Home > Policy Based Routing Lab

Policy Based Routing Lab

March 24th, 2014 in Basic Labs Go to comments

In this lab we will learn how to use Policy Based Routing to send traffic via the route we want.

Policy_Based_Routing_Topology.jpg

IOS used: c3640-jk9s-mz.124-16.bin

Tasks
+ Enable OSPF on all interfaces of R2, R3, R4, R5 using only one command on each router.
+ Create Policy Based Routing on R2 so that traffic from R1 to the Loopback interface of R5 (5.5.5.5) must go through R3 (the less optimal path).

You can download the Initial Config Lab here: https://thegoodonesacademy.com/?certs=download/Policy_Based_Routing_Lab_Initial.zip.

Initial Config

In the initial config we will configure IP addresses on all interfaces and run OSPF on R2, R3, R4, R5. For R1 we only need a default route to R2.

R1
interface FastEthernet0/0
  ip address 12.12.12.1 255.255.255.0
  no shut
ip route 0.0.0.0 0.0.0.0 12.12.12.2
R2
interface FastEthernet0/0
  ip address 12.12.12.2 255.255.255.0
  no shut
interface FastEthernet1/0
  ip address 24.24.24.2 255.255.255.0
  no shut
interface Serial2/0
  ip address 23.23.23.2 255.255.255.0
  no shut
router ospf 1
  network 0.0.0.0 255.255.255.255 area 0
R3
interface Serial0/0
  ip address 23.23.23.3 255.255.255.0
  no shut
interface FastEthernet1/0
  ip address 35.35.35.3 255.255.255.0
  no shut
router ospf 1
  network 0.0.0.0 255.255.255.255 area 0
R4
interface FastEthernet0/0
  ip address 24.24.24.4 255.255.255.0
  no shut
interface FastEthernet1/0
  ip address 45.45.45.4 255.255.255.0
  no shut
router ospf 1
  network 0.0.0.0 255.255.255.255 area 0
R5
interface Loopback0
  ip address 5.5.5.5 255.255.255.255
interface FastEthernet0/0
  ip address 35.35.35.5 255.255.255.0
  no shut
interface FastEthernet1/0
  ip address 45.45.45.5 255.255.255.0
  no shut
router ospf 1
  network 0.0.0.0 255.255.255.255 area 0

FastEthernet link has higher bandwidth (lower cost) than Serial link so traffic from R1 to R5 will surely go through R4 to R5:

Policy_Based_Routing_Init_Traceroute.jpg

Now we will create a Policy Based Routing on R2 so that all traffic destined for 5.5.5.5 (R5 Loopback0) goes through R3:

R2
access-list 100 permit ip any host 5.5.5.5
route-map OUT_R5 permit 10
  match ip address 100
  set ip next-hop 23.23.23.3
//Apply this route-map to Fa0/0
interface FastEthernet0/0
  ip policy route-map OUT_R5

The traffic now goes through R3:

Policy_Based_Routing_Traceroute.jpg

We can turn on “debug ip policy” on R2 to have a closer look at the policy match. We should also disable CEF routing so that you can see the detailed match (use “no ip cef” command in global config mode)

Policy_Based_Routing_R2_debug_ip_policy.jpg

Verify the traffic has been matched with the access list:
Policy_Based_Routing_R2_show_route_map.jpg

And that is all of Policy Based Routing on this lab. But what will happen to traffic that is not matched with the access-list? Will they be dropped? We will test this by replacing our access-list with an unmatched traffic like TCP.

R2
no access-list 100
access-list 100 permit tcp any host 5.5.5.5

Notice that traceroute sends UDP traffic so it will not match with the above access-list.

Policy_Based_Routing_Traceroute_not_matched_acl.jpg

We see the unmatched traffic is not dropped, it is routed through the normal destination-based routing process.

Other notice that I want to say is normal Policy Based Routing is only applied for traffic transiting to it. It cannot match traffic originating from R2 itself. For example traceroute from R2 still goes through R4:

Policy_Based_Routing_R2_traceroute.jpg

Luckily we can also match traffic originating from R2 with the Local Policy Based Routing by adding this command in global configuration mode (not interface mode):

R2(config)#ip local policy route-map OUT_R5

Now both traffic from R1 and R2 go through R3

Policy_Based_Routing_R2_traceroute_local_policy_based_routing.jpg

You can download the final configuration of this lab here: https://thegoodonesacademy.com/?certs=download/Policy_Based_Routing_Lab_Final.zip.

Comments
  1. Rocky
    February 9th, 2017

    Hi, can someone advise how to run these labs under GNS3? Which GNS3 version?
    Thanks

  2. shalev
    May 7th, 2017

    it can’t run in packet tracer? if it can, which version?

  3. IntroVoys
    June 3rd, 2017

    Is this lab is also part of the exam?

  4. K
    July 3rd, 2017
  1. No trackbacks yet.