Saturday, 24 November 2018

What is Policy Based Routing (PBR)? How to configure PBR routing?


Policy based routing is use to path manipulation. It is used for implementing policy that causes the packet to take a different direction. Policy based routing allows source based routing. Routing table is destination base.





In short: PBR is a technique used to make routing decisions based on policies implemented by the network administrator.

Here’s the list of some Advantages of policy based routing:-
  • Different users can reach the destination from different direction
  • Load sharing
  • PBR will be implemented on the incoming direction of the source in interface
  • If the packet is match in the route map and it is permit it will be send according to the policy
  • If the packet is match in the route map and route map deny packet will be forwarded according to normal routing table



Lets configure policy based routing.

Topology:-

Goal:-


  • configure the topology as per our diagram
  • configure EIGRP 100 all the routers, advertise all the interfaces as per the topology make sure the rechibility between all the routers.
  • configure the bandwidth on serial 3/3 to 1000kbps and serial 3/0 remain the default bandwidth 1544 kbps.
  • configure Policy Based Routing  on router 2 according to our given conditions 
  1. traffic sourced from 13.0.0.0/24, 13.0.1.0/24  should be forwarded on serial 3/0 interface
  2. traffic sourced from 13.0.2.0/24, 13.0.3.0/24 should be forwarded on serial 3/3 interface
  3. all the remaining traffic should use the default routing path 

R1(config)#router eigrp 100

R1(config-router)#network 11.0.0.0
R1(config-router)#network 1.0.0.0
R1(config-router)#network 3.0.0.0
R1(config-router)#network 10.0.0.0

R1(config-router)#no auto-summary
R1(config-router)#end


R2(config)#router eigrp 100

R2(config-router)#network 1.0.0.0
R2(config-router)#network 3.0.0.0
R2(config-router)#network 3.0.0.0
R2(config-router)#network 20.0.0.0
R2(config-router)#no auto-summary


R3(config)#router eigrp 100
R3(config-router)#network 20.0.0.0
R3(config-router)#network 20.0.0.0
R3(config-router)#network 13.0.0.0
R3(config-router)#no auto-summary
R3(config-router)#end

R2#show ip eigrp 100 neighbors
EIGRP-IPv4 Neighbors for AS(100)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
2   20.1.1.3                Fa0/0                    13 00:06:27   16   100  0  4
1   3.1.1.1                 Se3/3                    11 00:07:02   16   100  0  8
0   1.1.1.1                 Se3/0                    13 00:07:05  669  4014  0  7

R2#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     10.0.0.0/8 [90/2172416] via 3.1.1.1, 00:10:32, Serial3/3
                 [90/2172416] via 1.1.1.1, 00:10:32, Serial3/0
      11.0.0.0/24 is subnetted, 4 subnets
D        11.0.0.0 [90/2297856] via 3.1.1.1, 00:10:32, Serial3/3
                  [90/2297856] via 1.1.1.1, 00:10:32, Serial3/0
D        11.0.1.0 [90/2297856] via 3.1.1.1, 00:10:32, Serial3/3
                  [90/2297856] via 1.1.1.1, 00:10:32, Serial3/0
D        11.0.2.0 [90/2297856] via 3.1.1.1, 00:10:32, Serial3/3
                  [90/2297856] via 1.1.1.1, 00:10:32, Serial3/0
D        11.0.3.0 [90/2297856] via 3.1.1.1, 00:10:32, Serial3/3
                  [90/2297856] via 1.1.1.1, 00:10:32, Serial3/0
      13.0.0.0/24 is subnetted, 4 subnets
D        13.0.0.0 [90/156160] via 20.1.1.3, 00:09:48, FastEthernet0/0
D        13.0.1.0 [90/156160] via 20.1.1.3, 00:09:48, FastEthernet0/0
D        13.0.2.0 [90/156160] via 20.1.1.3, 00:09:48, FastEthernet0/0
D        13.0.3.0 [90/156160] via 20.1.1.3, 00:09:48, FastEthernet0/0

R2(config)#int serial 3/3
R2(config-if)#bandwidth 1000
R2(config-if)#exit

R2#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     10.0.0.0/8 [90/2172416] via 1.1.1.1, 00:00:48, Serial3/0
      11.0.0.0/24 is subnetted, 4 subnets
D        11.0.0.0 [90/2297856] via 1.1.1.1, 00:00:48, Serial3/0
D        11.0.1.0 [90/2297856] via 1.1.1.1, 00:00:48, Serial3/0
D        11.0.2.0 [90/2297856] via 1.1.1.1, 00:00:48, Serial3/0
D        11.0.3.0 [90/2297856] via 1.1.1.1, 00:00:48, Serial3/0
      13.0.0.0/24 is subnetted, 4 subnets
D        13.0.0.0 [90/156160] via 20.1.1.3, 00:12:19, FastEthernet0/0
D        13.0.1.0 [90/156160] via 20.1.1.3, 00:12:19, FastEthernet0/0
D        13.0.2.0 [90/156160] via 20.1.1.3, 00:12:19, FastEthernet0/0
D        13.0.3.0 [90/156160] via 20.1.1.3, 00:12:19, FastEthernet0/0

R2(config)#access-list 10 per
R2(config)#access-list 10 permit 13.0.0.0 0.0.0.255
R2(config)#access-list 10 permit 13.0.1.0 0.0.0.255
R2(config)#access-list 12 permit 13.0.2.0 0.0.0.255
R2(config)#access-list 12 permit 13.0.3.0 0.0.0.255


R2(config)#route-map PBR permit 10
R2(config-route-map)#match ip address 10
R2(config-route-map)#set ip next-hop 1.1.1.1
R2(config-route-map)#exit

R2(config)#route-map PBR permit 12
R2(config-route-map)#match ip address 12
R2(config-route-map)#set ip next-hop 3.1.1.1
R2(config-route-map)#exit

R2(config)#interface fastEthernet 0/0
R2(config-if)#ip policy route-map PBR
R2(config-if)#exit

R3#traceroute 11.0.0.1 source 13.0.0.1
Type escape sequence to abort.
Tracing the route to 11.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
  1 20.1.1.1 16 msec 20 msec 20 msec
  2 1.1.1.1 88 msec 28 msec 32 msec

R3#traceroute 11.0.0.1 source 13.0.1.1
Type escape sequence to abort.
Tracing the route to 11.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
  1 20.1.1.1 16 msec 16 msec 24 msec
  2 1.1.1.1 40 msec 32 msec 20 msec

R3#traceroute 11.0.0.1 source 13.0.2.1
Type escape sequence to abort.
Tracing the route to 11.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
  1 20.1.1.1 16 msec 20 msec 28 msec
  2 3.1.1.1 52 msec 44 msec 40 msec

R3#traceroute 11.0.0.1 source 13.0.3.1
Type escape sequence to abort.
Tracing the route to 11.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
  1 20.1.1.1 24 msec 8 msec 24 msec
  2 3.1.1.1 32 msec 44 msec 44 msec

R2#debug ip policy
Policy routing debugging is on

*Nov 23 15:57:46.706: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1, len 28, policy match
*Nov 23 15:57:46.706: IP: route map PBR, item 10, permit
*Nov 23 15:57:46.710: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1 (Serial3/0), len 28, policy r                                                                        outed
*Nov 23 15:57:46.710: IP: FastEthernet0/0 to Serial3/0 1.1.1.2
*Nov 23 15:57:46.726: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1, len 28, policy match
*Nov 23 15:57:46.730: IP: route map PBR, item 10, permit
*Nov 23 15:57:46.730: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1 (Serial3/0), len 28, policy r                                                                        outed
*Nov 23 15:57:46.730: IP: FastEthernet0/0 to Serial3/0 1.1.1.2
*Nov 23 15:57:46.758: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1, len 28, policy match
*Nov 23 15:57:46.758: IP: route map PBR, item 10, permit
*Nov 23 15:57:46.758: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1 (Serial3/0), len 28, policy r                                                                        outed
*Nov 23 15:57:46.758: IP: FastEthernet0/0 to Serial3/0 1.1.1.2
*Nov 23 15:57:46.778: IP: s=13.0.0.1 (FastEthernet0/
R2#0), d=11.0.0.1, len 28, FIB policy match




 


 


Instagram

Facebook


Twitter



LINKEDIN








No comments:

What are Types of hackers? free cybersecurity course.

 Types of hackers Who is a Hacker?  A hacker is basically a person who has highly skilled in information technology. Hacker uses their t...