Policy-Base Routing - route base on source address - GNS3
*this is not a complete routing design, just to prove the Policy-Base Routing concept
all traffic source from 10.1.1.1 and 10.2.2.2 will be route to R3 and R4 respectively using policy-base routing
R1 will have a default route to R2, policy-base routing will be applied on R2
note that policy-base will take over from static or dynamic route if there's a match
R1
interface Loopback1
ip address 10.1.1.1 255.255.255.0
!
interface Loopback2
ip address 10.2.2.2 255.255.255.0
!
interface Serial0/0
ip address 172.16.1.1 255.255.255.252
clock rate 56000
!
ip route 0.0.0.0 0.0.0.0 172.16.1.2
R2
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip address 172.16.1.2 255.255.255.252
ip route-cache policy
ip policy route-map map1
clock rate 2000000
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 2 permit 10.2.2.0 0.0.0.255
route-map map1 permit 10
match ip address 1
set ip next-hop 192.168.1.1 192.168.1.2
!
route-map map1 permit 20
match ip address 2
set ip next-hop 192.168.2.2
R3
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
!
R4
!
interface FastEthernet0/0
ip address 192.168.2.2 255.255.255.0
duplex auto
speed auto
!
from R1, initiate a ping from with source destination of 10.1.1.1 or 10.2.2.2 .. but, before that a reading from route-map counter first
R2#sh route-map
route-map map1, permit, sequence 10
Match clauses:
ip address (access-lists): 1
Set clauses:
ip next-hop 192.168.1.1 192.168.1.2
Policy routing matches: 0 packets, 0 bytes
route-map map1, permit, sequence 20
Match clauses:
ip address (access-lists): 2
Set clauses:
ip next-hop 192.168.2.2
Policy routing matches: 0 packets, 0 bytes
ping from R1 with source 10.1.1.1 to any IP address beyond R2..
R1#ping
Protocol [ip]:
Target IP address: 3.3.3.3
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
.....
Success rate is 0 percent (0/5)
*just fill up entry in yellow, the rest just press enter
notice that 5 packet was sent.. base on our defined rule, all packet source from 10.1.1.0/24 will be forwarded to 192.168.1.2, now check again the counter
R2#sh route-map
route-map map1, permit, sequence 10
Match clauses:
ip address (access-lists): 1
Set clauses:
ip next-hop 192.168.1.1 192.168.1.2
Policy routing matches: 5 packets, 520 bytes
route-map map1, permit, sequence 20
Match clauses:
ip address (access-lists): 2
Set clauses:
ip next-hop 192.168.2.2
Policy routing matches: 0 packets, 0 bytes
you should see 5 packets matches on access-list 1.. :) do the same for packet with source address of 10.2.2.2
another way to prove this is by using Wireshark, you can enable on any interface between R2 and R3/R4
this example will capture R2 F0/1 which is facing R4
start capturing and do the ping to 3.3.3.3(or pick any suitable IP) with source address 10.2.2.2 from R1
you can see that there's packet from 10.2.2.2 with ICMP(ping) protocol go thru this link
No comments:
Post a Comment