Cisco 1841 Router & PBR

[christaylor]

We are looking to setup PBR at a branch office. We have a MPLS connection that we wish to use for voice / business critical apps and two Private DSL connections (BT IPStream) one for each department in the brnach office. We wish to route all http(s) and FTP traffic over the DSL connections. In event of failure of the DSL we want to automaticcaly route the traffic over the MPLS, and in the event of the failure of the MPLS route traffic over the DSL connection.

The current setup has Netgear ADSL routers connected to the VLAN of the department and PBR setup to route http(s) and ftp traffic via next hop to the router. This works however in the event of a failure of the ADSL it does not reroute to the MPLS. We are thinking of purchasing ADSL WICS and poutting them in the 1841 router.

Would this work? Any suggestions on improving the setup.

 

[Minue]

Hello
Normally PBR is done with more than one router.In any case another router would be a good idea,to get some redundancy in the network.
Right now I can't figure out a way how this can be done with 1 router,will look this over thouroghly and let you now something.
Regards

 

[wingatesl]

PBR can definitely be done with one router. Example:

access-list 150 permit tcp any any eq http
route-map director permit 10
match ip address 15
set ip next-hop <dsl defaultgateway>

interface fa 0/0 (or whatever your inside int is)
ip policy route-map director

Please sanity check these before you try to cut and paste as I wrote them by hand. The idea of this is access list 150 will match any traffic destined for port 80 anywhere. When traffic hits the inside interface it will be subjected to the ip policy "director". That policy (or route-map) says "if you match access list 150, then go to my DSL default gateway". Where this gets difficult is you need to exclude the ip address range of your other site from access list 150. This means something like this

access-list 150 deny ip any <remote network> <remote mask>
access-list 150 permit tcp any any eq http

if you don't do that, any time you try to hit a web server across the MPLS it will get forwarded to the DSL connection.

I hope I made that clear, if you have questions just ask. BTW, we use PBR every day on a single router to manipulate load balanced internet traffic. 4-5 DSL and Cable connections and a MPLS can all be load balanced between sites for amazing bandwidth and good QOS.
Shawn

 

[christaylor]

We have that setup. Our issue is when the DSL fails the traffic is still sent to the DSL and not automatically routed over the MPLS. Would the router realise that the DSL is down if the ADSL WIC is used, then use a second next-hop on the route-map?

 

[wingatesl]

You just need to set up an SLA to track availability out of the DSL connection. Then whe you do the set ip-next hop <> put verify reachability at the end. then a second set ip next-hop to the normal gateway.

 

[Minue]

Hello Wingatesl
Note I said "normally with more than 1 router".In any case,you can add more than one gateway to solve the above problem.

set ip next-hop <dsl defaultgateway> <dsl defaultgateway>

Regards

 

[christaylor]

Does verify reachability not require CDP? The DSL routers we are using are Netgear so do not support CDP.

 

[wingatesl]

Reachability can be set through pings. Take a look at my blog as I have an entry that closely resembles what you are trying to do.

http://www.inacom-sby.net/shawn