PBR Cmds Ce

Download as pdf or txt
Download as pdf or txt
You are on page 1of 10

Products & Services

Policy-Based Routing Using the set ip default next-hop and se


Example
Document ID: 47121

Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Configure
Network Diagram
Case Study 1: Policy Routing Using the set ip default next-hop Command with Dynamic Routing
Protocol
Verify Case Study 1
Case Study 2: Policy Routing Using the set ip next-hop Command with Dynamic Routing Protocol
Verify Case Study 2
Case Study 3: Policy Routing Using the set ip default next-hop with a Default Route
Verify Case Study 3
Troubleshoot
Related Information

Introduction

This document provides a sample configuration for policy-based routing (PBR) using the set ip default next-hop and

The set ip default next-hop command verifies the existence of the destination IP address in the routing table, and

if the destination IP address exists, the command does not policy route the packet, but forwards the packet ba

if the destination IP address does not exist, the command policy routes the packet by sending it to the specifie

The set ip next-hop command verifies the existence of the next hop specified, and

if the next hop exists in the routing table, then the command policy routes the packet to the next hop.

if the next hop does not exist in the routing table, the command uses the normal routing table to forward the pa

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions; however, the software used must support
which hardware and software is supported for this configuration.

Conventions

For more information on document conventions, refer to Cisco Technical Tips Conventions.
Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool (regist

Network Diagram

This document uses this network setup:

Case Study 1: Policy Routing Using the set ip default next-hop Command with Dynamic Routing Protoc

This section uses these configurations:

R1

R1# show running-config


Building configuration...
.
!
interface Ethernet0/0
ip address 100.100.100.1 255.255.255.0
ip policy route-map blah
!
interface Serial1/0
ip address 10.10.10.1 255.255.255.0
!
interface Serial2/0
ip address 20.20.20.1 255.255.255.0
!
router ospf 1

!--- OSPF is not configured on Serial1/0.

log-adjacency-changes
network 20.20.20.0 0.0.0.255 area 0
network 100.100.100.0 0.0.0.255 area 0
!
ip classless
no ip http server
!
access-list 100 permit ip host 100.100.100.3 host 200.200.200.4
!
route-map blah permit 10
match ip address 100
set ip default next-hop 10.10.10.2
.
.
!
end

R2

R2# show running-config


Building configuration...
.
!
!
interface Ethernet0/0
ip address 200.200.200.2 255.255.255.0
ip policy route-map blah
!
interface Serial1/0
ip address 10.10.10.2 255.255.255.0
fair-queue
!
interface Serial2/0
ip address 20.20.20.2 255.255.255.0
!
router ospf 1

!--- OSPF is not configured on Serial1/0.

log-adjacency-changes
network 20.20.20.0 0.0.0.255 area 0
network 200.200.200.0 0.0.0.255 area 0
!
ip classless
no ip http server
!
access-list 100 permit ip host 200.200.200.4 host 100.100.100.3
!
route-map blah permit 10
match ip address 100
set ip default next-hop 10.10.10.1
!
end

Verify Case Study 1

When the destination route exists in the routing table, normal forwarding is useddo not policy route the packet.

R1# show ip route 200.200.200.4


Routing entry for 200.200.200.0/24
Known via "ospf 1", distance 110, metric 74, type intra area
Last update from 20.20.20.2 on Serial2/0, 00:11:48 ago
Routing Descriptor Blocks:
* 20.20.20.2, from 30.30.30.3, 00:11:48 ago, via Serial2/0
Route metric is 74, traffic share count is 1

R1# debug ip policy


Policy routing debugging is on
*Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 4 12:50:57.363: IP: route map blah, item 10, permit
*Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/
*Dec 4 12:50:57.431: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 4 12:50:57.431: IP: route map blah, item 10, permit
*Dec 4 12:50:57.431: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/
*Dec 4 12:50:57.491: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 4 12:50:57.491: IP: route map blah, item 10, permit
*Dec 4 12:50:57.491: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/

R2# show ip route 100.100.100.3


Routing entry for 100.100.100.0/24
Known via "ospf 1", distance 110, metric 74, type intra area
Last update from 20.20.20.1 on Serial2/0, 00:11:42 ago
Routing Descriptor Blocks:
* 20.20.20.1, from 100.100.100.1, 00:11:42 ago, via Serial2/0
Route metric is 74, traffic share count is 1

R2# debug ip policy


Policy routing debugging is on
*Dec 4 12:50:57.779: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100,
*Dec 4 12:50:57.779: IP: route map blah, item 10, permit
*Dec 4 12:50:57.779: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial2/
*Dec 4 12:50:57.839: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100,
*Dec 4 12:50:57.839: IP: route map blah, item 10, permit
*Dec 4 12:50:57.839: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial2/
*Dec 4 12:50:57.911: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100,
*Dec 4 12:50:57.911: IP: route map blah, item 10, permit
*Dec 4 12:50:57.911: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial2/

When Serial 2/0 goes down and the destination address disappears from the routing table, the packet is policy routed

R1# show ip route 200.200.200.0


% Network not in table
R1#
*Dec 5 13:26:27.567: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 13:26:27.567: IP: route map blah, item 10, permit
*Dec 5 13:26:27.567: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/
*Dec 5 13:26:27.567: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 5 13:26:27.655: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 13:26:27.655: IP: route map blah, item 10, permit
*Dec 5 13:26:27.655: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/
*Dec 5 13:26:27.655: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 5 13:26:27.727: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 13:26:27.727: IP: route map blah, item 10, permit
*Dec 5 13:26:27.727: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/
*Dec 5 13:26:27.727: IP: Ethernet0/0 to Serial1/0 10.10.10.2

Case Study 2: Policy Routing Using the set ip next-hop Command with Dynamic Routing Protocol

This section uses these configurations:

R1
R1# show running-config
Building configuration...
.
!
interface Ethernet0/0
ip address 100.100.100.1 255.255.255.0
ip policy route-map blah
!
interface Serial1/0
ip address 10.10.10.1 255.255.255.0
!
interface Serial2/0
ip address 20.20.20.1 255.255.255.0
!
router ospf 1

!--- OSPF is not configured on Serial1/0.

log-adjacency-changes
network 20.20.20.0 0.0.0.255 area 0
network 100.100.100.0 0.0.0.255 area 0
!
ip classless
no ip http server
!
access-list 100 permit ip host 100.100.100.3 host 200.200.200.4
!
route-map blah permit 10
match ip address 100
set ip next-hop 10.10.10.2
.
.
!
end

R2
R2# show running-config
Building configuration...
.
!
!
interface Ethernet0/0
ip address 200.200.200.2 255.255.255.0
ip policy route-map blah
!
interface Serial1/0
ip address 10.10.10.2 255.255.255.0
fair-queue
!
interface Serial2/0
ip address 20.20.20.2 255.255.255.0
!
router ospf 1

!--- OSPF is not configured on Serial1/0.

log-adjacency-changes
network 20.20.20.0 0.0.0.255 area 0
network 200.200.200.0 0.0.0.255 area 0
!
ip classless
no ip http server
!
!
!
access-list 100 permit ip host 200.200.200.4 host 100.100.100.3
!
route-map blah permit 10
match ip address 100
set ip next-hop 10.10.10.1
!
end

Verify Case Study 2

Verify the existence of the next hop, 10.10.10.2, in the routing table. If the destination route exists in the routing table

R1# show ip route 200.200.200.4


Routing entry for 200.200.200.0/24
Known via "ospf 1", distance 110, metric 74, type intra area
Last update from 20.20.20.2 on Serial2/0, 00:11:48 ago
Routing Descriptor Blocks:
* 20.20.20.2, from 30.30.30.3, 00:11:48 ago, via Serial2/0
Route metric is 74, traffic share count is 1

R1# debug ip policy


Policy routing debugging is on
*Dec 4 12:53:38.271: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 4 12:53:38.271: IP: route map blah, item 10, permit
*Dec 4 12:53:38.271: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/
*Dec 4 12:53:38.271: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 4 12:53:38.355: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 4 12:53:38.355: IP: route map blah, item 10, permit
*Dec 4 12:53:38.355: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/
*Dec 4 12:53:38.355: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 4 12:53:38.483: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 4 12:53:38.483: IP: route map blah, item 10, permit

R2# sh ip route 100.100.100.3


Routing entry for 100.100.100.0/24
Known via "ospf 1", distance 110, metric 74, type intra area
Last update from 20.20.20.1 on Serial2/0, 00:11:42 ago
Routing Descriptor Blocks:
* 20.20.20.1, from 100.100.100.1, 00:11:42 ago, via Serial2/0
Route metric is 74, traffic share count is 1

R2# debug ip policy


Policy routing debugging is on
*Dec 4 12:53:38.691: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100
*Dec 4 12:53:38.691: IP: route map blah, item 10, permit
*Dec 4 12:53:38.691: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1
*Dec 4 12:53:38.691: IP: Ethernet0/0 to Serial1/0 10.10.10.1
*Dec 4 12:53:38.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100
*Dec 4 12:53:38.799: IP: route map blah, item 10, permit
*Dec 4 12:53:38.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1
*Dec 4 12:53:38.799: IP: Ethernet0/0 to Serial1/0 10.10.10.1
*Dec 4 12:53:38.899: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100
*Dec 4 12:53:38.899: IP: route map blah, item 10, permit

When the destination IP address disappears from the routing, the packet is policy routed.

*Dec 5 13:33:23.607: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,


*Dec 5 13:33:23.607: IP: route map blah, item 10, permit
*Dec 5 13:33:23.607: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/
*Dec 5 13:33:23.607: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 5 13:33:23.707: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 13:33:23.707: IP: route map blah, item 10, permit
*Dec 5 13:33:23.707: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/
*Dec 5 13:33:23.707: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 5 13:33:23.847: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 13:33:23.847: IP: route map blah, item 10, permit

When Serial 1/0 interface goes down, we loose the next hop,, 10.10.10.1 from the routing table and the packet follow

*Dec 5 13:40:38.887: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,


*Dec 5 13:40:38.887: IP: route map blah, item 10, permit
*Dec 5 13:40:38.887: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/
*Dec 5 13:40:39.047: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 13:40:39.047: IP: route map blah, item 10, permit
*Dec 5 13:40:39.047: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/
*Dec 5 13:40:39.115: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 13:40:39.115: IP: route map blah, item 10, permit
*Dec 5 13:40:39.115: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/

Case Study 3: Policy Routing Using the set ip default next-hop with a Default Route

This section uses these configurations:

R1

R1
R1# show running-config
Building configuration...
.
!
interface Ethernet0/0
ip address 100.100.100.1 255.255.255.0
ip policy route-map blah
!
interface Serial1/0
ip address 10.10.10.1 255.255.255.0
!
interface Serial2/0
ip address 20.20.20.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 20.20.20.2
!
ip classless
no ip http server
!
access-list 100 permit ip host 100.100.100.3 host 200.200.200.4
!
route-map blah permit 10
match ip address 100
set ip default next-hop 10.10.10.2
.
.
!
end

R2
R2# show running-config
Building configuration...
.
!
!
interface Ethernet0/0
ip address 200.200.200.2 255.255.255.0
ip policy route-map blah
!
interface Serial1/0
ip address 10.10.10.2 255.255.255.0
fair-queue
!
interface Serial2/0
ip address 20.20.20.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 20.20.20.1
!
ip classless
no ip http server
!
!
!
access-list 100 permit ip host 200.200.200.4 host 100.100.100.3
!
route-map blah permit 10
match ip address 100
set ip default next-hop 10.10.10.1
!
end

Verify Case Study 3

When the only route to the destination is the default routethere is no specific route for that destination in the routing

R1# show ip route 200.200.200.4


% Network not in table

R1# show ip route 0.0.0.0


Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 1, metric 0, candidate default path
Routing Descriptor Blocks:
* 20.20.20.2
Route metric is 0, traffic share count is 1

R1#
*Dec 4 12:58:55.191: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100
*Dec 4 12:58:55.191: IP: route map blah, item 10, permit
*Dec 4 12:58:55.191: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1
*Dec 4 12:58:55.191: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 4 12:58:55.291: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100
*Dec 4 12:58:55.291: IP: route map blah, item 10, permit
*Dec 4 12:58:55.291: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1
*Dec 4 12:58:55.291: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 4 12:58:55.391: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100
*Dec 4 12:58:55.391: IP: route map blah, item 10, permit
*Dec 4 12:58:55.391: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1
*Dec 4 12:58:55.391: IP: Ethernet0/0 to Serial1/0 10.10.10.2

R2# show ip route 100.100.100.3


% Network not in table

R2# show ip route 0.0.0.0


Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 1, metric 0, candidate default path
Routing Descriptor Blocks:
* 20.20.20.1
Route metric is 0, traffic share count is 1

R2#
*Dec 4 12:58:20.819: %SYS-5-CONFIG_I: Configured from console by console
*Dec 4 12:58:55.611: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100
*Dec 4 12:58:55.611: IP: route map blah, item 10, permit
*Dec 4 12:58:55.611: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1
*Dec 4 12:58:55.611: IP: Ethernet0/0 to Serial1/0 10.10.10.1
*Dec 4 12:58:55.739: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100
*Dec 4 12:58:55.739: IP: route map blah, item 10, permit
*Dec 4 12:58:55.739: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1
*Dec 4 12:58:55.739: IP: Ethernet0/0 to Serial1/0 10.10.10.1
*Dec 4 12:58:55.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100
*Dec 4 12:58:55.799: IP: route map blah, item 10, permit
*Dec 4 12:58:55.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1
*Dec 4 12:58:55.799: IP: Ethernet0/0 to Serial1/0 10.10.10.1

When the default route does not exist because Serial 2/0 went down, the packet is policy routed.

R1# show ip route 0.0.0.0


% Network not in table
R1#
*Dec 5 13:02:31.283: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 13:02:31.283: IP: route map blah, item 10, permit
*Dec 5 13:02:31.283: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/
*Dec 5 13:02:31.283: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 5 13:02:31.375: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 13:02:31.375: IP: route map blah, item 10, permit
*Dec 5 13:02:31.375: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/
*Dec 5 13:02:31.375: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 5 13:02:31.435: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 13:02:31.435: IP: route map blah, item 10, permit
*Dec 5 13:02:31.435: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/
*Dec 5 13:02:31.435: IP: Ethernet0/0 to Serial1/0 10.10.10.2

In the situation where Serial2/0 is up and Serial 1/0 goes down, we loose the next hop and the packet follows the nor
R1# debug ip policy
Policy routing debugging is on
R1#
*Dec 5 12:46:49.543: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 12:46:49.543: IP: route map blah, item 10, permit
*Dec 5 12:46:49.543: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/
*Dec 5 12:46:49.623: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 12:46:49.623: IP: route map blah, item 10, permit
*Dec 5 12:46:49.623: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/
*Dec 5 12:46:49.691: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100,
*Dec 5 12:46:49.691: IP: route map blah, item 10, permit
*Dec 5 12:46:49.691: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

IP Routing Support Page


Technical Support - Cisco Systems

Updated: Aug 10, 2005

Contacts | Feedback | Help | Site Map


1992-2010 Cisco Systems, Inc. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of Cisco
Systems, Inc.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy