[ad_1]
It were a scorching minute since I ultimate put in combination a weblog, and I used to be enthusiastic about what could be a fascinating subject. Neatly, as is standard, I thought of what I’d lately run throughout, or labored on, in my “day process” as a part of the engineering crew that builds and helps the lab environments for all of the Finding out at Cisco coaching fabrics.
In this explicit day, I used to be reviewing the present configurations of the core community routers (layer 3 switches actually) in our knowledge facilities. I’m relatively new to this a part of the crew, and I used to be to find that we have been leveraging Coverage Primarily based Routing to govern the forwarding habits for several types of visitors. I’m certain lots of you studying this weblog are acquainted with the truth that there are at all times a number of techniques to perform a job in networking (lifestyles actually, however certainly in networking). As such, policy-based routing is a device within the community engineer’s toolkit that may steadily be leveraged to maintain “atypical trade necessities.”
And with that, I had a subject to make use of for this weblog and an accompanying video to kick off a brief video sequence referred to as “Technically Talking… with Hank Preston” at the Cisco U. via Finding out and Certifications YouTube channel. In particular, we’re going to have a look at how to configure policy-based routing to steer forwarding habits. The why I’ll go away for any other submit. 🙂
Additionally, for any individual finding out for the CCNP Endeavor certification, policy-based routing is at the ENARSI – Imposing Cisco Endeavor Complicated Routing and Products and services blueprint – “1.6 Configure and check policy-based routing.” 300-410 ENARSI is a focus examination that earns you the Cisco Qualified Specialist – Endeavor Complicated Infrastructure Implementation certification. So, it’s certainly an excellent subject for the Cisco Finding out weblog. Let’s dive proper in!
Environment the Level
Sooner than we have a look at converting the everyday routing and forwarding habits, let’s get started with the elemental forwarding habits. For this exploration, I put the underneath community in combination in a Cisco Modeling Labs simulation. (You’ll in finding the topology document right here.)
This community has two small LANs separated via a fundamental, unmarried house OSPF community within the center. The prices within the OSPF community were configured to make the most efficient trail from R1 to R5 via R3. We will see that during a pair techniques.
First, let’s have a look at the interface prices on R1.
R1#display ip ospf interface temporary Interface PID House IP Deal with/Masks Value State Nbrs F/C Gi0/1.200 1 0 192.168.200.1/24 1 DR 0/0 Gi0/1.100 1 0 192.168.100.1/24 1 DR 0/0 Gi0/4 1 0 10.14.14.1/24 110 DR 1/1 Gi0/3 1 0 10.13.13.1/24 1 DR 1/1 Gi0/2 1 0 10.12.12.1/24 100 DR 1/1
Realize the prices for interface G0/2 and G0/4 (in opposition to R2 and R4) have a price of 100 and 110 respectively, whilst the price of G0/3 (in opposition to R3) is only one.
And now, we’ll check the routing desk access for host H3 on R1.
R1#display ip direction 172.16.10.11
Routing access for 172.16.10.0/24
Recognized by the use of "ospf 1", distance 110, metric 3, kind intra house
Ultimate replace from 10.13.13.3 on GigabitEthernet0/3, 00:23:02 in the past
Routing Descriptor Blocks:
* 10.13.13.3, from 5.5.5.5, 00:23:02 in the past, by the use of GigabitEthernet0/3
Direction metric is 3, visitors proportion depend is 1
The routing desk lists the direction as in opposition to R3 out interface G0/3 — precisely as we’d be expecting.
The overall test will likely be a hint direction from host H1.
H1:~$ traceroute -n 172.16.10.11
traceroute to 172.16.10.11 (172.16.10.11), 30 hops max, 46 byte packets
1 192.168.100.1 5.534 ms 5.004 ms 3.038 ms
2 10.13.13.3 5.528 ms 5.531 ms 4.137 ms <- R3's G0/1 interface
3 10.35.35.5 5.533 ms 5.656 ms 6.339 ms
4 172.16.10.11 14.180 ms 9.787 ms 7.908 ms
And no giant shocker right here, the second one hop within the hint is certainly R3.
Let’s shake issues up slightly bit.
Think there used to be some explanation why that you simply sought after to direct visitors won at router R1 from host H1 destined for H3 to move via R2 . Possibly there used to be some visitors research that came about on that router. Or most likely that hyperlink is extra dependable, even supposing slower. There are any collection of causes this may arise in a community design. The important thing section is that you simply don’t need to alternate ALL forwarding habits, just a few of it. You could have a “coverage,” with the intention to discuss, that identifies some visitors you need to regulate. That is the place coverage founded routing, steadily known as PBR, is available in.
Coverage founded routing can appear difficult. To be honest, if overused, it might probably make networks very difficult and difficult to take care of. Then again, the technical fundamentals of PBR are beautiful simple.
First, you wish to have a solution to determine the visitors that you need to use the coverage to. Like many “matching” use instances in networking, that is steadily accomplished with an access-list. So, right here’s the entry checklist that I’ll use to compare the visitors I’m desirous about.
ip access-list prolonged H1-to-H3 10 allow ip host 192.168.100.11 host 172.16.10.11
This unmarried line prolonged ACL is all this is wanted. I’m matching all IP visitors from H1 to H3, however I might be extra explicit, to a selected port as smartly. Possibly simply internet visitors (tcp/80 & tcp/443) for instance.
Subsequent, a route-map is used to describe the coverage that we need to configure. The “coverage” is made up of “fit” stipulations to spot the visitors and “set” stipulations to make the “coverage founded adjustments” to the visitors that used to be matched.
Here’s the route-map for my coverage instance.
route-map POLICY-BASED-ROUTING allow 10 description Site visitors from H1 -> H3 direction via R2 fit ip cope with H1-to-H3 set ip next-hop 10.12.12.2
I’ve used the access-list I created in my “fit ip cope with” command. And, I’ve indicated that after visitors “fits” this coverage, I need to “set” the next-hop to be 10.12.12.2.
And spot the primary line within the configuration instance. It ends with the quantity “10.” This quantity identifies the location within the direction map that this actual coverage access holds. A route-map may also be made up of many coverage units – each and every with a “fit” and “set” remark. On this method, community engineers will have very granular keep an eye on over how visitors is forwarded within the community. Lovely to hand proper!
Sooner than I am going a lot farther it’s certainly vital to notice that route-maps are used for extra than simply coverage founded routing. The route-map assemble could also be used as a part of high quality of provider (QoS) configurations, routing protocol filtering, and BGP trail manipulations. So in the event you discover the configuration choices to be had for fit and set you are going to in finding a number of different choices. These kinds of are used to be used instances instead of coverage founded routing.
The ultimate step to finish the configuration of my coverage is to use it on the router interface. Since this coverage is set controlling visitors from the LAN attached to interface Gig0/1 on R1, this is the place I will be able to follow it.
interface Gig0/1.100 ip coverage route-map POLICY-BASED-ROUTING
That’s it, we’ve configured coverage founded routing. Let’s check to peer if it’s operating.
We’ll get started via rerunning the similar hint direction command as prior to and evaluating the effects.
1:~$ traceroute -n 172.16.10.11
traceroute to 172.16.10.11 (172.16.10.11), 30 hops max, 46 byte packets
1 192.168.100.1 7.306 ms 3.017 ms 3.337 ms
2 10.12.12.2 3.844 ms 4.335 ms 3.688 ms <- R2's G0/1 interface
3 10.25.25.5 7.906 ms 5.125 ms 5.962 ms
4 172.16.10.11 8.951 ms 8.912 ms 7.348 ms
Take a look at that, visitors is certainly going via R2 now. However let’s check that it is only for visitors to H3 via hint routing the visitors to H4.
H1:~$ traceroute -n 172.16.10.21
traceroute to 172.16.10.21 (172.16.10.21), 30 hops max, 46 byte packets
1 192.168.100.1 3.681 ms 3.153 ms 2.563 ms
2 10.13.13.3 3.613 ms 3.185 ms 3.747 ms <- R3's G0/1 interface
3 10.35.35.5 5.957 ms 7.555 ms 5.040 ms
4 172.16.10.21 14.915 ms 7.157 ms 7.853 ms
Yep, visitors from H1 to H4 is certainly nonetheless following the “usual trail” via R3. However what about visitors from H2 -> H3? Will it’s redirected via R2?
H2:~$ traceroute -n 172.16.10.11
traceroute to 172.16.10.11 (172.16.10.11), 30 hops max, 46 byte packets
1 192.168.200.1 7.284 ms 2.840 ms 3.173 ms
2 10.13.13.3 3.526 ms 4.514 ms 3.498 ms <- R3's G0/1 interface
3 10.35.35.5 6.375 ms 7.212 ms 4.900 ms
4 172.16.10.11 6.642 ms 6.270 ms 5.884 ms
Nope, best visitors from H1 -> H3 is being redirected.
If we have a look at the routing desk on R1, we’ll see not anything has modified.
R1#display ip direction 172.16.10.11
Routing access for 172.16.10.0/24
Recognized by the use of "ospf 1", distance 110, metric 3, kind intra house
Ultimate replace from 10.13.13.3 on GigabitEthernet0/3, 00:23:02 in the past
Routing Descriptor Blocks:
* 10.13.13.3, from 5.5.5.5, 00:23:02 in the past, by the use of GigabitEthernet0/3
Direction metric is 3, visitors proportion depend is 1
There are a couple of helpful instructions at the router to test the standing of coverage founded routing.
First up, a fundamental “display” command price noting.
R1#display route-map
route-map POLICY-BASED-ROUTING, allow, collection 10
Fit clauses:
ip cope with (access-lists): H1-to-H3
Set clauses:
ip next-hop 10.12.12.2
Coverage routing fits: 12 packets, 756 bytes
This command supplies “coverage fit” statistics. We will see that once I ran this command there have been 12 fits up to now.
Some other command that turns out to be useful is the “debug ip coverage” command. It supplies helpful information about the processing of the coverage as visitors flows during the router. However as with all “debug” command, watch out the use of it on a manufacturing instrument as it might probably put a heavy load on community units if there may be a large number of visitors flowing via.
I will be able to flip at the debugging after which ship a unmarried ICMP (ping) packet from H1 -> H3.
R1#debug ip coverage Coverage routing debugging is on R1# *Apr 26 00:29:58.282: IP: s=192.168.100.11 (GigabitEthernet0/1.100), d=172.16.10.11, len 84, FIB coverage fit *Apr 26 00:29:58.282: IP: s=192.168.100.11 (GigabitEthernet0/1.100), d=172.16.10.11, len 84, PBR Counted *Apr 26 00:29:58.282: IP: s=192.168.100.11 (GigabitEthernet0/1.100), d=172.16.10.11, g=10.12.12.2, len 84, FIB coverage routed
Evaluate the above output to the debug output once I ping H1 -> H4.
*Apr 26 00:31:00.294: IP: s=192.168.100.11 (GigabitEthernet0/1.100), d=172.16.10.21, len 84, FIB coverage rejected(no fit) - customary forwarding
Within the first instance, “FIB coverage fit” signifies that the PRB coverage used to be induced. And a following debug line presentations that the visitors used to be “FIB coverage routed.” That’s the PBR in motion. Evaluate that to the output from the second one ping this is “FIB coverage rejected (no fit) – customary forwarding.” That output is beautiful descriptive.
And with that, we’ve come to the top of this submit. I am hoping this brief have a look at coverage founded routing helped destroy it down and introduce you to a brand new era instrument that you’ll put into your toolkit. Possibly it’ll allow you to remedy a trade problem sooner or later. Or perhaps it’ll allow you to on your preparation for the ENARSI examination or different research. Both method, thank you for putting out with me lately.
Were given a subject you’d like me to breakdown? Let me know within the feedback.
Assets
Sign up for the Cisco Finding out Community lately free of charge.
Apply Cisco Finding out & Certifications
Twitter | Fb | LinkedIn | Instagram | YouTube
Use #CiscoCert to sign up for the dialog.
Percentage:
[ad_2]