Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Help me on PBR issue

Hi Everyone,

                       I am having that kind of PBR issue in client side. Actually they want to do Policy Based Routing through their main office to branch. I change the ip address because of privacy policy.

This is the main office subnet scope. Their special subnet is 203.72.87.xx/25

203.72.87.0 /24

203.72.88.0/24

203.72.89.0/24

203.87.90.0/24

203.87.91.0/24

203.87.92.0/24

203.87.93.0/24

Main office have cisco 4507 switch connected to layer 3 ospf link with 2 juniper edge device.

clip_image003.jpg

The task is to trasfer packet from following address through juniper edge device1 to 203.72.87.0/25

203.72.90.3/32

203.72.90.4/32

203.72.90.5/32

xx.xx.xx.xx/16

xx.xx.xx.xx/24

To trasfer packet from following address through juniper edge device 2 to 203.72.87.0/25

203.72.87.3/32

203.72.87.4/32

203.72.87.5/32

If PBR is not enable by default , it is go through link2 (juniper device 2).

When i do show run, the address 203.72.90.3 , 203.72.90.4, 203.72.90.5 are already in the permit access list. That mean i don't need to put it on access list again. But  203.72.87.3 is in the ip helper list. But there is no vlan ip for 203.72.87.3, 203.72.87.4 , 203.72.87.5 ,203.72.90.3 , 203.72.90.4, 203.72.90.5 . When i do ip route command , the traffic are not involved either.

Eigrp is running on the list and it is /16 network.from what i know is doing acl 1st, and then routemap and redistribute .  In my case, i think i should use ospf to redistribute.And the last thing  is apply routemap to interface.But now I am very confuse that do i need to add this ip address to vlan 1st and doing this or I have no idea how to configure this switch to do policy based routing. Anyone please enlighten me.

5 REPLIES

Re: Help me on PBR issue

Hi there!

To be honest your explanation is not very accurate, but I'll try to help based on what I understood.

So, what I think is that you want is that traffic from certain source (subnets, IP addresses) to take path 1 (Juniper device 1) to a destination. The same from some other sources to the same destination but on the path 2 (Juniper device 2).

Am I right?

If yes, the solution would be:

-match the source addresses (the ones that you want to make traffic over the path1) in a prefix-list or ACL

-configure a route-map in which you match the prefix-list or ACL in the previous step

-in the same route-map set next-hop IP address on the Juniper device 1

-configure PBR on the interface with ip policy route-map "Route-map NAME created above"

Please let me know if this is not clear enough for you.

Calin

Community Member

Re: Help me on PBR issue

Brother,

                  Thank you for your explanation. But how about OSPF? I think we need to run the traffic on OSPF redistribution cause it include

juniper . My job scope is only on cisco switch to configure. The customer already configure juniper. If you know the OSPF Redistribution

together with route map please explain more for me. i am new to policy routing. Hope for your reply soon.

Re: Help me on PBR issue

If you are using EIGRP in your LAN, and OSPF on the links to Juniper devices, you have to redistribute somehow EIGRP in OSPF and OSPF in EIGRP or announce default routes from OSPF.

I don't know exactly the configuration that you have there, but anyway PBR and network reachability through IP routing protocols are different topics.

You can look at PBR like conditional routing based on policies.

Anyway following my first idea, or any idea that you have, you need somehow to achieve reachability between subnets, and only then to apply PBR.

Let me know if I can help you more.

Community Member

Re: Help me on PBR issue

Hi Calin,

                thank you for your quick feedback. you are correct . they use eigrp in their lan. so the first thing i need to do is

#router ospf (area no)

#redistribute eigrp (autonomous no)  subnets routemap ( routemap name)

#network  ( 203.72.87.0) 0.0.128.255 area 0

#default metric 10

for acccess list

access-list 101 permit ip any host 203.72.87.3

route-map reroute10 traffic permit 10

match ip address 101

set (interface or ip address of the juniper device 1)

Ip policy route-map reroute10traffic

This is for one ip to 1 juniper. In my case , if i need to route so many ip, i have to add all those in every access-list .I can do access list 101 for juniper 1 and accesslist 102 for juniper 2. But what i am not sure is can it be work cause my ip from here is differnet subnets /16 , /32 , /24.

Thats my understanding. I am quite worry because i will get to complete this within 4 hrs. If i am mistake, plz show me the way .

Re: Help me on PBR issue

Sorry for the late answer. This seems to be OK, just that in the route-map you use for PBR, you need to set there

set ip next-hop "IP_Juniper1"

Does it work?

326
Views
0
Helpful
5
Replies
CreatePlease to create content