Difference between revisions of "Route-map Cisco IOS"
m (→Example) |
m (→References) |
||
(17 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | __TOC__ | ||
[[Policy-Based Routing]] or [[PBR]] with Cisco IOS. | [[Policy-Based Routing]] or [[PBR]] with Cisco IOS. | ||
+ | = Introduction = | ||
+ | Route-maps are often used with Routing Protocols such as [[BGP]] and use [[Prefix-list Cisco IOS|Prefix-lists]] | ||
== Enabling PBR on 3560 Switch platform == | == Enabling PBR on 3560 Switch platform == | ||
On the 3560 Switch platform you get the message '''%PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing''' when you apply a route-map to a Interface. | On the 3560 Switch platform you get the message '''%PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing''' when you apply a route-map to a Interface. | ||
+ | *'''Remember:''' Use ''terminal monitor'' if you are not on the ''console'' to receive messages from the console. | ||
This is because the '''SDM''' (Switch Database Management) template. The SDM manages the layer 2 and layer 3 switching information that is maintained in the Ternary Content Addressable Memory ([[Cisco TCAM|TCAM]]). The [[Cisco TCAM|TCAM]] is used for forwarding lookups. See <ref>*[http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swsdm.html 3560 Configuring SDM Templates]</ref>. There are some unsupported commands on IOS 12.2-25<ref>http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swuncli.html</ref> | This is because the '''SDM''' (Switch Database Management) template. The SDM manages the layer 2 and layer 3 switching information that is maintained in the Ternary Content Addressable Memory ([[Cisco TCAM|TCAM]]). The [[Cisco TCAM|TCAM]] is used for forwarding lookups. See <ref>*[http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swsdm.html 3560 Configuring SDM Templates]</ref>. There are some unsupported commands on IOS 12.2-25<ref>http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/configuration/guide/swuncli.html</ref> | ||
Line 53: | Line 57: | ||
number of IPv4/MAC security aces: 1K | number of IPv4/MAC security aces: 1K | ||
</source> | </source> | ||
+ | |||
== Example == | == Example == | ||
Lots of limitations on 3560 platform. Default route to 192.168.1.0/24 to 10.0.0.30 gateway all other to 10.0.0.34 gateway | Lots of limitations on 3560 platform. Default route to 192.168.1.0/24 to 10.0.0.30 gateway all other to 10.0.0.34 gateway | ||
<source lang=cli> | <source lang=cli> | ||
− | + | ip access-list extended ISP-CON1 | |
− | + | remark Internally used nets denied. They should be routed by the FIB | |
− | |||
− | ip access-list extended | ||
− | remark | ||
deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 | deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255 | ||
− | deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0. | + | deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.127.255.255 |
permit ip 192.168.1.0 0.0.0.255 any | permit ip 192.168.1.0 0.0.0.255 any | ||
+ | ! | ||
+ | ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0 | ||
! | ! | ||
route-map HETH permit 5 | route-map HETH permit 5 | ||
− | match ip address | + | match ip address ISP-CON1 |
set ip next-hop 10.0.0.30 | set ip next-hop 10.0.0.30 | ||
! | ! | ||
route-map HETH permit 10 | route-map HETH permit 10 | ||
+ | match ip address prefix-list DEFAULT | ||
set ip next-hop 10.0.0.34 | set ip next-hop 10.0.0.34 | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</source> | </source> | ||
+ | ==Example 2== | ||
− | |||
− | |||
− | |||
<source lang=cli> | <source lang=cli> | ||
− | + | interface Vlan28 | |
− | + | description TKUVLAN_308 | |
− | + | ip address 192.168.146.1 255.255.255.0 | |
− | + | ip helper-address 172.16.4.77 | |
− | + | ip helper-address 172.16.4.66 | |
− | + | ip pim sparse-mode | |
− | + | ip policy route-map EX308 | |
− | + | ip igmp query-interval 125 | |
− | |||
− | route-map | ||
− | |||
! | ! | ||
− | + | ip access-list extended R308 | |
− | + | permit ip 192.168.146.0 0.0.0.255 any | |
− | |||
! | ! | ||
− | route-map | + | route-map EX308 permit 10 |
− | + | match ip address R308 | |
− | + | set ip next-hop 172.16.4.16 | |
− | |||
− | |||
− | |||
− | |||
− | ip | ||
− | |||
− | |||
− | ip | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | 172.16.4.16 | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</source> | </source> | ||
= Links = | = Links = | ||
*[http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml Cisco Policy-Based Routing Using the set ip default next-hop and set ip next-hop Commands Configuration Example] | *[http://www.cisco.com/en/US/tech/tk364/technologies_configuration_example09186a00801f3b54.shtml Cisco Policy-Based Routing Using the set ip default next-hop and set ip next-hop Commands Configuration Example] | ||
+ | * [http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009481d.shtml Cisco Understanding Policy Routing] | ||
=References= | =References= | ||
<references/> | <references/> | ||
− | {{ | + | {{Source cli}} |
− | + | [[category:Cisco]][[Category:CCNP3]] | |
− | |||
− | }} | ||
− | [[category:Cisco]][[Category: |
Latest revision as of 13:33, 10 June 2015
Contents
Policy-Based Routing or PBR with Cisco IOS.
Introduction
Route-maps are often used with Routing Protocols such as BGP and use Prefix-lists
Enabling PBR on 3560 Switch platform
On the 3560 Switch platform you get the message %PLATFORM_PBR-4-SDM_MISMATCH: PBR requires sdm template routing when you apply a route-map to a Interface.
- Remember: Use terminal monitor if you are not on the console to receive messages from the console.
This is because the SDM (Switch Database Management) template. The SDM manages the layer 2 and layer 3 switching information that is maintained in the Ternary Content Addressable Memory (TCAM). The TCAM is used for forwarding lookups. See [1]. There are some unsupported commands on IOS 12.2-25[2]
CEF uses default Source/Destination load sharing, ensuring same path for the packetstreams.[3]
Looking at the default configuration the switch had the following SDM configuration.
Core2#<input>sh sdm prefer</input>
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 6K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv4 policy based routing aces: <notice>0</notice>
number of IPv4/MAC qos aces: 512
number of IPv4/MAC security aces: 1K
Changing SDM Bias
Core2(config)#<input>sdm prefer routing</input>
Changes to the running SDM preferences have been stored, but cannot take effect
until the next reload.
Use 'show sdm prefer' to see what SDM preference is currently active.
Core2(config)#<input>^Z</input>
Core2#
1d00h: %SYS-5-CONFIG_I: Configured from console by vty0 (10.0.0.30)
Core2#<input>reload</input>
After reboot
Core2#<input>sh sdm prefer</input>
The current template is "desktop routing" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.
number of unicast mac addresses: 3K
number of IPv4 IGMP groups + multicast routes: 1K
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: <notice>512</notice>
number of IPv4/MAC qos aces: 512
number of IPv4/MAC security aces: 1K
Example
Lots of limitations on 3560 platform. Default route to 192.168.1.0/24 to 10.0.0.30 gateway all other to 10.0.0.34 gateway
ip access-list extended ISP-CON1
remark Internally used nets denied. They should be routed by the FIB
deny ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip 192.168.1.0 0.0.0.255 192.168.0.0 0.127.255.255
permit ip 192.168.1.0 0.0.0.255 any
!
ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0
!
route-map HETH permit 5
match ip address ISP-CON1
set ip next-hop 10.0.0.30
!
route-map HETH permit 10
match ip address prefix-list DEFAULT
set ip next-hop 10.0.0.34
Example 2
interface Vlan28
description TKUVLAN_308
ip address 192.168.146.1 255.255.255.0
ip helper-address 172.16.4.77
ip helper-address 172.16.4.66
ip pim sparse-mode
ip policy route-map EX308
ip igmp query-interval 125
!
ip access-list extended R308
permit ip 192.168.146.0 0.0.0.255 any
!
route-map EX308 permit 10
match ip address R308
set ip next-hop 172.16.4.16
Links
- Cisco Policy-Based Routing Using the set ip default next-hop and set ip next-hop Commands Configuration Example
- Cisco Understanding Policy Routing