Example of PBR behavior
This post will demonstrate a behavior of Cisco policy based routing with default keyword used.
PBR logic:
route-map
|
|
set ip next-hop
set interface
|
1.
PBR tries first.
2. If PBR couldn't route a packet it is forwarded via normal
routing.
|
set ip default next-hop
set default interface
|
1. Normal routing tries to forward a packet first. Default route will not be considered.
2.
If normal routing fails PBR tries to forward a
packet.
|
PBR is configured on R3's interface toward PC1 and PC2. It applies to packets from PC2 (10.1.1.2) destined to network 192.168.0.0/16 and set a next-hop to 1.1.6.6. There is no route to 1.1.6.6 in R3's routing table but there is a default route to R4.
interface FastEthernet0/0
description To_PC1_and_PC2
ip address 10.1.1.254 255.255.255.0
ip policy route-map PBR-Map
ip access-list extended PBR
permit ip host 10.1.1.2 192.168.0.0 0.0.255.255
route-map PBR-Map permit 10
match ip address PBR
set ip default next-hop 1.1.6.6
Example 1: Route to 192.168.1.0/24 doesn't exist in the routing table of R3.
Packets from PC2 to 192.168.1.0/24 will be first considered by normal routing. Since there is no route to this network and default route is ignored packets will be taken by PBR. Policy sets the next hop that is also unreachable so packets are going back to normal routing and finally being routed to R4 because of default route.
Below is an output from R3:
R3(config)#do sh ip route 192.168.1.0
% Network not in table
R3#sh ip route
Gateway of last resort is 10.1.12.2 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.1.14.0/30 is directly connected, Serial0/1
C 10.1.12.0/30 is directly connected, Serial0/0
D 10.2.1.0/30 [90/1162496] via 10.1.12.2, 00:18:09, Serial0/0
D 10.2.2.0/30 [90/1188096] via 10.1.12.2, 00:18:08, Serial0/0
C 10.1.1.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.1.12.2
R3#debug ip policy
PC2#ping 192.168.1.1 repeat 1
R3#
*Mar 1 00:22:23.119: IP: s=10.1.1.2 (FastEthernet0/0), d=192.168.1.1, len 100, FIB policy match
*Mar 1 00:22:23.123: CEF-IP-POLICY: fib for addr 1.1.6.6 is default; Nexthop rejected
*Mar 1 00:22:23.123: IP: s=10.1.1.2 (FastEthernet0/0), d=192.168.1.1, len 100, FIB policy rejected - normal forwarding
PC2#trace 192.168.1.1
Tracing the route to 192.168.1.1
1 10.1.1.254 28 msec 12 msec 12 msec
2 10.1.12.2 44 msec 20 msec 28 msec
3 10.2.1.2 56 msec * 84 msec
Example 2: Route to 192.168.1.0/24 exists in R3 routing table and points to R5 (10.1.14.2).
R3(config)#
*Mar 1 00:25:12.299: IP: s=10.1.1.2 (FastEthernet0/0), d=192.168.1.1, len 100, FIB policy match
*Mar 1 00:25:12.303: IP: s=10.1.1.2 (FastEthernet0/0), d=192.168.1.1, len 100, FIB policy rejected(explicit route) - normal forwarding
PC2#trace 192.168.1.1
Tracing the route to 192.168.1.1
1 10.1.1.254 24 msec 40 msec 20 msec
2 10.1.14.2 20 msec 16 msec 12 msec
3 10.2.2.2 44 msec * 72 msec