Menu

Poland

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

Sweden

Drottninggatan 86
111 36 Stockholm
+46 762 041 514
info@grandmetric.com

UK

Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com

US Region

Grandmetric LLC
Lewes DE 19958
16192 Coastal Hwy USA
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

  • en
  • pl
  • se

    • PBR: Reliable Policy Based Routing (Cisco)

    Home Knowledge BaseDesign & ConfigurePBR: Reliable Policy Based Routing (Cisco)

    Design & Configure

    PBR: Reliable Policy Based Routing (Cisco)

    Technology: Routing

    Area: PBR

    Vendor: Cisco

    Title: Reliable Policy Base Routing

    Software: 12.X , 15.X, IP Services

    Platform: Catalyst 3560, 3750, 3850, 4500, 6500, ISR/ASR Routers

     

    Policy based routing without an optional examination logic configured  is not able to recognize any issue on the network. To provide more reliable solution early defined policies could be extended on two possible ways. In the first option configured next-hop address is active until it is recognized by CDP protocol. The whole process relies on protocol timeouts [hold time from 10 to 255 sec.] which are not too aggressive. To build more reliable and rapid policy we could combine IP SLA and track functionality to it. This option offers much more flexibility and speed in decision making process.

     

    To configure a reliable policy which route in agreement with predefine policy once is able to recognize neighbor “10.1.1.2” over the CDP protocol:

    R1#configure terminal
    R1(config)# ip access-list extended FROM_LAN
    R1(config-ext-nacl)# permit ip 192.168.1.0 0.0.0.255 host 192.168.155.1

    R1(config)# route-map PBR-grandmetric permit 10
    R1(config-route-map)# match ip address FROM_LAN
    R1(config-route-map)# set ip next-hop 10.1.1.2
    R1(config-route-map)# set ip next-hop verify-availability

    R1(config)# interface FastEthernet0/0.13
    R1(config-subif)# cdp enabled
    R1(config-subif)# ip policy route-map PBR-grandmetric

     

    Verification commands:

    To check if the policy is attached to specific interface: 


    R1# show ip policy
    Interface      Route map
    Fa0/0.13      PBR-grandmetric

    R1# show ip interface fastEthernet 0/0.13 | i Policy
    Policy routing is enabled, using route map PBR-grandmetric
    Input features: Policy Routing, MCI Check

    Once the policy is applied we can check the route-map status to observe how many packets match configured patterns.

    R1# show route-map PBR-grandmetric
    route-map PBR-grandmetric, permit, sequence 10
    Match clauses:
    ip address (access-lists): FROM_LAN
    Set clauses:
    ip next-hop 10.1.1.2
    Policy routing matches: 12 packets, 552 bytes

    To configure a reliable policy which route in agreement with predefine policy once is able to reach a neighbor “10.1.1.3” over the ICMP protocol:

    R1#configure terminal
    R1(config)# ip access-list extended FROM_LAN2
    R1(config-ext-nacl)# permit ip 192.168.1.0 0.0.0.255 host 192.168.156.1

    R1(config)# ip sla 20
    R1(config-ip-sla)# icmp-echo 10.1.1.3 source-ip 10.1.1.1
    R1(config-ip-sla-echo)# threshold 1000
    R1(config-ip-sla-echo)# timeout 2000
    R1(config-ip-sla-echo)# frequency 2
    R1(config)# ip sla schedule 20 start-time now life forever

    R1(config)# track 20 ip sla 20 reachability
    R1(config)# route-map PBR-grandmetric permit 20
    R1(config-route-map)# match ip address FROM_LAN2
    R1(config-route-map)# set ip next-hop verify-availability 10.1.1.3 1 track 20

    R1(config)# interface FastEthernet0/0.13
    R1(config-subif)# ip policy route-map PBR-grandmetric

    To check if the policy is attached to specific interface: 

    R1# show ip policy
    Interface      Route map
    Fa0/0.13      PBR-grandmetric

    R1# show ip interface fastEthernet 0/0.13 | i Policy
    Policy routing is enabled, using route map PBR-grandmetric
    Input features: Policy Routing, MCI Check
     

    Once the policy is applied we can check both SLA and track state to see if we are able to reach examined address. Afterwards we could look on route-map status to observe how many packets match configured patterns.

     

    R1#show ip sla statistics 20
    IPSLAs Latest Operation Statistics
    IPSLA operation id: 20
    Latest RTT: 1 milliseconds
    Latest operation start time: 08:03:36 UTC Sun Nov 5 2017
    Latest operation return code: OK
    Number of successes: 146
    Number of failures: 41
    Operation time to live: Forever

    R1# show track 20
    Track 20
    IP SLA 20 reachability
    Reachability is Up
    2 changes, last change 00:06:20
    Latest operation return code: OK
    Latest RTT (millisecs) 1
    Tracked by:
    ROUTE-MAP 0

    R1# show route-map PBR-grandmetric
    route-map PBR-grandmetric, permit, sequence 10
    Match clauses:
    ip address (access-lists): FROM_LAN
    Set clauses:
    ip next-hop 10.1.1.2
    ip next-hop verify-availability
    Policy routing matches: 104 packets, 12523 bytes
    route-map PBR-grandmetric, permit, sequence 20
    Match clauses:
    ip address (access-lists): FROM_LAN2
    Set clauses:
    ip next-hop verify-availability 10.1.1.3 1 track 20  [up]
    Policy routing matches: 10 packets, 460 bytes

    Author: Marcin Bialy
     
    Tags
    active standby Adaptive Security Appliance authentication authorization broadcast Cisco Cisco ASA Firepower cisco EIGRP Cisco FMC Cisco FMC - installing certificate for pxGRID cisco ise cisco ise deployment config configuration containers devops docker dockerfile eigrp Enhanced Interior Gateway Routing Protocol firewall high availability How to install FMC Cisco identity services engine interface ise deployment ise distributed deployment ospf radius router routing security context virtual firewall VLAN
    Grandmetric