3.12 Configure and verify policy based routing - CCNP ROUTE Exam (300-101)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what's up what's up what's up it's your boy the network and today's topic is section 3.12 configure and verify policy based routing or pbr this is a topic in the ccnp write exam exam code 300-101 version 2.0 let's take a look at the exam blueprint see where we came from where we're headed this is the exam blueprint implementing cisco ip routing also known as the ccnp rod exam exam code 300-101 we just wrapped up the actually nothing in a while we took a break because i was working a lot of overtime and um it just made me think about you know trading time off trading time versus giving time yourself i was giving a lot of time to the company i worked for and there was a lot of sacrifice so here we are we back we wrapped up you know a couple days ago manual and auto summarization without any writing protocol today we're gonna do re configure and verify pbr after that we're gonna move on to identify sub-optimal routing so pbr or policy-based routing what is that it's a way for us to manipulate our default routing behavior so once a router receives a packet it looks at its rib or routing information base to determine what to do with that packet right and then it figures out what to do with that package by looking at the router information base and uh looking at the destination this is called destination based routing now with policy based routing we kind of defer from using our routing information base or we try not to resort to using the default routing behavior we kind of change that for whatever reason it could be for you know whatever you know rules we have in place for the organization it could be because we don't want we don't want to violate the hipaa rules or you know it could be for whatever reason we want to manipulate our packets to go a certain way instead of doing what's default by what is uh what we look at remember we look at our routing table to figure out what to do with our uh how to route packets policy-based routing kind of does um kind of goes its own way it just defies the rules of the routing information base let's head over to the slides take a look at the official definition okay so policy based routing pbr overrides a router's destination based forwarding logic just like i said this is done after the packet is de-encapsulated but before the router performs a cef table lookup you remember what cef is right that's uh cisco express forwarding actually i did a whole video on that this is when i first started this channel you could look at the ccnp playlist it's the first video that's what we talked about cef pbr determines how to route the packet based on a route map and this is why i really did not like the sequencing of this exam because we didn't even go over route maps yet and it's a whole different objective but it's uh further down the line however we're covering pbr or policy based routing before we cover out maps but i kind of had to learn about route maps on flights just so we can get to policy based routing like i said i didn't really like the sequencing of it maybe there's a reason why they did that so it's based on a route map which will cover that section again i know i said that a million times that will set either the outgoing interface or next hop ip address for the traffic kind of like what a static route does or default route does except policy-based routing kind of like it kind of like defies the rules of the routing information base the route map will also define which traffic is matched by pb uh for pbr or policy based routing so we can have we don't just do this for all the traffic we might just define what we'll do is we'll define an acl or access control list we'll look at this pack and see where it came from be like okay packets with this type of you know addressing or we match this type of address we're going to send it that way or we're going to send it this way we can define our policy based routes to determine what how to manipulate manipulate our routes pbr not pbj allows you to implement policies that selectively cost packets to take different paths so remember the routing information base or you know how you show ip route right that determines what happens with packets it tells them where to go right but again pbr defies the routing information base or the routing table ip routing is destination based right pbr avoids destination based routing so in other words we look at our destination right like say we're trying to get to la i don't know why every time you know i always compare stuff to roads and highways i always use la as the destination we trying to get to la right that's our destination okay we want to get to la you want to go that way pbr doesn't do that pbr just says okay yeah you want to go to la right but what are you wearing or you know what's your name he's kind of like discriminatory in a way and says okay you wearing that or your name's is that or you the color of your eyes is that okay that means you got to go that way to get to la so pbr again defies the routing information base that the routing information base is default behavior pbr just tells them otherwise on how to get to its destination so it doesn't determine the desk it doesn't tell packets where to go by its destination it looks at where it came from and then decides which way to get to la or its destination this is called i believe it's called source-based routing it's applied to incoming packets as we just mentioned it makes traffic marking a possibility you know that's like quality of service you know what that is that's like you when you don't want to get to collaboration that's what that is it requires a route map to implement possibly policy i hate the fact that we covering this before we cover route maps but it is what it is and mats routes are modified by set commands right route maps we'll you'll see when we cover that you do a match you say okay anybody that matches this then we're going to do a set and then tell them where to go so in other words okay your call your eye color is this okay you're gonna be going this way to get to whatever city we don't even care what's whatever city you get to you're just gonna take that way that's why it's not destination based so the steps to configure and verify pbr policy based routing first thing we're gonna do is create an acl which you already know how to do that that's the ccna fundamental step two we enable pbr by configuring a route map again route map is something we're gonna cover later on but we're gonna be covering it now anyway uh you match the traffic again like i said you do a match command and then you're going to define the action with before the batch traffic using the set command so match set match set remember that when we're doing pbr or route maps match set enable fast switched pbr this is an optional uh feature enable fast switch pvr or pbr that is switched by cef or cisco express forwarding again look at the first video on the ctp playlist on to get a little bit more information on what cisco express forwarding is step four apply the route map to an incoming interface or to packets that are generated by the router that's pretty self-explanatory right there so these are the match commands we're gonna go we're gonna spin up gns3 and go over all this stuff too you're gonna do you can fit this first one right here configures the route map you type in you go to config mode route map and then you name the route map determine what kind of action it is you want to permit or deny and then you put a sequence number in this case we did 10. uh the next one here's another match command uh matches the ip addresses for policy routing so once you're in config mode you do match and then in this case we're going to match the ip address you can match by you'll see i'll show you how there's a whole bunch of options in this case we're going to be matching an ip address and then 20. so this command right here this second command in the red right here match ip address 20 says to match the ip address that's an access list number 20. that's what that one says and then this last one right here you can you can get really creative with this as you can see this last one here matches the size of the package so if you say okay you got packets that are this size send them that way remember policy based routing is kind of discriminatory so we're kind of saying okay ladies that's this is almost like the bouncer the club that we did with uh with the rock filtering video any ladies that's uh over and fifty pounds y'all gotta go this way or hey ladies that are under 250 pounds 200 pounds whatever y'all gotta go take the you know the vip route whatever the case may be again we are being discriminatory you can choose the actual the size of the packet and term and determine which way it goes for whatever reason it could be for your whatever your organization has or rules or regulations that it must follow so we can route our packets uh we can manipulate our packet routing here are a couple set commands remember we just did match commands these are the match commands and then you do set you can first you do match and then you're gonna set them what to do with them okay so here goes a couple set commands you can set ip next top and then you will actually define the next hop when you receive a pack and when you receive a specific packet you look at the packet and say okay this came from blah blah blah blah okay we're gonna send it to this next hop or you can choose the outgoing interface and say okay boom this came from blah blah blah blah we're gonna take send it that way remember it used to be with destination based routing you can receive a pack and you say okay this is destined for that specific destination send it that way that's what destination based routing does with policy based routing we receive an incoming packet and say oh this came from xxx send it that way so you can choose next hop or the outgoing interface these are a couple match commands a couple more match commands you can set ip default next hot or set i default interface outgoing interface difference between these two is that it defines where to output packets that match that pass a match clause or a route map for policy routing and have no explicit route to the destination so in other words they don't have a specific route so we always gonna send it this way and you'll see it in the uh the debugging messages i'll show y'all applying route maps to for pbr what you would do is you will go to the interface and then just basically type in ip policy route map and then you just put that on the ink so on the incoming interface so wherever you receive any specific packets that's where you're going to be applying the route map for policy based routing so let's say you have an uh interface and then wherever these incoming uh messages that you want to apply the policy based routing that's you're gonna put that route map and it's gonna look at the pack and say okay it came from this we'll send it that way you could also do this for packets that originated from the router that's what the second command is and then you just type in ip local policy now so we got a we got a packet that originated from this router we look at the uh source this actually is obviously going to be our router we'll just um determine what to do with it by uh defining the route map and that's what the second command is this is an uh this is an optional feature you don't necessarily have to do this switching of pbr by cef is enabled automatically with the ipcef command remember we could turn it off by uh obviously no ipcf but it's already enabled by default with with our routers again you can look at the first video that i did for this ccmp route series we just we uh covered cisco express forwarding and what that is you could also turn it off per interface by doing at the bottom right here in the green ip route cache policy that turns off cef for each interface here go a couple show commands to go to cover policy based routing show up policy so route map you can also do debug ip policy you can pause this and freeze frame it these are really important to cover uh policy based router you could also do so i ain't even put that on here show access list because when we are defining policy based routing we're going to be creating acls as well let's go ahead and spin up gns3 and cover pbr all right so we have our topology here this is what we're going to be using to uh explore pbr or policy based routing we got these three pcs right here on the local area network right local area network switch right here we got our router one this is the router that we're gonna implement pbr we're gonna do it on this interface right here because we're gonna have these pcs right here that need to get the headquarters router right here but they have two isps to get there right y'all see that these three pcs they're gonna be sending packages that'll be incoming on f801 and then they have two ways to get the headquarters right now without showing y'all show commands and stuff like that and just to tell y'all the default route behavior i'll just explain it to y'all these three pcs right here if they want to get to this interface right here they're gonna you know this top interface right here 2015 5.1 right they will have to take isp one by default they're gonna all take this route if they want to get to dot one over here 205 20 5.1 these three pcs are going to take by default the routing information base will tell them to go to isp2 let's go into router 1. uh actually let's go into pc3 just uh let's pick pc1 real quick just to show y'all because we got a couple tasks right here we're going to implement pdr pbr so that all traffic sourced by this pc will be forwarded to isp1 all right not just the ones for this interface and the same thing for pc2 we're going to implement pbr sold traffic source from this pc will take uh this bottom isp right here so let's go ahead and console in the router one take a look at his routing table and then i'll show y'all real quick the default routing behavior okay so we are in logged into router one show ip route and i'll show y'all real quick we got the one network which is where the local area network where the pcs lie you'll see 205 15 to get to that network which is 15.5 which is this right here they got to take the next top of 16 1.1 which is this guy right that right there and the same thing with this bottom one right here 205 20.5 network take the 20.5.1 20 172 25.1 interface which is that guy right there so to get to this interface take that we gonna again implement policy-based routing so that way this pc will always take this route and that pc will always take that route no matter where he's going okay so as you can see we've got two tasks here uh again we're gonna implement pbr so that all traffic sourced from triple triple one zero is forwarded to isp one so that's triple one zero all his traffic needs to be forwarded to isp one no matter what interface he's trying to hit on the headquarters router second task says implement pbr so that all traffic source from one two to zero this guy right here is forwarded isp2 which is that router so whatever interface he's trying to hit on his headquarters router he needs to always take isp2 no matter which interface he's trying to uh trying to reach here policy based routing is going to be implemented on router 1 right here and we are we've already i've already configured the ip addressing once again eigrp is set up to uh share routes on these guys right here all we're doing right now is just manipulating which ways the source ip is going to be headed so remember now this is going to be basically source based routing instead of destination based routing because now we're just looking at the source of the packets to determine which way it should go let's go ahead and first of all let's go ahead and first of all just test uh basic connectivity one more time we have pc one ping the headquarters real quick let's console into him we're gonna have pc one ping headquarters router right this guy right here so have him paying uh let's see pain 205 dot let's go with uh 20.5.1 okay so we got a reply all right that's just basic connectivity i already showed y'all which way uh it went as far as the trace routes go now let's go ahead and uh implement policy based routing on router one that's where it's gonna go because we're gonna be determining the source by looking at the ip addresses of the packets coming from these pcs and those packets are gonna be coming into that interface right there so that's we're going to be applying the uh the uh policy first thing we're going to do is create an access list so let's go ahead and go into configure mode configure terminal or privileges exec if you want to be politically correct that's a bar for y'all right there let's uh access let's create that first access let's access list one we are going to permit the first ip address which is triple 1.0 we'll go ahead and do both at the same time let's create a second access list that's list two permit one two two two zero that's gonna be our access list so that's the first thing we're gonna do let's go ahead and get out of that and uh just do a quick show command verify show access list access list and there's our access list right there right we're permitting that ip address and that that ip address matter of fact i want to do specific hosts let's let's let's uh let's uh let's go back into config mode and uh make it a little bit more specific let's do permit host when i i just want to add that go back to access list two and we'll say that is a host and uh do show access dash list so we can make sure and yeah they still there all right so now we've got our access list created now we're going to go into the route map and create the policies in the route map so the way you do that is route map and then we are going to give it a name in this case we're just going to name it bruh 15. uh next thing we're going to do is permit right we are going to permit and give it a sequence number the first sequence is this is the first thing we're going to do right we're going to give it permit 10 right now we are in the route map we're going to configure to actually configure the route map we just created basically like name it's like kind of like making a folder for it so now first thing we're going to do is the match remember each route map has a match and then a set so match if you're saying if this is the case and then the set is then this is what we're going to do so this is this is what you call uh if then statements let's go ahead and create the match we're going to say match ip address access list so we're going to say match ip address from the access list number one then we're going to create let's do a set command if you get a match what are we going to do with him we're gonna say set his default set his uh ip uh these are the other options you got you can do you know quality of service group next top hat df bit that's don't fragment if you don't know what that is look in the fragment fragmentation video i have on the ccnp playlist we are just going to set the next hot address for this so we're saying if the ip address is this set his next hop to this so in that case next top which as you can see task one was uh forwarded to isp1 so we're going to say forward it to this address if you get an uh package from that ip so it's 172 16 1.1 172 16 1.1 we're going to set that next thing we're going to do is let's get out of that we're going to create the second rule basically or sequence so we're going to do another match uh actually we're gonna do another um i think another prefixes or uh another sequence we're gonna say route map same so route map bra 15 is what we called it we're going to say permit and we're going to give it another sequence we gave the first sequence uh i believe we gave first sequence 10 right i think that's the default number anyway if you just leave it blank we're gonna do permit uh sequence number 20 right so now we're going to configure this we're going to say match ip address from the uh from the access list number two to this one right and then if you get a match from access list number two we're gonna set his next top to the default gateway of set ip next top the default gateway from isp2 that's the second task right so we need to get the ip address of that right there i don't remember what that was so let's console with zero zero zero figure out what that ip address was all right i don't remember what i did i didn't do the labeling here my fault y'all yeah grp is up show ip interface brief and his uh other ip address was this guy right here 172 25.1 so we're going to bat rattle one sex set i know what's on my mind right now i'm fed feeling x-rated it's mr nasty time oh mr nasa next hop to that right there all right so [Music] uh so we did a match we did a set statement uh that's all we're gonna work with right now so let's get out of this and now we're gonna take these route maps that we created and apply them in the policy and the policy we're gonna apply that policy on this interface right here because that's where those packers are going to be coming in right so we're going to go into that interface interface f8 i'm going to turn my number log off 0 0 and then believe it's ip policy yeah and then the name of the route map which in this case is bruh 15 right that's what we did here let me verify that with y'all yeah bruh 15 was the name of the route map so we're applying that route we're applying this route map to this interface and that's essentially what we're doing with this let's run a real quick show command which is do show ip policy and there it is right there interface if you had a bunch of policies on several different interfaces they'll be showing up on this list here so now that we've done that let's go ahead and test our theory here first thing we're going to do is let's have pc1 remember he was always if he wanted to get to this ip address he always had to go take isp one right let's go ahead and ping that guy and see what happens right because remember if he wanted to ping this ip address he needed to go to isp2 so now let's make sure that he's going to hit isp one to get to that eye so we're going to ping this ip address right here right he's going to go he should go theoretically if we've done this correctly should go through the switch router 1 isp1 and then headquarters instead of going to isp2 right y'all with me so let's go ahead and go into pc1 uh actually let's do another let's do another uh another way we can test this too in router one we're gonna do a debug mode we're gonna do it apply debug debug whole bunch online i ain't mean to do that uh so many debug commands there's so many debug commands debug ip policy is i believe what we want to do here yeah and then yeah we'll do that debug ip policy i'm not too sure what dynamic obviously that means it's dynamic policy based writing we i haven't really known that that might be a ccie topic i'm not too sure i'll look into it put it in the comments below so debug ip policy this turns on policy routing you can basically log the uh the traffic that matches here so in this case let's go ahead in the pc one and try to ping we paint 5.1 last time which was this 205 25.1 right yeah let's do that again yeah we're going to ping this again and take a look at what's going on here 5.1 so it went through got some replies but let's take a look around one here now that we've debugged you can see these messages coming here right now it says we have uh this first one right here see source triple 1.0 which was that guy right it came on this interface fa0 which was this guy right here and then the destination was 205 25.1 right which was here which was here right there what happened here it says there was an there was a fib policy match what happened with it it got routed right let's take a look at the trace route to see which way he went let's go to pc1 and do a trace remember last time he took isp one let's do a 205.20.5.1 see what happens here this time he took 172 16 1.1 which was he still took isp one basically so to get to that ip address right there he took isp one instead of taking isp two right so we we basically done that we've basically confirmed our first task let's go ahead and um what else can we check out here yeah and then he made it to to that ip address right there 15 5.1 no that's not what we wanted to ping we wanted to ping 25.1 yeah that was it that was it so i'm sorry that was the next hop right there that he took before he got there so that he got he arrived on this interface and then he made it to that in the face right there let's uh let's go ahead and test pc2 to see if his is uh doing correctly remember if he wanted to take if he wanted to ping that ip address he would have to isp one let's go ahead and ping it again this time and see what happens um because now he should theoretically take isp two to get there right so let's go ahead and ping 205 15 5.1 right 205 15 5.1 let's go into pc2 all right so we're logged into pc2 we're going to ping this guy right here let's go in the headquarters and get it actually yeah 205 15 5.2 all right so 205 15.5 so we pinging got some replies let's go into router one to take a look at what happened obviously the same thing that basically happened source one two two oh destination was that we got a match and then it was routed normally now we didn't do anything with pc3 we didn't create any rules for him let's see what happens when we uh oh actually let's first before we do that let's do a trace route see what happened on pc2 trace 205.15.5.2 you can see he took triple 1 or quad 1 which was the default gateway then he went to 25.1 which was this guy 25.1 right here and then as you can see to the way we thought he was going to take 25.1 which was this guy right here 12 525.1 then he made it to there it was next hop and essentially made it uh so yeah that was correct let's see what happens when we use pc3 we didn't create any rules for pc3 so let's go ahead and console with him last one and remember you can get really creative with this you can choose the size of the packet you can choose uh what time of day what to do with certain packages there's so many ways you can you get real creative with it but that would be kind of beyond the scope of this exam but not really but if you really want to know pbr in and out that's one thing you can do is just go through the options and figure out what happens and look in and and perform trace routes and see what happens looks like we're going to have to reboot pc3 again let's turn that guy off all right so let's uh console into pc3 we're gonna have him paint that interface right there 205 15 5.1 right ping 205.15.5.1 we got some replies let's take a look at what's going on the router one right those in those packets are coming from here to there into router one and say i believe theoretically he should take uh isp one according to the default routing behavior so we're going to go into router 1 and take a look at what happened with pc1's packets or pc3s packets rather than one and as you can see fib policy rejected so because we didn't create no rules for him normal forwarding so basically he took the regular route and he followed the he basically followed the default routing behavior which was if we do a show ip route you can see to get to 205 15.5 network you're going to take 172 25.1 which is essentially down here actually i thought it was up here for some reason so he had to take that way to get that interface and that should be it um let's uh go back to the slides here what are some of the benefits of policy based routing uh source based transit provider isps and the like use pbr route traffic you know this is basically what uh isps use to manipulate their traffic if they have you know specific servers that need to go to you know traffic that needs it's shown like i said there's so many rules that you could implement with policy based routing it's also used for quality of service queuing is leveraged to prioritize traffic in the network and also um there's some cost benefit cost savings benefits organizations can achieve cost savings by routing non-interactive traffic across lower speed links so let's say if you got traffic that's just like you know ftp traffic or traffic that's just not as important you might want to route that traffic elsewhere to maybe some of your older heathen routers that are just you know just not cisco um and then you just maybe you know if you want your video traffic to go you know to another router that's policy based routing could do that and that should be it um if you like this video please uh comment like subscribe i'm on twitter that's my contact information again subscribe to the network bro

Info

Channel: NetworkBruh

Views: 596

Rating: undefined out of 5

Keywords: CCNP ROUTE, CCNA, CCENT, #labeverday

Id: sKTmhT803HM

Channel Id: undefined

Length: 31min 50sec (1910 seconds)

Published: Mon Mar 11 2019