Home > Policy Based Routing Sim

Policy Based Routing Sim

February 8th, 2019 in Lab Sim, LabSim Go to comments

Question

Company TUT has two links to the Internet. The company policy requires that web traffic must be forwarded only to Frame Relay link if available and other traffic can go through any links. No static or default routing is allowed.

BGP_Policy_Based_Routing_Sim.jpg

 

Answer and Explanation:

Notice: The answer and explanation below are from PeterPan and Helper.Please say thank to them!

All the HTTP traffic from the EIGRP Network should go through Frame Relay link if available and all the other traffic should go through either link.
The only router you are able to administrate is the Border Router, from the EIGRP Network you may only send HTTP traffic. As the other people mentioned, actually it is not a BGP lab. You are not able to execute the command “router bgp 65001”

1) Access list that catches the HTTP traffic:
BorderRouter(config)#access-list 101 permit tcp any any eq www

Note that the server was not directly connected to the Border Router. There were a lot of EIGRP routes on it. In the real exam you do not know the exact IP address of the server in the EIGRP network so we have to use the source as “any” to catch all the source addresses.

2) Route map that sets the next hop address to be ISP1 and permits the rest of the traffic:
BorderRouter(config)#route-map pbr permit 10
BorderRouter(config-route-map)#match ip address 101
BorderRouter(config-route-map)#set ip next-hop 10.1.101.1
BorderRouter(config-route-map)#exit

(Update: We don’t need the last command route-map pbr permit 20 to permit other traffic according to Cisco:

“If the packets do not meet any of the defined match criteria (that is, if the packets fall off the end of a route map), then those packets are routed through the normal destination-based routing process. If it is desired not to revert to normal forwarding and to drop the packets that do not match the specified criteria, then interface Null 0 should be specified as the last interface in the list by using the set clause.”

Reference: http://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a4409.shtml)

Note: We don’t need to use IP SLA to track the next-hop IP address as the “set ip next-hop” did this. From this link: https://www.cisco.com/c/en/us/support/docs/ip/ip-routed-protocols/47121-pbr-cmds-ce.html
“The set ip next-hop command verifies the existence of the next hop specified, and…
+ If the next hop exists in the routing table, then the command policy routes the packet to the next hop.
+ If the next hop does not exist in the routing table, the command uses the normal routing table to forward the packet.”
So if the next-hop 10.1.101.1 goes down the PBR will use normal routing table.

3) Apply the route-map on the interface to the server in the EIGRP Network:
BorderRouter(config-route-map)#exit
BorderRouter(config)#int fa0/0
BorderRouter(config-if)#ip policy route-map pbr
BorderRouter(config-if)#exit
BorderRouter(config)#exit

4) There is a “Host for Testing”, click on this host to open a box which includes a button named “Generate HTTP traffic”. Click on this button to generate some packets for HTTP traffic. Jump back to the BorderRouter and type the command “show route-map”.

BorderRouter#show route-map

In the output you will see the line “Policy routing matches: 9 packets…”. It means that the route-map we configured is working properly.

Note: We have posted a Policy Based Routing lab on GNS3 similar to this sim with detailed explanation, you can read it here.

Other lab-sims on this site:

EIGRP Stub Sim

OSPF Sim

EIGRP OSPF Redistribution Sim

IPv6 OSPF Virtual Link Sim

EIGRP Simlet

Comments
Comment pages
1 4 5 6 28
  1. @wedgym CiscoD
    January 18th, 2020

    Sorry to hear you failed.. what labs did you get? Are you sure there are new because for as long as I can remember they’ve been the same, and I’ve reset it twice.

  2. CiscoD
    January 18th, 2020

    To test the Route-map i tried using traceroute and telnet to the 10.1.101.1 address.. neither populated packets ????

  3. dboy
    January 20th, 2020

    any new updates.
    please share

  4. mad
    January 25th, 2020

    @CiscoD – you must uses TCP-port 80 – traceroute uses ICMP and Telnet uses port 23
    but you can use telnet and specify the port after the ip like

    telnet 8.8.8.8 80

  5. @mad – CiscoD4ddy
    February 5th, 2020

    Hope your still around Mad, thanks for the advice. Worked like a charm, I assumed it was the lab config :/

  6. Keku
    February 19th, 2020

    Are the CCNP route dumps still valid, any new labs added to the test?

  7. k
    February 20th, 2020

    no new labs, passed yesterday. Labs are valid.. at least for this week. Thanks tut for these past few years. hope you will update soon the new dumps. :D

Comment pages
1 4 5 6 28
  1. No trackbacks yet.