Tuesday, March 22, 2022

Policy Base Routing - Router unwanted traffic via low bandwidth link

Let's say UserA and UserB are connected to the R4 router.

IT team noticed UserA is playing games on the Internet. IT team wants to traffic UserA packets via a slow bandwidth link.

UserA -> R4 -> R3 -> R2 -> R1 (which is lwo bandwidth)

UserB -> R4 -> R3 -> R1

HERE POLICY BASE ROUTING

R3 configuration

# ip access-list standard PBR-ACL

# permit 192.168.4.128 0.0.0.127 ((which is USERB traffic))

# exit

# route-map R3toR1 permit

# match ip address PBR-ACL

# set ip next-hop 172.16.13.1 (the interface which is facing to R3 from R1)

# exit

# int s0/0

# ip policy route-map R3toR1



See... now the 129 UserB traffic going as per the proposed design. 

R3# debug ip policy 1





SUMMARY AND ERROR FIXING ACL


 

1. All the routers are configured and apply the EIGRP as the routing protocol.

a) Now its able to ping all IP addresses in the topology.

b) Ex: R1 can ping to R4 and vice versa.

 

2. But see the connection between the routers are having different size of bandwidth. Ex: From R1 to R2 = 128 BW. So when we traceroute from R4 loopback interface with its 4.1 or 4.129, the traffic path would be the same as it is getting higher bandwidth path as per the cost of EIGRP.

a) As a summary, it takes the path as from 4.1 network
R4 -> R3 -> R2 -> R1 -> 192 network.

b) Let’s say we want to forward 4.129 traffic via low cost bandwidth which is 64 as from R4 -> R3 -> R1.

c) Here we have to use the amazing feature Path Control Policy Base Routing.

 

 

 

3. Let’s configure the R3 router.

 

# ip access-list standard PBR-ACL

# permit 192.168.4.128 0.0.0.127

We are going to permit the 4.128 network via PBR-ACL

 

Creating a route map to apply in.

# route-map R3toR1 permit

# match ip address PBR-ACL

# set ip next-hop 172.16.13.1

Apply this route map to the interface facing to R4 router.

# int s0/0

# ip policy route-map R3toR1

 

Now all done? Not yet, we allow only 4.128 network via ACL. Last line implicit deny rule apply by default and it will not allow the 4.1 traffic and deny 4.1 traffic.

 

So we need to create another ACL to allow 4. network traffic on R3

# access-list 1 permit 192.168.4.0 0.0.0.255

# exit

 

Let’s see the router now.

 

 

Now let’s test this.

# debug ip policy 1

 

 

 

See, now the 4.129 traffic go via R3 -> R1 instead of going towards to R2.

 

 

Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)