Policy Based Routing allows us to bypass the standard routing table behaviour and route based on our own a policy. If the PBR rule fails, the traffic does not get dropped, it just falls into the typical routing methods. This means we can do some non-obvious things with our routing.
PBR can be tied to object tracking or to CDP, so there can be a dynamic approach as to what happens. As it takes quite a while by default for the CDP hold time to expire (180 seconds) this example will be using object tracking which will use ip sla. In this example we are going to have three parallel paths between R4 and R7. Object tracking will be used to determine if the next-hop is actually reachable, following an order of preference for which path that will be used. In our example the order will be S0/0, then S1/0 and finally S1/1
R4
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Serial0/0
ip address 192.168.47.4 255.255.255.0
clock rate 2000000
!
interface Serial1/0
ip address 192.168.147.4 255.255.255.0
clock rate 2000000
!
interface Serial1/1
ip address 192.168.247.4 255.255.255.0
clock rate 2000000
!
ip sla 1
icmp-echo 192.168.47.7 source-ip 192.168.47.4
timeout 500
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 192.168.147.7 source-ip 192.168.147.4
timeout 500
frequency 10
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 192.168.247.7 source-ip 192.168.247.4
timeout 500
frequency 10
ip sla schedule 3 life forever start-time now
track 1 rtr 1 reachability
track 2 rtr 2 reachability
track 3 rtr 3 reachability
!
ip access-list extended L0
permit ip host 4.4.4.4 any
route-map ToR7L0 permit 10
match ip address L0
set ip next-hop verify-availability 192.168.47.7 1 track 1
set ip next-hop verify-availability 192.168.147.7 2 track 2
set ip next-hop verify-availability 192.168.247.7 3 track 3
Normally the ingress interface on the router would have the policy routing configured such as
interface Fa0/0
ip policy route-map ToR7L0
!
However for this testing, we are just going to use traffic between R4 L0 and R7 L0, which is considered self-generated traffic. As such the configuration for self-generated traffic is
ip local policy route-map ToR7L0
If you notice in the route-map definition we use an acccess list to match only on the source IP address of R4 L0, if we didn't the traffic associated with ip sla-echo tests would also be matched which wouldn't work as effectively.
The Corresponding configuration for R7 is very similar to R4s
R7
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Serial0/0
ip address 192.168.47.7 255.255.255.0
!
interface Serial1/0
ip address 192.168.147.7 255.255.255.0
!
interface Serial1/1
ip address 192.168.247.7 255.255.255.0
!
ip sla 1
icmp-echo 192.168.47.4 source-ip 192.168.47.7
timeout 500
frequency 10
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 192.168.147.4 source-ip 192.168.147.7
timeout 500
frequency 10
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 192.168.247.4 source-ip 192.168.247.7
timeout 500
frequency 10
ip sla schedule 3 life forever start-time now
track 1 rtr 1 reachability
track 2 rtr 2 reachability
track 3 rtr 3 reachability
ip access-list extended L0
permit ip host 7.7.7.7 any
route-map ToR4L0 permit 10
match ip address L0
set ip next-hop verify-availability 192.168.47.4 1 track 1
set ip next-hop verify-availability 192.168.147.4 2 track 2
set ip next-hop verify-availability 192.168.247.4 3 track 3
ip local policy route-map ToR4L0
The configuration basically reflects what is happening on R4
Lets check things with all interfaces up and running
R4#sh track
Track 1
Response Time Reporter 1 reachability
Reachability is Up
7 changes, last change 00:01:46
Latest operation return code: OK
Latest RTT (millisecs) 12
Tracked by:
ROUTE-MAP 0
Track 2
Response Time Reporter 2 reachability
Reachability is Up
11 changes, last change 00:00:56
Latest operation return code: OK
Latest RTT (millisecs) 20
Tracked by:
ROUTE-MAP 0
Track 3
Response Time Reporter 3 reachability
Reachability is Up
6 changes, last change 00:19:21
Latest operation return code: OK
Latest RTT (millisecs) 4
Tracked by:
ROUTE-MAP 0
R4#sh route-map
route-map ToR7L0, permit, sequence 10
Match clauses:
ip address (access-lists): L0
Set clauses:
ip next-hop verify-availability 192.168.47.7 1 track 1 [up]
ip next-hop verify-availability 192.168.147.7 2 track 2 [up]
ip next-hop verify-availability 192.168.247.7 3 track 3 [up]
Policy routing matches: 248 packets, 17188 bytes
R7#sh route-map
route-map ToR4L0, permit, sequence 10
Match clauses:
ip address (access-lists): L0
Set clauses:
ip next-hop verify-availability 192.168.47.4 1 track 1 [up]
ip next-hop verify-availability 192.168.147.4 2 track 2 [up]
ip next-hop verify-availability 192.168.247.4 3 track 3 [up]
Policy routing matches: 273 packets, 18254 bytes
Everything is operational, we can see the next-hop IP addresses followed by the order of preference (lowest number is more preferrable). We can see that the route table for each router does not have reachability information for corresponding routers Loopback
R4#sh ip route 7.7.7.7
% Network not in table
R7#sh ip route 4.4.4.4
% Network not in table
Lets clear the counters and do a ping test
R4#clear route-map counters ToR7L0
R7#clear route-map counters ToR4L0
R4#ping 7.7.7.7 source 4.4.4.4 repeat 20
Type escape sequence to abort.
Sending 20, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (20/20), round-trip min/avg/max = 1/2/4 ms
R4#sh route-map
route-map ToR7L0, permit, sequence 10
Match clauses:
ip address (access-lists): L0
Set clauses:
ip next-hop verify-availability 192.168.47.7 1 track 1 [up]
ip next-hop verify-availability 192.168.147.7 2 track 2 [up]
ip next-hop verify-availability 192.168.247.7 3 track 3 [up]
Policy routing matches: 20 packets, 2000 bytes
R7#sh route-map
route-map ToR4L0, permit, sequence 10
Match clauses:
ip address (access-lists): L0
Set clauses:
ip next-hop verify-availability 192.168.47.4 1 track 1 [up]
ip next-hop verify-availability 192.168.147.4 2 track 2 [up]
ip next-hop verify-availability 192.168.247.4 3 track 3 [up]
Policy routing matches: 20 packets, 2080 bytes
Lets bring down S0/0 and see how things behave
MUST READ: Meaningful Availability
4 years ago
No comments:
Post a Comment