Policy Based Routing Lab

In this lab we will learn how to use Policy Based Routing to send traffic via the route we want.

IOS used: c3640-jk9s-mz.124-16.bin

Tasks
+ Enable OSPF on all interfaces of R2, R3, R4, R5 using only one command on each router.
+ Create Policy Based Routing on R2 so that traffic from R1 to the Loopback interface of R5 (5.5.5.5) must go through R3 (the less optimal path).

You can download the Initial Config Lab here: http://www.digitaltut.com/download/Policy_Based_Routing_Lab_Initial.zip.

Initial Config

In the initial config we will configure IP addresses on all interfaces and run OSPF on R2, R3, R4, R5. For R1 we only need a default route to R2.

R1 interface FastEthernet0/0   ip address 12.12.12.1 255.255.255.0   no shut ip route 0.0.0.0 0.0.0.0 12.12.12.2

R2 interface FastEthernet0/0   ip address 12.12.12.2 255.255.255.0   no shut interface FastEthernet1/0   ip address 24.24.24.2 255.255.255.0   no shut interface Serial2/0   ip address 23.23.23.2 255.255.255.0   no shut router ospf 1   network 0.0.0.0 255.255.255.255 area 0	R3 interface Serial0/0   ip address 23.23.23.3 255.255.255.0   no shut interface FastEthernet1/0   ip address 35.35.35.3 255.255.255.0   no shut router ospf 1   network 0.0.0.0 255.255.255.255 area 0
R4 interface FastEthernet0/0   ip address 24.24.24.4 255.255.255.0   no shut interface FastEthernet1/0   ip address 45.45.45.4 255.255.255.0   no shut router ospf 1   network 0.0.0.0 255.255.255.255 area 0	R5 interface Loopback0   ip address 5.5.5.5 255.255.255.255 interface FastEthernet0/0   ip address 35.35.35.5 255.255.255.0   no shut interface FastEthernet1/0   ip address 45.45.45.5 255.255.255.0   no shut router ospf 1   network 0.0.0.0 255.255.255.255 area 0

FastEthernet link has higher bandwidth (lower cost) than Serial link so traffic from R1 to R5 will surely go through R4 to R5:

Now we will create a Policy Based Routing on R2 so that all traffic destined for 5.5.5.5 (R5 Loopback0) goes through R3:

R2 access-list 100 permit ip any host 5.5.5.5 route-map OUT_R5 permit 10   match ip address 100   set ip next-hop 23.23.23.3 //Apply this route-map to Fa0/0 interface FastEthernet0/0   ip policy route-map OUT_R5

The traffic now goes through R3:

We can turn on “debug ip policy” on R2 to have a closer look at the policy match. We should also disable CEF routing so that you can see the detailed match (use “no ip cef” command in global config mode)

Verify the traffic has been matched with the access list:

And that is all of Policy Based Routing on this lab. But what will happen to traffic that is not matched with the access-list? Will they be dropped? We will test this by replacing our access-list with an unmatched traffic like TCP.

R2 no access-list 100 access-list 100 permit tcp any host 5.5.5.5

Notice that traceroute sends UDP traffic so it will not match with the above access-list.

We see the unmatched traffic is not dropped, it is routed through the normal destination-based routing process.

Other notice that I want to say is normal Policy Based Routing is only applied for traffic transiting to it. It cannot match traffic originating from R2 itself. For example traceroute from R2 still goes through R4:

Luckily we can also match traffic originating from R2 with the Local Policy Based Routing by adding this command in global configuration mode (not interface mode):

R2(config)#ip local policy route-map OUT_R5

Now both traffic from R1 and R2 go through R3

You can download the final configuration of this lab here: http://www.digitaltut.com/download/Policy_Based_Routing_Lab_Final.zip.