Configuring Policy-Based Routing.pdf

(108 KB) Pobierz
Configuring Policy-Based Routing
This chapter describes the tasks for configuring policy-based routing (PBR) on a router.
For complete conceptual information about this feature, see the section
“Policy-Based Routing”
in the
chapter “Classification
Overview”
in this book.
For a complete description of the PBR commands in this chapter, refer to the
Cisco IOS Quality of
Service Solutions Command Reference.
To locate documentation of other commands that appear in this
chapter, use the command reference master index or search online.
To identify the hardware platform or software image information associated with a feature, use the
Feature Navigator on Cisco.com to search for information about the feature or refer to the software
release notes for a specific release. For more information, see the
“Identifying Supported Platforms”
section in the
“Using Cisco IOS Software”
chapter in this book.
Policy-Based Routing Configuration Task List
To configure PBR, perform the tasks described in the following sections. The task in the first section is
required; the tasks in the remaining sections are optional.
Enabling PBR
(Required)
Enabling Fast-Switched PBR
(Optional)
Enabling Local PBR
(Optional)
Enabling CEF-Switched PBR
(Optional)
See the end of this chapter for the section “Policy-Based
Routing Configuration Examples.”
Enabling PBR
To enable PBR, you must create a route map that specifies the match criteria and the resulting action if
all of the match clauses are met. Then, you must enable PBR for that route map on a particular interface.
All packets arriving on the specified interface matching the match clauses will be subject to PBR.
Cisco IOS Quality of Service Solutions Configuration Guide
QC-43
Configuring Policy-Based Routing
Policy-Based Routing Configuration Task List
To enable PBR on an interface, use the following commands beginning in global configuration mode:
Command
Step 1
Router(config)#
route-map
map-tag
[permit |
deny]
[sequence-number]
Purpose
Defines a route map to control where packets are
output. This command puts the router into route-map
configuration mode.
Specifies the match criteria.
Although there are many route-map matching
options, here you can specify only length and/or ip
address.
Step 2
Router(config-route-map)#
match length
min max
Router(config-route-map)#
match ip address
{access-list-number |
name}
[...access-list-number |
name]
length
matches the Level 3 length of the packet.
ip address
matches the source or destination IP
address that is permitted by one or more standard
or extended access lists.
If you do not specify a
match
command, the route
map applies to
all
packets.
Step 3
Router(config-route-map)#
set ip precedence
[number
|
name]
Router(config-route-map)#
set ip df
Router(config-route-map)#
set ip vrf
vrf_name
Router(config-route-map)#
set ip next-hop
ip-address
[...
ip-address]
Router(config-route-map)#
set ip next-hop recursive
ip-address
[...
ip-address]
Router(config-route-map)#
set interface
interface-type interface-number
[...
type number]
Router(config-route-map)#
set ip default next-hop
ip-address
[...
ip-address]
Router(config-route-map)#
set default interface
interface-type interface-number
[...
type ...number]
Specifies the action(s) to take on the packets that
match the criteria. You can specify any or all of the
following:
precedence:
Sets precedence value in the IP
header. You can specify either the precedence
number or name.
df:
Sets the ‘Don’t Fragment’ (DF) bit in the ip
header.
vrf:
Sets the VPN Routing and Forwarding
(VRF) instance.
next-hop:
Sets next hop to which to route the
packet.
next-hop recursive:
Sets next hop to which to
route the packet if the hop is to a router which is
not adjacent.
interface:
Sets output interface for the packet.
default next-hop:
Sets next hop to which to
route the packet if there is no explicit route for
this destination.
default interface:
Sets output interface for the
packet if there is no explicit route for this
destination.
Cisco IOS Quality of Service Solutions Configuration Guide
QC-44
Configuring Policy-Based Routing
Policy-Based Routing Configuration Task List
Command
Step 4
Step 5
Router(config-route-map)#
interface
interface-type
interface-number
Router(config-if)#
ip policy route-map
map-tag
Purpose
Specifies the interface, and puts the router into
interface configuration mode.
Identifies the route map to use for PBR. One interface
can have only one route map tag; but you can have
several route map entries, each with its own sequence
number. Entries are evaluated in order of their
sequence numbers until the first match occurs. If no
match occurs, packets are routed as usual.
The
set
commands can be used in conjunction with each other. They are evaluated in the order shown in
Step 3 in the previous task table. A usable next hop implies an interface. Once the local router finds a
next hop and a usable interface, it routes the packet.
Note
Enabling PBR disables fast switching of all packets arriving on this interface.
If you want PBR to be fast-switched, see the section “Enabling
Fast-Switched PBR,”
which follows.
Enabling Fast-Switched PBR
IP PBR can now be fast-switched. Prior to Cisco IOS Release 12.0, PBR could only be process-switched,
which meant that on most platforms the switching rate was approximately 1000 to 10,000 packets per
second. This speed was not fast enough for many applications. Users that need PBR to occur at faster
speeds can now implement PBR without slowing down the router.
Fast-switched PBR supports all of the
match
commands and most of the
set
commands, with the
following restrictions:
The
set ip default next-hop
and
set default interface
commands are not supported.
The
set interface
command is supported only over point-to-point links, unless a route cache entry
exists using the same interface specified in the
set interface
command in the route map. Also, at the
process level, the routing table is consulted to determine if the interface is on a reasonable path to
the destination. During fast switching, the software does not make this check. Instead, if the packet
matches, the software blindly forwards the packet to the specified interface.
PBR must be configured before you configure fast-switched PBR. Fast switching of PBR is disabled by
default. To enable fast-switched PBR, use the following command in interface configuration mode:
Command
Router(config-if)#
ip route-cache policy
Purpose
Enables fast switching of PBR.
To display the cache entries in the policy route cache, use the
show ip cache policy
command. To display
which route map is associated with which interface, use the
show ip policy
command.
Cisco IOS Quality of Service Solutions Configuration Guide
QC-45
Configuring Policy-Based Routing
Policy-Based Routing Configuration Examples
Enabling Local PBR
Packets that are generated by the router are not normally policy-routed. To enable local PBR for such
packets, indicate which route map the router should use by using the following command in global
configuration mode:
Command
Router(config)#
ip local policy route-map
map-tag
Purpose
Identifies the route map to use for local PBR.
All packets originating on the router will then be subject to local PBR.
Use the
show ip local policy
command to display the route map used for local PBR, if one exists.
Enabling CEF-Switched PBR
Beginning in Cisco IOS Release 12.0, PBR is supported in the Cisco Express Forwarding (CEF)
switching path. CEF-switched PBR has better performance than fast-switched PBR and, therefore, is the
optimal way to perform PBR on a router.
No special configuration is required to enable CEF-switched PBR. It is on by default as soon as you
enable CEF and PBR on the router.
Note
The
ip route-cache policy
command is strictly for fast-switched PBR and, therefore, not required
for CEF-switched PBR.
Policy-Based Routing Configuration Examples
The following sections provide PBR configuration examples:
Equal Access Example
Differing Next Hops Example
For information on how to configure policy-based routing, see the section
“Policy-Based Routing
Configuration Task List”
in this chapter.
Equal Access Example
The following example provides two sources with equal access to two different service providers.
Packets arriving on asynchronous interface 1 from the source 1.1.1.1 are sent to the router at 6.6.6.6 if
the router has no explicit route for the destination of the packet. Packets arriving from the source 2.2.2.2
are sent to the router at 7.7.7.7 if the router has no explicit route for the destination of the packet. All
other packets for which the router has no explicit route to the destination are discarded.
access-list 1 permit ip 1.1.1.1
access-list 2 permit ip 2.2.2.2
!
interface async 1
ip policy route-map equal-access
!
Cisco IOS Quality of Service Solutions Configuration Guide
QC-46
Configuring Policy-Based Routing
Policy-Based Routing Configuration Examples
route-map equal-access permit 10
match ip address 1
set ip default next-hop 6.6.6.6
route-map equal-access permit 20
match ip address 2
set ip default next-hop 7.7.7.7
route-map equal-access permit 30
set default interface null0
Differing Next Hops Example
The following example illustrates how to route traffic from different sources to different places (next
hops), and how to set the Precedence bit in the IP header. Packets arriving from source 1.1.1.1 are sent
to the next hop at 3.3.3.3 with the Precedence bit set to priority; packets arriving from source 2.2.2.2 are
sent to the next hop at 3.3.3.5 with the Precedence bit set to critical.
access-list 1 permit ip 1.1.1.1
access-list 2 permit ip 2.2.2.2
!
interface ethernet 1
ip policy route-map Texas
!
route-map Texas permit 10
match ip address 1
set ip precedence priority
set ip next-hop 3.3.3.3
!
route-map Texas permit 20
match ip address 2
set ip precedence critical
set ip next-hop 3.3.3.5
Cisco IOS Quality of Service Solutions Configuration Guide
QC-47

Plik z chomika:

Inne pliki z tego folderu:

Inne foldery tego chomika:

Zgłoś jeśli naruszono regulamin