Monday, January 21, 2013

Policy-Based Routing

1. Introduction to PBR

PBR is a tool provides a way to change the normal processing of packet routing function. After checking frame from errors, PBR intercepts packet before router performs routing decision. Some benifits when implementing PBR:
  • Transit packets based on source informations: dealing with packets from various sources.
  • QoS: setting precedence or TOS value in IP packet header.
  • Cost saving: manual distribute traffic over low-bandwidth, low-cost links
  • Load sharing: distribute traffic over multiple paths.


2. How PRB works

PRB decides how to forward packets by refering to route map for matching logic. The steps as following:
  • Create a route map for matching criterias to choose the route.
  • Enable route map to use in PBR, apply to incoming interface.
Route map definition was covered about in previous post plus a set condition with next-hop attribute. The ACLs used in route map can be standard or extended ACL, that means, we can define various requirements: source/dest address or both, TCP/UDP port number, ...

3. PBR configurations


Requirement: Direct traffic from R5 goes through R2, traffic from R6 goes through R3 to reach R4.

Before applying PBR, traffic from R5, R6 destine to R4 both via 10.0.0.2 (R2).
R6#trace 12.0.0.3

Type escape sequence to abort.
Tracing the route to 12.0.0.3

  1 172.16.1.3 32 msec 20 msec 24 msec
  2 10.0.0.2 40 msec 40 msec 40 msec
  3 12.0.0.3 60 msec *  60 msec
 R5#trace 12.0.0.3

Type escape sequence to abort.
Tracing the route to 12.0.0.3

  1 172.16.1.3 32 msec 20 msec 20 msec
  2 10.0.0.2 40 msec 44 msec 40 msec
  3 12.0.0.3 60 msec *  48 msec
 Define an extended ACL to match traffic from each host:
R1#show run | section access-list
access-list 101 permit ip host 172.16.1.1 host 12.0.0.3
access-list 102 permit ip host 172.16.1.2 host 12.0.0.3
Create a route-map for matched traffic and control direction of packets:
R1#show run | section route-map
route-map PBR permit 10
 match ip address 101
 set ip next-hop 10.0.0.2
route-map PBR permit 20
 match ip address 102
 set ip next-hop 11.0.0.2
 
 Apply route-map to interface:
R1#show run | section Ethernet0/0
interface Ethernet0/0
 ip address 172.16.1.3 255.255.255.0
 ip policy route-map PBR
 half-duplex
 Verifying traffic from R5 and R6:
R5#trace 12.0.0.3

Type escape sequence to abort.
Tracing the route to 12.0.0.3

  1 172.16.1.3 20 msec 12 msec 12 msec
  2 10.0.0.2 40 msec 56 msec 44 msec
  3 12.0.0.3 72 msec *  56 msec

R6#trace 12.0.0.3

Type escape sequence to abort.
Tracing the route to 12.0.0.3

  1 172.16.1.3 24 msec 16 msec 20 msec
  2 11.0.0.2 28 msec 44 msec 40 msec
  3 12.0.0.3 60 msec *  72 msec
 The set command can use "default" keyword to add more functions. With this command, there are two cases could be happen:
  • Omitting this parameter: " try PBR first, of PBR's route does not work, using routing table."
  • Including this parameter: " try routing table first, if routing table fails, use PBR."
Above example is just one of many ways using PBR, you can adjust requirements by mixing some tools together to achieve your goal.
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)