[c-nsp] Policy Based Routing on PE

Brandon Price brandon at sterling.net
Thu Nov 13 14:26:52 EST 2008 

The tunnel option could work the problem is the SOURCE is behind a
Juniper netscreen and I don't think they support gre tunnel
termination..
Also I don't want this active all the time, I want it to switch
dynamically.

Maybe there is something else that would accomplish what I am trying to
do.

I tried to make a little ASCII diagram, hopefully it comes through ok:


              SOURCE Voip LAN 206.72.96.0
               |
               FW (juniper)
               |
    PE2-------PE1
    | |        |
dsl1| |dsl2    |
    | |        |T1
    | |        |
    | +------- |
    +--------CE1 (cisco)
              |    
              |
          CUST LAN 10.10.10.0


Basically My customers primary link to me is a T1 to PE1 with QOS
enabled for VOICE traffic to my voip servers and switches at
206.72.96.0. these are accessed via FW (juniper netscreen). In normal
operation the route for the CUST LAN through the t1 has the most
favourable weight, and traffic never hits PE2.


Now if the T1 goes down, dsl1 to PE2 will now have the most favorable
route to the lan, HOWEVER at this point I want traffic with a SOURCE of
the voip netblock to take dsl2 to get to the lan. This is where I am
stuck. How to use PBR on the ingress to PE2....  


Brandon



-----Original Message-----
From: Rodney Dunn [mailto:rodunn at cisco.com] 
Sent: Thursday, November 13, 2008 6:22 AM
To: Mateusz B?aszczyk
Cc: Brandon Price; cisco-nsp
Subject: Re: [c-nsp] Policy Based Routing on PE

hmmm.....interesting question. VRF aware PBR wouldn't help.

You had better try it in the lab....but I wonder along Mat's suggestion
if you could build a gre tunnel over interface 1 and apply a PBR
policy on the tunnel. Thinking that after the mpls disposition the
ingress features (pbr) on the tunnel might kick in.

Tunnels are different from a feature processing perspective and
mpls2ip makes it even more complex.

Can he try that just to see if it works?

Rodney

On Thu, Nov 13, 2008 at 01:34:54PM +0000, Mateusz B?aszczyk wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Brandon,
> 
> 2008/11/12 Brandon Price
> 
> >
> > I have a PE with 2 interfaces going to the same CE in vrf CUSTA.
> > I would like packets with a certain SOURCE ip to take interface 2
and
> > all other packets to follow normal routing in the vrf (interface 1).
> 
> How about GRE tunnel between SOURCE and CE in question, with PBR on
> SOURCE side if needed to direct traffic towards the tunnel?
> 
> > Where on the PE would I set up the route-map ? Any configuration
> > examples?
> 
> Unless there is some special feature I don't know about, it seems
> there is no way.
> 
> Best Regards,
> 
> - -mat
> 
> - --
> pgp-key 0x1C655CAB
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iD8DBQFJHCz9+BuaDRxlXKsRAt83AJ9YakWigzpon/8VDJ4s3AL0XvPfHwCeLWWV
> 3W4XMbcKq05a0vlCfpc+hdE=
> =fLim
> -----END PGP SIGNATURE-----
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list