Posted on Thursday, 23rd September 2004 by sean
I was going to start into BGP, but realized that I’d have to take a diversion into policy-maps at some point. Since policy routing is on the exam, I think this is a much better place to start.
- Identify the steps to configure policy-based routing using route maps
It’s likely that your first exposure to the access-list command was to block traffic with the ip access-group interface command. However, as you progress, you learn that access-lists are used in many other situations. Access-lists simply match traffic, be they a packet or a route. Ip access-group tells IOS what to do with the matched packet.
Similarily, route-maps are used to match traffic in a far more granular fashion than access-lists. Many commands that can use an access-list can also use a policy-map. For example, people like me who learned about NAT some three years ago know how to do it with access-lists, but the BCSI course now teaches the policy-map method in addition to access-lists.
So, first we’ll tackle how route maps work, and then apply them to something called policy routing.
A route-map is a list of conditions to match and list of actions to take. Like an access-list, it is processed in order. Unlike an access-list, you can do a whole lot more.
route-map foo permit 10 match length 1 100 set ip precedence 4
The 10 represents the clause number, so that you can insert and delete at specific points. If you don’t specify anything, “10″ is assumed.
Each clause is evaluated in order, with the first clause to match stopping the processing. All the match statements within the clause must match for the clause itself to match. If nothing matches, “deny” is assumed.
It is important to note the use of permit and deny within the clause definition. In the context of policy routing, a “permit” clause specifies that the packet is policy routed. A “deny” clause (or default) implies no policy routing (so it wouldn’t make much sense to put a set within it).
The best reference is the docs for the route-map command.
route-maps will be used for far more than policy routing, they are heavily used within BGP and route redistribution. In that context, a permitted route would be redistributed, a deny route would be filtered (until you get into things like suppress-maps, where it’s the reverse — context is important!)
Back onto policy routing. To apply the route-map to the interface, you enter “ip policy route-map map-name” at the interface level. Another important thing to note is that locally generated packets are not policy routed without the “ip local policy route-map map-name” command at the global level.
I was going to give an example, but the Cisco document on Configuring Policy-Based Routing does it far better than I could.
(I just noticed the links are customer links… if you can’t see them, search for the title of the document and you should find the public version)
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
Posted in Routing | Comments (0)
