Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Static Routes vs PBR

I am using a track statement with an IP SLA to determine how to send traffic. I have looked at two methods for this. The first is to use a static route with the track command. The second is to match traffic and set the next hop IP using PBR. They both achieve the same result but what are the pros or cons to each and what method is most preferred/reliable? Thank you.

 

Devices used are 2 ASR1004 routers and 2 Catalyst 4500Xs.

2 REPLIES

Hi brian, actually the static

Hi brian, actually the static route with track object and PBR r not doing the same object, so let's disucss it with some simple examples:

1-Static route with track object:
The meaning of the static route with track object, is u tell the router (if u apply it on a Router) that  i will create conditional static route, which is a static route with specific condition based on ur configuration, this mean that u tell the router, if this pre-determined condition has active state, this mean that u must still use this static route without any modification, but if this condition has passive state, this mean that u have not to use this static route and remove it from the IP routing table and not to use it in ur routing process unless the state is changed to active again.

The trick here is based on the IP SLA  configuration that u use with the track object because the normal static route here has no trick as it just used for routing process, so it is based on the IP SLA configuration u use, because the IP SLA has different purposes like: measuring round trip time, check L3 connectivity from specific source to specific destination by sending ICMP echo request packet, check the reachability to specific TCP port running at specific destination, measuring udp jitter echo,.... and others.

So let's talk about the example:

Assume that ur network is multi-homed (this mean that u have two or more connection to one ISP or more for the internet service), at this case u need one of them as primary and the other will be the backup link, so for the internet routes, u will add two default static routes (one point to the primary and the other to the backup) as the following:

ip route 0.0.0.0 0.0.0.0 fa0/0 x.x.x.x  (for primary link)

ip route 0.0.0.0 0.0.0.0 fa0/1 y.y.y.y  10 (for backup link)

here, u used the floating default static routing feature, by making the AD to be 10 (which is higher than that of the primary link), in this configuration, u depend on that the primary link must fail physically to make the router remove the first route and use the default static route point to the backup link.

But assume that the primary link is to ISP1 while the backup link is to ISP2, if ISP1 has a technical issue inside its core network and at the same time the primary link is operation physically, this mean that ur  internet connection will be down until this technical issue is solved, why?? because the router still use the  primary link because it actually has the best AD (1 is better than 10), so to solve such problem, u can use the default static routing with track object.

let's check this configuration example:

1-IP SLA configuration(if u don't know the IP SLA configuration don't hesitate to ask):

ip sla 1

icmp-echo 8.8.8.8

frequency 30

ip sla schedule 1 start-time now life forever

2-Track object configuration:

track 1 ip sla 1 reachability 

3-Static default route with track object configuration:

ip route 0.0.0.0 0.0.0.0 Fa0/0 x.x.x.x track 1 

by this configuration, u tell the router that u need to configure conditional default static route by referencing the track object 1, which use the IP SLA 1 as its own reference, so if the state of the IP SLA is "not ok" this mean that the reachability of the track object  1 is not achieved, hence the router will remove this default static route from the IP routing table and will use the other route (for the backup link in the multi-homed scenario), finally u can use the IP SLA for many other purposes.

2-Let's talk about the PBR:

As the name implies, it is used to apply some polices before make the routing decision by the router, so let's talk about the following example:

Assume the same scenario that we used before for the IP SLA (multi-homed for internet service), assume u have two links connecting u to ur ISP (one with 2Mbps and the other is 6Mbps ) and u have two different types of traffic (data and video), here u need to dedicate the video traffic to pass through the (2Mbps) link, while the other data traffic to pass through the (6Mpbs) link, so at this scenario u can use the PBR to achieve ur goal, this mean that u can control which packet can go through which link, but at the IP SLA, u can't do this action.

If u need more examples with configuration, please don't hesitate to ask.

 

Hope that is helpful.

BR

Mostafa

New Member

Thanks for the great right up

Thanks for the great right up. 

Here is the scenario I simulated with. I have two edge routers. They route for two separate networks under the same AS number. In the situation of an ISP going down, both networks will use one edge router. If the egress for the network with the failed ISP is still up I want to send that network traffic over. Otherwise, route it on the same egress as the network with the working ISP. Here is the config I used.

 

ip sla 1

icmp-echo 10.1.0.6

frequency 5

ip sla 2

icmp-echo 10.1.0.29

frequency 5

 

track 1 ip sla 1 reachability

delay up 25 down 25

track 2 ip sla 2 reachability

delay up 25 down 25

 

ip access-list extended networkA-Inbound

permit ip any 10.0.0.0 0.127.255.255

 

ip access-list extended networkB-Inbound

permit ip any 10.128.0.0 0.63.255.255

 

route-map Inbound-Policy permit 10

match ip address networkA-Inbound

set ip next hop verify-availability 10.1.0.6 1 track 1

set ip next hop 10.1.0.29

route-map inbound-Policy permit 20

match ip address networkB-Inbound

set ip next hop verify-availability 10.1.0.29 track 2

set ip next hop 10.1.0.6

 

Basically, if the ISP for network B is down, I want to send network B traffic to network B's router from network A. If I cannot reach it, send it to network A's core. Network A sends it traffic to its core unless it can not reach it.

The other way is to use static routes.

ip route 10.0.0.0 255.128.0.0 10.1.0.6 track 1

ip route 10.0.0.0 255.128.0.0 10.1.0.29 5

ip route 10.128.0.0 255.192.0.0 10.1.0.29 track 2

ip route 10.128.0.0 255.192.0.0 10.1.0.6 5

 

They seem to do the same thing. Is one method better or preferred?

 

307
Views
5
Helpful
2
Replies