Policy Based Routing

Policy-Based routing is a neat trick to tweak traffic streams.

For Policy Based Routing to work you will the following;
– Define traffic stream in an access-list.
– Write down a policy.
– Determine the inbound interface.

First use an ACL to define the traffic streams.
You can use standard, extended or named access-list.

In this example traffic sourced from 1.1.1.1 and 2.2.2.2 destined for 3.3.3.3 is defined in ACL 100.

access-list 100 permit ip host 1.1.1.1 host 3.3.3.3
access-list 100 permit ip host 2.2.2.2 host 3.3.3.3

Next you will to define the policy.
If you want to want set the next hop for this traffic stream. You have to do;

route-map just-a-name permit 10
 match ip address 100
 set ip default next-hop 10.10.10.20

Once you have formulated the traffic stream and the tweak all you have to do is apply it to an interface.

interface Ethernet0/0
 ip address 100.100.100.1 255.255.255.0
 ip policy route-map just-a-name

Be carefull : the name of the route-map is CaSe senSitive.

Why is this a great little trick; you can use policy based routing to prevent asymetric routing in a HSRP setup. Or you can send specific traffic towards an IDS / firewall /deep packet inspection device. Or simply send traffic to an black-hole in case of unwanted/malicious traffic.

 

Advertisements
This entry was posted in CCNP and tagged , . Bookmark the permalink.