It is very important to know about policy routing configuration. Here we will mainly introduce the detailed steps of policy routing configuration. You can define your own rule policy routing configuration to route data packets, not just by the destination address. Here you can learn how to use policy-based routing configuration to solve this problem. In specific applications, policy-based routes include:
Source IP address-based policy routing configuration
Policy routing configuration based on packet size
Application-based policy routing configuration
Load Balancing through the default route
The routing policy in the first case is described here. For example, in this example, the firewall is used to translate the 10.0.0.0/8 Intranet address into a routable 172.16.255.0/24 subnet address. The following firewall configuration is added for integrity. It is not required for policy routing configuration. The firewall here can be replaced by other similar products, such as the PIX or other similar firewall devices. The configuration of the firewall here is as follows:
- !
- ip nat pool net-10 172.16.255.1 172.16.255.254 prefix-length 24
- ip nat inside source list 1 pool net-10
- !
- interface Ethernet0
- ip address 172.16.20.2 255.255.255.0
- ip nat outside
- !
- interface Ethernet1
- ip address 172.16.39.2 255.255.255.0
- ip nat inside
- !
- router eigrp 1
- redistribute static
- network 172.16.0.0
- default-metric 10000 100 255 1 1500
- !
- ip route 172.16.255.0 255.255.255.0 Null0
- access-list 1 permit 10.0.0.0 0.255.255.255
- !
- end
-
In our example, the Cisco WAN router runs the policy routing configuration to ensure that IP packets from the 10.0.0.0/8 network are sent to the firewall. Two net-10 policy rules are defined in the configuration. The first policy defines that IP packets sent from the 10.0.0.0/8 network are sent to the firewall. We will soon see that there is a problem with the configuration ). The second rule allows all other data packets to be routed normally. The configuration of the Cisco WAN router is as follows:
- !
- interface Ethernet0/0
- ip address 172.16.187.3 255.255.255.0
- no ip directed-broadcast
- !
- interface Ethernet0/1
- ip address 172.16.39.3 255.255.255.0
- no ip directed-broadcast
- !
- interface Ethernet3/0
- ip address 172.16.79.3 255.255.255.0
- no ip directed-broadcast
- ip policy route-map net-10
- !
- router eigrp 1
- network 172.16.0.0
- !
- access-list 110 permit ip 10.0.0.0 0.255.255.255 172.16.36.0 0.0.0.255
- access-list 111 permit ip 10.0.0.0 0.255.255.255 any
- !
- route-map net-10 permit 10
- match ip address 111
- set interface Ethernet0/1
- !
- route-map net-10 permit 20
- !
- end
-
We can test our configuration in this way. Send the ping command to a host on the Internet on the vro10.10.1.1.1 named Cisco-1, which is the 192.1.1.1 host ). To view the situation on the Router named Internet Router, run the debug ip packet 101 detail command in privileged command mode. Here, there is an access-list 101 permit icmp any configuration command on this vro ). The following is the output result: Results of ping from Cisco-1 to 192.1.1.1/internet taken from Internet_Router: Pakcet never makes it to Internet_Router as you can see: the packet does not reach the Internet_Router router.