[c-nsp] Policy Based Routing on PE

Ozgur Guler gulerozgur at yahoo.co.uk
Thu Nov 13 10:03:51 EST 2008 

Well, that's not the most elegant one but here you go...



If you configure vrf-aware NAT to policy NAT your CE addresses so that
they are translated into a new address space for that specific source
and on the PE route this new translation range out of the link you like
it should work.



(Obviously your remote site will need to use this new translation range to communicate to your CE network.)


--- On Thu, 13/11/08, Rodney Dunn <rodunn at cisco.com> wrote:
From: Rodney Dunn <rodunn at cisco.com>
Subject: Re: [c-nsp] Policy Based Routing on PE
To: "Mateusz B?aszczyk" <blahu77 at gmail.com>
Cc: "cisco-nsp" <cisco-nsp at puck.nether.net>
Date: Thursday, 13 November, 2008, 2:21 PM

hmmm.....interesting question. VRF aware PBR wouldn't help.

You had better try it in the lab....but I wonder along Mat's suggestion
if you could build a gre tunnel over interface 1 and apply a PBR
policy on the tunnel. Thinking that after the mpls disposition the
ingress features (pbr) on the tunnel might kick in.

Tunnels are different from a feature processing perspective and
mpls2ip makes it even more complex.

Can he try that just to see if it works?

Rodney

On Thu, Nov 13, 2008 at 01:34:54PM +0000, Mateusz B?aszczyk wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Brandon,
> 
> 2008/11/12 Brandon Price
> 
> >
> > I have a PE with 2 interfaces going to the same CE in vrf CUSTA.
> > I would like packets with a certain SOURCE ip to take interface 2 and
> > all other packets to follow normal routing in the vrf (interface 1).
> 
> How about GRE tunnel between SOURCE and CE in question, with PBR on
> SOURCE side if needed to direct traffic towards the tunnel?
> 
> > Where on the PE would I set up the route-map ? Any configuration
> > examples?
> 
> Unless there is some special feature I don't know about, it seems
> there is no way.
> 
> Best Regards,
> 
> - -mat
> 
> - --
> pgp-key 0x1C655CAB
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iD8DBQFJHCz9+BuaDRxlXKsRAt83AJ9YakWigzpon/8VDJ4s3AL0XvPfHwCeLWWV
> 3W4XMbcKq05a0vlCfpc+hdE=
> =fLim
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list