FAQs

S/N/K-Series Policy Based Routing example Selects among Multiple Next Hops

  • 1.  S/N/K-Series Policy Based Routing example Selects among Multiple Next Hops

    Posted 12-06-2013 15:56
    Article ID: 13620

    Products
    S-Series
    Matrix N-Series DFE, firmware 7.11.01.0025 and higher
    K-Series

    Goals
    Use different PBR next-hop addresses depending on packet characteristics.

    Solution
    This may be accomplished by specifying more than one map within the assigned route-map, with each map represented by a sequence number. When evaluating a PBR route-map for a routed packet, the process walks through each map in sequence.

    In the firmware 7.x sample configuration shown here...
    • Initially, map 10 yields a packet match to the NacWebRedirect access-list if the packet uses both TCP port 80 and DSCP value af12 (5811). If it does match, then it is forwarded to the next-hop address as defined ("10.10.12.1").
    • Otherwise, map 20 (next in sequence) yields a packet match to the ACL-SourceIP access-list if the packet's Source IP address falls within one of the specified (reverse-masked) ranges. If it does match, then it is forwarded to the next-hop address as defined ("10.10.0.6").
    • This process may continue for further iterations as desired. Here there are only two maps configured.
    • When all relevant maps have been examined with no match, then (by default: 13123) the packet is forwarded per the routing table.
    configure terminal
    !
    ip access-list extended NacWebRedirect
    permit tcp any any eq 80 dscp af12
    exit
    !
    ip access-list standard ACL-SourceIP
    permit 10.10.179.0 0.0.0.255
    permit 10.10.250.0 0.0.0.255
    permit 10.10.248.0 0.0.0.255
    permit 10.10.200.0 0.0.0.255
    permit 10.10.253.224 0.0.0.31
    permit 10.10.254.0 0.0.0.255
    permit 10.10.181.0 0.0.0.255
    permit 10.10.251.254 0.0.0.255
    exit
    !
    route-map policy policy1 permit 10
    match ip address NacWebRedirect
    set next-hop 10.10.12.1
    exit
    route-map policy policy1 permit 20
    match ip address ACL-Source-IP
    set next-hop 10.10.0.6
    exit
    !
    interface vlan.0.10
    ip address 10.10.0.129 255.255.255.248 primary
    ip policy route-map policy1
    no shutdown
    exit
    !
    exit[/code]For more information, please refer to the Configuration/CLI Guide applicable to your product and firmware version.