24 févr. 2012

Policy Routing w/ Tracking objects

Reliable Policy Routing
R5 has two loopbacks, 5.5.5.5/32 and 55.55.55.55/32
Configure policy routing on r2 so that:
 - to reach 5.5.5.5/32 packets from r1 must go to r3.
 - to reach 55.55.55.55/32 packets from r1 must go to r4.
 - do not use static routing on r2 (excepted to reach r1).

Use reliable routing to do this:
 - if r3 is not reachable, packets to 5.5.5.5/32 must go through r4.
 - if r4 is not reachable, packets to 55.55.55.55/32 must go through r3.

Verify using traceroute.

r1 configuration:
!
hostname r1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Serial1/0
 ip address 192.168.12.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.12.2
!

r2 configuration:
!
hostname r2
!
track 5 ip sla 10
!
track 55 ip sla 15
!
interface Serial1/0
 ip address 192.168.12.2 255.255.255.0
 ip policy route-map PBR
!
interface Serial1/1
 ip address 192.168.23.2 255.255.255.0
 serial restart-delay 0
!
interface Serial1/2
 ip address 192.168.24.2 255.255.255.0
!
ip route 1.1.1.1 255.255.255.255 192.168.12.1
!
ip sla 10
 icmp-echo 192.168.23.3 source-interface Serial1/1
 timeout 1000
 threshold 1000
 frequency 2
ip sla schedule 10 life forever start-time now
ip sla 15
 icmp-echo 192.168.24.4 source-interface Serial1/2
 timeout 1000
 threshold 1000
 frequency 2
ip sla schedule 15 life forever start-time now
access-list 105 permit ip any host 5.5.5.5
access-list 155 permit ip any host 55.55.55.55
!
route-map PBR permit 10
 match ip address 105
 set ip next-hop verify-availability 192.168.23.3 1 track 5
 set ip default next-hop 192.168.24.4
!
route-map PBR permit 20
 match ip address 155
 set ip next-hop verify-availability 192.168.24.4 1 track 55
 set ip default next-hop 192.168.23.3
!



r3 configuration:
!
hostname r3
!
interface Serial1/0
 ip address 192.168.23.3 255.255.255.0
!
interface Serial1/1
 ip address 192.168.35.3 255.255.255.0
!
ip route 1.1.1.1 255.255.255.255 192.168.23.2
ip route 5.5.5.5 255.255.255.255 192.168.35.5
ip route 55.55.55.55 255.255.255.255 192.168.35.5
!



r4 configration:
!
hostname r4
!
interface Serial1/0
 ip address 192.168.24.4 255.255.255.0
!
interface Serial1/1
 ip address 192.168.45.4 255.255.255.0
!
ip route 1.1.1.1 255.255.255.255 192.168.24.2
ip route 5.5.5.5 255.255.255.255 192.168.45.5
ip route 55.55.55.55 255.255.255.255 192.168.45.5
!



r5 configuration:
!
hostname r5
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
 ip address 55.55.55.55 255.255.255.255
!
interface Serial1/0
 ip address 192.168.35.5 255.255.255.0
!
interface Serial1/1
 ip address 192.168.45.5 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.45.4
!



Verifications:
r1#traceroute 5.5.5.5 source 1.1.1.1    

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 192.168.12.2 8 msec 24 msec 20 msec
  2 192.168.23.3 20 msec 44 msec 44 msec
  3 192.168.35.5 76 msec *  64 msec

r1#traceroute 55.55.55.55 source 1.1.1.1

Type escape sequence to abort.
Tracing the route to 55.55.55.55

  1 192.168.12.2 24 msec 20 msec 20 msec
  2 192.168.24.4 20 msec 44 msec 40 msec
  3 192.168.45.5 80 msec *  76 msec


Now, on r3, remove IP address 192.168.23.3:
On r2, you see :
Feb 23 01:06:28.127: %TRACKING-5-STATE: 5 ip sla 10 state Up->Down

r1#traceroute 5.5.5.5 source 1.1.1.1

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 192.168.12.2 16 msec 24 msec 20 msec
  2 192.168.24.4 24 msec 36 msec 44 msec
  3 192.168.45.5 76 msec *  72 msec
r1#traceroute 55.55.55.55 source 1.1.1.1

Type escape sequence to abort.
Tracing the route to 55.55.55.55

  1 192.168.12.2 24 msec 20 msec 24 msec
  2 192.168.24.4 36 msec 24 msec 44 msec
  3 192.168.45.5 76 msec *  76 msec


Note:
If you remove IP 192.168.24.4 on r4, configure the default route in r5 via r3...

On r3, add IP address 192.168.23.3:
On r2, you see:
Feb 23 01:10:18.127: %TRACKING-5-STATE: 5 ip sla 10 state Down->Up

r1#traceroute 5.5.5.5 source 1.1.1.1    

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 192.168.12.2 28 msec 16 msec 24 msec
  2 192.168.23.3 24 msec 40 msec 40 msec
  3 192.168.35.5 80 msec *  64 msec

r1#traceroute 55.55.55.55 source 1.1.1.1

Type escape sequence to abort.
Tracing the route to 55.55.55.55

  1 192.168.12.2 20 msec 20 msec 24 msec
  2 192.168.24.4 16 msec 44 msec 44 msec
  3 192.168.45.5 56 msec *  40 msec






-
Libellés : ,

NTP - ACL

NTP - Network Time Protocol Packet types: -  Control messages : don't bother with this. -  NTP request/update messages: used for time sy...

  • Unicast Reverse Path Forwarding (uRPF)
    Unicast Reverse Path Forwarding (uRPF) uRPF est une feature permettant d'éviter l'IP Spoofing. Lorsque urpf est activé sur une in...
  • NTP - ACL
    NTP - Network Time Protocol Packet types: -  Control messages : don't bother with this. -  NTP request/update messages: used for time sy...
  • Basic IPsec Virtual Tunnel Interface - VTI
    Le but est de monter un tunnel IPSec entre deux routeurs en utilisant des VTI. La clé partagée est: 1234. hostname R1 ! crypto isakm...