Professional Documents
Culture Documents
OSPF
100 Mbps EIGRP
192.168.92.0/24 192.168.94.0/24
192.168.90.0/24
Policy-Based Routing
Policy-based routing (PBR) is a technique that forwards,
and routes data packets based on policies or filters.
Is there a
Incoming Packet PBR applied No
the incoming
interface?
Yes
Forward the
Is there a
Yes packet
match with a
through the
deny normal routing
statement? channel.
No R1
Is there a
match with a Yes Apply set
permit commands.
statement?
Filter Base Forwarding on Juniper Router
For IPv4 or IPv6 traffic only, you can use firewall filters in
conjunction with forwarding classes and routing instances
to control how packets travel in a network. This is
called filter-based forwarding (FBF).
6
Steps to Implement PBR or FBF
Router(config-route-map)#
match {conditions}
Defines the conditions to match.
Router(config-route-map)#
set {actions}
Defines the action to be taken on a match.
Router(config-if)#
ip policy route-map map-tag
Apply the route-map to the incoming interface.
match Conditions
Command Description
Matches any routes that have the next hop out of one of the
match interface interfaces specified
Matches any routes that have the next hop out of one of the
match interface
interfaces specified
Parameter Description
Parameter Description
set ip default Indicates where to output packets that pass a match clause of a route
map for policy routing and for which the Cisco IOS software has no
next-hop explicit route to a destination
set default Indicates where to output packets that pass a match clause of a route
interface map for policy routing and have no explicit route to the destination
set ip tos Used to set some of the bits in the IP ToS field in the IP packet.
Router(config-route-map)#
Used to set some of the bits in the IP ToS field in the IP packet.
The ToS field in the IP header is 8 bits long, with 5 bits for setting
the class of service (CoS) and 3 bits for the IP precedence.
The CoS bits are used to set the delay, throughput, reliability, and
cost.
Parameter Description
0 | normal Sets the normal ToS
1 | min-monetary-cost Sets the min-monetary-cost ToS
2 | max-reliability Sets the max reliable ToS
4 | max-throughput Sets the max throughput ToS
8 | min-delay Sets the min delay ToS
Configuring PBR on an Interface
Identify a route map to use for policy routing on an interface.
Router(config-if)#
ip policy route-map map-tag
18
Example 1. PBR
R2 R6
19
Example 1. PBR
20
Example 1. PBR
21
Example 1. PBR
22
Lab 2. PBR Router HPE & CISCO
O–D RUTA
SERVER – VPCS1 R3 HPE_R2HPE_R1
SERVER – VPCS2 R3 HPE_R1
SERVER – VPCS3 R3 R2HPE_R1
23
1 Configure IP Address – HPE_R1
24
3 Configure OSPF Protocol – HPE_R1
25
4
Configure IP Address& OSPF
Protocol – R2
26
5
Configure IP Address& OSPF
Protocol – R3
27
6 Verify Routing Table
28
7 Configure and verify HPE_R2
29
8 Verify connectivity between routers
30
10 Configure access to Provider from C1
C1
HPE_R1
31
11 Configure access to Provider from C2
C2
R3
32
12 Verify Routing Table – HPE_R1
33
12 Verify Routing Table – HPE_R1
34
13 Verify Routing Table – R3
35
14 Verify connectivity between Server –
VPC-1
36
Config Router HPE access with TELNET
<HPE>system-view
[HPE]user-interface aux 0
[HPE-line-aux0]authentication-mode none
[HPE-line-aux0]user-role network-admin
[HPE-line-aux0]quit
[HPE]save
37
Config PBR on HPE Router
1. Create ACL MATCH TRAFFIC
acl advanced 3010
rule permit ip source 192.168.4.0 0.0.0.255 destination 172.20.20.10 0.0.0.0
quit
acl advanced 3020
rule permit ip source 192.168.7.0 0.0.0.255 destination 172.20.20.10 0.0.0.0
quit
2. Define PBR Policy
policy-based-route eietr permit node 10
if-match acl 3010
apply next-hop 10.10.5.2
quit
policy-based-route eietr permit node 20
if-match acl 3020
apply next-hop 10.10.8.2
quit
3. Apply the PBR Policy to Interface
interface ge1/0
ip ip policy-based-route eietr
38
quit
Verify PBR Policy
39
Lab 4. PBR Juniper&Mikrotik
41
Cisco_1 Initial Configuration
42
Cisco_2 Initial Configuration
43
Cisco_3 Initial Configuration
44
Mikrotik Initial Configuration
45
Mikrotik - WebFig
WebFig is a web based RouterOS utility which allows you to monitor, configure
and troubleshoot the router. It is designed as an alternative of WinBox, both have
similar layouts and both have access to almost any feature of RouterOS.
46
Mikrotik – IP Address config
47
Mikrotik – OSPF Router-ID
48
Mikrotik – OSPF Interfaces
49
Mikrotik – OSPF Networks
50
Mikrotik – OSPF Routing Table
51
Config Webterm1&Webterm2
52
Config Webterm1&Webterm2
53
Configure FBF on Juniper Router
1. Define firewall filter (Cisco ACL)
54
Configure FBF on Juniper Router
3. Create a Routing Instance
A routing instance is a collection of routing tables, interfaces, and routing
protocol parameters.
56
Verify Firewall Base Forwarding
57
Verify Firewall Base Forwarding
58
Configure PBR on Cisco Routers
59
Configure PBR on Cisco Routers
60
Configure PBR on Mikrotik Route
1. Add two IP Firewall Mangle rules to mark the packets originated from
network 10.10.20.0/24 to 10.10.15.0/24 and 10.10.16.0/24.
61
Configure PBR on Mikrotik Route
62
Configure PBR on Mikrotik Route
63
Configure PBR on Mikrotik Route
2. Create a NAT Rule with action MASQUERADE
64
Verify PBR
65