CCNP – Policy Based Routing

One of the areas I have encountered on the CCNP R/S studies is Policy Based Routing or PBR. This allows you to specify an alternate path for the traffic to use instead of the default path that the traffic is currently taking. in this configuration, the E1/0 interface connects to the network where the traffic is coming from. The first thing you need to do is create an ACL that identifies the traffic that is to be subject to the alternate path. I show two different examples, one using a numbered ACL and the other using a named ACL. For the purposes of documentation, I prefer to use the named ACL approach but I think it is reasonable to assume that the tests will expect the use of a numbered ACL instead. The first route-map policy identifies the ACL to be used to see if this policy is to be used. If conditions are met, the traffic will be send to a different next-hop destination. If the ACL doesn’t match the traffic, the traffic will pass to the next route-map policy. you will notice that this one doesn’t have any conditions present. you still need this to be present so that traffic that doesn’t meet the first route-map test will be allowed to pass. If you don’t have the second route-map configuration, the traffic not meeting the first test will be dropped.

Numbered ACL Implementation
!
interface Ethernet1/0
ip address 10.3.3.1 255.255.255.0
ip policy route-map PBR
full-duplex
!
access-list 100 permit tcp any any eq www
!
!
route-map PBR permit 10
match ip address 100
set ip next-hop 10.1.1.1
!
route-map PBR permit 20
!

Named ACL Implementation
!
interface Ethernet1/0
ip address 10.3.3.1 255.255.255.0
ip policy route-map PBR
full-duplex
!
ip access-list extended www
permit tcp any any eq www
!
!

route-map PBR permit 10
match ip address www
set ip next-hop 10.1.1.1
!
route-map PBR permit 20
!

PBR or route-map Config testing

From a machine down stream from the PBR configured router, do a telnet 10.4.4.3 www to test forcing of the www traffic through PBR config. This wont work from the router the PBR config is on and you do a source interface to point to the ethernet interface that the PBR route-map config is applied to.

Do a sh route-map to see if the traffic is traversing the path preferred by the PBR config. If you have more than one policy-route map defined, you can add the name of the route-map config to see just the output for that specific PBR.

Occasionally, you may want to do a clear route-map counters PBR to clear the counters on the PBR traffic. This will help make the traffic counters easier to interpret since you will be looking at the traffic that has just occurred instead of what may have passed hours, days or weeks ago.

Send to Kindle
This entry was posted in Blog Entries, CCNP and tagged , . Bookmark the permalink.