5.6. Configuring Policy-Based Routing

Overview

Function Introduction

Policy-Based Routing(PBR) provide freedom to implement packet forwarding and routing, according to the defined policies in a way that goes beyond traditional routing protocol concerns. By using policy-based routing, customers can implement policies that selectively cause packets to take different paths.

Principle Description

N/A

Configuration

PBR Configuration

image

Fig. 5.17 PBR

The figure above is a typical topology: After Enabling PBR on interface eth-0-1 of Switch1, packets from 172.16.6.1 should be forwarded to 172.16.4.2, and other packets should be forwarded according to the original routes.

Configure on Switch1:

step 1 Enter the configure mode

Switch# configure terminal

step 2 Create an ip access list to match source ip address

Switch(config)# ip access-list acl1
Switch(config-ip-acl)# 10 permit any 172.16.6.0 0.0.0.255 any
Switch(config-ip-acl)# exit

step 3 Create a route map, to match the ip access list and set the nexthop ip

Switch(config)# route-map rmap permit 10
Switch(config-route-map)# match ip address acl1
Switch(config-route-map)# set ip next-hop 172.16.4.2
Switch(config-route-map)# exit

step 4 Enter the interface configure mode, set the attributes and ip address, and apply the route map

Switch(config)# interface eth-0-1
Switch(config-if)# no switchport
Switch(config-if)# ip address 172.16.5.2/24
Switch(config-if)# no shutdown
Switch(config-if)# ip policy route-map rmap
Switch(config-if)# exit

step 5 Create a static route with the nexthop ip 172.16.4.3 (optional)

To forwarding the packets which not hit the PBR, we can use a static route. Dynamic protocols such as RIP/OSPF are can also meet this requirement.

Switch(config)# ip route 0.0.0.0/0 172.16.4.3

step 6 Exit the configure mode

Switch(config)# end

step 7 Validation

Switch# show ip policy route-map
Route-map interface
rmap eth-0-1

Configure PBR and BFD linkage

image

Fig. 5.18 PBR and BFD linkage

The figure above is a typical topology: Switch2 will forward packet to eth-0-13 according PBR routes, when Switch3 eth-0-13 shutdown, bfd session statues will be down, then track 1 will be down, and the PBR next-hop 4.1.1.2 will be invalid, packet will forward to eth-0-14.

step 1 Configure on Switch1:

Switch1# configure terminal
Switch1(config)# interface eth-0-1
Switch1(config-if)# no shutdown
Switch1(config-if)# no switchport
Switch1(config-if)# ip address 1.1.1.1/24
Switch1(config-if)# interface eth-0-9
Switch1(config-if)# no shutdown
Switch1(config-if)# no switchport
Switch1(config-if)# ip address 2.1.1.1/24
Switch1(config-if)# quit
Switch1(config)# ip route 5.1.1.0/24 2.1.1.2
Switch1(config)# ip route 6.1.1.0/24 2.1.1.2

step 2 Configure on Switch2:

Switch2# configure terminal
Switch2(config)# ip access-list acl1
Switch2(config-ip-acl)# 10 permit any host 2.1.1.1 any
Switch2(config-ip-acl)# quit
Switch2(config)# route-map rmap permit 10
Switch2(config-route-map)# match ip address acl1
Switch2(config-route-map)# set ip next-hop 4.1.1.2 track 1
Switch2(config-route-map)# quit
Switch2(config)# interface eth-0-9
Switch2(config-if)# no shutdown
Switch2(config-if)# no switchport
Switch2(config-if)# ip address 2.1.1.2/24
Switch2(config-if)# ip policy route-map rmap
Switch2(config-if)# interface eth-0-13
Switch2(config-if)# no shutdown
Switch2(config-if)# no switchport
Switch2(config-if)# ip address 4.1.1.1/24
Switch2(config-if)# interface eth-0-14
Switch2(config-if)# no shutdown
Switch2(config-if)# no switchport
Switch2(config-if)# ip address 5.1.1.1/24
Switch2(config-if)# quit
Switch2(config)# track 1 bfd source interface eth-0-13 destination 4.1.1.2
Switch2(config-track)# quit
Switch2(config)# ip route 1.1.1.0/24 2.1.1.1
Switch2(config)# ip route 6.1.1.0/24 5.1.1.2

step 3 Configure on Switch4:

Switch3# configure terminal
Switch3(config)# interface eth-0-1
Switch3(config-if)# no shutdown
Switch3(config-if)# no switchport
Switch3(config-if)# ip address 6.1.1.1/24
Switch3(config-if)# interface eth-0-13
Switch3(config-if)# no shutdown
Switch3(config-if)# no switchport
Switch3(config-if)# ip address 4.1.1.2/24
Switch3(config-if)# interface eth-0-14
Switch3(config-if)# no shutdown
Switch3(config-if)# no switchport
Switch3(config-if)# ip address 5.1.1.2/24
Switch3(config-if)# quit
Switch3(config)# track 1 bfd source interface eth-0-13 destination 4.1.1.1
Switch3(config-track)# quit
Switch3(config)# ip route 1.1.1.0/24 5.1.1.1
Switch3(config)# ip route 2.1.1.0/24 5.1.1.1

step 3 ping 6.1.1.1 Switch2 will forward packet to eth-0-13

Switch2# ping 6.1.1.1
PING 6.1.1.1 (6.1.1.1) 56(84) bytes of data.
64 bytes from 6.1.1.1: icmp_seq=1 ttl=63 time=417 ms
64 bytes from 6.1.1.1: icmp_seq=2 ttl=63 time=428 ms
64 bytes from 6.1.1.1: icmp_seq=3 ttl=63 time=441 ms
64 bytes from 6.1.1.1: icmp_seq=4 ttl=63 time=469 ms
64 bytes from 6.1.1.1: icmp_seq=5 ttl=63 time=461 ms
--- 6.1.1.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 6810ms
rtt min/avg/max/mdev = 417.834/443.810/469.720/19.470 ms

step 4 shutdown eth-0-13 of Switch3

Switch3# configure terminal
Switch3(config)# interface eth-0-13
Switch3(config-if)# shutdown

step 5 Validation

Switch3# show track
Track 1
Type : BFD state
Source interface : eth-0-13
Destination IP : 4.1.1.2
BFD Local discr : 8192
rmap : pref 10 track 1
State : down
Switch3# show bfd session
Abbreviation:
LD: Local Discriminator. RD: Remote Discriminator
S: Single hop session. M: Multi hop session.
SD: Static Discriminator. DD: Dynamic Discriminator
SBFD: Seamless BFD
A: Admin down. D:Down. I:Init. U:Up.
============================================================================
LD RD TYPE ST UP-Time Remote-Addr Sbfd-Type VRF
8192 0 S-DD D 00:00:00 4.1.1.2 None default
Number of Sessions: 1

Switch3 will forward packet to eth-0-14

Switch# ping 6.1.1.1
PING 6.1.1.1 (6.1.1.1) 56(84) bytes of data.
64 bytes from 6.1.1.1: icmp_seq=1 ttl=63 time=414 ms
64 bytes from 6.1.1.1: icmp_seq=2 ttl=63 time=432 ms
64 bytes from 6.1.1.1: icmp_seq=3 ttl=63 time=424 ms
64 bytes from 6.1.1.1: icmp_seq=4 ttl=63 time=525 ms
64 bytes from 6.1.1.1: icmp_seq=5 ttl=63 time=437 ms
 --- 6.1.1.1 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 6563ms
rtt min/avg/max/mdev = 414.720/446.816/525.276/39.949 ms

Application cases

N/A