Policy Based Routing (PBR)

Image.png

SOURCE:
https://supportforums.cisco.com/document/32186/dual-internet-links-nating-pbr-and-ip-sla?page=1

PBR: Route a packet based on source IP address
Note1: The ‘set ip next-hop‘ and ‘set ip default next-hop‘ are similar commands but have a different order of operations. Configuring the set ip next-hop command causes the system to use policy routing first and then use the routing table.
Configuring the set ip default next-hop command causes the system to use the routing table first and then policy route the specified next hop.
Note2: Remember that PBR can create an asymmetric routing environment!

PC1
hostname PC1
ip cef
interface Ethernet0/0
ip address 10.0.0.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.0.0.1

PC2
hostname PC2
ip cef
interface Ethernet0/0
ip address 10.0.1.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 10.0.1.1

R1
hostname R1
ip cef
key chain key1
key 1
key-string password
interface Loopback0
ip address 1.0.0.1 255.255.255.255
interface Ethernet0/0
ip address 10.0.1.1 255.255.255.0 secondary
ip address 10.0.0.1 255.255.255.0
ip policy route-map ISPSelect
interface Serial1/0
bandwidth 128
ip address 12.0.0.2 255.255.255.0
serial restart-delay 0
interface Serial1/1
bandwidth 64
ip address 13.0.0.2 255.255.255.0
serial restart-delay 0
router eigrp 1
network 1.0.0.1 0.0.0.0
network 10.0.0.0 0.0.0.255
network 10.0.1.0 0.0.0.255
network 12.0.0.0 0.0.0.255
network 13.0.0.0 0.0.0.255
redistribute static
ip route 0.0.0.0 0.0.0.0 Serial1/0
ip route 0.0.0.0 0.0.0.0 Serial1/1
route-map ISPSelect permit 1
match ip address 101
set ip next-hop 12.0.0.1
route-map ISPSelect permit 2
match ip address 102
set ip next-hop 13.0.0.1
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
access-list 102 permit ip 10.0.1.0 0.0.0.255 any

R2
hostname R2
ip cef
interface Loopback0
ip address 1.0.0.2 255.255.255.255
interface Ethernet0/1
ip address 24.0.0.2 255.255.255.0
interface Serial1/0
bandwidth 128
ip address 12.0.0.1 255.255.255.0
serial restart-delay 0
router eigrp 1
network 1.0.0.2 0.0.0.0
network 12.0.0.0 0.0.0.255
network 24.0.0.0 0.0.0.255

R3
hostname R3
ip cef
interface Loopback0
ip address 1.0.0.3 255.255.255.255
interface Ethernet0/2
ip address 34.0.0.2 255.255.255.0
interface Serial1/1
bandwidth 64
ip address 13.0.0.1 255.255.255.0
serial restart-delay 0
router eigrp 1
network 1.0.0.3 0.0.0.0
network 13.0.0.0 0.0.0.255
network 34.0.0.0 0.0.0.255

R4
hostname R4
ip cef
interface Loopback0
ip address 1.0.0.4 255.255.255.255
interface Ethernet0/0
ip address 45.0.0.1 255.255.255.0
interface Ethernet0/1
ip address 24.0.0.1 255.255.255.0
interface Ethernet0/2
ip address 34.0.0.1 255.255.255.0
router eigrp 1
network 1.0.0.4 0.0.0.0
network 24.0.0.0 0.0.0.255
network 34.0.0.0 0.0.0.255
network 45.0.0.0 0.0.0.255
redistribute static

SVR1
hostname SVR1
ip cef
interface Loopback0
ip address 1.0.0.12 255.255.255.255
interface Ethernet0/0
ip address 45.0.0.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 45.0.0.1

Example 2
can be match access-list 7 or 8 or 9
(config)#route-map PBR permit 40
(config-route-map)#match ip address 7 8 9
(config-route-map)#set ip next-hop 13.0.0.1

Example 3
has to match access-list 7
(config)#route-map PBR permit 50
(config-route-map)#match ip address 7
(config-route-map)#match interface e0/0
(config-route-map)#set ip next-hop 13.0.0.1

VERIFY
PC1#trace 45.0.0.2
Type escape sequence to abort.
Tracing the route to 45.0.0.2
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.0.1 1 msec 1 msec 1 msec
2 12.0.0.1 10 msec 10 msec 10 msec
3 24.0.0.1 11 msec 10 msec 11 msec
4 45.0.0.2 12 msec 12 msec *

PC2#trace 45.0.0.2
Type escape sequence to abort.
Tracing the route to 45.0.0.2
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.0.1 1 msec 5 msec 1 msec
2 13.0.0.1 14 msec 15 msec 14 msec
3 34.0.0.1 16 msec 17 msec 12 msec
4 45.0.0.2 11 msec 12 msec *

R1#debug ip policy

R1#debug ip packet 1 detail

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s