Technology: Routing
Area: PBR
Vendor: Cisco
Title: Reliable Policy Base Routing
Software: 12.X , 15.X, IP Services
Platform: Catalyst 3560, 3750, 3850, 4500, 6500, ISR/ASR Routers
Policy based routing without an optional examination logic configured is not able to recognize any issue on the network. To provide more reliable solution early defined policies could be extended on two possible ways. In the first option configured next-hop address is active until it is recognized by CDP protocol. The whole process relies on protocol timeouts [hold time from 10 to 255 sec.] which are not too aggressive. To build more reliable and rapid policy we could combine IP SLA and track functionality to it. This option offers much more flexibility and speed in decision making process.
To configure a reliable policy which route in agreement with predefine policy once is able to recognize neighbor “10.1.1.2” over the CDP protocol:
R1#configure terminal
R1(config)# ip access-list extended FROM_LAN
R1(config-ext-nacl)# permit ip 192.168.1.0 0.0.0.255 host 192.168.155.1
R1(config)# route-map PBR-grandmetric permit 10
R1(config-route-map)# match ip address FROM_LAN
R1(config-route-map)# set ip next-hop 10.1.1.2
R1(config-route-map)# set ip next-hop verify-availability
R1(config)# interface FastEthernet0/0.13
R1(config-subif)# cdp enabled
R1(config-subif)# ip policy route-map PBR-grandmetric
Verification commands:
To check if the policy is attached to specific interface:
R1# show ip policy
Interface Route map
Fa0/0.13 PBR-grandmetric
R1# show ip interface fastEthernet 0/0.13 | i Policy
Policy routing is enabled, using route map PBR-grandmetric
Input features: Policy Routing, MCI Check
Once the policy is applied we can check the route-map status to observe how many packets match configured patterns.
R1# show route-map PBR-grandmetric
route-map PBR-grandmetric, permit, sequence 10
Match clauses:
ip address (access-lists): FROM_LAN
Set clauses:
ip next-hop 10.1.1.2
Policy routing matches: 12 packets, 552 bytes
To configure a reliable policy which route in agreement with predefine policy once is able to reach a neighbor “10.1.1.3” over the ICMP protocol:
R1#configure terminal
R1(config)# ip access-list extended FROM_LAN2
R1(config-ext-nacl)# permit ip 192.168.1.0 0.0.0.255 host 192.168.156.1
R1(config)# ip sla 20
R1(config-ip-sla)# icmp-echo 10.1.1.3 source-ip 10.1.1.1
R1(config-ip-sla-echo)# threshold 1000
R1(config-ip-sla-echo)# timeout 2000
R1(config-ip-sla-echo)# frequency 2
R1(config)# ip sla schedule 20 start-time now life forever
R1(config)# track 20 ip sla 20 reachability
R1(config)# route-map PBR-grandmetric permit 20
R1(config-route-map)# match ip address FROM_LAN2
R1(config-route-map)# set ip next-hop verify-availability 10.1.1.3 1 track 20
R1(config)# interface FastEthernet0/0.13
R1(config-subif)# ip policy route-map PBR-grandmetric
To check if the policy is attached to specific interface:
R1# show ip policy
Interface Route map
Fa0/0.13 PBR-grandmetric
R1# show ip interface fastEthernet 0/0.13 | i Policy
Policy routing is enabled, using route map PBR-grandmetric
Input features: Policy Routing, MCI Check
Once the policy is applied we can check both SLA and track state to see if we are able to reach examined address. Afterwards we could look on route-map status to observe how many packets match configured patterns.
R1#show ip sla statistics 20
IPSLAs Latest Operation Statistics
IPSLA operation id: 20
Latest RTT: 1 milliseconds
Latest operation start time: 08:03:36 UTC Sun Nov 5 2017
Latest operation return code: OK
Number of successes: 146
Number of failures: 41
Operation time to live: Forever
R1# show track 20
Track 20
IP SLA 20 reachability
Reachability is Up
2 changes, last change 00:06:20
Latest operation return code: OK
Latest RTT (millisecs) 1
Tracked by:
ROUTE-MAP 0
R1# show route-map PBR-grandmetric
route-map PBR-grandmetric, permit, sequence 10
Match clauses:
ip address (access-lists): FROM_LAN
Set clauses:
ip next-hop 10.1.1.2
ip next-hop verify-availability
Policy routing matches: 104 packets, 12523 bytes
route-map PBR-grandmetric, permit, sequence 20
Match clauses:
ip address (access-lists): FROM_LAN2
Set clauses:
ip next-hop verify-availability 10.1.1.3 1 track 20 [up]
Policy routing matches: 10 packets, 460 bytes