CONMUTACIÓN Y RUTEO II

Clase 1. Path Control & PBR

Alberto Arellano A. Ing. Msc.

aarellano@espoch.edu.ec
CCNA – CCNP – CCSP - LPI
 Path Control

10 Mbps 10 Mbps

OSPF
10 Mbps EIGRP

E1 10 Mbps

192.168.92.0/24

192.168.90.0/24
Concepts of Path Control

 Path control tools can be used to change the default destination forwarding
and optimize the path of the packets for some specific application
 Path Control is controlling the path that traffic takes through a network when
there are:
 Redundant paths
 Asymmetric paths (form of redundancy)
 Tool for path control are detailed:
 Policy Based Routing (PBR)

3
Policy-Based Routing
 Allows you to implement policies that selectively cause packets to take
different paths.
 IP routing is destination-based
 PBR is source-based routing
 Is applied to incoming packets
 Makes traffic marking possibility
 Requires a route map to implement the policy
 Matched routes are modified by set commands
What Can You Do with Policy-Based Routing?
 Prioritize applications by selecting high-bandwidth, low-latency links for
important applications, when more than one link is available. For example,
prioritize corporate data over a fast link and Internet browsing traffic over a slow
link. (QoS)
 Load share by creating a fallback link for important traffic if the main link
carrying the important application traffic suffers an outage.
 Control the flow of subscriber traffic in service provider networks through traffic
management policies and rules based on subscribers’ profiles. For example,
PBR can prioritize and route certain types of application traffic to a specific
routing path as per SLA or by placing certain user requests higher than others
(for example, gold, silver, bronze).
 Provide a guaranteed service-level agreement (SLA) for the delivery of the
certain traffic (such as video traffic) by ensuring that the approved traffic
receives the appropriate priority, routing, and bandwidth required to ensure the
maximum user quality of experience.
 Send specific applications for WAN optimization. For instance, certain
applications are optimized for transfer over WAN links. With PBR, the network
administrator can classify the traffic based on applications, and send traffic to
the WAN optimizer to speed up access to important applications and data.
Logical PBR Operation

Is there a
Incoming packet route map No
applied the
incoming
interface?

Yes

Forward the
Is there a
Yes packet
match with a
through the
deny
normal routing
statement?
channel.

No R1

Is there a
match with a Yes Apply set
permit commands.
statement?
Steps to Implement Path Control

1. Match traffic to manipulate the path

2. Define the action for matched traffic
3. Apply path control to traffic
 To incoming traffic
 To traffic local to the router
4. Verify path control results
route-map Commands for PBR
Router(config)#
route-map map-tag [permit | deny] [sequence-number]
 Defines the route map conditions.

Router(config-route-map)#
match {conditions}
 Defines the conditions to match.

Router(config-route-map)#
set {actions}
 Defines the action to be taken on a match.

Router(config-if)#
ip policy route-map map-tag
 Apply the route-map to the incoming interface.
match Conditions
Command Description

match community Matches a BGP community

match interface Matches any routes that have the next hop out of one of the
interfaces specified

match ip address Matches any routes that have a destination network number address
that is permitted by a standard or extended ACL

match ip next-hop Matches any routes that have a next-hop router address that is
passed by one of the ACLs specified

match ip route-source Matches routes that have been advertised by routers and access
servers at the address that is specified by the ACLs

match length Matches based on the layer 3 length of a packet

match metric Matches routes with the metric specified

match route-type Matches routes of the specified type

match tag Matches tag of a route

match Commands Used in PBR
Command Description

match community Matches a BGP community

match interface Matches any routes that have the next hop out of one of the
interfaces specified

Matches any routes that have a destination network number address

match ip address that is permitted by a standard or extended ACL

match ip next-hop Matches any routes that have a next-hop router address that is
passed by one of the ACLs specified
Matches routes that have been advertised by routers and access
match ip route-source
servers at the address that is specified by the ACLs

match length Matches based on the layer 3 length of a packet

match metric Matches routes with the metric specified

match route-type Matches routes of the specified type

match tag Matches tag of a route

match ip-address Command
 Specify criteria to be matched using ACLs or prefix lists.
Router(config-route-map)#
match ip address {access-list-number | name}
[...access-list-number | name] | prefix-list prefix-
list-name [..prefix-list-name]

Parameter Description

The number or name of a standard or extended access list to be

access-list- used to test incoming packets.
number | name If multiple access lists are specified, matching any one results in
a match.

prefix-list Specifies the name of a prefix list to be used to test packets.

If multiple prefix lists are specified, matching any one results in a
prefix-list-name match.
match length Command
 Specify criteria to be matched by packet length.
Router(config-route-map)#

match length min max

Parameter Description

The packet’s minimum Layer 3 length, inclusive, allowed for a

min match.

The packet’s maximum Layer 3 length, inclusive, allowed for a

max match.
set Conditions *
Command Description
set as-path Modifies an AS path for BGP routes
set automatic-tag Computes automatically the tag value
set community Sets the BGP communities attribute

set ip next-hop Indicates where to output packets that pass a match clause of a route
map for policy routing

set interface Indicates where to output packets that pass a match clause of a route
map for policy routing
Indicates where to output packets that pass a match clause of a route
set ip default next-hop map for policy routing and for which the Cisco IOS software has no
explicit route to a destination

set default interface Indicates where to output packets that pass a match clause of a route
map for policy routing and have no explicit route to the destination
set ip tos Used to set some of the bits in the IP ToS field in the IP packet.

set ip precedence set the 3 IP precedence bits in the IP packet header.

set tag Sets tag value for destination routing protocol
set weight Specifies the BGP weight value
* Partial list
set Commands Used in PBR
Command Description
set as-path Modifies an AS path for BGP routes
set automatic-tag Computes automatically the tag value
set community Sets the BGP communities attribute
Indicates where to output packets that pass a match clause of a route
set ip next-hop map for policy routing
Indicates where to output packets that pass a match clause of a route
set interface map for policy routing

set ip default Indicates where to output packets that pass a match clause of a route
map for policy routing and for which the Cisco IOS software has no
next-hop explicit route to a destination
set default Indicates where to output packets that pass a match clause of a route
interface map for policy routing and have no explicit route to the destination

set ip tos Used to set some of the bits in the IP ToS field in the IP packet.

set ip precedence set the 3 IP precedence bits in the IP packet header.

set tag Sets tag value for destination routing protocol

set weight Specifies the BGP weight value

* Partial list
set ip next-hop Command
 Specify the next hop IP address for matching packets.
Router(config-route-map)#

set ip next-hop ip-address [...ip-address]

 The command provides a list of IP addresses used to specify the adjacent next-
hop router in the path toward the destination to which the packets should be
forwarded.
 If more than one IP address is specified, the first IP address associated with a
currently up connected interface is used to route the packets.
set interface Command
 Specify interfaces through which packets can be routed.
Router(config-route-map)#

set interface type number [... type number]

 If more than one interface is specified, the first interface that is found to be up is
used to forward the packets.
set ip tos Command
 Mark packets using the IP ToS field.
Router(config-route-map)#

set ip tos [number | name]

 Used to set some of the bits in the IP ToS field in the IP packet.
 The ToS field in the IP header is 8 bits long, with 5 bits for setting the
class of service (CoS) and 3 bits for the IP precedence.
 The CoS bits are used to set the delay, throughput, reliability, and
cost.

Parameter Description
0 | normal Sets the normal ToS
1 | min-monetary-cost Sets the min-monetary-cost ToS
2 | max-reliability Sets the max reliable ToS
4 | max-throughput Sets the max throughput ToS
8 | min-delay Sets the min delay ToS
set ip precedence Command
 Set the 3 IP precedence bits in the IP packet header.
Router(config-route-map)#

set ip precedence [number | name]

 This command is used when implementing QoS and can be used by other QoS
services, such as weighted fair queuing (WFQ) and weighted random early
detection (WRED).
 With 3 bits, you have 8 possible values for the IP precedence; values 0 through
7 are defined.
 set ip precedence Parameters
Parameter Description

0 | routine Sets the routine precedence

1 | priority Sets the priority precedence

2 | immediate Sets the immediate precedence

3 | flash Sets the Flash precedence

4 | flash-override Sets the Flash override precedence

5 | critical Sets the critical precedence

6 | internet Sets the internetwork control precedence

7 | network Sets the network control precedence

Configuring PBR on an Interface
 Identify a route map to use for policy routing on an interface.

Router(config-if)#

ip policy route-map map-tag

 The map-tag parameter is the name of the route map to use for policy
routing.
 It must match a map tag specified by a route-map command.
 Verifying PBR
Command Description

show ip policy Display the route maps used for policy routing.

show route-map [map-

Display configured route maps.
name]
Display the policy routing details about whether a packet
debug ip policy matches the criteria and, if so, the resulting routing
information for the packet.
Lab 1. PBR Router CISCO

Traffic from 192.168.10.0/24 forward R3

Traffic from 192.168.11.0/24 forward R5
Traffic from 192.168.12.0/24 forward R4
22
 Example 1. PBR

R2 R6

23
Example 1. PBR

24
 Example 1. PBR

25
Example 1. PBR

26
Lab 2. PBR Router HPE & CISCO

O–D RUTA
SERVER – VPCS1 R3 HPE_R2HPE_R1
SERVER – VPCS2 R3 HPE_R1
SERVER – VPCS3 R3 R2HPE_R1
27
1 Configure IP Address – HPE_R1

2 Verify IP Address – HPE_R1

28
3 Configure OSPF Protocol – HPE_R1

29
4
Configure IP Address& OSPF
Protocol – R2

30
5
Configure IP Address& OSPF
Protocol – R3

31
6 Verify Routing Table

32
7 Configure and verify HPE_R2

33
8 Verify connectivity between routers

34
10 Configure access to Provider from C1

C1

HPE_R1

35
11 Configure access to Provider from C2

C2

R3

36
12 Verify Routing Table – HPE_R1

37
12 Verify Routing Table – HPE_R1

38
13 Verify Routing Table – R3

39
14 Verify connectivity between Server –
VPC-1

40
Config Router HPE access with TELNET

To be able to log in using GNS3 console TELNET we have to

configure following commands on both routers.

<HPE>system-view
[HPE]user-interface aux 0
[HPE-line-aux0]authentication-mode none
[HPE-line-aux0]user-role network-admin
[HPE-line-aux0]quit
[HPE]save

41
Homework- PBR Router HPE & CISCO

O–D RUTA
VPCS1_SERVER HPE_R1R2R3
VPCS2 – SERVER HPE_R1R3
VPCS3 – SERVER HPE_R1HPE_R2R3
42
Config PBR on HPE Router
1. Create ACL MATCH TRAFFIC
acl advanced 3010
rule permit ip source 192.168.4.0 0.0.0.255 destination 172.20.20.10 0.0.0.0
quit
acl advanced 3020
rule permit ip source 192.168.7.0 0.0.0.255 destination 172.20.20.10 0.0.0.0
quit
2. Define PBR Policy
policy-based-route eietr permit node 10
if-match acl 3010
apply next-hop 10.10.5.2
quit
policy-based-route eietr permit node 20
if-match acl 3020
apply next-hop 10.10.8.2
quit
3. Apply the PBR Policy to Interface
interface ge1/0
ip ip policy-based-route eietr
43
quit
Verify PBR Policy

44