This section provides examples of scripts to use for configuring policy-based routing with Cisco routers and with Juniper routers. Juniper’s nomenclature for PBR is FBF (Filter-based Forwarding):Here, we’ll configure PBR on the Cisco router and add an SLA (Service Level Agreement) to verify the appliance’s reachability.
n An access list is used to match traffic from the local LAN that should be redirected to the Silver Peak appliance.
n The route-map is used to configure the next hop IP address (the Silver Peak), and points at the ip sla to verify reachability.
n The ip policy is applied to the local LAN interface to intercept traffic that needs to be redirected to the appliance.Note If the Silver Peak appliances are using auto-optimization but not enabling subnet sharing, then the route-map on the Cisco router also needs to be applied to the WAN interface to intercept incoming traffic from the WAN that’s not in a tunnel between the Silver Peaks. Also, an additional access-list entry would be required, with the source and destination subnets reversed to match the traffic coming in on the WAN interface. This does not apply to the example as implemented in this chapter.If the Silver Peak appliance is not directly connected to the router/switch that is doing the redirection, use an IP SLA statement to ensure that traffic is redirected only when the Silver Peak appliance is Up.Assuming the default route is:set routing-instances redirect_sp routing-options static route 0.0.0.0/0 next-hop <IP address of Silver Peak WAN0> metric 5set routing-instances redirect_sp routing-options static route 0.0.0.0/0 next-hop 192.168.0.1 metric 20This routing instance creates a new default route directing traffic to the Silver Peak appliance. Note the route with the higher metric. If the first route is unreachable, traffic will be directed via the second route.set routing-options rib-groups sp-forwarding import-rib [ inet.0 redirect_sp.inet.0 ]This simply creates a filter that says traffic from Site A should use the created routing instance. That is, traffic from 172.60.10.0/24 should use 172.70.10.101 as its default route.
4 Apply the filter to an interface. Note that similar to PBR, the filter should not be applied to the interface directly connected to the Silver Peak appliance.
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |