Saturday, February 24, 2024

Influencing Forwarding Conduct with Coverage Based totally Routing


It have been a sizzling minute since I remaining put in combination a weblog, and I used to be occupied with what could be a captivating matter. Smartly, as is standard, I thought of what I’d lately run throughout, or labored on, in my “day process” as a part of the engineering crew that builds and helps the lab environments for all of the Studying at Cisco coaching fabrics.

In this explicit day, I used to be reviewing the present configurations of the core community routers (layer 3 switches truly) in our information facilities. I’m rather new to this a part of the crew, and I used to be to find that we had been leveraging Coverage Based totally Routing to govern the forwarding conduct for various kinds of visitors. I’m certain lots of you studying this weblog are accustomed to the truth that there are at all times a number of tactics to perform a role in networking (existence truly, however without a doubt in networking). As such, policy-based routing is a device within the community engineer’s toolkit that may steadily be leveraged to care for “abnormal industry necessities.”

And with that, I had a subject matter to make use of for this weblog and an accompanying video to kick off a brief video collection known as “Technically Talking… with Hank Preston” at the Cisco U. by way of Studying and Certifications YouTube channel. In particular, we’re going to take a look at how to configure policy-based routing to persuade forwarding conduct. The why I’ll go away for some other put up. 🙂

Additionally, for somebody learning for the CCNP Endeavor certification, policy-based routing is at the ENARSI – Imposing Cisco Endeavor Complicated Routing and Services and products blueprint – “1.6 Configure and test policy-based routing.” 300-410 ENARSI is a focus examination that earns you the Cisco Qualified Specialist – Endeavor Complicated Infrastructure Implementation certification.  So, it’s without a doubt an excellent matter for the Cisco Studying weblog. Let’s dive proper in!

Atmosphere the Degree

Prior to we take a look at converting the standard routing and forwarding conduct, let’s get started with the fundamental forwarding conduct. For this exploration, I put the underneath community in combination in a Cisco Modeling Labs simulation. (You’ll be able to to find the topology report right here.)

Network Toplogy
The community topology used on this exploration of coverage founded routing and forwarding conduct.

This community has two small LANs separated by way of a fundamental, unmarried house OSPF community within the heart. The prices within the OSPF community were configured to make the most productive trail from R1 to R5 thru R3. We will be able to see that during a pair tactics.

First, let’s take a look at the interface prices on R1.

R1#display ip ospf interface transient 

Interface    PID   Space            IP Cope with/Masks    Price  State Nbrs F/C
Gi0/1.200    1     0        1     DR    0/0
Gi0/1.100    1     0        1     DR    0/0
Gi0/4        1     0           110   DR    1/1
Gi0/3        1     0           1     DR    1/1
Gi0/2        1     0           100   DR    1/1

Understand the prices for interface G0/2 and G0/4 (in opposition to R2 and R4) have a price of 100 and 110 respectively, whilst the price of G0/3 (in opposition to R3) is just one.

And now, we’ll test the routing desk access for host H3 on R1.

R1#display ip path   

Routing access for
  Recognized by means of "ospf 1", distance 110, metric 3, sort intra house
  Remaining replace from on GigabitEthernet0/3, 00:23:02 in the past
  Routing Descriptor Blocks:
  *, from, 00:23:02 in the past, by means of GigabitEthernet0/3
      Path metric is 3, visitors percentage rely is 1

The routing desk lists the path as in opposition to R3 out interface G0/3 — precisely as we’d be expecting.

The general test might be a hint path from host H1.

H1:~$ traceroute -n

traceroute to (, 30 hops max, 46 byte packets
 1   5.534 ms  5.004 ms  3.038 ms
 2      5.528 ms  5.531 ms  4.137 ms       <- R3's G0/1 interface
 3      5.533 ms  5.656 ms  6.339 ms
 4   14.180 ms  9.787 ms  7.908 ms

And no large shocker right here, the second one hop within the hint is certainly R3.

Let’s shake issues up just a little bit.

Assume there was once some explanation why that you just sought after to direct visitors won at router R1 from host H1 destined for H3 to move thru R2 . Possibly there was once some visitors research that took place on that router. Or possibly that hyperlink is extra dependable, even though slower. There are any choice of causes this may arise in a community design. The important thing section is that you just don’t wish to exchange ALL forwarding conduct, just a few of it. You could have a “coverage,” so that you could talk, that identifies some visitors you wish to have to regulate. That is the place coverage founded routing, steadily known as PBR, is available in.

Coverage founded routing can appear sophisticated. To be truthful, if overused, it could make networks very sophisticated and tough to take care of. On the other hand, the technical fundamentals of PBR are beautiful simple.

First, you want a option to determine the visitors that you wish to have to use the coverage to. Like many “matching” use instances in networking, that is steadily executed with an access-list. So, right here’s the entry listing that I’ll use to check the visitors I’m fascinated by.

ip access-list prolonged H1-to-H3
  10 allow ip host host

This unmarried line prolonged ACL is all this is wanted. I’m matching all IP visitors from H1 to H3, however I may well be extra particular, to a selected port as smartly. Possibly simply internet visitors (tcp/80 & tcp/443) for example.

Subsequent, a route-map is used to describe the coverage that we wish to configure. The “coverage” is made up of “fit” stipulations to spot the visitors and “set” stipulations to make the “coverage founded adjustments” to the visitors that was once matched.

This is the route-map for my coverage instance.

route-map POLICY-BASED-ROUTING allow 10
  description Visitors from H1 -> H3 path thru R2
  fit ip deal with H1-to-H3
  set ip next-hop

I’ve used the access-list I created in my “fit ip deal with” command. And, I’ve indicated that after visitors “fits” this coverage, I wish to “set” the next-hop to be

And see the primary line within the configuration instance. It ends with the quantity “10.” This quantity identifies the location within the path map that this actual coverage access holds.  A route-map may also be made up of many coverage units – every with a “fit” and “set” remark.  On this means, community engineers may have very granular keep an eye on over how visitors is forwarded within the community.  Lovely at hand proper!

Prior to I am going a lot farther it’s without a doubt necessary to notice that route-maps are used for extra than simply coverage founded routing.  The route-map assemble could also be used as a part of high quality of provider (QoS) configurations, routing protocol filtering, and BGP trail manipulations.  So for those who discover the configuration choices to be had for fit and set you’re going to to find a number of different choices.  All these are used to be used instances rather than coverage founded routing.

The remaining step to finish the configuration of my coverage is to use it on the router interface. Since this coverage is set controlling visitors from the LAN hooked up to interface Gig0/1 on R1, this is the place I will be able to observe it.

interface Gig0/1.100
  ip coverage route-map POLICY-BASED-ROUTING

That’s it, we’ve configured coverage founded routing. Let’s check to peer if it’s operating.

We’ll get started by way of rerunning the similar hint path command as prior to and evaluating the consequences.

1:~$ traceroute -n

traceroute to (, 30 hops max, 46 byte packets
 1  7.306 ms  3.017 ms  3.337 ms
 2     3.844 ms  4.335 ms  3.688 ms      <- R2's G0/1 interface
 3     7.906 ms  5.125 ms  5.962 ms
 4   8.951 ms  8.912 ms  7.348 ms

Have a look at that, visitors is certainly going thru R2 now. However let’s test that it is only for visitors to H3 by way of hint routing the visitors to H4.

H1:~$ traceroute -n

traceroute to (, 30 hops max, 46 byte packets
 1  3.681 ms  3.153 ms  2.563 ms
 2     3.613 ms  3.185 ms  3.747 ms     <- R3's G0/1 interface
 3     5.957 ms  7.555 ms  5.040 ms
 4  14.915 ms  7.157 ms  7.853 ms

Yep, visitors from H1 to H4 is certainly nonetheless following the “same old trail” thru R3. However what about visitors from H2 -> H3?  Will or not it’s redirected thru R2?

H2:~$ traceroute -n

traceroute to (, 30 hops max, 46 byte packets
 1  7.284 ms  2.840 ms  3.173 ms
 2     3.526 ms  4.514 ms  3.498 ms    <- R3's G0/1 interface
 3     6.375 ms  7.212 ms  4.900 ms
 4   6.642 ms  6.270 ms  5.884 ms

Nope, simplest visitors from H1 -> H3 is being redirected.

If we take a look at the routing desk on R1, we’ll see not anything has modified.

R1#display ip path   

Routing access for
  Recognized by means of "ospf 1", distance 110, metric 3, sort intra house
  Remaining replace from on GigabitEthernet0/3, 00:23:02 in the past
  Routing Descriptor Blocks:
  *, from, 00:23:02 in the past, by means of GigabitEthernet0/3
      Path metric is 3, visitors percentage rely is 1

There are a couple of helpful instructions at the router to test the standing of coverage founded routing.

First up, a fundamental “display” command value noting.

R1#display route-map 

route-map POLICY-BASED-ROUTING, allow, series 10
  Fit clauses:
    ip deal with (access-lists): H1-to-H3 
  Set clauses:
    ip next-hop
  Coverage routing fits: 12 packets, 756 bytes

This command supplies “coverage fit” statistics. We will be able to see that after I ran this command there have been 12 fits up to now.

Every other command that turns out to be useful is the “debug ip coverage” command. It supplies helpful information about the processing of the coverage as visitors flows throughout the router. However as with every “debug” command, watch out the use of it on a manufacturing instrument as it could put a heavy load on community gadgets if there’s a large number of visitors flowing thru.

I will be able to flip at the debugging after which ship a unmarried ICMP (ping) packet from H1 -> H3.

R1#debug ip coverage
Coverage routing debugging is on

*Apr 26 00:29:58.282: IP: s= (GigabitEthernet0/1.100), d=, len 84, FIB coverage fit
*Apr 26 00:29:58.282: IP: s= (GigabitEthernet0/1.100), d=, len 84, PBR Counted
*Apr 26 00:29:58.282: IP: s= (GigabitEthernet0/1.100), d=, g=, len 84, FIB coverage routed

Examine the above output to the debug output after I ping H1 -> H4.

*Apr 26 00:31:00.294: IP: s= (GigabitEthernet0/1.100), d=, len 84, FIB coverage rejected(no fit) - customary forwarding

Within the first instance, “FIB coverage fit” signifies that the PRB coverage was once precipitated. And a following debug line presentations that the visitors was once “FIB coverage routed.” That’s the PBR in motion. Examine that to the output from the second one ping this is “FIB coverage rejected (no fit) – customary forwarding.” That output is beautiful descriptive.

And with that, we’ve come to the tip of this put up. I am hoping this brief take a look at coverage founded routing helped smash it down and introduce you to a brand new generation instrument that you’ll be able to put into your toolkit. Possibly it’ll will let you clear up a industry problem sooner or later. Or possibly it’ll will let you to your preparation for the ENARSI examination or different research. Both means, thank you for putting out with me lately.

 Were given a subject matter you’d like me to breakdown? Let me know within the feedback.



Sign up for the Cisco Studying Community lately without cost.

Observe Cisco Studying & Certifications

Twitter | Fb | LinkedIn | Instagram | YouTube

Use #CiscoCert to sign up for the dialog.



Please enter your comment!
Please enter your name here

Related Stories