[c-nsp] ip local policy (PBR routing question)

Scott Granados scott at granados-llc.net
Wed Aug 10 23:26:14 EDT 2011 

Hi,

So here’s the situation.  I have a Cisco IAD device with more than one upstream connection and some tunnels.  In order for voice to work correctly I need to route traffic over a directly connected T1 and the other upstream connects to another location where there are some issues in NAT and configuration that I don’t have any control over.   There are also some GRE tunnels between the IAD and some distant targets.  When a SIP session is set up the media gateway can come from any number of locations (Level 3 I believe) so static routing doesn’t make sense.

PBR sounded like a fit here and local PBR specifically seemed to be the tool to use so I can route the voice from with in the IAD appropriately.  So I created the following.

route-map voice-control permit 10
match ip addr VOIP-Control-ACL
set ip default next-hop 209.x.x.33 (the far end of the attached /30 bound to the T1)

route-map voice-control permit 20
match ip address VOIP-RTSP-acl
set ip default next-hop 209.x.x.33 (again the far end of the T1)

route-map voice-control permit 30
set default interface fast 0/1  ;sets the default to match the default statement in the routing table

Then in global

ip local policy route-map voice-control

Here’s my question.  I have some other static routes which I want to behave normally.  These are for the GRE tunnels to come up and some internal blocks routed over the tunnel.  (rfc1918 space)  Won’t the last line of the route map take priority and disrupt the normal behavior or am I wrong here?  Can I remove that line and the behavior will remain normal for routes not listed in the ACL / match sets or am I reading the document correctly that I used as a template which indicates that with out the default statement at the end traffic will not match and be dropped.  What’s the best way to preserve the normal static routing and just impact the items in the acl entries that are matched while leaving the rest untouched?

My acl simply consists of any any pairs with the specific UDP ports and TCP ports set for establishing a SIP connection.

Any pointers would be appreciated.  Do I simply remove position 30 or do I need to add something else?

Thank you
Scott

More information about the cisco-nsp mailing list