21 December 2014

Policy Based Routing (PBR)

[*] Forcing specific traffic over a specific path

1. ACL to define interesting traffic
2. Route map to refer to the ACL (if/then)
3. Apply route map to ingress interface


- With the Policy applied

R4# traceroute 100.0.0.1
Tracing the route to 100.0.0.1

  1 192.168.0.1 20 msec 20 msec 20 msec
  2 10.0.0.6 32 msec 32 msec 28 msec

R1# debug ip policy
*Mar  1 00:16:29.447: IP: s=192.168.0.100 (FastEthernet0/0), d=100.0.0.1, len 28, FIB policy match
*Mar  1 00:16:29.447: IP: s=192.168.0.100 (FastEthernet0/0), d=100.0.0.1, g=10.0.0.6, len 28, FIB policy routed
*Mar  1 00:16:29.479: IP: s=192.168.0.100 (FastEthernet0/0), d=100.0.0.1, len 28, FIB policy match
*Mar  1 00:16:29.479: IP: s=192.168.0.100 (FastEthernet0/0), d=100.0.0.1, g=10.0.0.6, len 28, FIB policy routed
*Mar  1 00:16:29.507: IP: s=192.168.0.100 (FastEthernet0/0), d=100.0.0.1, len 28, FIB policy match
*Mar  1 00:16:29.507: IP: s=192.168.0.100 (FastEthernet0/0), d=100.0.0.1, g=10.0.0.6, len 28, FIB policy routed

R1# sh route-map PBR
route-map PBR, permit, sequence 10
  Match clauses:
    ip address (access-lists): 1 
  Set clauses:
    ip next-hop 10.0.0.6
  Policy routing matches: 46 packets, 3300 bytes
route-map PBR, permit, sequence 20
  Match clauses:
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes

R1# sh ip policy
Interface      Route map
Fa0/0          PBR

- Without the Policy applied

R4# traceroute 100.0.0.1
Tracing the route to 100.0.0.1

  1 192.168.0.1 40 msec 20 msec 20 msec
  2 10.0.0.2 60 msec 28 msec 24 msec

+ Just to prove, I'm using a new loopback in R4
*Mar  1 00:19:31.915: IP: s=80.0.0.4 (FastEthernet0/0), d=100.0.0.1, len 28, FIB policy match
*Mar  1 00:19:31.915: IP: s=80.0.0.4 (FastEthernet0/0), d=100.0.0.1, len 28, FIB policy rejected - normal forwarding
*Mar  1 00:19:31.947: IP: s=80.0.0.4 (FastEthernet0/0), d=100.0.0.1, len 28, FIB policy match
*Mar  1 00:19:31.947: IP: s=80.0.0.4 (FastEthernet0/0), d=100.0.0.1, len 28, FIB policy rejected - normal forwarding
*Mar  1 00:19:31.975: IP: s=80.0.0.4 (FastEthernet0/0), d=100.0.0.1, len 28, FIB policy match
*Mar  1 00:19:31.975: IP: s=80.0.0.4 (FastEthernet0/0), d=100.0.0.1, len 28, FIB policy rejected - normal forwarding


biOos
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)