Solved: Policy Based Routing with two default routes

Mansoor Hafeez · ‎03-06-2010

Hi

I have a router which is connected to two different ISPs. From my host network, the traffic is passed to firewall where global PAT is configured and than this traffic is forwarded to Router for further forwarding.

Now my requirement is that I want all my web traffic (PORT 80) will be passed through one route and all other traffic whose destination is not port 80 should pass through other ISP.

I tried Policy Based Routing but it only routes the traffic from one policy routing and rejecting the policy which is for PORT 80.

I will extremely greatful if you kindly help me in this regard.

Mansoor Hafeez

Jon Marshall · ‎03-06-2010

mansoorhafeez wrote:

Hi

I have a router which is connected to two different ISPs. From my host network, the traffic is passed to firewall where global PAT is configured and than this traffic is forwarded to Router for further forwarding.

Now my requirement is that I want all my web traffic (PORT 80) will be passed through one route and all other traffic whose destination is not port 80 should pass through other ISP.

I tried Policy Based Routing but it only routes the traffic from one policy routing and rejecting the policy which is for PORT 80.

I will extremely greatful if you kindly help me in this regard.

Mansoor Hafeez

Mansoor

It would have helped if you had posted your config but it should look something like this -

access-list 101 permit tcp any any eq 80

access-list 102 permit ip any any

route-map PBR permit 10

match ip address 101

set ip next-hop

route-map PBR permit 20

match ip address 102

set ip next-hop

Couple of things to note

1) if you switch the above 2 statements around then all traffic would always match acl 102 and never get to the second route-map statement.

2) actually you do not need the 2nd statement above. You can do -

set the default route to ISP that you do not want port 80 traffic to go to -

ip route 0.0.0.0 0.0.0.0

and then just have the first PBR statement from above ie.

route-map PBR permit 10

match ip address 101

set ip next-hop

Jon

View solution in original post

Rick Morris · ‎03-06-2010

How did you set up your ACL and Route-Map?

If you create multiple route-maps

route-map 10 with a set of matches and set commands

then

route-map 20 with a set of matches and set commands

Use the most preferred set of traffic first since the rule is read from top down.

I would try something like this:

access-list extended Web-Only-ISP-A

permit tcp any any eq 80

!

access-list extended Default-ISP-B

permit ip any any

!

route-map Traffic-Shaping permit 10

match ip address Web-Only-ISP-A

set ip next-hop

!

route-map Traffic-Shaping permit 20

match ip address Default-ISP-B

set next-hop

Then set the route-map to the interface and test.

http://www.itsyourip.com/cisco/how-to-setup-ip-policy-based-routing-in-cisco-routerios/

HTH

-Rick

View solution in original post

Jon Marshall · ‎03-06-2010

Rick

It's always a relief when the people answering questions agree with each other

Jon

View solution in original post

Jon Marshall · ‎03-06-2010

mansoorhafeez wrote:

Hi

I have a router which is connected to two different ISPs. From my host network, the traffic is passed to firewall where global PAT is configured and than this traffic is forwarded to Router for further forwarding.

Now my requirement is that I want all my web traffic (PORT 80) will be passed through one route and all other traffic whose destination is not port 80 should pass through other ISP.

I tried Policy Based Routing but it only routes the traffic from one policy routing and rejecting the policy which is for PORT 80.

I will extremely greatful if you kindly help me in this regard.

Mansoor Hafeez

Mansoor

It would have helped if you had posted your config but it should look something like this -

access-list 101 permit tcp any any eq 80

access-list 102 permit ip any any

route-map PBR permit 10

match ip address 101

set ip next-hop

route-map PBR permit 20

match ip address 102

set ip next-hop

Couple of things to note

1) if you switch the above 2 statements around then all traffic would always match acl 102 and never get to the second route-map statement.

2) actually you do not need the 2nd statement above. You can do -

set the default route to ISP that you do not want port 80 traffic to go to -

ip route 0.0.0.0 0.0.0.0

and then just have the first PBR statement from above ie.

route-map PBR permit 10

match ip address 101

set ip next-hop

Jon

Mansoor Hafeez · ‎03-11-2010

Hi Jon

Thanks a lot for this help.

This configuration works for me fine. But with this i have another issue.

The port 80 traffic is routed through ISP B and other than port 80 traffic is routed via ISP A. The default route is configured for ISP A.

Now the problem is if my ISP A link is down than the tarffic other than port 80 is not routed via ISP B.

If ISP B is down than traffic of Port 80 is not routed via ISP A.Only traffic other than Port 80 is routed via ISP A.

Can you please check and tell what can be the possible solution for that issue.

Thanks in advance for answer.

With Best Regards

Mansoor Hafeez

Jon Marshall · ‎03-11-2010

Mansoor

Easiest thing is to do this -

1) Add a second default-route on your router with an AD (Administrative Distance) of 250 ie.

ip route 0.0.0.0 0.0.0.0 250

the above route will not be used unless your existing default-route is removed from the routing table ie. the link fails. Then the above route will send all traffic to ISP B. If the ISP A link comes back then the above route will be replaced by the original default-route.

2) for the PBR config -

route-map PBR permit 10

match ip address 101

set ip next-hop

the ISP A next-hop will only be used if the ISP B address is unavailable.

Try this config. We may need to use IP SLA depending on your connection types but try the above first.

Jon

Rick Morris · ‎03-06-2010

How did you set up your ACL and Route-Map?

If you create multiple route-maps

route-map 10 with a set of matches and set commands

then

route-map 20 with a set of matches and set commands

Use the most preferred set of traffic first since the rule is read from top down.

I would try something like this:

access-list extended Web-Only-ISP-A

permit tcp any any eq 80

!

access-list extended Default-ISP-B

permit ip any any

!

route-map Traffic-Shaping permit 10

match ip address Web-Only-ISP-A

set ip next-hop

!

route-map Traffic-Shaping permit 20

match ip address Default-ISP-B

set next-hop

Then set the route-map to the interface and test.

http://www.itsyourip.com/cisco/how-to-setup-ip-policy-based-routing-in-cisco-routerios/

HTH

-Rick

Rick Morris · ‎03-06-2010

haha...Jon you just beat me to this. Glad to see I had the same thing!

Jon Marshall · ‎03-06-2010

Rick

It's always a relief when the people answering questions agree with each other

Jon

Mansoor Hafeez · ‎03-11-2010

Thanks a lot for this help.

This configuration works for me fine. But with this i have another issue.

The port 80 traffic is routed through ISP B and other than port 80 traffic is routed via ISP A. The default route is configured for ISP A.

Now the problem is if my ISP A link is down than the tarffic other than port 80 is not routed via ISP B.

If ISP B is down than traffic of Port 80 is not routed via ISP A.Only traffic other than Port 80 is routed via ISP A.

Can you please check and tell what can be the possible solution for that issue.

Thanks in advance for answer.

With Best Regards

Mansoor Hafeez