Cis185 ROUTE 5 PathControlImplmentation

CIS 185 CCNP ROUTE
Ch. 5 Path Control Implementation

Rick Graziani
Cabrillo College
graziani@cabrillo.edu
Last Updated: Spring 2015
Once again
There are 135+ slides in this presentation

But we will only be covering the first 80 or so.
2
Topics
Best Path Decisions

Policy Based Routing
Concepts of Path Control
Path Control with Offset Lists
Path Control with Cisco IOS IP SLAs
Path Control with Policy Based Routing
Best Path Decisions
Best Path Decisions

The router uses its routing table to determine the best path to
forward the packet.
When the router receives a packet, it examines its destination
IP address and searches for the best network address match in
the routing table.
The routing table entries also includes the interface to be
used to forward the packet.
Once a match is found, the router encapsulates the IP packet
into the data link frame of the outgoing or exit interface.
The packet is then forwarded toward its destination.
Routers support three packet-forwarding mechanisms:
Process switching
Fast Switching
Cisco Express Forwarding (CEF)
Analogy: Process switching solves a

problem by doing math long hand, even if it
is the identical problem.
Process
Switching
Control Plane
IP Routing Table
CPU
Ingress Interface
1 Packet
2nd Packet
3rd Packet
4th Packet
5th Packet
st
Data Plane
Egress Interface
Earliest switching method. (Applies to both routers and multilayer

switches.)
This is an older packet forwarding mechanism.
When a packet arrives on an interface, it is forwarded to the
control plane where the CPU examines the routing table,
determines the exit interface and forwards the packet.
It does this for every packet, even if the destination is the same
for a stream of packets.
Fast Switching
Analogy: Fast switching solves a problem by

doing math long hand one time and remembering
the answer for subsequent identical problems.
Control Plane
IP Routing Table
CPU
Ingress Interface
1 Packet
2nd Packet
3rd Packet
4th Packet
5th Packet
Data Plane
st
Egress Interface
Fast
Forward
Cache
As routers had to process more packets, it was determined process

switching was not fast enough.
Next evolution in packet switching was Fast Switching. (Applies to both
routers and multilayer switches.)
The first packet is process-switched (CPU + routing table) but it also
uses a fast-switching cache to store next-hop information of the flow.
The next packets in the flow are forwarded using the cache and
7
without CPU intervention.
CEF Switching
Analogy: CEF solves every possible

problem ahead of time in a spreadsheet.
Control Plane
CPU
Ingress Interface
1 Packet
2nd Packet
3rd Packet
4th Packet
5th Packet
st
Data Plane
Egress Interface
FIB and
Adjacency
Table
Preferred and default Cisco IOS packet-forwarding mechanism for

routers and multilayer switches.
CEF copies the routing table to the Forwarding Information Base
(FIB)
CEF creates an adjacency table which contains all the layer 2
information a router would have to consider when forwarding a
packet such as Ethernet destination MAC address.
The adjacency table is created from the ARP table.
8
CEF
The FIB is derived from the IP routing table

Arranged for maximum lookup throughput.
Updates to the routing table update the FIB.
CEF also caches Layer 2 next-hop addresses and frame header rewrite information
for all FIB entries in the adjacency table
HQ#showipcef
Prefix
0.0.0.0/0
0.0.0.0/8
0.0.0.0/32
10.10.10.0/30
10.10.10.0/32
10.10.10.1/32
10.10.10.3/32
127.0.0.0/8
192.168.100.0/24
192.168.100.0/32
192.168.100.1/32
192.168.100.255/32
224.0.0.0/4
224.0.0.0/24
240.0.0.0/4
255.255.255.255/32
HQ#
NextHop
noroute
drop
receive
attached
receive
receive
receive
drop
attached
receive
receive
receive
drop
receive
drop
receive
Interface
Ethernet0/0
Ethernet0/0
Ethernet0/0
Ethernet0/0
Ethernet0/1
Ethernet0/1
Ethernet0/1
Ethernet0/1
Every entry in the routing table has a preconfigured entry in the FIB table.
HQ is currently not configured with any routing protocol.
10
HQ#showadjacency
ProtocolInterface
Address
HQ#
HQ#ping10.10.10.2
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto10.10.10.2,timeoutis2seconds:
.!!!!
Successrateis80percent(4/5),roundtripmin/avg/max=1/1/1ms
HQ#
HQ#showadjacency
Protocol
Interface
Address
IP
Ethernet0/0
10.10.10.2(7)
HQ#showipcef
Prefix
NextHop
Interface
0.0.0.0/0
noroute
0.0.0.0/8
drop
0.0.0.0/32
receive
10.10.10.0/30
attached
Ethernet0/0
10.10.10.0/32
receive
Ethernet0/0
10.10.10.1/32
receive
Ethernet0/0
10.10.10.2/32
attached
Ethernet0/0
11
HQ(config)#routereigrp1
HQ(configrouter)#network192.168.100.00.0.0.255
HQ(configrouter)#network10.10.10.00.0.0.3
*Jul2916:35:15.745:%DUAL5NBRCHANGE:EIGRPIPv41:Neighbor10.10.10.2
(Ethernet0/0)isup:newadjacency
HQ#showiprouteeigrp
D192.168.110.0/24[90/307200]via10.10.10.2,00:03:17,Ethernet0/0
HQ#
HQ#showadjacency
Protocol
Interface
Address
IP
Ethernet0/0
10.10.10.2(11)
HQ#showipcef
Prefix
NextHop
Interface
<partialoutput>
192.168.110.0/24
10.10.10.2
Ethernet0/0
12
A Note About CEF for IPv6

R1# show running-config
<output omitted>
CEF for IPv4 is enabled by default
ip cef
no ipv6 cef
CEF for IPv6 is disabled by default
R1#
R1# show ip cef
Prefix
Next Hop
Interface
0.0.0.0/0
no route
<output omitted>
R1# show ipv6 cef
%IPv6 CEF not running
R1#
R1
CEF (Cisco Express Forwarding) is a forwarding mechanism to

optimize the Layer 3 and Layer 2 lookup processes into a single
process.
Enabling CEF for IPv6

R1(config)# ipv6 unicast-routing
R1(config)# exit
R1
R1# show running-config
<output omitted>
ip cef
CEF IPv6 is now enabled
ipv6 cef
R1#
R1# show ipv6 cef
::/0
nexthop 2001:DB8:CAFE:2::2 Serial0/0/0
<output omitted>
R1# config t
Prior to IOS 15.x you may need to use this
R1(config)# ipv6 cef
command in addition to ipv6unicastrouting
R1(config)
You may need to enable CEF for IPv6.
HQ(config)#interfaceethernet0/0
HQ(configif)#noiproutecachecef
HQ(configif)#^Z
HQ#
*Jul2917:10:14.737:%SYS5CONFIG_I:Configuredfromconsolebyconsole
HQ#showipinterfaceethernet0/0|includeswitching
IPfastswitchingisenabled
IPfastswitchingonthesameinterfaceisdisabled
IPFlowswitchingisdisabled
IPCEFswitchingisdisabled
IPmulticastfastswitchingisenabled
IPmulticastdistributedfastswitchingisdisabled
HQ#
Disable CEF for IPv4 on Ethernet 0/0 on HQ

CEF for IPv4 can be re-enabled on an interface using the ip routecache cef interface configuration command.
15
HQ#showipcef
Prefix
NextHop
Interface
0.0.0.0/0
noroute
0.0.0.0/8
drop
0.0.0.0/32
receive
10.10.10.0/30
attached
Ethernet0/0
<omitted>
HQ(config)#noipcef
HQ(config)#end
HQ#
*Jul2917:14:36.676:%SYS5CONFIG_I:Configuredfromconsolebyconsole
HQ#showipcef
%IPv4CEFnotrunning
HQ#
CEF is still enabled globally
16
Path Control and PBR (Policy

Based Routing)
17
Concepts of Path Control
Path control tools can be used to change the default destination forwarding
and optimize the path of the packets for some specific application
Path Control is controlling the path that traffic takes through a network when
there are:
Redundant paths
Asymmetric paths (form of redundancy)
Three tools for path control are detailed:
Cisco IOS IP service level agreements (SLAs)
Policy Based Routing (PBR)
18
The other PBR

Policy Based Routing
PBR adds flexibility in a difficult-to-manage environment by providing the

ability to route traffic that is based on network needs
19
Quick Introduction Policy Based Routing (PBR) Example

Jeff Doyle, Routing TCP/IP Vol. I
More later in Chapter 5
Using PBR is the best way to understand how route maps are configured,
so here is a quick introduction (more later on PBR in chapter 5)
Policy routes are nothing more than sophisticated static routes.
Static routes forward a packet to a specified next hop based on
destination address of the packet.
Policy routes can forward a packet to a specified next hop based on the
source of the packet.
Policy routes can also be linked to extended IP access lists so that
routing may be based on protocol types and port numbers.
Like a static route, policy route influences the routing only on the
router on which it is configured.
20
Match Options (a sample)

Router(config-route-map)#match length min max
Matches the Layer 3 length of the packet.

Router(config-route-map)# match ip address {accesslist-number | name} [...access-list-number | name]
Matches the source and destination IP address that is

permitted by one or more standard or extended access lists.
If you do not specify a match command, the route map
applies to all packets.
21
Set Options (a sample)

Router(config-route-map)#set ip precedence [number | name]
Sets precedence value in the IP header. You can specify either the precedence
number or name.
Router(config-route-map)#set ip next-hop ip-address [... ipaddress]
Sets next hop to which to route the packet (the next hop must be adjacent).
Router(config-route-map)#set interface interface-type interfacenumber [... type number]
Sets output interface for the packet.
Router(config-route-map)#set ip default next-hop ip-address
[...ip-address]
Sets next hop to which to route the packet, if there is no explicit route for this
destination.
Router(config-route-map)#set default interface interface-type
interface-number [... type ...number]
Sets output interface for the packet, if there is no explicit route for this
destination.
22
Jeff Doyles Peanuts Example

Single interface example source IP address
Lucy
172.16.4.2/24
172.16.2.1/24
Schroeder
172.16.4.1/24
Linus
S0
E0
172.16.4.3/24
172.16.3.1/24
Pigpen
Charlie
172.16.1.1/24
172.16.6.1/24
172.16.7.1/24
172.16.1.2/24
172.16.8.1/24
We want to implement a policy on Linus such that:

Traffic from 172.16.6.0/24 subnet is forwarded to Lucy
Traffic from 172.16.7.0/24 subnet is forwarded to Pigpen
All other traffic is routed normally
23
Lucy
172.16.4.2/24
172.16.2.1/24
Schroeder
172.16.4.1/24
Linus
S0
E0
172.16.4.3/24
172.16.3.1/24
Pigpen
Charlie
172.16.1.1/24
Linus:
172.16.6.1/24
172.16.7.1/24
inter S0
ip policy route-map Sally
route-map Sally permit 10
match ip address 1
set ip next-hop 172.16.4.2
match ip address 2
172.16.1.2/24
172.16.8.1/24
access-list 1 permit 172.16.6.0

0.0.0.255
access-list 2 permit 172.16.7.0
0.0.0.255
Any packets that do no match

15, such as from 172.16.8.0/24
are routed normally.
24
Jeff Doyles Peanuts Example

Single interface example destination IP address
Lucy
172.16.4.2/24
172.16.2.1/24
Schroeder
172.16.4.1/24
Linus
S0
E0
172.16.4.3/24
172.16.3.1/24
Pigpen
Charlie
172.16.1.1/24
172.16.6.1/24
172.16.7.1/24
172.16.1.2/24
172.16.8.1/24
Suppose we want to implement a policy on Linus such that:

Traffic to host 172.16.1.1 is forwarded to Lucy
Traffic from 172.16.7.1 to host 172.16.1.2 is forwarded to Pigpen
All other traffic is routed normally
25
Lucy
172.16.4.2/24
172.16.2.1/24
Schroeder
172.16.4.1/24
Linus
S0
E0
172.16.4.3/24
172.16.3.1/24
Pigpen
Charlie
172.16.1.1/24
172.16.6.1/24
172.16.7.1/24
172.16.1.2/24
172.16.8.1/24
Linus:
inter S0
ip policy route-map Sally
match ip address 101
match ip address 102
access-list 101 permit ip any host

172.16.1.1
access-list 102 permit ip host
172.16.7.1 host 172.16.1.2
Any packets that do no match

15 are routed normally.
26
Book Example
Notebook>traceroute192.168.100.1
Tracingtherouteto192.168.100.1
VRFinfo:(vrfinname/id,vrfoutname/id)
1192.168.110.10msec0msec
210.10.20.11msec*1msec
Notebook>
PC>traceroute192.168.100.1
1192.168.110.11msec0msec0msec
210.10.20.11msec*1msec
PC>
27
Configure PBR to Alter the Traffic Flow from the Notebook

!IdentifyTrafficfromNotebook
BR1(config)#ipaccesslistextendedPBRACL
BR1(configextnacl)#permitiphost192.168.110.10any
BR1(configextnacl)#exit
!ConfigureRouteMaponBR1
BR1(config)#routemapPBRNotebook
BR1(configroutemap)#matchipaddressPBRACL
BR1(configroutemap)#setipnexthop10.10.20.1
BR1(configroutemap)#exit
!ApplyRouteMaptoInboundInterface
BR1(config)#interfaceethernet0/1
BR1(configif)#ippolicyroutemapPBRNotebook
BR1(configif)#exit
BR1(config)#exit
28
BR1#showroutemap
routemapPBRNotebook,permit,sequence10
Matchclauses:
ipaddress(accesslists):PBRACL
Setclauses:
ipnexthop10.10.20.1
Policyroutingmatches:0packets,0bytes
BR1#showippolicy
Interface
Routemap
Ethernet0/1
PBRNotebook
29
Notebook>traceroute192.168.100.1
210.10.20.15msec*5msec
Notebook>
PC>traceroute192.168.100.1
210.10.10.11msec*1msec
PC>
30
BR1#debugippolicy
Policyroutingdebuggingison
BR1#
PC>ping192.168.100.1
!!!!!
BR1#
*Aug417:36:42.981:IP:s=192.168.110.20(Ethernet0/1),d=192.168.100.1,
len100,
FIBpolicyrejected(nomatch)normalforwarding
len100,
FIBpolicyrejected(nomatch)normalforwarding
31
BR1#debugippolicy
Policyroutingdebuggingison
BR1#
Notebook>ping192.168.100.1
!!!!!
BR1#
len100,
FIBpolicymatch
len100,
PBRCounted
g=10.10.10.1,len100,FIBpolicyrouted
32
Cisco IOS SLAs
33
Using Cisco IOS IP SLAs to Control Path Selection

Cisco IOS IP SLAs send simulated data across the network and measures
performance between multiple network locations or across multiple network
paths.
The information collected includes data about:
response time
one-way latency
jitter (interpacket delay variance)
packet loss
voice quality scoring
network resource availability
application performance
server response time
34
Cisco IP SLA
IP SLA, feature of Cisco IOS software allows you to configure a router to

send synthetic traffic to:
A host computer
Router that has been configured to respond (Responder)
35
IP SLAs Operations
There are two types of IP SLAs
operations:
Those in which the target device is
not running the IP SLAs responder
component (such as a web server or
IP host).
IP SLAs
Source
Generated ICMP traffic to measure network

response
R1
DNS
Server
R2
Mostly ICMP generated traffic.

Those in which the target device is
running the IP SLAs responder
component (such as a Cisco router).
Measurement accuracy is
improved when the target is a
responder.
Additional statistics can be
gathered.
IP SLAs
Source
Generated traffic to measure the network
R1
IP SLAs
Responder
R2
MIB data retrieved via SNMP
Configuring Path Control using IOS IP SLAs

Router(config)# ip sla operation-number
The following steps are required to configure Cisco IOS IP SLA functionality:
Step 1 Define one or more probes
Step 2 Define one or more tracking objects
Step 3 Define the action on tracking object
Note: Effective with Cisco IOS Release 12.4(4)T, 12.2(33)SB, and 12.2(33)SXI,
the ip sla monitor command is replaced by the ip sla command.
49
Router(config)#ipslamonitoroperationnumber
Router(configrtr)#icmpecho{destinationipaddress|destinationhostname}[sourceip
{ipaddress|hostname}|sourceinterfaceinterfacename]
or
Router(configrtr)#typeechoprotocolipIcmpEcho{destinationipaddress|destination
hostname}[sourceipaddr{ipaddress|hostname}|sourceinterfaceinterfacename]
R1(config)# ip sla 1
R1(config-ip-sla)# ?
IP SLAs entry configuration commands:
dhcp
DHCP Operation
dns
DNS Query Operation
exit
Exit Operation Configuration
frame-relay Frame-relay Operation
ftp
FTP Operation
http
HTTP Operation
icmp-echo
ICMP Echo Operation
icmp-jitter ICMP Jitter Operation
path-echo
Path Discovered ICMP Echo Operation
path-jitter Path Discovered ICMP Jitter Operation
slm
SLM Operation
tcp-connect TCP Connect Operation
udp-echo
UDP Echo Operation
udp-jitter
UDP Jitter Operation
voip
Voice Over IP Operation
Effective with Cisco IOS

Release 12.4(4)T, 12.2(33)SB,
and 12.2(33)SXI, the
type echo protocol
ipIcmpEcho command is
replaced by the
icmp-echo command.
R1(config-ip-sla)#
Step 1 Define one or more probes

There are several SLA probes that can be used.
We will focus on using the ICMP Echo operation.
50
icmp-echo Command Example

R1(config-ip-sla)# icmp-echo 209.165.201.30
R1(config-ip-sla-echo)# ?
IP SLAs echo Configuration Commands:
default
Set a command to its defaults
exit
Exit operation configuration
frequency
Frequency of an operation
history
History and Distribution Data
no
Negate a command or set its defaults
owner
Owner of Entry
request-data-size Request data size
tag
User defined tag
threshold
Operation threshold in milliseconds
timeout
Timeout of an operation
tos
Type Of Service
verify-data
Verify data
vrf
Configure IP SLAs for a VPN Routing/Forwarding in-stance
R1(config-ip-sla-echo)#
Although many command options exist, the focus of this section will be on
frequency and timeout commands.
icmp-echo Sub-Commands
Router(config-ip-sla-echo)#
frequency seconds
Set the rate at which a specified IP SLAs operation repeats.

The seconds parameter is the number of seconds between the IP
SLAs operations with the default being 60 seconds.
Router(config-ip-sla-echo)#
timeout milliseconds
Set the amount of time a Cisco IOS IP SLAs operation waits for a
response from its request packet.
The milliseconds parameter is the number of milliseconds (ms) the
operation waits to receive a response from its request packet.
Router(configrtr)#frequencyseconds
Router(configrtr)#timeoutmillisecond
53
Schedule an IP SLA Operation

Schedule an IP SLA operation.
Router(config)#
ip sla schedule operation-number [life {forever | seconds}]
[start-time {hh:mm[:ss] [month day | day month] | pending |
now | after hh:mm:ss}] [ageout seconds] [recurring]]
Note:
Effective with Cisco IOS Release 12.4(4)T, 12.2(33)SB, and 12.2(33)SXI,
the ip sla monitor schedule command is replaced by the ip
sla schedule command.
The ip sla schedule Command Parameters

Parameter
Description
operation-number
Number of the IP SLAs operation to schedule.
life forever
(Optional) Schedules the operation to run indefinitely.
life seconds
(Optional) Number of seconds the operation actively collects information.

The default is 3600 seconds (one hour).
start-time
(Optional) Time when the operation starts.
hh:mm[:ss]
Specifies an absolute start time using hour, minute, and (optionally) second.
Use the 24-hour clock notation.
month
(Optional) Name of the month to start the operation in.

If month is not specified, the current month is used.
day
(Optional) Number of the day (in the range 1 to 31) to start the operation on.
If a day is not specified, the current day is used.
pending
(Optional) No information is collected. This is the default value.
now
(Optional) Indicates that the operation should start immediately.
after hh:mm:ss
(Optional) Indicates that the operation should start this amount of time after this command was
entered.
ageout seconds
(Optional) Number of seconds to keep the operation in memory when it is not actively collecting
information (default is 0 seconds which means it never ages out).
recurring
(Optional) Indicates that the operation will start automatically at the specified time and for the
specified duration every day.
Router(config)#ipslascheduleoperationnumber[life{forever|seconds}][starttime
{hh:mm[:ss][monthday|daymonth]|pending|now|afterhh:mm:ss}][ageout
seconds][recurring]
Configures the scheduling parameters for a single Cisco IOS IP SLAs

probes.
56
Step 2: Configure IP SLA Object Tracking

Define tracking objects, to track the state of IP SLAs operations such as is the device
reachable.
Router(config)#
track object-number ip sla operation-number {state |
reachability}
Parameter
Description
object-number
Object number representing the object to be tracked.

The range is from 1 to 500.
operation-number
Number used for the identification of the IP SLAs operation you

are tracking.
state
Tracks the operation return code.
reachability
Tracks whether the route is reachable.
Note:
Effective with Cisco IOS Release 12.4(20)T, 12.2(33)SXI1, 12.2(33)SRE
and Cisco IOS XE Release 2.4, the track rtr command is replaced
by the track ip sla command.
seconds][recurring]
Router(config)#trackobjectnumberipslaoperationnumber{state|reachability}
or
Router(config)#trackobjectnumberrtroperationnumber{state|reachability}
Step 2 Define one or more tracking objects

Tracks the state of an IOS IP SLAs operation such as is the device
reachable
58
track Command Example

R1(config)# track 1 ip sla 1 reachability
R1(config-track)# ?
Tracking instance configuration commands:
default Set a command to its defaults
delay
Tracking delay
exit
Exit from tracking configuration mode
no
Negate a command or set its defaults
R1(config-track)#
Configure Tracking Delay

Specify a period of time to delay communicating state changes of a tracked object.
The delay can help alleviate the affect of flapping objects.
Router(config-track)#
delay {up seconds [down seconds] | [up seconds] down seconds}
Parameter
Description
up
Time to delay the notification of an up event.
down
Time to delay the notification of a down event.
seconds
Delay value, in seconds.

The range is from 0 to 180 with the default being 0.
seconds][recurring]
Router(configtrack)#delay{upseconds[downseconds]|[upseconds]downseconds}
Delay - Specifies a period of time to delay communicating state changes of

a tracked object.
The delay can help alleviate the affect of flapping objects.
61
seconds][recurring]
Router(configtrack)#delay{upseconds[downseconds]|[upseconds]downseconds}
Router(config)#iprouteprefixmask{ipaddress|interfacetypeinterfacenumber[ip
address]}[dhcp][distance][namenexthopname][permanent|tracknumber][tag
tag]
Step 3 Define the action on tracking object

The static route is used to track the object.
Examples coming soon!
62
Verifying IP SLAs
Command
show ip sla
configuration
[operation]
show ip sla statistics
[operation-number |
details]
Description
Display configuration values including all defaults for all
Cisco IOS IP SLAs operations, or for a specified operation.
The operation parameter is the number of the IP SLAs
operation for which the details will be displayed.
Display the current operational status and statistics of all
Cisco IOS IP SLAs operations, or of a specified operation.
These commands will be explained during the examples.
show ip sla configuration Example

R1# show ip sla configuration 1
IP SLAs, Infrastructure Engine-II.
Entry number: 1
Owner:
Tag:
Type of operation to perform: icmp-echo
Target address/Source address: 209.165.201.30/0.0.0.0
Type Of Service parameter: 0x0
Request size (ARR data portion): 28
Operation timeout (milliseconds): 5000
Verify data: No
Vrf Name:
Schedule:
Operation frequency (seconds): 10 (not considered if randomly scheduled)
Next Scheduled Start Time: Start Time already passed
Group Scheduled : FALSE
Randomly Scheduled : FALSE
Life (seconds): Forever
<output omitted>
Note:
Effective with Cisco IOS Release 12.4(20)T, 12.2(33)SXI1, 12.2(33)SRE and Cisco IOS
XE Release 2.4, the show ip sla monitor configuration command is
replaced by the show ip sla configuration command.
show ip sla statistics Example

R1# show ip sla statistics
IPSLAs Latest Operation Statistics
IPSLA operation id: 1
Latest operation start time: *21:22:29.707 UTC Fri Apr 2 2010
Latest operation return code: OK
Number of successes: 5
Number of failures: 0
Operation time to live: Forever
<output omitted>
Note:
Effective with Cisco IOS Release 12.4(20)T, 12.2(33)SXI1, 12.2(33)SRE and Cisco IOS
XE Release 2.4, the show ip sla monitor statisitcs command is replaced
by the show ip sla statistics command.
Tracking Reachability to Two ISPs Example
In this scenario, Customer A is multihoming to two ISPs using R1

which is configured with two default floating static routes.
The static route to R2 (ISP-1) has been given an administrative distance of 2
making it preferred and therefore the primary default route.
The static route to R3 (ISP-2) has been given an administrative distance of 3
making it the backup default route.
Tracking Reachability to Two ISPs Example
What would happen if a link within the ISP 1 provider infrastructure

were to fail?
The link from R1 to R2 would still remain up and the R1 would continue to use that
link because the default static route would still be valid.
The solution to this issue is the Cisco IOS IP SLAs feature.

Configuring IP SLAs to continuously check the reachability of a specific
destination (such as the ISPs DNS server, or any other specific destination) and
conditionally announce the default route only if the connectivity is verified.
The first step in this configuration defines the probe.

Probe 11 is defined by the ip sla 11 command.
The test defined with the icmp-echo 10.1.3.1 command specifies that the ICMP echoes are
sent to destination 10.1.3.3 (DNS Server) to check connectivity.
The frequency 10 command schedules the connectivity test to repeat every 10 seconds.
The ip sla schedule 11 life forever start-time now command defines the start and end time
of the connectivity test for probe 11; the start time is now and it will continue forever.
R1(config-ip-sla-echo)# frequency 10
R1(config-ip-sla-echo)# exit
R1(config)# ip sla schedule 11 life forever start-time now
R1(config-track)# delay down 10 up 1
R1(config-track)# exit
R1(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.1 2 track 1
R1(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 3
Probe
The second step defines the tracking object, which is linked to the probe from the first
step.
The track 1 ip sla 11 reachability command specifies that object 1 is tracked; it is
linked to probe 11 (defined in the first step) so that the reachability of the 10.1.3.3 is
tracked.
R1(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 3
Probe
Tracking
Object
The last step defines an action based on the status of the tracking object.
The ip route 0.0.0.0 0.0.0.0 10.1.1.1 2 track 1 command conditionally configures
the default route, via 10.1.1.1, with an administrative distance of 2, if the result of
tracking object 1 is true.
Thus, if 10.1.3.3 is reachable, a static default route via 10.1.1.1 with an administrative
distance of 2, is installed in the routing table.
R1(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 3
Probe
Tracking
Object
Status of Tracking Object
Defining an action based on the status of the tracking object

ip route 0.0.0.0 0.0.0.0 10.1.1.1 2 track 1: Conditionally announces the default route, via
10.1.1.2, with an administrative distance 2 if the result of tracking object 1 is true if the probe
is successful.
To summarize: If 10.1.3.3 is reachable, a static default route via 10.1.1.2 with an administrative
distance of 2 is offered to the routing table.
Because the default route via R3 has a higher AD of 3, if the path via R2 is available, this path
will be the backup path.
Probe
Tracking
Object
R1(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 3
If 10.1.1.1 is reachable, a static default route via R2 with an administrative distance of 2, is installed
in the routing table
If 172.16.1.1 is reachable, a static default route via R3 with an administrative distance of 3 is
available to the routing table as a backup path.
Probe
Tracking
Object
R1(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 3
IP SLA 11 continuously sends ICMP Echo Requests to the DNS server (10.1.3.3) every 10
seconds.
IP SLAs is tracking that object and as long as the DNS server is reachable, the default route
to R2 will be in the routing table.
R1(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.1 3
Configuring PBR
and IP SLA
Example
In the example, you will

Redirect web traffic from clients on the BR1 router going to the HQ router
over the serial link using PBR
Ensure that BR2 is reachable by using an IP SLA ICMP echo test to its
WAN interface
Redirect all other traffic from Notebook to router BR2 if BR2 is reachable
Redirecting Web Traffic from BR1 to HQ Using PBR

!MatchWebTraffic
BR1(config)#ipaccesslistextendedPBRWWWTRAFFIC
BR1(configextnacl)#remarkPermitonlyWebtraffic
BR1(configextnacl)#permittcpanyanyeq80
BR1(configextnacl)#permittcpanyanyeq443
!CreatethePBR
BR1(config)#routemapPBR2HQ
BR1(configroutemap)#matchipaddressPBRWWWTRAFFIC
BR1(configroutemap)#setipnexthop10.10.20.1
BR1(configroutemap)#exit
!ApplyRouteMaptotheInterface
BR1(configif)#ippolicyroutemapPBR2HQ
BR1(configif)#exit
75
Ensuring That BR2 Is Reachable Using IP SLA

!CreateIPSLAProbingtheBR2WANInterface
BR1(config)#ipsla1
BR1(configipsla)#icmpecho10.10.30.2sourceinterfaceEthernet0/1
BR1(configipslaecho)#frequency10
BR1(configipslaecho)#exit
BR1(config)#ipslaschedule1starttimenowlifeforever
!CreateTrackingObject
BR1(config)#track1ipsla1
BR1(configtrack)#delaydown5up1
BR1(configtrack)#exit
76
Redirect Traffic from Notebook to BR2 If Reachable

!CreateACLtoTrackNotebookTraffic
BR1(config)#ipaccesslistextendedPBRFROMB
BR1(configextnacl)#RemarkMatchalltrafficfromtheNotebookhost
BR1(configextnacl)#permitiphost192.168.110.10any
!AddNewEntrytoPBR2HQRouteMAP
BR1(config)#routemapPBR2HQpermit20
BR1(configroutemap)#matchipaddressPBRFROMB
BR1(configroutemap)#setipnexthopverifyavailability10.10.30.21
track1
BR1(configroutemap)#end
!ApplyRouteMaptotheInterface
BR1(configif)#ippolicyroutemapPBR2HQ
BR1(configif)#exit
77
Verify Route Maps on BR1

BR1#showroutemap
routemapPBR2HQ,permit,sequence10
Matchclauses:
ipaddress(accesslists):PBRWWWTRAFFIC
Setclauses:
ipnexthop10.10.20.1
routemapPBR2HQ,permit,sequence20
Matchclauses:
ipaddress(accesslists):PBRFROMB
Setclauses:
ipnexthopverifyavailability10.10.30.21track1[up]
BR1#
78
Verify IP SLA Operations on BR1

BR1#showipslasummary
IPSLAsLatestOperationSummary
Codes:*active,^inactive,~pending
ID
Type
Destination
Stats
Return Last
(ms)
Code
Run
*1
icmpecho
10.10.30.2
RTT=1
OK
1secondago
BR1#
79
CIS 185 CCNP ROUTE

Ch. 5 Implementing Path Control
Rick Graziani
Cabrillo College
graziani@cabrillo.edu

Cis185 ROUTE 5 PathControlImplmentation

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cis185 ROUTE 5 PathControlImplmentation

Uploaded by

Copyright:

Available Formats

CIS 185 CCNP ROUTE

Ch. 5 Path Control Implementation

There are 135+ slides in this presentation

Best Path Decisions

Best Path Decisions

Best Path Decisions

Analogy: Process switching solves a

Earliest switching method. (Applies to both routers and multilayer

Analogy: Fast switching solves a problem by

As routers had to process more packets, it was determined process

Analogy: CEF solves every possible

Preferred and default Cisco IOS packet-forwarding mechanism for

The FIB is derived from the IP routing table

A Note About CEF for IPv6

CEF (Cisco Express Forwarding) is a forwarding mechanism to

Enabling CEF for IPv6

You may need to enable CEF for IPv6.

Disable CEF for IPv4 on Ethernet 0/0 on HQ

CEF is still enabled globally

Path Control and PBR (Policy

Concepts of Path Control

The other PBR

PBR adds flexibility in a difficult-to-manage environment by providing the

Quick Introduction Policy Based Routing (PBR) Example

Match Options (a sample)

Matches the Layer 3 length of the packet.

Matches the source and destination IP address that is

Set Options (a sample)

Jeff Doyles Peanuts Example

We want to implement a policy on Linus such that:

access-list 1 permit 172.16.6.0

Any packets that do no match

Jeff Doyles Peanuts Example

Suppose we want to implement a policy on Linus such that:

access-list 101 permit ip any host

Any packets that do no match

Configure PBR to Alter the Traffic Flow from the Notebook

Cisco IOS SLAs

Using Cisco IOS IP SLAs to Control Path Selection

IP SLA, feature of Cisco IOS software allows you to configure a router to

Generated ICMP traffic to measure network

Mostly ICMP generated traffic.

Generated traffic to measure the network

Configuring Path Control using IOS IP SLAs

Effective with Cisco IOS

Step 1 Define one or more probes

icmp-echo Command Example

Set the rate at which a specified IP SLAs operation repeats.

Schedule an IP SLA Operation

The ip sla schedule Command Parameters

Number of the IP SLAs operation to schedule.

(Optional) Schedules the operation to run indefinitely.

(Optional) Number of seconds the operation actively collects information.

(Optional) Time when the operation starts.

(Optional) Name of the month to start the operation in.

(Optional) No information is collected. This is the default value.

(Optional) Indicates that the operation should start immediately.

Configures the scheduling parameters for a single Cisco IOS IP SLAs

Step 2: Configure IP SLA Object Tracking

Object number representing the object to be tracked.

Number used for the identification of the IP SLAs operation you

Tracks the operation return code.

Tracks whether the route is reachable.

Step 2 Define one or more tracking objects