CCIE Topic: 1.2d Policy-Based Routing

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone i'm charles judd and in this video we're going to look at the 1.2 d topic of policy-based routing or pbr very simply this is a technique to route packets in a network based on policies or filters that we can selectively apply and we do that to override the default routing behavior so let's talk more about how this works and then we'll look at a practical configuration example let's first discuss how normal routing works under normal circumstances when a packet enters the ingress interface of a router the router first performs a layer 2 frame check sequence or fcs and it does that to ensure that the packet hasn't been corrupted in any way if the packet passes the fcs then the router will remove the layer 2 header then referencing its routing table to determine how the packet gets forwarded this is of course based on the layer 3 destination ip address information of the packet if the router finds a path to the destination then the packet is re-encapsulated with a new layer 2 header and is forwarded out of the correct egress interface we can however influence this behavior using policy-based routing or pbr this allows us to override this default routing behavior so using pbr the router still performs a layer 2 fcs it still removes the layer 2 header but this time rather than basing our forwarding decision on a destination ip address we do that based on instructions found within a route map which is an important part of policy based routing so let's make sure we understand the structure of a typical route map this is going to essentially contain logic that will match packets and then choose a route for those packets and there are two very common parameters to a route map those being the match and the set parameters now of course depending on your version of ios you likely have many more parameters but those are the most commonly used ones that we see with route maps so first when we're grouping packets using the match command we can do that in two ways we can match traffic by ip address using an access control list or we can match those packets based on their size which is a range specified by a minimum and maximum amount of bytes once we have matched packets we then use a set command to determine a route for those packets and for this we have four options we can specify a next hop ip address which obviously would allow us to very specifically use a different route than maybe used by default or we can specify the default next hop ip address this means that the router will try to forward the traffic first based on its ip routing table and if that doesn't work then it will use the ip address that we specify here as the next hop we can also set a specific interface that we want to use as the egress interface and again this can override the egress interface that may be chosen by using the ip routing table and finally we can specify a default interface which is the same concept as the default next hop ip address the router is first going to try the interface found in the ip routing table lookup and if that fails then it's going to use the interface that we specify here once we have a route map created containing our match and set parameters then we apply our route map to one of our router interfaces in order to use that here's our topology that we're going to look at in this lab we have a pc at 192.168.10.50 and that is connected into r1 r1 is acting as the default gateway for our host network and this eventually gets us out to the internet through a couple of isp connections you can see that each of those are using different networks so isp a is reachable over the 10.10.10.0 30 network while ispb is reachable using the 20.20.20.0 30 network so first on router 1 let's say show ip route static just so you can see what's in place here and i'll point out that i do have a static route configured to the 8.8.8.0 network which i'm using as my internet destination and i have configured a static route for that going over 10.10.10.2 which is of course isp a that you can see in our topology so if we go to pc1 and let's try to trace route to 8.8.8.8 and you're going to notice that of course our first hop that we see is 192.168.10.1 which is router 1 and then we're directed to isp a at 10.10.10.2 that's the 10.10.10.0 30 network and so we're definitely going to use this each time because i've configured a static route on r1 just to make sure that we always do that so let's look at how we can influence this using policy-based routing if we go back to r1 let's look at how we can use pbr to influence our router to do something other than the expected routing behavior let's force r1 to take our pc host traffic and direct that over the isp b router instead of the default route over the isp a router so the first thing we want to do is to create an access list this is the way that we identify the source ip address where the policy based routing is going to be applied so i'm going to go under global configuration mode i'm going to say access hyphen list and i'm going to make this number 100 i want to follow that with the keyword permit ip followed by the subnet or the ip address that we're targeting so in my case i'm going to say 192.168.10.0 with a 24-bit wildcard mask and that's going to match the entire host network of course in this lab i only have a single host but in the real world it's likely that we'd have an entire end device subnet available here and at the end i'm going to specify the destination as any in our case we're wanting to send all of our traffic over the ispb router to the internet destination but if you want to get more specific here and only use this for certain destination subnet or addresses we could certainly do that as well so i'm going to hit enter and that's it just a very simple acl to identify our subnet traffic so the next thing we want to do is create our actual route map we do that by saying route hyphen map followed by a name for the route map and you can be as descriptive as you want obviously the more descriptive you are the easier it's going to be to determine the purpose of your route maps later on so i'm going to say client hyphen 2 hyphen inet so that tells me that this is a route map for the clients trying to reach the internet and once i hit enter notice that we're now under route map configuration mode where we need to take care of those two common route map components that we mentioned earlier remember those are the match parameter and the set parameter so first let's say match and we could say length remember that was one option for the match and if we look at contextual help we see that we can indicate that as a range starting with the minimum packet length followed by the maximum packet length so what i want to do in this case i want to say match ip address that's the second option that we have and if we look at contextual help here this is going to indicate that we can use a named access list or the number of a standard or extended acl in my case i want to say 100 since that's the acl that i just created so now our match statement is going to reference traffic that is identified by acl 100 so now we need to use the set parameter to indicate what we want to actually do with this matched traffic remember we have four options here we can say set interface that's one option we can say set default interface that's a second option but in our case we want to use a next hop ip address so we could say set ip default next hyphen hop but what i want to do is just a very simple set ip next hyphen hop followed by the ip address this is going to be the address 20.20.20.2 in my case so the final step is to actually apply the route map to an interface let's go back under global configuration mode and let's go under interface gig zero slash zero that is the ingress interface for our client subnet traffic that's coming into r1 so from here we say ip policy and if we look at contextual help the only option that we're going to have is the route hyphen map option and we follow that with the actual name of the route map that we created which of course in my case is client hyphen 2 hyphen inet and hitting enter is going to complete that configuration our route map is now referencing traffic matched by acl 100 and policy based routing is going to be implemented on the gig 0 0 interface of this router let's jump back to the pc and let's perform another trace route command and let's take a look at the output of that one notice this time our path of course we see the 192.168.10.1 address as our first hop which is r1 but this time notice the next hop after that is 20.20.20.2 which in our topology you can see is our ispb router which goes completely against what the ip routing table on r1 says we should be doing a couple of verification commands just to wrap this up if we go back to r1 and let's say show route hyphen map and we can see our route map listed here we see the name client to inet and we see both our match and set clauses as well we see that our match clause tells us we are matching ip addresses as they are defined by access control list 100 and our set clause tells us that we have set the next hop ip address as 20.20.20.2 which is our ispb router we can also see that we've had some policy routing matches as well and that of course is because of our traceroute command that we ran from the pc we can also say show ip policy to see anywhere that we have a policy configured we can see from this output that our gig zero slash zero interface has the route map client to inet specified as the ip policy so that's a look at using policy-based routing to override the actions that our local ip routing table says we should take i hope you found this content useful and i want to thank you sincerely for watching
Info
Channel: Charles Judd
Views: 2,406
Rating: undefined out of 5
Keywords: cisco, ccie, cisco enarsi, ccie enterprise infrastructure, cisco enarsi 300-410, cisco encor 350-401, ccie lab, my ccie journey, ccie training, ccie blueprint, section 1.2, routing concepts, 1.2 routing concepts, cisco routing, routing table, 1.2d policy-based routing, policy based routing, PBR, route map, cisco route map
Id: kMjVCDP_LKE
Channel Id: undefined
Length: 12min 11sec (731 seconds)
Published: Mon Aug 31 2020
Related Videos
Cisco Multicast Routing for CCNA, CCNP, and CCIE Candidates
Kevin Wallace Training, LLC
154K
CCIE Topic: 1.4b OSPF Network and Area Types
Charles Judd
1.6K
CCIE Topic: 1.1d EtherChannel - Part 1
Charles Judd
1.3K
CCIE Topic: 1.1e MST
Charles Judd
1.9K
Configure Policy Based Routing on Cisco Router with IP SLA
MAICT Consult
294
Policy-Based Routing (PBR)
CBT Nuggets
70K
Policy Based Routing and Route-maps
Doug Suida
81K
Juniper Routing Policies | Introduction to Juniper and JNCIA Part 18
Network Direction
2.8K
CCIE Topic: 1.1e PVST+
Charles Judd
1.1K
Private VLANs (PVLANs)
Charles Judd
225
CCIE Topic: 1.4e OSPF Loop-Free Alternate Fast Reroute (LFA FRR)
Charles Judd
2.5K
CCIE Topic: 1.1a Switch Administration
Charles Judd
3.9K
CCIE Topic: 1.2e VRF-aware Routing - MPLS Layer 3 VPN
Charles Judd
1.2K
CCIE Topic: 1.1e Switch Priority, Port Priority, Path Cost, STP Timers
Charles Judd
1.4K
MicroNuggets: Policy-Based Routing (PBR) Explained
CBT Nuggets
19K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.