Professional Documents
Culture Documents
OSPF
50 Mbps EIGRP
25 Mbps 50 Mbps
192.168.92.0/24 192.168.94.0/24
192.168.90.0/24
Métrica = 6 (R1-R2-R3)
Policy-Based Routing
Policy-based routing (PBR) is a technique that forwards and routes
data packets based on policies or filters.
Network administrators can selectively apply policies based on
specific parameters such as source and destination IP address,
source or destination port, traffic type, protocols, access list,
packet size, or other criteria and then route the packets on user-
defined routes.
Logical PBR Operation
Is there a
Incoming Packet PBR applied No
the incoming
interface?
Yes
Forward the
Is there a
Yes packet
match with a
through the
deny
normal routing
statement?
channel.
No R1
Is there a
match with a Yes Apply set
permit commands.
statement?
Filter Base Forwarding on Juniper Router
For IPv4 or IPv6 traffic only, you can use firewall filters in
conjunction with forwarding classes and routing instances to
control how packets travel in a network. This is called filter-
based forwarding (FBF).
5
Steps to Implement Path Control
Router(config)#
route-map map-tag [permit | deny] [sequence-number]
Defines the route map conditions.
Router(config-route-map)#
match {conditions}
Defines the conditions to match.
Router(config-route-map)#
set {actions}
Defines the action to be taken on a match.
Router(config-if)#
ip policy route-map map-tag
Apply the route-map to the incoming interface.
match Conditions
Command Description
Matches any routes that have the next hop out of one of the
match interface interfaces specified
match interface Matches any routes that have the next hop out of one of the
interfaces specified
match ip next-hop Matches any routes that have a next-hop router address that is
passed by one of the ACLs specified
Matches routes that have been advertised by routers and access
match ip route-source
servers at the address that is specified by the ACLs
Parameter Description
Parameter Description
set ip next-hop Indicates where to output packets that pass a match clause of a route
map for policy routing
set interface Indicates where to output packets that pass a match clause of a route
map for policy routing
Indicates where to output packets that pass a match clause of a route
set ip default next-hop map for policy routing and for which the Cisco IOS software has no
explicit route to a destination
set default interface Indicates where to output packets that pass a match clause of a route
map for policy routing and have no explicit route to the destination
set ip tos Used to set some of the bits in the IP ToS field in the IP packet.
set ip default Indicates where to output packets that pass a match clause of a route
map for policy routing and for which the Cisco IOS software has no
next-hop explicit route to a destination
set default Indicates where to output packets that pass a match clause of a route
interface map for policy routing and have no explicit route to the destination
set ip tos Used to set some of the bits in the IP ToS field in the IP packet.
Router(config-route-map)#
Used to set some of the bits in the IP ToS field in the IP packet.
The ToS field in the IP header is 8 bits long, with 5 bits for setting
the class of service (CoS) and 3 bits for the IP precedence.
The CoS bits are used to set the delay, throughput, reliability, and
cost.
Parameter Description
0 | normal Sets the normal ToS
1 | min-monetary-cost Sets the min-monetary-cost ToS
2 | max-reliability Sets the max reliable ToS
4 | max-throughput Sets the max throughput ToS
8 | min-delay Sets the min delay ToS
Configuring PBR on an Interface
Identify a route map to use for policy routing on an interface.
Router(config-if)#
ip policy route-map map-tag
17
Example 1. PBR
R2 R6
18
Example 1. PBR
19
Example 1. PBR
20
Example 1. PBR
21
Workshop. PBR with Applications (Web & FTP)
O–D RUTA
SERVER – VPCS1 R3 HPE_R2HPE_R1
SERVER – VPCS2 R3 HPE_R1
SERVER – VPCS3 R3 R2HPE_R1
23
1 Configure IP Address – HPE_R1
24
3 Configure OSPF Protocol – HPE_R1
25
4
Configure IP Address& OSPF
Protocol – R2
26
5
Configure IP Address& OSPF
Protocol – R3
27
6 Verify Routing Table
28
7 Configure and verify HPE_R2
29
8 Verify connectivity between routers
30
10 Configure access to Provider from C1
C1
HPE_R1
31
11 Configure access to Provider from C2
C2
R3
32
12 Verify Routing Table – HPE_R1
33
12 Verify Routing Table – HPE_R1
34
13 Verify Routing Table – R3
35
14 Verify connectivity between Server –
VPC-1
36
Config Router HPE access with TELNET
<HPE>system-view
[HPE]user-interface aux 0
[HPE-line-aux0]authentication-mode none
[HPE-line-aux0]user-role network-admin
[HPE-line-aux0]quit
[HPE]save
37
Lab 3. PBR Router HPE & CISCO
O–D RUTA
VPCS1_SERVER HPE_R1R2R3
VPCS2 – SERVER HPE_R1R3
VPCS3 – SERVER HPE_R1HPE_R2R3
38
Config PBR on HPE Router
1. Create ACL MATCH TRAFFIC
acl advanced 3010
rule permit ip source 192.168.4.0 0.0.0.255 destination 172.20.20.10 0.0.0.0
quit
acl advanced 3020
rule permit ip source 192.168.7.0 0.0.0.255 destination 172.20.20.10 0.0.0.0
quit
2. Define PBR Policy
policy-based-route eietr permit node 10
if-match acl 3010
apply next-hop 10.10.5.2
quit
policy-based-route eietr permit node 20
if-match acl 3020
apply next-hop 10.10.8.2
quit
3. Apply the PBR Policy to Interface
interface ge1/0
ip ip policy-based-route eietr
39
quit
Verify PBR Policy
40
Lab 4. PBR Juniper&Mikrotik
42
Cisco_1 Initial Configuration
43
Cisco_2 Initial Configuration
44
Cisco_3 Initial Configuration
45
Mikrotik Initial Configuration
46
Mikrotik - WebFig
WebFig is a web based RouterOS utility which allows you to monitor, configure
and troubleshoot the router. It is designed as an alternative of WinBox, both have
similar layouts and both have access to almost any feature of RouterOS.
47
Mikrotik – IP Address config
48
Mikrotik – OSPF Router-ID
49
Mikrotik – OSPF Interfaces
50
Mikrotik – OSPF Networks
51
Mikrotik – OSPF Routing Table
52
Config Webterm1&Webterm2
53
Config Webterm1&Webterm2
54
Config Centos 6
55
Config Centos 6
56
Configure FBF on Juniper Router
1. Define firewall filter (Cisco ACL)
57
Configure FBF on Juniper Router
3. Create a Routing Instance
A routing instance is a collection of routing tables, interfaces, and routing
protocol parameters.
59
Verify Firewall Base Forwarding
60
Verify Firewall Base Forwarding
61
Configure PBR on Cisco Routers
62
Configure PBR on Cisco Routers
63
Configure PBR on Mikrotik Route
1. Add two IP Firewall Mangle rules to mark the packets originated from
network 10.10.20.0/24 to 10.10.15.0/24 and 10.10.16.0/24.
64
Configure PBR on Mikrotik Route
65
Configure PBR on Mikrotik Route
66
Configure PBR on Mikrotik Route
2. Create a NAT Rule with action MASQUERADE
67
Verify PBR
68
Homework 1 – PBR & IPv6
70