Policy Based Routing

Posted: February 8, 2016 in CISCO

Policy Based Routing (PBR) is used to make routing decision based on policy.PBR can be used when we have 2 links to same locations:one with a high bandwidth, low delay and the other a low bandwidth,high delay link.With PBR we can route higher priority traffic over the high bandwidth/low delay link while sending all other traffic over the low bandwidth delay link.

Untitled.png

 

In this example we will configure computers from 10.1.1.0 network to use (higher bandwith) link over R2 to reach 10.1.101. network on the right

R1:

!
interface FastEthernet0/0
ip address 10.1.1.5 255.255.255.0
ip policy route-map r1-s1
duplex full
!
interface Serial1/0
ip address 10.1.12.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip address 10.1.13.1 255.255.255.252
serial restart-delay 0
!
router eigrp 1
network 10.1.0.0 0.0.255.255
!

 

R2:

!
interface FastEthernet0/0
ip address 10.1.100.1 255.255.255.248
shutdown
duplex full
!
interface Serial1/0
ip address 10.1.12.2 255.255.255.252
serial restart-delay 0
!
router eigrp 1
network 10.1.0.0 0.0.255.255

R3:

!
interface FastEthernet0/0
ip address 10.1.100.3 255.255.255.248
duplex full
!
interface FastEthernet2/0
ip address 10.1.101.1 255.255.255.0
!
router eigrp 1
network 10.1.0.0 0.0.255.255

R4:

!
interface FastEthernet0/0
ip address 10.1.100.2 255.255.255.248
duplex full
!
interface Serial1/1
ip address 10.1.13.2 255.255.255.252
serial restart-delay 0
!
router eigrp 1
network 10.1.0.0 0.0.255.255

Configure ACL:

Access list is needed to tell PBR logic where routing decisions should be made (from 10.1.1.0 to 10.1.101 networks)

R1(config)#access-list 101 permit ip 10.1.1.0 0.0.0.255 10.1.101.0 0.0.0.255

Create policy map to match packets defined with access list 101

R1(config)#route-map r1-s1 permit 10
R1(config-route-map)#match ip address 101
!set where packets destined for 10.1.101.0 network should be routed (R2)
R1(config-route-map)#set ip next-hop 10.1.12.2

 

Finally,apply route map to R1 inteface facing source network (f0/0)

R1(config)#int f0/0
R1(config-if)#ip policy route route-map r1-s1
!turn on debugging for access list 101
R1(config)#do debug ip policy 101

 

Ping from PC1 to S1

PC1(config)#do trace 10.1.101.2 source 10.1.1.1
Type escape sequence to abort.
Tracing the route to 10.1.101.2
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.1.5 140 msec 136 msec 164 msec
2 10.1.12.2 144 msec 96 msec 64 msec
3 10.1.12.1 92 msec 144 msec 120 msec
4 10.1.13.2 172 msec 128 msec 116 msec
5 10.1.100.3 124 msec 96 msec 76 msec
6 10.1.101.2 188 msec 224 msec 164 msec

We can see that traffic is router over R2 router (10.1.12.2)

Debug output from R1:

*Feb  8 21:22:18.979: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:18.983: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.083: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.087: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:19.087: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.115: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.115: IP: s=10.1.1.1 (Fa
R1#stEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:19.119: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.287: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.287: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR Counted
*Feb  8 21:22:19.291: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, g=10.1.12.2, len 28, FIB policy routed
*Feb  8 21:22:19.415: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, FIB policy match
*Feb  8 21:22:19.419: IP: s=10.1.1.1 (FastEthernet0/0), d=10.1.101.2, len 28, PBR

Forwarding Information Base (FIB) contains Layer 3 forwarding information

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s