You want different applications to use different network links.
This example is similar to the previous one except that, instead of looking at the source address of the incoming IP packet, it looks at other protocol information such as the TCP or UDP port number. This example redirects HTTP traffic (TCP port 80) from certain source addresses:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#access-list 101 deny tcp 10.15.25.0 0.0.0.255 any eq www Router(config)#access-list 101 permit tcp any any eq www Router(config)#interface Ethernet0 Router(config-if)#ip address 10.15.22.7 255.255.255.0 Router(config-if)#ip policy route-map Websurfers Router(config-if)#ip route-cache policy Router(config-if)#exit Router(config)#route-map Websurfers permit 10 Router(config-route-map)#match ip address 101 Router(config-route-map)#set ip next-hop 10.15.27.1 Router(config-route-map)#exit Router(config)#route-map Websurfers permit 20 Router(config-route-map)#set ip default next-hop 10.15.26.1 Router(config-route-map)#end Router#
This second example looks at the IP TOS field instead:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#access-list 102 permit ip any any tos 4 Router(config)#interface Serial0 Router(config-if)#ip address 10.15.23.6 255.255.255.252 Router(config-if)#ip policy route-map High-priority Router(config-if)#ip route-cache policy Router(config-if)#exit Router(config)#route-map High-priority permit 10 Router(config-route-map)#match ip address 102 Router(config-route-map)#set ip next-hop 10.15.27.1 Router(config-route-map)#end Router#
This third example shows how to use policy-based routing for traffic that originates from the router itself:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ip local policy route-map dlswtraffic Router(config)#access-list 103 permit tcp any any eq 2065 Router(config)#access-list 103 permit tcp any eq 2065 any Router(config)#route-map dlswtraffic permit 10 Router(config-route-map)#match ip address 103 Router(config-route-map)#set ip next-hop 10.15.27.3 Router(config-route-map)#end Router#
These examples show how to route traffic based on protocol information rather than addresses. The first example redirects HTTP packets that originate on any device in the range from 10.15.25.0 to 10.15.25.255. Access-list 101 has two lines:
Router(config)#access-list 101 deny tcp 10.15.25.0 0.0.0.255 any eq www Router(config)#access-list 101 permit tcp any any eq www
The second line selects any TCP packets with any source or destination IP address, and with a destination TCP port number of 80 (HTTP). The first line excludes any packets with the specified range of address and with a destination TCP port number of 80 from the selection.
When the client makes the initial TCP connection, it places a request to the target IP address using a particular port number as the destination. The packet also contains the client's IP address as the source of the packet and specifies a source port number, which is usually a random number greater than 1023.
The first clause in the route-map then redirects the traffic matched by this access list to the specified next-hop router:
Router(config)#route-map Websurfers permit 10 Router(config-route-map)#match ip address 101 Router(config-route-map)#set ip next-hop 10.15.27.1
The second clause in this route-map shows how to handle a default next hop:
Router(config)#route-map Websurfers permit 20 Router(config-route-map)#set ip default next-hop 10.15.26.1
This is invoked as a catchall in case the packet doesn't match the first clause, and there is no appropriate routing table entry that will allow the router to direct it. This clause can be used to prevent the router from dropping packets with unknown destinations, in case you want to handle them differently (such as sending them to a proxy server). Note that this particular default next-hop command specifies the route to be used only if there is no explicit route in the routing table. If there is a route, this clause will not be used.
As we mentioned in Recipe 5.6, using the set ip default next-hop command means that the processing of this clause must be done at the process level. Therefore, this type of command can be very CPU-intensive if a large number of packets are involved. If you require this command, it is a good practice to put it at the end of the policy clause list, as we have done here. This way, most of the packets will be handled by one of the previous clauses where they can be fast switched.
The second example shows how to route traffic based on the IP TOS field. Once again, the match is made based on an extended access list:
Router(config)#access-list 102 permit ip any any tos 4
Please refer to Chapter 11 and Appendix B for more detailed discussions of TOS, IP precedence, and prioritization in general.
The third example shows how to use policy-based routing when traffic originates on the router itself. The router is the source of many types of traffic. This includes several obvious applications such as SNMP network management, Telnet communication with the router's virtual TTY for configuration, and logging. But there are also some less obvious cases where the router is engaged in protocol translation as in Data Link Switching (DLSw) and X.25 over TCP (XOT). This example shows how to use policy-based routing to affect DLSw packets that originate with this router. Chapter 15 discusses DLSw in more detail.
The only important difference between local policy-based routing and the earlier examples (which were tied to particular interfaces) is the global configuration command ip local policy route-map.
Router(config)#ip local policy route-map dlswtraffic
This command applies the dlswtraffic policy to all locally generated traffic.
Recipe 5.5; Chapter 11; Chapter 15; Appendix B
 |
|
|
| Top |