Saturday, 24 November 2018

What is Policy Based Routing (PBR)? How to configure PBR routing?

Policy based routing is use to path manipulation. It is used for implementing policy that causes the packet to take a different direction. Policy based routing allows source based routing. Routing table is destination base.

In short: PBR is a technique used to make routing decisions based on policies implemented by the network administrator.

Here’s the list of some Advantages of policy based routing:-

Different users can reach the destination from different direction
Load sharing
PBR will be implemented on the incoming direction of the source in interface
If the packet is match in the route map and it is permit it will be send according to the policy
If the packet is match in the route map and route map deny packet will be forwarded according to normal routing table

Lets configure policy based routing.

Topology:-

Goal:-

configure the topology as per our diagram
configure EIGRP 100 all the routers, advertise all the interfaces as per the topology make sure the rechibility between all the routers.
configure the bandwidth on serial 3/3 to 1000kbps and serial 3/0 remain the default bandwidth 1544 kbps.
configure Policy Based Routing on router 2 according to our given conditions

traffic sourced from 13.0.0.0/24, 13.0.1.0/24 should be forwarded on serial 3/0 interface
traffic sourced from 13.0.2.0/24, 13.0.3.0/24 should be forwarded on serial 3/3 interface
all the remaining traffic should use the default routing path

R1(config)#router eigrp 100

R1(config-router)#network 11.0.0.0

R1(config-router)#network 1.0.0.0

R1(config-router)#network 3.0.0.0

R1(config-router)#network 10.0.0.0

R1(config-router)#no auto-summary

R1(config-router)#end

R2(config)#router eigrp 100

R2(config-router)#network 1.0.0.0

R2(config-router)#network 3.0.0.0

R2(config-router)#network 20.0.0.0

R2(config-router)#no auto-summary

R3(config)#router eigrp 100

R3(config-router)#network 20.0.0.0

R3(config-router)#network 13.0.0.0

R3(config-router)#no auto-summary

R3(config-router)#end

R2#show ip eigrp 100 neighbors

EIGRP-IPv4 Neighbors for AS(100)

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

2 20.1.1.3 Fa0/0 13 00:06:27 16 100 0 4

1 3.1.1.1 Se3/3 11 00:07:02 16 100 0 8

0 1.1.1.1 Se3/0 13 00:07:05 669 4014 0 7

R2#show ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

D 10.0.0.0/8 [90/2172416] via 3.1.1.1, 00:10:32, Serial3/3

[90/2172416] via 1.1.1.1, 00:10:32, Serial3/0

11.0.0.0/24 is subnetted, 4 subnets

D 11.0.0.0 [90/2297856] via 3.1.1.1, 00:10:32, Serial3/3

[90/2297856] via 1.1.1.1, 00:10:32, Serial3/0

D 11.0.1.0 [90/2297856] via 3.1.1.1, 00:10:32, Serial3/3

[90/2297856] via 1.1.1.1, 00:10:32, Serial3/0

D 11.0.2.0 [90/2297856] via 3.1.1.1, 00:10:32, Serial3/3

[90/2297856] via 1.1.1.1, 00:10:32, Serial3/0

D 11.0.3.0 [90/2297856] via 3.1.1.1, 00:10:32, Serial3/3

[90/2297856] via 1.1.1.1, 00:10:32, Serial3/0

13.0.0.0/24 is subnetted, 4 subnets

D 13.0.0.0 [90/156160] via 20.1.1.3, 00:09:48, FastEthernet0/0

D 13.0.1.0 [90/156160] via 20.1.1.3, 00:09:48, FastEthernet0/0

D 13.0.2.0 [90/156160] via 20.1.1.3, 00:09:48, FastEthernet0/0

D 13.0.3.0 [90/156160] via 20.1.1.3, 00:09:48, FastEthernet0/0

R2(config)#int serial 3/3

R2(config-if)#bandwidth 1000

R2(config-if)#exit

R2#show ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

D 10.0.0.0/8 [90/2172416] via 1.1.1.1, 00:00:48, Serial3/0

11.0.0.0/24 is subnetted, 4 subnets

D 11.0.0.0 [90/2297856] via 1.1.1.1, 00:00:48, Serial3/0

D 11.0.1.0 [90/2297856] via 1.1.1.1, 00:00:48, Serial3/0

D 11.0.2.0 [90/2297856] via 1.1.1.1, 00:00:48, Serial3/0

D 11.0.3.0 [90/2297856] via 1.1.1.1, 00:00:48, Serial3/0

13.0.0.0/24 is subnetted, 4 subnets

D 13.0.0.0 [90/156160] via 20.1.1.3, 00:12:19, FastEthernet0/0

D 13.0.1.0 [90/156160] via 20.1.1.3, 00:12:19, FastEthernet0/0

D 13.0.2.0 [90/156160] via 20.1.1.3, 00:12:19, FastEthernet0/0

D 13.0.3.0 [90/156160] via 20.1.1.3, 00:12:19, FastEthernet0/0

R2(config)#access-list 10 per

R2(config)#access-list 10 permit 13.0.0.0 0.0.0.255

R2(config)#access-list 10 permit 13.0.1.0 0.0.0.255

R2(config)#access-list 12 permit 13.0.2.0 0.0.0.255

R2(config)#access-list 12 permit 13.0.3.0 0.0.0.255

R2(config)#route-map PBR permit 10

R2(config-route-map)#match ip address 10

R2(config-route-map)#set ip next-hop 1.1.1.1

R2(config-route-map)#exit

R2(config)#route-map PBR permit 12

R2(config-route-map)#match ip address 12

R2(config-route-map)#set ip next-hop 3.1.1.1

R2(config-route-map)#exit

R2(config)#interface fastEthernet 0/0

R2(config-if)#ip policy route-map PBR

R2(config-if)#exit

R3#traceroute 11.0.0.1 source 13.0.0.1

Type escape sequence to abort.

Tracing the route to 11.0.0.1

VRF info: (vrf in name/id, vrf out name/id)

1 20.1.1.1 16 msec 20 msec 20 msec

2 1.1.1.1 88 msec 28 msec 32 msec

R3#traceroute 11.0.0.1 source 13.0.1.1

Type escape sequence to abort.

Tracing the route to 11.0.0.1

VRF info: (vrf in name/id, vrf out name/id)

1 20.1.1.1 16 msec 16 msec 24 msec

2 1.1.1.1 40 msec 32 msec 20 msec

R3#traceroute 11.0.0.1 source 13.0.2.1

Type escape sequence to abort.

Tracing the route to 11.0.0.1

VRF info: (vrf in name/id, vrf out name/id)

1 20.1.1.1 16 msec 20 msec 28 msec

2 3.1.1.1 52 msec 44 msec 40 msec

R3#traceroute 11.0.0.1 source 13.0.3.1

Type escape sequence to abort.

Tracing the route to 11.0.0.1

VRF info: (vrf in name/id, vrf out name/id)

1 20.1.1.1 24 msec 8 msec 24 msec

2 3.1.1.1 32 msec 44 msec 44 msec

R2#debug ip policy

Policy routing debugging is on

*Nov 23 15:57:46.706: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1, len 28, policy match

*Nov 23 15:57:46.706: IP: route map PBR, item 10, permit

*Nov 23 15:57:46.710: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1 (Serial3/0), len 28, policy r outed

*Nov 23 15:57:46.710: IP: FastEthernet0/0 to Serial3/0 1.1.1.2

*Nov 23 15:57:46.726: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1, len 28, policy match

*Nov 23 15:57:46.730: IP: route map PBR, item 10, permit

*Nov 23 15:57:46.730: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1 (Serial3/0), len 28, policy r outed

*Nov 23 15:57:46.730: IP: FastEthernet0/0 to Serial3/0 1.1.1.2

*Nov 23 15:57:46.758: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1, len 28, policy match

*Nov 23 15:57:46.758: IP: route map PBR, item 10, permit

*Nov 23 15:57:46.758: IP: s=13.0.0.1 (FastEthernet0/0), d=11.0.0.1 (Serial3/0), len 28, policy r outed

*Nov 23 15:57:46.758: IP: FastEthernet0/0 to Serial3/0 1.1.1.2

*Nov 23 15:57:46.778: IP: s=13.0.0.1 (FastEthernet0/

R2#0), d=11.0.0.1, len 28, FIB policy match

Internetworks

Pages

Saturday, 24 November 2018

What is Policy Based Routing (PBR)? How to configure PBR routing?

Instagram

YouTube

Facebook

Twitter

LINKEDIN

No comments:

What are Types of hackers? free cybersecurity course.

Translate

Popular Posts