Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

connect to 2 ISP using route-map

hi:

i have a following  scenario.

2012-06-21_155538.jpg

both R2 and R3 act as ISPs. and R1 as company gateway router ,R4 as normal PCs.

R2 and R3 have same loopback interfaces with ip address 5.5.5.5 /24(emulate internet)  .

requirement :

1. traffic which  is sourced from 10.10.10.0/24 must go through s0/0 at R1

2. traffic from 20.20.20.0/24 must go through s0/1 at R1

here is what i have done

R1(config)#do show ip route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets

C       1.1.1.0 is directly connected, Serial0/0

     2.0.0.0/24 is subnetted, 1 subnets

C       2.2.2.0 is directly connected, Serial0/1

     3.0.0.0/24 is subnetted, 1 subnets

C       3.3.3.0 is directly connected, FastEthernet1/0

     20.0.0.0/24 is subnetted, 1 subnets

S       20.20.20.0 [1/0] via 3.3.3.3

     10.0.0.0/24 is subnetted, 1 subnets

S       10.10.10.0 [1/0] via 3.3.3.3

S*   0.0.0.0/0 is directly connected, Serial0/0

               is directly connected, Serial0/1   /* i used default route to connect to 5.5.5.5.

Access lists

R1(config)#do show access-list

Standard IP access list 1

    10 permit 10.10.10.0, wildcard bits 0.0.0.255

Standard IP access list 2

    10 permit 20.20.20.0, wildcard bits 0.0.0.255

Route-map


R1(config)#do show route

route-map ISP_R3, permit, sequence 20

  Match clauses:

    ip address (access-lists): 2

  Set clauses:

    interface Serial0/1

  Policy routing matches: 0 packets, 0 bytes

route-map ISP_R2, permit, sequence 10

  Match clauses:

    ip address (access-lists): 1

  Set clauses:

    interface Serial0/0

  Policy routing matches: 0 packets, 0 bytes

i applied two policies on both serial links.

interface Serial0/0

ip address 1.1.1.1 255.255.255.0

ip policy route-map ISP_R2

serial restart-delay 0

!        

interface Serial0/1

ip address 2.2.2.2 255.255.255.0

ip policy route-map ISP_R3

serial restart-delay 0

!        

interface Serial0/2

no ip address

shutdown

serial restart-delay 0

!        

interface Serial0/3

no ip address

shutdown

serial restart-delay 0

!        

interface FastEthernet1/0

ip address 3.3.3.1 255.255.255.0

duplex auto

speed auto

!        

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 Serial0/0

ip route 0.0.0.0 0.0.0.0 Serial0/1

ip route 10.10.10.0 255.255.255.0 3.3.3.3

ip route 20.20.20.0 255.255.255.0 3.3.3.3

!        

!        

!        

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 2 permit 20.20.20.0 0.0.0.255

!        

route-map ISP_R3 permit 20

match ip address 2

set interface Serial0/1

!        

route-map ISP_R2 permit 10

match ip address 1

set interface Serial0/0

i have no ideas what's wrong with this setup. the route-map did not work.

below is trace route output

R4(config)#do trace 5.5.5.5 source 20.20.20.20

Type escape sequence to abort.

Tracing the route to 5.5.5.5

  1 3.3.3.1 36 msec 20 msec 24 msec

  2 2.2.2.22 48 msec

*Mar  1 01:35:35.403: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:35:35.427: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:35:35.455: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:35:35.503: ICMP: dst (20.20.20.20) port unreachable rcv from 2.2.2.22 *  48 msec

R4(config)#

*Mar  1 01:35:38.551: ICMP: dst (20.20.20.20) port unreachable rcv from 2.2.2.22

R4(config)#do trace 5.5.5.5 source 10.10.10.10                              

Type escape sequence to abort.

Tracing the route to 5.5.5.5

  1 3.3.3.1 52 msec 24 msec 20 msec

  2 2.2.2.22 48 msec

*Mar  1 01:37:17.351: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:37:17.379: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:37:17.399: ICMP: time exceeded rcvd from 3.3.3.1

*Mar  1 01:37:17.447: ICMP: dst (10.10.10.10) port unreachable rcv from 2.2.2.22 *  56 msec

ping 5.5.5.5 had no problems but why did both traffic go through 2.2.2.22 ?

i have no ideas what's wrong with this setup. the route-map just did not work.

I hope some one could help me out here.

thank you in advance.

Everyone's tags (1)
3 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

Re: connect to 2 ISP using route-map

Hi,

You have to apply the policy in the ingress interface of R1 (i.e fa1/0) and also you don't need two different route-map for acheiving this. Match the access-list in two different sequence of the same route-map and assign a different next-hop for each matching criteria..

-HTH

bava

Gold

Re: connect to 2 ISP using route-map

Hi Dannan,

route-maps are sequenced, like access lists. use the Same Name and different sequence numbers to apply different Match/Set clauses. and remeber there is an implicit Deny at the end of the route-map, just like access-lists.

plz Rate if it helped,

Soroush.

Hope it Helps!

Soroush.
Purple

connect to 2 ISP using route-map

Hi,

No need for an empty permit clause at the end in a route-map used for PBR because the denied traffic will just simply routed based on the RIB.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
9 REPLIES
Purple

connect to 2 ISP using route-map

Hi,

the PBR policy must be applied to f0/1 interface of R3 not on the serials as it must be applied on the ingress interface of the source.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

connect to 2 ISP using route-map

thanks for your quick reply, i am still  new to policy routing. if i have to apply the policy on f0/1, how am i supposed to do that? everytime i wrote an ip policy , the new one overwrote the older one.  i thought one interface can have a only one route map policy applied.

much appreciated.

Purple

connect to 2 ISP using route-map

Hi,

Look at Bava's answer: you only need one route-map but with multiple clauses.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Gold

Re: connect to 2 ISP using route-map

Hi Dannan,

route-maps are sequenced, like access lists. use the Same Name and different sequence numbers to apply different Match/Set clauses. and remeber there is an implicit Deny at the end of the route-map, just like access-lists.

plz Rate if it helped,

Soroush.

Hope it Helps!

Soroush.
New Member

connect to 2 ISP using route-map

thanks . i will try that.

Purple

connect to 2 ISP using route-map

Hi,

No need for an empty permit clause at the end in a route-map used for PBR because the denied traffic will just simply routed based on the RIB.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Re: connect to 2 ISP using route-map

Hi,

You have to apply the policy in the ingress interface of R1 (i.e fa1/0) and also you don't need two different route-map for acheiving this. Match the access-list in two different sequence of the same route-map and assign a different next-hop for each matching criteria..

-HTH

bava

New Member

connect to 2 ISP using route-map

thanks for your help,i will try that later.

New Member

connect to 2 ISP using route-map

it worked, thanks.

2010
Views
0
Helpful
9
Replies
CreatePlease to create content