SlideShare una empresa de Scribd logo

6.policy based routing

university fsr
university fsr
Tecnología
1 de 9
Descargar para leer sin conexión
ISP/IXP Networking Workshop Lab Module 9 – Policy Based Routing Objective: Using interesting lab exercises, the student will implement some of the fundamental techniques of Policy Routing, as applied in Cisco IOS. Prerequisite: Module 1 and the Policy Routing Presentation REFERENCES Cisco Systems Documentation CD. INTRODUCTION The workshop lab exercises which accompany this module appear after the following discussion and documentation about Policy Routing. Please read this text first, referring to the provided CD Documentation in the event of any questions. WHAT IS POLICY ROUTING? Policy routing is a more flexible mechanism for routing packets than destination routing. It is a process whereby the router puts packets through a route map before routing them. The route map determines which packets are routed to which router next. You might enable policy routing if you want certain packets to be routed some way other than the obvious shortest path. Some possible applications for policy routing are to provide equal access, protocol-sensitive routing, source-sensitive routing, routing based on interactive versus batch traffic, or routing based on dedicated links. To enable policy routing, you must identify which route map to use for policy routing and create the route map. The route map itself specifies the match criteria and the resulting action if all of the match clauses are met. These steps are described in the following three task tables. To enable policy routing on an interface, indicate which route map the router should use by performing the following task in interface configuration mode. All packets arriving on the specified interface will be subject to policy routing. This command disables fast switching of all packets arriving on this interface. 1. Identify the route map to use for policy routing. ip policy route-map map-tag 2. Define a route map to control where packets are output. route-map map-tag[permit | deny] [sequence-number] 1
Monday, May 15, 2006 3. Define the criteria by which packets are policy routed. The next step is to define the criteria by which packets are examined to see if they will be policy routed. No match clause in the route map indicates all packets. Perform one or more of the following tasks in route-map configuration mode: • Match the Level 3 length of the packet: match length min max • Match the destination IP address that is permitted by one or more standard or extended access lists: match ip address {access-list-number | name} [...access-list-number | name] 4. Pick Destination Port. The last step is to specify where the packets that pass the match criteria are output. To do so, perform one or more of the following tasks in route-map configuration mode: • Specify the next hop to which to route the packet Next-hop must be adjacent, early documentation is NOT correct on this point. set ip next-hop ip-address [...ip-address] • Specify the output interface for the packet. set interface type number [... type number] • Specify the next hop to which to route the packet, if there is no explicit route for this destination. set ip default next-hop ip-address [... ip-address] • Specify the output interface for the packet, if there is no explicit route for this destination. set default interface type number [...type number] The set commands can be used in conjunction with each other. They are evaluated in the order shown in the previous task table. A usable next hop implies an interface. Once the local router finds a next hop and a usable interface, it routes the packet. Enable Local Policy Routing Packets that are generated by the router are not normally policy-routed. To enable local policy routing for such packets, indicate which route map the router should use by performing the following task in global configuration mode. All packets originating on the router will then be subject to local policy routing. Cisco Systems Inc 2 170 West Tasman Drive. San Jose, CA 95134-1706 Phone: +1 408 526-4000 Fax: +1 408 536-4100
ISP/IXP Networking Workshop Lab Identify the route map to use for local policy routing. ip local policy route-map map-tag Use the show ip local policy command to display the route map used for local policy routing, if one exists. Caveats • Minimum version is 11.0(1) – policy routed traffic is process switched, so can be a processor intensive operation for high data rates. • Make sure "ip policy route-map" is applied on the INPUT interface. • Make sure that IP routing or something similar is used to get the packets back to the source. Policy routing is a static route to the next hop – the next hop must know how to route the packet onwards. • Policy routed traffic can be fast-switched (see below) as from 11.3 and 12.0 software releases. Note that ip route-cache policy is off by default and needs to be applied to the input interface. • No IP options work with policy routing, e.g. IP record route ... Fast-Switched Policy Routing IP policy routing can now be fast-switched. Prior to this feature, policy routing could only be process switched, which meant that on most platforms, the switching rate was approximately 1,000 to 10,000 packets per second. This was not fast enough for many applications or the size of trunks being used. Users who need policy routing to occur at faster speeds can now implement policy routing without slowing down the router. Restrictions Fast-switched policy routing supports all of the match commands and most of the set commands, except for the following restrictions: • The set ip default command is not supported. • The set interface command is supported only over point-to-point links, unless a route-cache entry exists using the same interface specified in the set interface command in the route map. Also, at process level, the routing table is consulted to determine if the interface is on a reasonable path to the destination. During fast switching, the software does not make this check. Instead, if the packet matches, the software blindly forwards the packet to the specified interface. 3
Monday, May 15, 2006 Configuration Example Fast switching of policy routing is disabled by default. The following example enables policy routing to be fast switched on an ethernet interface. interface ethernet 0/0 ip route-cache policy LIST OF RELATED COMMANDS • ip policy route-map • ip local policy • match ip address • match length • route-map • set default interface • set interface • set ip default next-hop • set ip next-hop • set ip precedence (undocumented as of 11.2(7)P ) • set ip tos (undocumented as of 11.2(7)P ) • ip route-cache policy • show ip cache policy Cisco Systems Inc 4 170 West Tasman Drive. San Jose, CA 95134-1706 Phone: +1 408 526-4000 Fax: +1 408 536-4100
ISP/IXP Networking Workshop Lab LABS & EXERCISES 1. Check Physical Connectivity. The connectivity for this workshop should be as in Figure 1. Ensure that all physical connections are complete and pingable. The addresses used for links between routers should be left the same as those chosen for Module 1. e0/1 e0/0 e0/0 e0/1 R1 R2 s0/0 s0/0 s0/1 s0/1 R3 R4 R15 s0/0 s0/0 s0/1 s0/1 e0/0 e0/0 e0/1 R5 R6 C2924XL s0/0 s0/0 s0/1 s0/1 R7 R8 s0/0 s0/0 Laptop computer Laptop computer s0/1 s0/1 e0/0 e0/0 R9 R10 s0/0 s0/0 s0/1 s0/1 R11 R12 s0/0 s0/0 s0/1 s0/1 e0/1 e0/0 e0/0 e0/1 R13 R14 Figure 1 – Network Configuration 5
Monday, May 15, 2006 2. Clean up from past labs. Delete any remaining BGP configuration, route maps, communities, access-lists and AS-Path access-lists. 3. Create OSPF PID 41, area 0 on all routers. All Router Teams will configure one OSPF domain – Area 0 – for the network. This configuration should be as was used in Module 1 checkpoint #1. 4. Ping Test. The system specified by the instructors (usually Router15 or the time server ntp0.workshop.net) will be used for the target of this lab. All routers should be able to ping and traceroute to the Time Server. Capture the trace to the Time Server. This will be used as a baseline. Checkpoint #1: Call the workshop instructor, explain the OSPF configuration, and demonstrate the connectivity to the Time Server. 5. Policy Assignment – Create a Ping/Traceroute Ring. Using policy routing, configure interfaces on the entire network so that a traceroute from Router6 to the Time Server would take the following path (see Figure 2): Router6 → Router8 → Router10 → Router12 → Router14 → Router13 → Router11 → Router9 → Router7 → Router5 → Router3 → Router1 → Router2 → Router4 → Router6 → Router15/TimeSource 6. Approaches to applying policy routing. Policy-Based Routing is as dangerous as static routes. Hence, you need to approach the application of a Policy Route very methodically. OSPF must be configured properly before any of consideration is made to implement policy routing. The first step is to change the characteristic of the trace leaving the router. If the trace to the Time Server originally went out one port, change it to go out another. To accomplish this you use the ip local policy route-map command (see explanation above). Hint: Work out which interface is the outbound interface and which is inbound, and where the policy configuration needs to be applied. Think before typing in configuration. Example: ! destination address to match against ! access-list 100 permit ip any host 192.168.1.1 ! ! configuration to determine policy for packets generated on router ! route-map redirect-local-traffic permit 10 match ip address 100 set interface serial 0/0 ! ip local policy route-map redirect-1ocal-traffic ! ! configuration to determine policy for incoming packets ! route-map redirect-incoming-traffic permit 10 Cisco Systems Inc 6 170 West Tasman Drive. San Jose, CA 95134-1706 Phone: +1 408 526-4000 Fax: +1 408 536-4100
ISP/IXP Networking Workshop Lab match ip address 100 set interface serial 0/0 ! interface serial 1/0 ip policy route-map redirect-incoming-traffic HINT: For two routers that interconnect via serial links – the set interface command may be easier. Set interface will not work for broadcast interconnects like ethernet. e0/1 e0/0 e0/0 e0/1 R1 R2 s0/0 s0/0 s0/1 s0/1 microWebserver R3 R4 s0/0 s0/0 R15 s0/1 s0/1 e0/0 e0/0 e0/1 R5 R6 C2924XL s0/0 s0/0 s0/1 s0/1 R7 R8 s0/0 s0/0 Laptop computer Laptop computer s0/1 s0/1 e0/0 e0/0 R9 R10 s0/0 s0/0 s0/1 s0/1 R11 R12 s0/0 s0/0 s0/1 s0/1 e0/1 e0/0 e0/0 e0/1 R13 R14 Figure 2 – Traceroute Ring from Router 6 to Time Server (Router15) Question: What should be used in lieu of set interface on broadcast mediums like ethernet? Answer: Use “set ip next-hop <ip address>”. 7
Monday, May 15, 2006 Question: What differences are there between the configuration used for Router 6 and the remaining routers in the workshop? Why? Answer: Remember that the trace from the console has to go round the class, not direct to the Time Server… Q. Will Policy Routing drop my packets if I set in on a router's interface, but have no set next-hop configured? A. Policy Routing will first look for another set command first. If there is no other set command configured or if the set command doesn't make sense, then the router falls back to the normal routing (destination-based). Checkpoint #2: The lab instructor will now demonstrate a trace from Router6 to the Time Server (or substitute device). If the policy routing has been set up successfully, a trace will follow the paths shown in Figure 2. Q. What happens if the connection between one of the routers in the path of the policy routed connection to the Time Server is broken? Why? Checkpoint #3: The lab instructor will now break the connection between Router4 and Router6. Observe what happens to the paths followed now. A. If the policy destination is down, the router reverts to using the routing table for its forwarding decisions. Cisco Systems Inc 8 170 West Tasman Drive. San Jose, CA 95134-1706 Phone: +1 408 526-4000 Fax: +1 408 536-4100
ISP/IXP Networking Workshop Lab CONFIGURATION NOTES Documentation is critical! You should record the configuration at each Checkpoint, as well as the configuration at the end of the module. 9

Recomendados

Labs ospf
Labs ospfLabs ospf
Labs ospfAbraham Salgado Garcia
 
Chapter 7
Chapter 7Chapter 7
Chapter 7Suchit Aher
 
Ipv6
Ipv6Ipv6
Ipv6Alp isik
 
Ccna voice study summary 460
Ccna voice study summary 460Ccna voice study summary 460
Ccna voice study summary 460B Mach
 
Eigrp
EigrpEigrp
Eigrpfirey
 
Rip1
Rip1Rip1
Rip1Swathi Salla
 
Day 3.1 basic routing
Day 3.1 basic routing Day 3.1 basic routing
Day 3.1 basic routing CYBERINTELLIGENTS
 
Ospf hassan jamal.ppt
Ospf hassan jamal.pptOspf hassan jamal.ppt
Ospf hassan jamal.pptalmazeedihassan
 

Recomendados

Labs ospf
Labs ospfLabs ospf
Labs ospfAbraham Salgado Garcia
 
Chapter 7
Chapter 7Chapter 7
Chapter 7Suchit Aher
 
Ipv6
Ipv6Ipv6
Ipv6Alp isik
 
Ccna voice study summary 460
Ccna voice study summary 460Ccna voice study summary 460
Ccna voice study summary 460B Mach
 
Eigrp
EigrpEigrp
Eigrpfirey
 
Rip1
Rip1Rip1
Rip1Swathi Salla
 
Day 3.1 basic routing
Day 3.1 basic routing Day 3.1 basic routing
Day 3.1 basic routing CYBERINTELLIGENTS
 
Ospf hassan jamal.ppt
Ospf hassan jamal.pptOspf hassan jamal.ppt
Ospf hassan jamal.pptalmazeedihassan
 
Advance eigrp
Advance eigrp Advance eigrp
Advance eigrp firey
 
Eigrp
EigrpEigrp
EigrpJuan Zambrano Burgos
 
Juniper mpls best practice part 2
Juniper mpls best practice part 2Juniper mpls best practice part 2
Juniper mpls best practice part 2Febrian ‎
 
Ccn pv6 switch_lab1-2_clearing_attached_switches_student
Ccn pv6 switch_lab1-2_clearing_attached_switches_studentCcn pv6 switch_lab1-2_clearing_attached_switches_student
Ccn pv6 switch_lab1-2_clearing_attached_switches_studentmart_ixu
 
Ccnpswitch
CcnpswitchCcnpswitch
CcnpswitchSiddhartha Rajbhatt
 
Cisco hsrp configuration
Cisco hsrp configurationCisco hsrp configuration
Cisco hsrp configurationWahyu Nasution
 
Ccnp3 lab 3_5_en (hacer)
Ccnp3 lab 3_5_en (hacer)Ccnp3 lab 3_5_en (hacer)
Ccnp3 lab 3_5_en (hacer)Omar Herrera
 
Day 10 loops+ rip+ igrp
Day 10 loops+ rip+ igrpDay 10 loops+ rip+ igrp
Day 10 loops+ rip+ igrpCYBERINTELLIGENTS
 
Day 2 IP ROUTING
Day 2 IP ROUTINGDay 2 IP ROUTING
Day 2 IP ROUTINGanilinvns
 
IBM Flex System Fabric CN4093 10Gb Converged Scalable Switch
IBM Flex System Fabric CN4093 10Gb Converged Scalable SwitchIBM Flex System Fabric CN4093 10Gb Converged Scalable Switch
IBM Flex System Fabric CN4093 10Gb Converged Scalable SwitchIBM India Smarter Computing
 
1cospf
1cospf1cospf
1cospfandersonaguimaraes
 
Eigrp
EigrpEigrp
Eigrpthwayyib
 
CCNA part 6 igrp,ospf,eigrp
CCNA part 6 igrp,ospf,eigrpCCNA part 6 igrp,ospf,eigrp
CCNA part 6 igrp,ospf,eigrpSandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Ccna2 mod3-configuring a-router
Ccna2 mod3-configuring a-routerCcna2 mod3-configuring a-router
Ccna2 mod3-configuring a-router97148881557
 
EIGRP (enhanced interior gateway routing protocol)
EIGRP (enhanced interior gateway routing protocol)EIGRP (enhanced interior gateway routing protocol)
EIGRP (enhanced interior gateway routing protocol)Netwax Lab
 
03 router-configuration
03 router-configuration03 router-configuration
03 router-configuration97148881557
 
6215601 understanding-mpls
6215601 understanding-mpls6215601 understanding-mpls
6215601 understanding-mplsMalli A
 
Hsrp
HsrpHsrp
HsrpAnuj Kumar
 
Difference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTPDifference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTPNetwax Lab
 
VRRP (virtual router redundancy protocol)
VRRP (virtual router redundancy protocol)VRRP (virtual router redundancy protocol)
VRRP (virtual router redundancy protocol)Netwax Lab
 
Настраиваем оборудование Juniper. Основы JunOS за одно занятие
Настраиваем оборудование Juniper. Основы JunOS за одно занятиеНастраиваем оборудование Juniper. Основы JunOS за одно занятие
Настраиваем оборудование Juniper. Основы JunOS за одно занятиеSkillFactory
 
MPLS для чайников: основы технологии провайдеров и операторов связи
MPLS для чайников: основы технологии провайдеров и операторов связиMPLS для чайников: основы технологии провайдеров и операторов связи
MPLS для чайников: основы технологии провайдеров и операторов связиSkillFactory
 

Más contenido relacionado

La actualidad más candente

Advance eigrp
Advance eigrp Advance eigrp
Advance eigrp firey
 
Juniper mpls best practice part 2
Juniper mpls best practice part 2Juniper mpls best practice part 2
Juniper mpls best practice part 2Febrian ‎
 
Ccn pv6 switch_lab1-2_clearing_attached_switches_student
Ccn pv6 switch_lab1-2_clearing_attached_switches_studentCcn pv6 switch_lab1-2_clearing_attached_switches_student
Ccn pv6 switch_lab1-2_clearing_attached_switches_studentmart_ixu
 
Cisco hsrp configuration
Cisco hsrp configurationCisco hsrp configuration
Cisco hsrp configurationWahyu Nasution
 
Ccnp3 lab 3_5_en (hacer)
Ccnp3 lab 3_5_en (hacer)Ccnp3 lab 3_5_en (hacer)
Ccnp3 lab 3_5_en (hacer)Omar Herrera
 
Day 2 IP ROUTING
Day 2 IP ROUTINGDay 2 IP ROUTING
Day 2 IP ROUTINGanilinvns
 
IBM Flex System Fabric CN4093 10Gb Converged Scalable Switch
IBM Flex System Fabric CN4093 10Gb Converged Scalable SwitchIBM Flex System Fabric CN4093 10Gb Converged Scalable Switch
IBM Flex System Fabric CN4093 10Gb Converged Scalable SwitchIBM India Smarter Computing
 
Ccna2 mod3-configuring a-router
Ccna2 mod3-configuring a-routerCcna2 mod3-configuring a-router
Ccna2 mod3-configuring a-router97148881557
 
EIGRP (enhanced interior gateway routing protocol)
EIGRP (enhanced interior gateway routing protocol)EIGRP (enhanced interior gateway routing protocol)
EIGRP (enhanced interior gateway routing protocol)Netwax Lab
 
03 router-configuration
03 router-configuration03 router-configuration
03 router-configuration97148881557
 
6215601 understanding-mpls
6215601 understanding-mpls6215601 understanding-mpls
6215601 understanding-mplsMalli A
 
Difference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTPDifference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTPNetwax Lab
 
VRRP (virtual router redundancy protocol)
VRRP (virtual router redundancy protocol)VRRP (virtual router redundancy protocol)
VRRP (virtual router redundancy protocol)Netwax Lab
 

La actualidad más candente (20)

Advance eigrp
Advance eigrp Advance eigrp
Advance eigrp
 
Eigrp
EigrpEigrp
Eigrp
 
Juniper mpls best practice part 2
Juniper mpls best practice part 2Juniper mpls best practice part 2
Juniper mpls best practice part 2
 
Ccn pv6 switch_lab1-2_clearing_attached_switches_student
Ccn pv6 switch_lab1-2_clearing_attached_switches_studentCcn pv6 switch_lab1-2_clearing_attached_switches_student
Ccn pv6 switch_lab1-2_clearing_attached_switches_student
 
Ccnpswitch
CcnpswitchCcnpswitch
Ccnpswitch
 
Cisco hsrp configuration
Cisco hsrp configurationCisco hsrp configuration
Cisco hsrp configuration
 
Ccnp3 lab 3_5_en (hacer)
Ccnp3 lab 3_5_en (hacer)Ccnp3 lab 3_5_en (hacer)
Ccnp3 lab 3_5_en (hacer)
 
Day 10 loops+ rip+ igrp
Day 10 loops+ rip+ igrpDay 10 loops+ rip+ igrp
Day 10 loops+ rip+ igrp
 
Day 2 IP ROUTING
Day 2 IP ROUTINGDay 2 IP ROUTING
Day 2 IP ROUTING
 
IBM Flex System Fabric CN4093 10Gb Converged Scalable Switch
IBM Flex System Fabric CN4093 10Gb Converged Scalable SwitchIBM Flex System Fabric CN4093 10Gb Converged Scalable Switch
IBM Flex System Fabric CN4093 10Gb Converged Scalable Switch
 
1cospf
1cospf1cospf
1cospf
 
Eigrp
EigrpEigrp
Eigrp
 
CCNA part 6 igrp,ospf,eigrp
CCNA part 6 igrp,ospf,eigrpCCNA part 6 igrp,ospf,eigrp
CCNA part 6 igrp,ospf,eigrp
 
Ccna2 mod3-configuring a-router
Ccna2 mod3-configuring a-routerCcna2 mod3-configuring a-router
Ccna2 mod3-configuring a-router
 
EIGRP (enhanced interior gateway routing protocol)
EIGRP (enhanced interior gateway routing protocol)EIGRP (enhanced interior gateway routing protocol)
EIGRP (enhanced interior gateway routing protocol)
 
03 router-configuration
03 router-configuration03 router-configuration
03 router-configuration
 
6215601 understanding-mpls
6215601 understanding-mpls6215601 understanding-mpls
6215601 understanding-mpls
 
Hsrp
HsrpHsrp
Hsrp
 
Difference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTPDifference b/w STP RSTP PVST & MSTP
Difference b/w STP RSTP PVST & MSTP
 
VRRP (virtual router redundancy protocol)
VRRP (virtual router redundancy protocol)VRRP (virtual router redundancy protocol)
VRRP (virtual router redundancy protocol)
 

Destacado

Настраиваем оборудование Juniper. Основы JunOS за одно занятие
Настраиваем оборудование Juniper. Основы JunOS за одно занятиеНастраиваем оборудование Juniper. Основы JunOS за одно занятие
Настраиваем оборудование Juniper. Основы JunOS за одно занятиеSkillFactory
 
MPLS для чайников: основы технологии провайдеров и операторов связи
MPLS для чайников: основы технологии провайдеров и операторов связиMPLS для чайников: основы технологии провайдеров и операторов связи
MPLS для чайников: основы технологии провайдеров и операторов связиSkillFactory
 
Juniper Networks MX Series 3D with Junos Trio Chipset - EANTC Report
Juniper Networks MX Series 3D with Junos Trio Chipset - EANTC ReportJuniper Networks MX Series 3D with Junos Trio Chipset - EANTC Report
Juniper Networks MX Series 3D with Junos Trio Chipset - EANTC ReportSergii Liventsev
 
Настройка маршрутизаторов Juniper серии MX
Настройка маршрутизаторов Juniper серии MXНастройка маршрутизаторов Juniper серии MX
Настройка маршрутизаторов Juniper серии MXSkillFactory
 
Cisco academy procedure cust
Cisco academy procedure custCisco academy procedure cust
Cisco academy procedure custFebrian ‎
 
Сети для самых маленьких. Часть восьмая. BGP и IP SLA
Сети для самых маленьких. Часть восьмая. BGP и IP SLAСети для самых маленьких. Часть восьмая. BGP и IP SLA
Сети для самых маленьких. Часть восьмая. BGP и IP SLANatasha Samoylenko
 

Destacado (6)

Настраиваем оборудование Juniper. Основы JunOS за одно занятие
Настраиваем оборудование Juniper. Основы JunOS за одно занятиеНастраиваем оборудование Juniper. Основы JunOS за одно занятие
Настраиваем оборудование Juniper. Основы JunOS за одно занятие
 
MPLS для чайников: основы технологии провайдеров и операторов связи
MPLS для чайников: основы технологии провайдеров и операторов связиMPLS для чайников: основы технологии провайдеров и операторов связи
MPLS для чайников: основы технологии провайдеров и операторов связи
 
Juniper Networks MX Series 3D with Junos Trio Chipset - EANTC Report
Juniper Networks MX Series 3D with Junos Trio Chipset - EANTC ReportJuniper Networks MX Series 3D with Junos Trio Chipset - EANTC Report
Juniper Networks MX Series 3D with Junos Trio Chipset - EANTC Report
 
Настройка маршрутизаторов Juniper серии MX
Настройка маршрутизаторов Juniper серии MXНастройка маршрутизаторов Juniper серии MX
Настройка маршрутизаторов Juniper серии MX
 
Cisco academy procedure cust
Cisco academy procedure custCisco academy procedure cust
Cisco academy procedure cust
 
Сети для самых маленьких. Часть восьмая. BGP и IP SLA
Сети для самых маленьких. Часть восьмая. BGP и IP SLAСети для самых маленьких. Часть восьмая. BGP и IP SLA
Сети для самых маленьких. Часть восьмая. BGP и IP SLA
 

Similar a 6.policy based routing

Building Scalable Cisco Internetworks (Bsci)
Building Scalable Cisco Internetworks (Bsci)Building Scalable Cisco Internetworks (Bsci)
Building Scalable Cisco Internetworks (Bsci)CCNAResources
 
Ch5 - Packet Tracer Skills Integration Instructions To.docx
Ch5 - Packet Tracer Skills Integration Instructions To.docxCh5 - Packet Tracer Skills Integration Instructions To.docx
Ch5 - Packet Tracer Skills Integration Instructions To.docxcravennichole326
 
ospf ahmed tawfeek CCNA dump for Exam12
ospf ahmed tawfeek CCNA dump for Exam12ospf ahmed tawfeek CCNA dump for Exam12
ospf ahmed tawfeek CCNA dump for Exam12ym7md88
 
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docxJosimar Caitano
 
Ospf and eigrp concepts and configuration
Ospf and eigrp concepts and configurationOspf and eigrp concepts and configuration
Ospf and eigrp concepts and configurationIT Tech
 
Static routes in the cisco ios
Static routes in the cisco iosStatic routes in the cisco ios
Static routes in the cisco iosIT Tech
 
RIP (routing information protocol)
RIP (routing information protocol)RIP (routing information protocol)
RIP (routing information protocol)Netwax Lab
 
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...Lary Onyeka
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructurePrince Gautam
 
Ccn pv7 route_lab2-1_eigrp-load-balancing_student
Ccn pv7 route_lab2-1_eigrp-load-balancing_studentCcn pv7 route_lab2-1_eigrp-load-balancing_student
Ccn pv7 route_lab2-1_eigrp-load-balancing_studentAngel Clavel
 

Similar a 6.policy based routing (20)

Ppt of routing protocols
Ppt of routing protocolsPpt of routing protocols
Ppt of routing protocols
 
Building Scalable Cisco Internetworks (Bsci)
Building Scalable Cisco Internetworks (Bsci)Building Scalable Cisco Internetworks (Bsci)
Building Scalable Cisco Internetworks (Bsci)
 
Ch5 - Packet Tracer Skills Integration Instructions To.docx
Ch5 - Packet Tracer Skills Integration Instructions To.docxCh5 - Packet Tracer Skills Integration Instructions To.docx
Ch5 - Packet Tracer Skills Integration Instructions To.docx
 
OSPF_Exercises.pdf
OSPF_Exercises.pdfOSPF_Exercises.pdf
OSPF_Exercises.pdf
 
ospf ahmed tawfeek CCNA dump for Exam12
ospf ahmed tawfeek CCNA dump for Exam12ospf ahmed tawfeek CCNA dump for Exam12
ospf ahmed tawfeek CCNA dump for Exam12
 
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx
 
CCNP Troubleshooting
CCNP TroubleshootingCCNP Troubleshooting
CCNP Troubleshooting
 
CCNP Troubleshooting
CCNP TroubleshootingCCNP Troubleshooting
CCNP Troubleshooting
 
Ch5
Ch5Ch5
Ch5
 
35d70683c4fd405d89db4a5287aa4b89
35d70683c4fd405d89db4a5287aa4b8935d70683c4fd405d89db4a5287aa4b89
35d70683c4fd405d89db4a5287aa4b89
 
Ospf and eigrp concepts and configuration
Ospf and eigrp concepts and configurationOspf and eigrp concepts and configuration
Ospf and eigrp concepts and configuration
 
Samplab19
Samplab19Samplab19
Samplab19
 
1 using default
1 using default1 using default
1 using default
 
1 using default
1 using default1 using default
1 using default
 
Ducat
DucatDucat
Ducat
 
Static routes in the cisco ios
Static routes in the cisco iosStatic routes in the cisco ios
Static routes in the cisco ios
 
RIP (routing information protocol)
RIP (routing information protocol)RIP (routing information protocol)
RIP (routing information protocol)
 
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...
(2) documents e books_cisco_networking_books_training_materials_cnap_-_ont_v5...
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructure
 
Ccn pv7 route_lab2-1_eigrp-load-balancing_student
Ccn pv7 route_lab2-1_eigrp-load-balancing_studentCcn pv7 route_lab2-1_eigrp-load-balancing_student
Ccn pv7 route_lab2-1_eigrp-load-balancing_student
 

Último

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 

Último (20)

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 

6.policy based routing

  • 1. ISP/IXP Networking Workshop Lab Module 9 – Policy Based Routing Objective: Using interesting lab exercises, the student will implement some of the fundamental techniques of Policy Routing, as applied in Cisco IOS. Prerequisite: Module 1 and the Policy Routing Presentation REFERENCES Cisco Systems Documentation CD. INTRODUCTION The workshop lab exercises which accompany this module appear after the following discussion and documentation about Policy Routing. Please read this text first, referring to the provided CD Documentation in the event of any questions. WHAT IS POLICY ROUTING? Policy routing is a more flexible mechanism for routing packets than destination routing. It is a process whereby the router puts packets through a route map before routing them. The route map determines which packets are routed to which router next. You might enable policy routing if you want certain packets to be routed some way other than the obvious shortest path. Some possible applications for policy routing are to provide equal access, protocol-sensitive routing, source-sensitive routing, routing based on interactive versus batch traffic, or routing based on dedicated links. To enable policy routing, you must identify which route map to use for policy routing and create the route map. The route map itself specifies the match criteria and the resulting action if all of the match clauses are met. These steps are described in the following three task tables. To enable policy routing on an interface, indicate which route map the router should use by performing the following task in interface configuration mode. All packets arriving on the specified interface will be subject to policy routing. This command disables fast switching of all packets arriving on this interface. 1. Identify the route map to use for policy routing. ip policy route-map map-tag 2. Define a route map to control where packets are output. route-map map-tag[permit | deny] [sequence-number] 1
  • 2. Monday, May 15, 2006 3. Define the criteria by which packets are policy routed. The next step is to define the criteria by which packets are examined to see if they will be policy routed. No match clause in the route map indicates all packets. Perform one or more of the following tasks in route-map configuration mode: • Match the Level 3 length of the packet: match length min max • Match the destination IP address that is permitted by one or more standard or extended access lists: match ip address {access-list-number | name} [...access-list-number | name] 4. Pick Destination Port. The last step is to specify where the packets that pass the match criteria are output. To do so, perform one or more of the following tasks in route-map configuration mode: • Specify the next hop to which to route the packet Next-hop must be adjacent, early documentation is NOT correct on this point. set ip next-hop ip-address [...ip-address] • Specify the output interface for the packet. set interface type number [... type number] • Specify the next hop to which to route the packet, if there is no explicit route for this destination. set ip default next-hop ip-address [... ip-address] • Specify the output interface for the packet, if there is no explicit route for this destination. set default interface type number [...type number] The set commands can be used in conjunction with each other. They are evaluated in the order shown in the previous task table. A usable next hop implies an interface. Once the local router finds a next hop and a usable interface, it routes the packet. Enable Local Policy Routing Packets that are generated by the router are not normally policy-routed. To enable local policy routing for such packets, indicate which route map the router should use by performing the following task in global configuration mode. All packets originating on the router will then be subject to local policy routing. Cisco Systems Inc 2 170 West Tasman Drive. San Jose, CA 95134-1706 Phone: +1 408 526-4000 Fax: +1 408 536-4100
  • 3. ISP/IXP Networking Workshop Lab Identify the route map to use for local policy routing. ip local policy route-map map-tag Use the show ip local policy command to display the route map used for local policy routing, if one exists. Caveats • Minimum version is 11.0(1) – policy routed traffic is process switched, so can be a processor intensive operation for high data rates. • Make sure "ip policy route-map" is applied on the INPUT interface. • Make sure that IP routing or something similar is used to get the packets back to the source. Policy routing is a static route to the next hop – the next hop must know how to route the packet onwards. • Policy routed traffic can be fast-switched (see below) as from 11.3 and 12.0 software releases. Note that ip route-cache policy is off by default and needs to be applied to the input interface. • No IP options work with policy routing, e.g. IP record route ... Fast-Switched Policy Routing IP policy routing can now be fast-switched. Prior to this feature, policy routing could only be process switched, which meant that on most platforms, the switching rate was approximately 1,000 to 10,000 packets per second. This was not fast enough for many applications or the size of trunks being used. Users who need policy routing to occur at faster speeds can now implement policy routing without slowing down the router. Restrictions Fast-switched policy routing supports all of the match commands and most of the set commands, except for the following restrictions: • The set ip default command is not supported. • The set interface command is supported only over point-to-point links, unless a route-cache entry exists using the same interface specified in the set interface command in the route map. Also, at process level, the routing table is consulted to determine if the interface is on a reasonable path to the destination. During fast switching, the software does not make this check. Instead, if the packet matches, the software blindly forwards the packet to the specified interface. 3
  • 4. Monday, May 15, 2006 Configuration Example Fast switching of policy routing is disabled by default. The following example enables policy routing to be fast switched on an ethernet interface. interface ethernet 0/0 ip route-cache policy LIST OF RELATED COMMANDS • ip policy route-map • ip local policy • match ip address • match length • route-map • set default interface • set interface • set ip default next-hop • set ip next-hop • set ip precedence (undocumented as of 11.2(7)P ) • set ip tos (undocumented as of 11.2(7)P ) • ip route-cache policy • show ip cache policy Cisco Systems Inc 4 170 West Tasman Drive. San Jose, CA 95134-1706 Phone: +1 408 526-4000 Fax: +1 408 536-4100
  • 5. ISP/IXP Networking Workshop Lab LABS & EXERCISES 1. Check Physical Connectivity. The connectivity for this workshop should be as in Figure 1. Ensure that all physical connections are complete and pingable. The addresses used for links between routers should be left the same as those chosen for Module 1. e0/1 e0/0 e0/0 e0/1 R1 R2 s0/0 s0/0 s0/1 s0/1 R3 R4 R15 s0/0 s0/0 s0/1 s0/1 e0/0 e0/0 e0/1 R5 R6 C2924XL s0/0 s0/0 s0/1 s0/1 R7 R8 s0/0 s0/0 Laptop computer Laptop computer s0/1 s0/1 e0/0 e0/0 R9 R10 s0/0 s0/0 s0/1 s0/1 R11 R12 s0/0 s0/0 s0/1 s0/1 e0/1 e0/0 e0/0 e0/1 R13 R14 Figure 1 – Network Configuration 5
  • 6. Monday, May 15, 2006 2. Clean up from past labs. Delete any remaining BGP configuration, route maps, communities, access-lists and AS-Path access-lists. 3. Create OSPF PID 41, area 0 on all routers. All Router Teams will configure one OSPF domain – Area 0 – for the network. This configuration should be as was used in Module 1 checkpoint #1. 4. Ping Test. The system specified by the instructors (usually Router15 or the time server ntp0.workshop.net) will be used for the target of this lab. All routers should be able to ping and traceroute to the Time Server. Capture the trace to the Time Server. This will be used as a baseline. Checkpoint #1: Call the workshop instructor, explain the OSPF configuration, and demonstrate the connectivity to the Time Server. 5. Policy Assignment – Create a Ping/Traceroute Ring. Using policy routing, configure interfaces on the entire network so that a traceroute from Router6 to the Time Server would take the following path (see Figure 2): Router6 → Router8 → Router10 → Router12 → Router14 → Router13 → Router11 → Router9 → Router7 → Router5 → Router3 → Router1 → Router2 → Router4 → Router6 → Router15/TimeSource 6. Approaches to applying policy routing. Policy-Based Routing is as dangerous as static routes. Hence, you need to approach the application of a Policy Route very methodically. OSPF must be configured properly before any of consideration is made to implement policy routing. The first step is to change the characteristic of the trace leaving the router. If the trace to the Time Server originally went out one port, change it to go out another. To accomplish this you use the ip local policy route-map command (see explanation above). Hint: Work out which interface is the outbound interface and which is inbound, and where the policy configuration needs to be applied. Think before typing in configuration. Example: ! destination address to match against ! access-list 100 permit ip any host 192.168.1.1 ! ! configuration to determine policy for packets generated on router ! route-map redirect-local-traffic permit 10 match ip address 100 set interface serial 0/0 ! ip local policy route-map redirect-1ocal-traffic ! ! configuration to determine policy for incoming packets ! route-map redirect-incoming-traffic permit 10 Cisco Systems Inc 6 170 West Tasman Drive. San Jose, CA 95134-1706 Phone: +1 408 526-4000 Fax: +1 408 536-4100
  • 7. ISP/IXP Networking Workshop Lab match ip address 100 set interface serial 0/0 ! interface serial 1/0 ip policy route-map redirect-incoming-traffic HINT: For two routers that interconnect via serial links – the set interface command may be easier. Set interface will not work for broadcast interconnects like ethernet. e0/1 e0/0 e0/0 e0/1 R1 R2 s0/0 s0/0 s0/1 s0/1 microWebserver R3 R4 s0/0 s0/0 R15 s0/1 s0/1 e0/0 e0/0 e0/1 R5 R6 C2924XL s0/0 s0/0 s0/1 s0/1 R7 R8 s0/0 s0/0 Laptop computer Laptop computer s0/1 s0/1 e0/0 e0/0 R9 R10 s0/0 s0/0 s0/1 s0/1 R11 R12 s0/0 s0/0 s0/1 s0/1 e0/1 e0/0 e0/0 e0/1 R13 R14 Figure 2 – Traceroute Ring from Router 6 to Time Server (Router15) Question: What should be used in lieu of set interface on broadcast mediums like ethernet? Answer: Use “set ip next-hop <ip address>”. 7
  • 8. Monday, May 15, 2006 Question: What differences are there between the configuration used for Router 6 and the remaining routers in the workshop? Why? Answer: Remember that the trace from the console has to go round the class, not direct to the Time Server… Q. Will Policy Routing drop my packets if I set in on a router's interface, but have no set next-hop configured? A. Policy Routing will first look for another set command first. If there is no other set command configured or if the set command doesn't make sense, then the router falls back to the normal routing (destination-based). Checkpoint #2: The lab instructor will now demonstrate a trace from Router6 to the Time Server (or substitute device). If the policy routing has been set up successfully, a trace will follow the paths shown in Figure 2. Q. What happens if the connection between one of the routers in the path of the policy routed connection to the Time Server is broken? Why? Checkpoint #3: The lab instructor will now break the connection between Router4 and Router6. Observe what happens to the paths followed now. A. If the policy destination is down, the router reverts to using the routing table for its forwarding decisions. Cisco Systems Inc 8 170 West Tasman Drive. San Jose, CA 95134-1706 Phone: +1 408 526-4000 Fax: +1 408 536-4100
  • 9. ISP/IXP Networking Workshop Lab CONFIGURATION NOTES Documentation is critical! You should record the configuration at each Checkpoint, as well as the configuration at the end of the module. 9