[c-nsp] PBR two default gateway

Mack McBride mack.mcbride at viawest.com
Fri Jun 24 14:32:03 EDT 2016


There is one use case where PBR is useful and not much else will work.
This is specific to monitoring.  Where you want a specific IP to only use a specific carrier for egress.
This usually involve getting a block from that carrier and then using PBR to ensure that ip segment
gets routed out the specified carrier.
This is a very narrow use case and generally other routing methods are preferred for practically
anything else.  This is the only use case where I would recommend PBR.

Another very critical thing to note is that PBR will cause a ACL explosions under some circumstance.
This can cause the router to crash.

Mack McBride | Senior Network Architect | ViaWest, Inc.
O: 720.891.2502 | C: 303.720.2711 | mack.mcbride at viawest.com | www.viawest.com


-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nick Cutting
Sent: Thursday, June 23, 2016 3:06 PM
To: Paul; Satish Patel; Cisco Network Service Providers
Subject: Re: [c-nsp] PBR two default gateway

The old saying goes, if you have to implement PBR, either you need more money (BGP), or your design is wrong (use VRFs)

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Paul
Sent: Thursday, June 23, 2016 4:31 PM
To: Satish Patel; Cisco Network Service Providers
Subject: Re: [c-nsp] PBR two default gateway

PBR is a huge PITA, I prefer using VRF and leaking between the VRF's to adjust what i want. it's much safer than PBR imo :)


On 6/23/2016 1:46 PM, Satish Patel wrote:
> I have router with two subnet A & B connected on related physical
> interface. and we have two ISP link so i want to send subnet A to
> ISP-A and subnet B to ISP-B.
>
> is it enough if i do this or do i need to use match interface F1/1?
> Because i want to do whatever coming from my source interface go to
> ISP-A and rest will use ip route 0.0.0.0 0.0.0.0 ISP-B
>
> !
> interface FastEthernet1/1
>   description subnet-A
>   ip address x.x.x.x 255.255.255.0
>   ip policy route-map FOO
> !
> !
> route-map FOO permit 10
>   set ip next-hop x.x.x.x
> !
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
This message contains information that may be confidential, privileged or otherwise protected by law from disclosure. It is intended for the exclusive use of the addressee(s). Unless you are the addressee or authorized agent of the addressee, you may not review, copy, distribute or disclose to anyone the message or any information contained within. If you have received this message in error, please contact the sender by electronic reply and immediately delete all copies of the message.


More information about the cisco-nsp mailing list