Re: Policy based routing

saimbt · ‎01-02-2004

Hi,

We have 2 IPLC links to UK, one is a 512 link and thre other is a 2 Mbps link, we want to use the 512 link only for FTP and all other traffic should flow by the the 2 Mbps link, I know this can be acomplished by POLICY BASED ROUTING, my question is in case the 2 Mbps link fails, how will the traffic divert on the 512 link, as the 512 link has a ACL to allow only FTP traffic.

please help..

-Sai.

thisisshanky · ‎01-02-2004

When you use the set command in route-map,

set interface or set ip next-hop , the route-map will try to route all traffic via int1 or hop1, and if this link fails, the it will use int2 or hop2.

So specify the first next-hop or outgoing interface for all other traffic (than FTP) as the 2 Mbps link and the backup next-hop or outgoing interface for all other traffic as the 512K Link.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

saimbt · ‎01-02-2004

Hi shanky,

Thank you for the bullet response,

since my ethernet will have a ACL written that only FTP to go via 512 link, wont this deny all other traffic, in case the 2 Mbps link fails??

kkalaycioglu · ‎01-04-2004

In case you're using PBR, do you really need ACL to allow FTP traffic?

ashok_boin · ‎01-04-2004

Hi,

You will use ACL's in route-map to match the traffic and set the parameters like outgoing i/f or next hop only. There is no need to put ACL on interface explicitly.

Regards...

Ashok.

With best regards...
Ashok

tomanderin · ‎01-05-2004

it will be the route map you bind to the incoming interface, not the ACL. you will want something like:

access-list 101 permit tcp any any eq ftp

access-list 101 permit tcp any any eq ftp-data

route-map ftpfilter permit 10

match ip address 101

set int ? (outgoing interface)

int ? (incoming interface)

ip policy route-map ftpfilter

not 100% sure, but I believe that if the interface defined in the set statement is down, the traffic will be sent via the normal routing process

saimbt · ‎01-05-2004

Hi,

This is what I also thought of, but my Q is if my main link (2 Mbps) fail, will all the traffic get diverted on the 512 link or will have to write one more route-map like

access-list 101 permit ip any any

route-map othertraffic permit 20

match ip address 101

set int

int ? (incoming interface)

ip policy route-map othertraffic

tomanderin · ‎01-05-2004

the route map will not affect how traffic is routed other than that defined in the route map ACL. If your other traffic normally goes over the 2 meg but uses the 512k in a failure, this will continue to be the case.

All the ACL is doing is it defines the traffic to be policy routed, anything that does not match is not dropped, but passed to be routed in the "normal" way.

Both normal traffic and FTP traffic can go over the 512 link

ndarnell · ‎01-05-2004

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5207/products_feature_guide09186a00801d1e95.html#41569

Check this out it should give you all you need.

I've implemented it and it works. You may need to upgrade the IOS on the routers to a version that supports this feature as it's fairly new.

I suggest tracking the route entry for the wan link addresses.