[c-nsp] Question on the Use of Policy Based Routing

[Kevin Graham]

>From the limited details, it sounds like what you really want is vrf-lite. Assuming the application traffic can be split into its own subnetwork, stick them in a VRF whose "normal" routing table matches what you're forcing via PBR.



On Mar 6, 2012, at 6:55 PM, Zach Williams <zwilliams360 at gmail.com> wrote:

> Hello.  I have a question regarding the use of policy based routing.  I've
> always thought of it as a way to selectively change routing in exceptional
> circumstances.
> 
> I've come across an implementation where it is being used to explicitly set
> a next-hop ip for 99% of all traffic headed from an application behind a
> pair of of stacked 3750s.  The default route on these layer 3 switches is
> set to a 192.168.x.x IP which is part of a management network.  The PBR is
> in place to send the outbound application traffic towards a firewall and
> out to the internet.
> 
> Part of the reasoning for doing this was because the application will
> require only a few separate class C's and the management network has many
> more routes.  A route-map matching an access-list or prefix-list for the
> basis of PBR on the outbound application traffic would contain fewer lines
> of configuration and thus it was deemed more elegant to set up PBR for the
> application traffic rather than the management traffic.
> 
> I'm having a tough time finding best-practices information on the use of
> PBR and was wondering what cisco-nsp thought of this setup.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/