Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Policy Based Route - PDLM Determined Traffic

I was looking for a way to route traffic such as bittorrent detected by the PDLMs on the router to another gateway to off-load that traffic from our primary ISP but not block or throttle it.

i was hoping there was a built-in mechanism to do so, and since the ports are dynamic, it makes it near impossible to use a nat statement do perform the same tasks.

any help would be much appreciated.

4 REPLIES

Policy Based Route - PDLM Determined Traffic

Hi Daniel,

You can do it using match policy-list option in route-map. Following is my lab test

!

class-map match-any ICMP

match protocol icmp

!

policy-map For-PBR

class ICMP

!

route-map PBR-NBAR

match ip policy-list For-PBR

set ip next-hop 34.0.0.4

!

interface Gig1/0

ip policy route-map PBR-NBAR

!

end

R3#show route-map

route-map PBR-NBAR, permit, sequence 10

  Match clauses:

    IP Policy lists:

        For-PBR

  Set clauses:

    ip next-hop 34.0.0.4

  Policy routing matches: 103 packets, 11742 bytes

-Vishesh

Don't forget to rate.

Community Member

Policy Based Route - PDLM Determined Traffic

Command not listed under match ip.  what versions are supported? 

CPTNYCRT01(config-route-map)#match ip ?

  address                Match address of route or match packet

  next-hop               Match next-hop address of route

  redistribution-source  route redistribution source (EIGRP only)

  route-source           Match advertising source address of route

CPTNYCRT01(config-route-map)#do sh ver

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2012 by Cisco Systems, Inc.

Compiled Tue 20-Mar-12 18:13 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)

CPTNYCRT01 uptime is 14 weeks, 2 days, 20 hours, 56 minutes

System returned to ROM by reload at 18:00:00 Eastern Thu Oct 31 2013

System restarted at 18:01:54 Eastern Thu Oct 31 2013

System image file is "flash:c2800nm-advipservicesk9-mz.151-4.M4.bin"

Last reload type: Normal Reload

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 2821 (revision 3.0) with 1034240K/14336K bytes of memory.

Processor board ID FHK0847F1PQ

2 Gigabit Ethernet interfaces

1 ATM interface

1 Channelized T1/PRI port

1 Virtual Private Network (VPN) Module

DRAM configuration is 64 bits wide with parity enabled.

239K bytes of non-volatile configuration memory.

126976K bytes of ATA CompactFlash (Read/Write)

License Info:

License UDI:

-------------------------------------------------

Device#   PID                   SN

-------------------------------------------------

*0        CISCO2821             FHK0847F1PQ

Configuration register is 0x2102

CPTNYCRT01(config-route-map)#

Cisco Employee

Re: Policy Based Route - PDLM Determined Traffic

Hello Vishesh,

I am afraid you are not correct. You are confusing a policy-map with an ip policy-list - these two are different and unrelated constructs. Your example appears to work because the route-map refers to a non-existent ip policy-list and therefore produces a match (it's like referring to a non-existent ACL), but because of this, it applies to all traffic, not just to the ICMP packets.

Unfortunately, a route-map used to drive PBR is unable to directly refer to a class-map or to a qos-group value. The only solution I was able to create was to actually mark ingress packets with a non-zero DSCP value, and then base the PBR on the DSCP value, e.g.:

class-map match-all TELNET

match protocol telnet

!

policy-map fa0/1-in

class TELNET

  set dscp af13

!

ip access-list extended AF13

permit ip any any dscp af13

!

route-map PBR permit 10

match ip address AF13

set ip next-hop 10.0.23.3

!

interface FastEthernet0/1

ip address 10.1.12.2 255.255.255.0

ip policy route-map PBR

service-policy input fa0/1-in

Ingress traffic on Fa0/1 is first inspected by the fa0/1-in policy-map that identifies the Telnet traffic, and marks the packets with DSCP value of AF13. Afterwards, the PBR looks for all AF13-marked packets, and PBRs them to a different next hop. On ingress, QoS marking is performed before PBR.

It is admittedly a hack...

Best regards,

Peter

Re: Policy Based Route - PDLM Determined Traffic

Hi Peter,

You are right, I mistook the policy-list for a policy-map.

R2(config-route-map)#match policy-list ?

  WORD  IP Policy map name

Seems like yours is the only way to configure it. Thanks for clearing that.

-Vishesh

416
Views
5
Helpful
4
Replies
CreatePlease to create content