Configuration for the sample policy-based routing application

Last Updated : Nov 06, 2012 | 
Gxxx-001(super)# ip pbr-list 801
Gxxx-001(super-PBR 801)# name Voice
Done!
Gxxx-001(super-PBR 801)# ip-rule 1
Gxxx-001(super-PBR 801/ip rule 1)# next-hop list 1
Done!
Gxxx-001(super-PBR 801/ip rule 1)# destination-ip 149.49.123.0 0.0.0.255
Done!
Gxxx-001(super-PBR 801/ip rule 1)# dscp 34
Done!
Gxxx-001(super-PBR 801/ip rule 1)# exit
Gxxx-001(super-PBR 801)# ip-rule 10
Gxxx-001(super-PBR 801/ip rule 10)# next-hop list 1
Done!
Gxxx-001(super-PBR 801/ip rule 10)# destination-ip 149.49.123.0 0.0.0.255
Done!
Gxxx-001(super-PBR 801/ip rule 10)# dscp 41
Done!
Gxxx-001(super-PBR 801/ip rule 10)# exit
Done!
Gxxx-001(super-PBR 801/ip rule 20)# destination-ip 149.49.123.0 0.0.0.255
Done!
Gxxx-001(super-PBR 801/ip rule 20)# dscp 43
Done!
Gxxx-001(super-PBR 801/ip rule 20)# exit
Gxxx-001(super-PBR 801)# ip-rule 30
Gxxx-001(super-PBR 801/ip rule 30)# next-hop list 1
Done!
Gxxx-001(super-PBR 801/ip rule 30)# destination-ip 149.49.123.0 0.0.0.255
Done!
Gxxx-001(super-PBR 801/ip rule 30)# dscp 44
Done!
Gxxx-001(super-PBR 801/ip rule 30)# exit
Gxxx-001(super-PBR 801)# ip-rule 40
Gxxx-001(super-PBR 801/ip rule 40)# next-hop list 1
Done!
Gxxx-001(super-PBR 801/ip rule 40)# destination-ip 149.49.123.0 0.0.0.255
Done!
Gxxx-001(super-PBR 801/ip rule 40)# dscp 46
Done!
Gxxx-001(super-PBR 801/ip rule 40)# exit
Gxxx-001(super-PBR 801)# exit
Gxxx-001(super)#

The next group of commands configures next hop list 1, which was included in the rules configured above. Next hop list 1 sends packets that match the rule in which it is included to the IP address of the Layer 3 router. If that interface is not available, the next hop list requires the packet to be dropped (Null0). This is because the QoS on the Internet interface is not adequate for voice packets. It would also be possible to include one or more backup interfaces in this next hop list.

Gxxx-001(super)# ip next-hop-list 1
Gxxx-001(super-next hop list 1)#name Voice-To_HQ
Done!
Gxxx-001(super-next hop list 1)#next-hop-ip 1 <external Layer 3 router IP address>
Done!
Gxxx-001(super-next hop list 1)#next-hop-interface 2 Null0
Done!
Gxxx-001(super-next hop list 1)#exit
Gxxx-001(super)#

The next set of commands applies the PBR list to the voice VLAN (6).

Gxxx-001(super)# interface vlan 6
Gxxx-001(super-if:VLAN 6)# ip pbr-group 801
Done!
Gxxx-001(super-if:VLAN 6)# exit
Gxxx-001(super)#

The next set of commands applies the PBR list to the Loopback interface. This is necessary to ensure that voice packets generated by the Branch Gateway itself are routed via the external E1/T1 line installed on the external Layer 3 router. The Loopback interface is a logical interface that is always up. Packets sent from the Branch Gateway, such as signaling packets, are sent via the Loopback interface. In this example, applying PBR list 801 to the Loopback interface ensures that signaling packets originating from voice traffic are sent via the T1/E1 line.

Gxxx-001(super)# interface Loopback 1
Gxxx-001(super-if:Loopback 1)# ip pbr-group 801
Done!
Gxxx-001(super-if:Loopback 1)# exit
Gxxx-001(super)#

The next set of commands defines a new PBR list (802). This list will be applied to the data interface (VLAN 5). The purpose of this is to route data traffic through interfaces other than the E1/T1 interface, so that this traffic will not interface with voice traffic.

Gxxx-001(super)# ip pbr-list 802
Gxxx-001(super-PBR 802)# name Data_To_HQ
Done!
Gxxx-001(super-PBR 802)# ip-rule 1
Gxxx-001(super-PBR 802/ip rule 1)# next-hop list 2
Done!
Gxxx-001(super-PBR 802/ip rule 1)# ip-protocol tcp
Done!
Gxxx-001(super-PBR 802/ip rule 1)# destination-ip host 149.49.43.189
Done!
Gxxx-001(super-PBR 802/ip rule 1)# exit
Gxxx-001(super-PBR 802)# exit

The next set of commands creates next hop list 2. This next hop list routes traffic to the GRE tunnel (Tunnel 1). If the GRE tunnel is not available, then the next hop list checks the next entry on the list and routes the traffic to the external E1/T1 interface. If neither interface is available, the traffic is dropped. This allows data traffic to use the E1/T1 interface, but only when the GRE tunnel is not available. Alternatively, the list can be configured without the external E1/T1 interface, preventing data traffic from using the external E1/T1 interface at all.

G430-001(super)# ip next-hop-list 2
G430-001(super-next hop list 2)#name Data-To_HQ
Done!
G430-001(super-next hop list 2)#next-hop-interface 1 Tunnel 1
Done!
G430-001(super-next hop list 2)#next-hop-ip 2 <external Layer 3 router IP address>
Done!
G430-001(super-next hop list 2)#next-hop-interface 3 Null0
Done!
G430-001(super-next hop list 2)#exit
G430-001(super)#

Finally, the next set of commands applies the PBR list to the data VLAN (5).

Gxxx-001(super)# interface vlan 5
Gxxx-001(super-if:VLAN 6)# ip pbr-group 802
Done!
Gxxx-001(super-if:VLAN 6)# exit
Gxxx-001(super)#

In this example you can add a track on GRE Tunnel 1 in order to detect whether this next hop is valid or not (for more information on object tracking, refer to Object tracking). Note that the GRE tunnel itself has keepalive and can detect the status of the interface and, therefore, modify the next hop status.

Related information
Policy-based routing application example