|
Home > Archive > CCNP > April 2001 > policy routing
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| need help in configuring policy routing:
r1 has two subinterfaces:
Serial0.1 point-to-point
bandwidth 64
ip address 10.10.2.1 255.255.0.0
frame-relay interface-dlci 102
Serial0.2 multipoint
bandwidth 64
ip address 10.10.1.1 255.255.0.0
frame-relay interface-dlci 103
frame-relay interface-dlci 105
r2 is connected to r1 via S0 with ip address 10.10.2.2 /16
r3 is connected to r1 via S0 with ip address 10.10.1.3 /16
r5 is connected to r1 via S0 with ip address 10.10.1.5 /16
r1's route to 10.10.2.2 is:R1#sh ip route 10.10.2.2
Routing entry for 10.10.0.0/16
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Serial0.2
Route metric is 0, traffic share count is 1
directly connected, via Serial0.1
Route metric is 0, traffic share count is 1
the same result with the route going to r3 and r5..What kind of policy routing will I configure to have a single route to each destination?
Thanks! | |
| BlueBaron 2001-04-23, 11:22 am |
| I could be wrong here . . . but I wouldn't go with any sort of "policy routing". I would enter static routes with a longer mask to each. | |
|
| no static route is permitted.
thanks.. | |
| BlueBaron 2001-04-23, 12:43 pm |
| No static routes permitted eh? Well, without a lab to test all of my theories on, I'd hate to waste your time. As an observation, can you break that multipoint interface out into two point to point sub-interfaces? It would make your management a lot easier. Also, any reason why you don't have the remote side routers configured for subs as well?
Just some random thoughts . . . | |
| Transylvanian 2001-04-23, 4:49 pm |
| PBR is not a trivial thing. And the problem you post is most unusual...
I'll give it a try...
Don't laugh if I'm totally tangent to the solution. I don't have a lab to test, and I don't have much time to think it over, but...that's how I would start,on paper, and then I'd test:
Below, E0 means the ethernet interface of router R1.
The policy-based routing is applied on an incoming packet, that's why I would apply it on e0 of the router R1
Config of R1#
ip access-list extended Net10.10.2.2
permit ip any 10.10.2.0 0.0.0.255
!
ip access-list extended Net10.10.1.5
permit ip any 10.10.1.5 0.0.0.0
!
ip access-list extended Net10.10.1.3
permit ip any 10.10.1.3 0.0.0.0
!
route-map Segregate permit 10
match ip address Net10.10.2.2
set ip next-hop 10.10.2.2
!
route-map Segregate permit 20
match ip address Net10.10.1.5
set ip next-hop 10.10.1.5
!
route-map Segregate permit 30
match ip address Net10.10.1.3
set ip next-hop 10.10.1.3
Interface E0
ip route-cahe policy
ip policy route-map Segregate
Mercy, people, if I'm out to lunch...
And, BTW, I hope this is an academic drill, to test Policy-Based routing at its most vicious heights.....
I don't think somebody will actually design such a WAN,... with that IP scheme in place, I mean | |
| dmaftei 2001-04-23, 5:16 pm |
| quote:
Originally posted by poks
Serial0.1 point-to-point
ip address 10.10.2.1 255.255.0.0
Serial0.2 multipoint
ip address 10.10.1.1 255.255.0.0
This probably has nothing to do with policy routing, but shouldn't you have the two subinterfaces in different subnets?! Like using a 255.255.255.0 mask instead of the 255.255.0.0 mask?
Cheers! | |
| Transylvanian 2001-04-23, 5:28 pm |
| I think is like this on purpose, to make it impossible to route without policy-based routing..
Again, I believe this is a student case-study, not a real life example.
Because if it was a real-life example, I would have never wasted any time on this design, so God help me... | |
| dmaftei 2001-04-23, 5:31 pm |
| quote:
Originally posted by Transylvanian
[B]I think is like this on purpose, to make it impossible to route without policy-based routing..
Got it! I'll have to hit the policy routing books (or links...)  | |
|
| thanks for the replies.
this is a lab scenario.
transylvanian: the source is coming from the serial port and not the ethernet port.
if I ping from r2 to r1:
R2#ping 10.10.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.2.1, timeout is 2 seconds:
!.!.!
the connection is:
r1:
s0 - main interface
s0.1 - point-to-point connected to r2
s0.2 - multipoint connected to r3 and r5 which has two DLCIs
r2:
s0 - connected to r1
r3:
s0 - connected to r1
r5:
s0 - connected to r1
THANKS!! | |
| Transylvanian 2001-04-23, 7:01 pm |
| Poks,
The only candidate for Policy-based routing is R1.
Policy-based routing is applied INBOUND on an interface. That's the law.
S0.1 and S0.2 are OUTBOUND interfaces in our example, for what we want to accomplish.
By the time the packet reached the R1's S0.1 interface, the routing was long over; the routing decision has already been made, and the packet was switched out on S0.1.
Therefore the Policy-based routing cannot be applied on S0.1 or S0.2.
Has to be applied on another interface of R1...so I named it Ethernet0 for the sake of the argument. In my example, Ethernet0 is the originating interface from which we want the packets to have a single route to each destination r2, r5 or r3.
______________________________
__
Up to here, I'm pretty confortable with the theory.
Not sure that the actual router config I created will stand a testing lab, though...
PS:what did you want to say by pinging from R2 to R1? It's only one possible path...not sure what's the relevance of that ping... | |
|
|
|
|
|