Difference between revisions of "Route-map Cisco IOS"

From Teknologisk videncenter
Jump to: navigation, search
m (After reboot)
m (References)
 
(19 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
__TOC__
 
[[Policy-Based Routing]] or [[PBR]] with Cisco IOS.
 
[[Policy-Based Routing]] or [[PBR]] with Cisco IOS.
 +
= Introduction =
 +
Route-maps are often used with Routing Protocols such as [[BGP]] and use [[Prefix-list Cisco IOS|Prefix-lists]]
 
== Enabling PBR on 3560 Switch platform ==
 
== Enabling PBR on 3560 Switch platform ==
 
On the 3560 Switch platform you get the message '''%PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing''' when you apply a route-map to a Interface.
 
On the 3560 Switch platform you get the message '''%PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing''' when you apply a route-map to a Interface.
 +
*'''Remember:''' Use ''terminal monitor'' if you are not on the ''console'' to receive messages from the console.
  
 
This is because the '''SDM''' (Switch Database Management) template. The SDM manages the layer 2 and layer 3 switching information that is maintained in the Ternary Content Addressable Memory ([[Cisco TCAM|TCAM]]). The [[Cisco TCAM|TCAM]] is used for forwarding lookups. See <ref>*[http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swsdm.html 3560 Configuring SDM Templates]</ref>. There are some unsupported commands on IOS 12.2-25<ref>http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swuncli.html</ref>
 
This is because the '''SDM''' (Switch Database Management) template. The SDM manages the layer 2 and layer 3 switching information that is maintained in the Ternary Content Addressable Memory ([[Cisco TCAM|TCAM]]). The [[Cisco TCAM|TCAM]] is used for forwarding lookups. See <ref>*[http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swsdm.html 3560 Configuring SDM Templates]</ref>. There are some unsupported commands on IOS 12.2-25<ref>http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swuncli.html</ref>
Line 53: Line 57:
 
   number of IPv4/MAC security aces:                1K
 
   number of IPv4/MAC security aces:                1K
 
</source>
 
</source>
== Exampel ==
+
 
Lots of limitations on 3560 platform
+
== Example ==
 +
Lots of limitations on 3560 platform. Default route to 192.168.1.0/24 to 10.0.0.30 gateway all other to 10.0.0.34 gateway
 
<source lang=cli>
 
<source lang=cli>
interface Port-channel6
+
ip access-list extended ISP-CON1
ip policy route-map HETH
+
  remark Internally used nets denied. They should be routed by the FIB
!
 
ip access-list extended RFC1918
 
  remark 172.16/12 network not included...
 
 
  deny  ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
 
  deny  ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
  deny  ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
+
  deny  ip 192.168.1.0 0.0.0.255 192.168.0.0 0.127.255.255
 
  permit ip 192.168.1.0 0.0.0.255 any
 
  permit ip 192.168.1.0 0.0.0.255 any
 +
!
 +
ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
 
!
 
!
 
route-map HETH permit 5
 
route-map HETH permit 5
  match ip address RFC1918
+
  match ip address ISP-CON1
 
  set ip next-hop 10.0.0.30
 
  set ip next-hop 10.0.0.30
 
!
 
!
 
route-map HETH permit 10
 
route-map HETH permit 10
set ip next-hop 10.0.0.42 10.0.0.34
+
  match ip address prefix-list DEFAULT
!
 
 
 
</source>
 
 
 
= Notes DT3 projekt =
 
 
 
*ip route 0.0.0.0 0.0.0.0 dhcp on gateways
 
config Core 2
 
<source lang=cli>
 
Core2(config)#<input>sdm prefer routing</input>
 
Changes to the running SDM preferences have been stored, but cannot take effect
 
until the next reload.
 
Use 'show sdm prefer' to see what SDM preference is currently active.
 
Core2#<input>reload</input>
 
</source>
 
<source lang=cli>
 
ip prefix-list HETH seq 5 permit 0.0.0.0/0
 
access-list 64 permit 192.168.1.0 0.0.0.255
 
route-map HETH permit 5
 
  match ip address prefix-list HETH
 
!
 
route-map HETH permit 10
 
match ip address 64
 
set ip next-hop 10.0.0.30 ! Gateway 1
 
!
 
route-map HETH permit 20
 
 
  set ip next-hop 10.0.0.34
 
  set ip next-hop 10.0.0.34
!
 
interface Port-channel2 ! 10.0.0.41
 
ip policy route-map HETH
 
!
 
interface Port-channel5 ! 10.0.0.45
 
ip policy route-map HETH
 
!
 
interface Port-channel6 ! 10.0.0.49
 
ip policy route-map HETH
 
!
 
interface Port-channel9 ! 10.0.0.37
 
ip policy route-map HETH
 
 
</source>
 
</source>
 +
==Example 2==
  
 
 
config Core 1
 
 
<source lang=cli>
 
<source lang=cli>
Core1(config)#<input>sdm prefer routing</input>
+
interface Vlan28
Changes to the running SDM preferences have been stored, but cannot take effect
+
description TKUVLAN_308
until the next reload.
+
ip address 192.168.146.1 255.255.255.0
Use 'show sdm prefer' to see what SDM preference is currently active.
+
ip helper-address 172.16.4.77
Core1#<input>reload</input>
+
ip helper-address 172.16.4.66
</source>
+
ip pim sparse-mode
<source lang=cli>
+
ip policy route-map EX308
ip prefix-list HETH seq 5 permit 0.0.0.0/0
+
  ip igmp query-interval 125
access-list 64 permit 192.168.1.0 0.0.0.255
 
route-map HETH permit 5
 
  match ip address prefix-list HETH
 
 
!
 
!
route-map HETH permit 10
+
ip access-list extended R308
  match ip address 64
+
  permit ip 192.168.146.0 0.0.0.255 any
set ip next-hop 10.0.0.10 ! Gateway 1
 
 
!
 
!
route-map HETH permit 20
+
route-map EX308 permit 10
set ip next-hop 10.0.0.18
+
  match ip address R308
!
+
  set ip next-hop 172.16.4.16
interface Port-channel3 ! 10.0.0.21
 
ip policy route-map HETH
 
!
 
interface Port-channel4 ! 10.0.0.5
 
  ip policy route-map HETH
 
!
 
interface Port-channel7 ! 10.0.0.1
 
  ip policy route-map HETH
 
!
 
interface Port-channel8 ! 10.0.0.25
 
ip policy route-map HETH
 
</source>
 
 
 
 
 
<source lang=cli>
 
traceroute ip
 
172.16.4.16
 
192.168.3.1
 
y
 
 
 
10
 
 
 
 
 
 
 
 
 
 
 
traceroute ip
 
172.16.4.16
 
192.168.2.1
 
y
 
 
 
10
 
 
 
 
 
 
 
 
 
 
</source>
 
</source>
  
 
= Links =
 
= Links =
 
*[http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml Cisco Policy-Based Routing Using the set ip default next-hop and set ip next-hop Commands Configuration Example]
 
*[http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml Cisco Policy-Based Routing Using the set ip default next-hop and set ip next-hop Commands Configuration Example]
 +
* [http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml Cisco Understanding Policy Routing]
  
 
=References=
 
=References=
 
<references/>
 
<references/>
{{#css:
+
{{Source cli}}
   
+
[[category:Cisco]][[Category:CCNP3]]
    pre {  font-family: Lucida Console; font-weight: bold; font-size: 14px; color: #00FF00; background: black; margin: 10px 50px; width: 800px; line-height: 200%; overflow: auto;}
 
}}
 
[[category:Cisco]][[Category:CCNP]]
 

Latest revision as of 13:33, 10 June 2015

Policy-Based Routing or PBR with Cisco IOS.

Introduction

Route-maps are often used with Routing Protocols such as BGP and use Prefix-lists

Enabling PBR on 3560 Switch platform

On the 3560 Switch platform you get the message %PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing when you apply a route-map to a Interface.

  • Remember: Use terminal monitor if you are not on the console to receive messages from the console.

This is because the SDM (Switch Database Management) template. The SDM manages the layer 2 and layer 3 switching information that is maintained in the Ternary Content Addressable Memory (TCAM). The TCAM is used for forwarding lookups. See [1]. There are some unsupported commands on IOS 12.2-25[2]

CEF uses default Source/Destination load sharing, ensuring same path for the packetstreams.[3]


Looking at the default configuration the switch had the following SDM configuration.

Core2#<input>sh sdm prefer</input>
 The current template is "desktop default" template.
 The selected template optimizes the resources in
 the switch to support this level of features for
 8 routed interfaces and 1024 VLANs.

  number of unicast mac addresses:                  6K
  number of IPv4 IGMP groups + multicast routes:    1K
  number of IPv4 unicast routes:                    8K
    number of directly-connected IPv4 hosts:        6K
    number of indirect IPv4 routes:                 2K
  number of IPv4 policy based routing aces:         <notice>0</notice>
  number of IPv4/MAC qos aces:                      512
  number of IPv4/MAC security aces:                 1K

Changing SDM Bias

Core2(config)#<input>sdm prefer routing</input>
Changes to the running SDM preferences have been stored, but cannot take effect
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.
Core2(config)#<input>^Z</input>
Core2#
1d00h: %SYS-5-CONFIG_I: Configured from console by vty0 (10.0.0.30)
Core2#<input>reload</input>

After reboot

Core2#<input>sh sdm prefer</input>
 The current template is "desktop routing" template.
 The selected template optimizes the resources in
 the switch to support this level of features for
 8 routed interfaces and 1024 VLANs.

  number of unicast mac addresses:                  3K
  number of IPv4 IGMP groups + multicast routes:    1K
  number of IPv4 unicast routes:                    11K
    number of directly-connected IPv4 hosts:        3K
    number of indirect IPv4 routes:                 8K
  number of IPv4 policy based routing aces:         <notice>512</notice>
  number of IPv4/MAC qos aces:                      512
  number of IPv4/MAC security aces:                 1K

Example

Lots of limitations on 3560 platform. Default route to 192.168.1.0/24 to 10.0.0.30 gateway all other to 10.0.0.34 gateway

ip access-list extended ISP-CON1
 remark Internally used nets denied. They should be routed by the FIB
 deny   ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.127.255.255
 permit ip 192.168.1.0 0.0.0.255 any
!
ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
!
route-map HETH permit 5
 match ip address ISP-CON1
 set ip next-hop 10.0.0.30
!
route-map HETH permit 10
 match ip address prefix-list DEFAULT
 set ip next-hop 10.0.0.34

Example 2

interface Vlan28
 description TKUVLAN_308
 ip address 192.168.146.1 255.255.255.0
 ip helper-address 172.16.4.77
 ip helper-address 172.16.4.66
 ip pim sparse-mode
 ip policy route-map EX308
 ip igmp query-interval 125
!
ip access-list extended R308
 permit ip 192.168.146.0 0.0.0.255 any
!
route-map EX308 permit 10
 match ip address R308
 set ip next-hop 172.16.4.16

Links

References