Internet Routing Architectures (CISCO):Configurinbg Effective Internet Routing Policies



























Previous
Table of Contents
Next




Using ISIS as IGP
ISIS is similar to OSPF; it uses the default-information originate router command. RTA is originating a default into ISIS only on the condition that RTA is learning the default from its exterior link.
RTA configuration:


router isis 100
redistribute connected
default-information originate route-map SEND_DEFAULT_IF
net 49.0001.0000.0c00.000a.00

router bgp 3
no synchronization
network 172.16.220.0 mask 255.255.255.0
network 172.16.70.0 mask 255.255.255.0
neighbor 172.16.20.1 remote-as 1
neighbor 172.16.20.1 filter-list 10 out
neighbor 172.16.50.1 remote-as 3
neighbor 172.16.50.1 route-map setlocalpref in
no auto-summary

ip as-path access-list 10 permit ^$

access-list 1 permit 0.0.0.0
access-list 2 permit 172.16.20.1

route-map SEND_DEFAULT_IF permit 10
match ip address 1
match ip next-hop 2


RTF is originating a default into ISIS on the condition that RTF is learning the default from its exterior link.

RTF configuration:


router isis 100
default-information originate route-map SEND_DEFAULT_IF
net 49.0001.0000.0c00.000c.00

router bgp 3
no synchronization
network 172.16.50.0 mask 255.255.255.0
neighbor 172.16.70.1 remote-as 3
neighbor 172.16.70.1 next-hop-self
neighbor 192.68.5.2 remote-as 2
neighbor 192.68.5.2 filter-list 10 out
no auto-summary

ip as-path access-list 10 permit ^$

access-list 1 permit 0.0.0.0
access-list 2 permit 192.68.5.2

route-map SEND_DEFAULT_IF permit 10
match ip address 1
match ip next-hop 2


RTG is running ISIS and following the 0/0 default for routes outside AS3.

RTG configuration:


router isis 100
net 49.0001.0000.0c00.000b.00


The following is RTG's IP routing table; note how RTG follows the default toward RTF.



RTG#show ip route
Codes: C - connected, S - static, I - IGRP,
R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF,
IA - OSPF inter area
N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2,
E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
* - candidate default U - per-user static route, o - ODR

Gateway of last resort is 172.16.50.1 to network 0.0.0.0

172.16.0.0/16 is subnetted, 4 subnets
i L1 172.16.220.0/24 [115/20] via 172.16.70.1, Serial0
i L1 172.16.20.0/24 [115/20] via 172.16.70.1, Serial0
C 172.16.50.0/24 is directly connected, Serial1
C 172.16.70.0/24 is directly connected, Serial0
i*L2 0.0.0.0/0 [115/10] via 172.16.50.1, Serial1


Policy Routing
This example demonstrates how policy routing can be used to direct the traffic based on the source IP address rather than the destination IP address. Figure 11-12 shows a router RTA that is running BGP with two providers, AS1 and AS2. Internal routers such as RTG and RTF are running IGP only (OSPF) and are following a default route toward RTA.


Figure 11-12  Policy routing scenario.
RTA wants to set policy routing in such a way that traffic coming over the serial line S1 from RTG is directed toward AS2 if the source is network 172.16.10.0/24. Traffic coming from RTG with source 172.16.112.0/24 is to be directed toward AS1; in case of a link failure to AS1, the traffic will go to AS2. For all other source IP addresses, follow normal routing.

RTA will be configured in the following manner:
RTA configuration:


interface Ethernet0
ip address 172.16.80.1 255.255.255.0

interface Serial1
ip address 172.16.70.1 255.255.255.0
ip policy route-map CHECK_SOURCE

router ospf 10
passive-interface Serial0
passive-interface Ethernet0
network 172.16.0.0 0.0.255.255 area 0
default-information originate always

router bgp 3
network 172.16.50.0 mask 255.255.255.0
network 172.16.70.0 mask 255.255.255.0
network 172.16.10.0 mask 255.255.255.0
network 172.16.112.0 mask 255.255.255.0
neighbor 172.16.20.1 remote-as 1
neighbor 172.16.20.1 filter-list 10 out
neighbor 172.16.80.2 remote-as 2
neighbor 172.16.80.2 filter-list 10 out
no auto-summary

ip as-path access-list 10 permit ^$

access-list 1 permit 172.16.10.0 0.0.0.255
access-list 2 permit 172.16.112.0 0.0.0.255

route-map CHECK_SOURCE permit 10
match ip address 1
set ip next-hop 172.16.80.2

route-map CHECK_SOURCE permit 20
match ip address 2
set ip next-hop 172.16.20.1 172.16.80.2


Policy routing is always applied to the incoming interface. Serial 1 is configured with the interface command ip policy route-map map-name. This will apply route map CHECK_SOURCE to all Serial 1 incoming traffic. The explanation of the route map follows:

•  Instance 10: For all source IP addresses that come from 172.16.10.0/24, set the next hop to 172.16.80.2. If next hop 172.16.80.2 is unreachable, drop the packet.
•  Instance 20: For all source IP addresses that come from 172.16.112.0/24, set the next hop to 172.16.20.1. If next hop 172.16.20.1 is unreachable, try sending the traffic to next hop 172.16.80.2.

For all other source IP addresses, follow normal routing.

The policy routing route maps give you the option to pick multiple next hops. This is necessary to always have a backup path. For all traffic that does not match the route maps, the router will follow normal routing. To illustrate, a trace route will be done from RTG to 192.68.10.1 from source IP address 172.16.112.1. The following is RTA's IP routing table:


RTA#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP,
M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF,
IA - OSPF inter area
N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2,
E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
* - candidate default U - per-user static route, o - ODR

Gateway of last resort is not set

B 192.68.10.0/24 [20/0] via 172.16.80.2, 00:30:09
B 192.68.11.0/24 [20/0] via 172.16.20.1, 00:30:14
172.16.0.0/16 is subnetted, 5 subnets
O 172.16.50.0/24 [110/69] via 172.16.70.2, 00:27:27, Serial1
C 172.16.20.0/24 is directly connected, Serial0
C 172.16.80.0/24 is directly connected, Ethernet0
C 172.16.70.0/24 is directly connected, Serial1






Previous
Table of Contents
Next