffic based on ip and tcp port to the new circuit).

   ->Yes, put PBR on both the core switch and on the routers at each site. You can create policies to route based on a number of different criteria. Reading through some of the above documentation might help you decide which is best. Your vendor's suggestion to use IP and TCP port could work fine.

2. Can PDR really do what we want that the replication traffic will not be redirected to others cirucits?

   -> Yes, PBR will redirect the traffic as you specify.

3. Can PDR differentiate the data traffic and the replication traffic on the same server and route to the corresponding cirucits?

   -> Yes, PBR would be able to "split" the traffic coming from the same server, with data traffic going to one circuit and replication traffic out to another.

4. If the new Metroethernet circuit goes down, the replication traffic will go to black hole, as the PBR next hop still shows up and PBR is still effective, but the path is actually down, is this true?

   -> Not sure what your intention is here. You can configure PBR to route after a failure whichever way you need. You can route it to a black hole, or you can configure a default interface that you can use when the primary circuit is down.

hth,

Dan

Andrew Cink
Level 1
Level 1

Policy-based routing basically means you can specify that if traffic is from/to a specific IP/port/etc, you can route it to a different gateway based on those parameters.

So if the traffic is from/to specific addresses and so forth, it should be a simple matter to force the traffic that way with PBR. You will need to put the PBR on any router that will be routing the traffic in question.

Andy

anthonypoon
Level 1
Level 1

Hi there,

Thanks for your answer. After consideration, we are going to apply the PBR. I have another question regarding to the""route-map command". May I know if the sequence number at the end  can be used with the dot number?

That is, route-map PBR_route permit 1.8.1.

Thank again.

Anthony

danielmcollins
Level 1
Level 1

Anthony,

Nope. Using a sequence number with a decimal in it is not permitted. Positive whole numbers between 0 and 65535 only.

Dan

Sent from Cisco Technical Support iPhone App

anthonypoon
Level 1
Level 1

Hi there,

Our storage team want to their disk-based backup servers' replication between two sites routed through the new link. The 5 DC servers will replicate the backup data to 1 WTC server. Therefore I added the access control list (at the bottom) into the previous PBR configuration as per attachment. Is it correct?

Please enlighten.

Thanks for your guidance.

Anthony

Anthony,

On the DC side,

     maybe change the line

permit tcp 10.5.1.0 0.0.0.255 10.6.1.0 0.0.0.255  (Allow all ports forward)

     to be

permit ip 10.5.1.0 0.0.0.255 10.6.1.0 0.0.0.255     (to be sure you don't miss anything)

     and change the lines

permit tcp 173.105.1.202 255.255.255.255 173.106.1.202 255.255.255.255 (EMC RP)

permit tcp 173.105.1.204 255.255.255.255 173.106.1.204 255.255.255.255 (EMC RP)

     to use the host key words, like you other lines. Makes it consistent and easier to read.

permit tcp host 173.105.1.202 host 173.106.1.202

permit tcp host 173.105.1.204 host 173.106.1.204

ALSO, your "set ip next-hop" is the same IP on each location. You should set this on each side to be the next hop IP towards the other side.

hth,

Dan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: