2013/07/19

INE R&S ATC040- Policy Routing

Policy Routing

• Normal routing is destination based
• Policy routing can decide based on…
– Source
– Destination
– Protocol type (FTP, HTTP, etc.)
– Incoming interface


Policy Routing

• Traffic criteria defined by route-map “match”
– Permit means to policy route
– Deny means to use normal forwarding
– match [interface | ip address | …]

• Action defined by route-map “set”
– set ip [default] next-hop
– set [default] interface


Policy Routing

• Apply to incoming traffic
– ip policy route-map [route-map]

• Apply to locally originated traffic
– ip local policy route-map [route-map]
– Older versions don’t have control plane check


----------------------------------------------------------------------------

PBR範例為:

正常路徑 SW4->SW2->R5->R3->SW1
希望路徑 SW4->SW2->R5->R4->R6->SW1

R5做PBR設定:

access-list 100 permit icmp any any echo
route-map PBR permit 10
  match ip address 100
  set ip next-hop 155.10.45.4     or     set ip interface serial 0/1/0

int fa0/0
  ip policy route-map PBR

show route-map
debug ip policy

next-hop 要設定在 ip address 或是P2P interface上...避免在NBMA介面上

----------------------------------------------------------------------------

PBR搭配IP SLA

範例為R1於WAN啟動PBR...想把特定封包轉送至R6 LAN Port...中間有SW

正常的話可以用
set ip next-hop 155.10.146.6
set ip next-hop verify-availability

 set ip next-hop verify-availability的用意是檢查CDP neighbor存在.....
偏偏這裡是LAN...中間還有SW.....CDP neighbor為SW.......verify-availability會失效

可以搭配IP SLA

ip sla monitor 1
  type echo protocol ipIcmpEcho 155.10.146.6 source-ip 155.10.146.1
  frequency 5
  timeout 2000

ip sla monitor schedule 1 start-time now lifetime forever

track 10 rtr 1

route-map PBR_TO_R6 permit 10
  match ip address 100
  set ip next-hop verify-availability 155.10.146.6 1 track 10

----------------------------------------------------------------------------

其他debug指令:

access-list 101 deny eigrp any any
access-list 101 permit ip any any
debug ip packet detail 101

無關本章節...只關閉R5 S0/0/0的介面eigrp...

router eigrp 1
  passive-interface serial 0/0/0

show ip eigrp top 150.10.3.0 255.255.255.0

----------------------------------------------------------------------------

 Cisco IOS Software Releases 12.4 T - Configuration Guides - IP
IP Routing: Protocol-Independent Configuration Guide, Cisco IOS Release 12.4T
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_pi/configuration/12-4t/iri-12-4t-book.html

張貼者:
標籤: ,

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)