Posted on by admin

Source Based Routing for Multiple Networks

After not having time to write an article for a while, here is the article I promised in the last post.  We will take our basic network from our other article on source based routing, and expand it.  This solution involves a dual-homed network with redundant gateways.  Each carrier has assigned us a /25, however we have received a direct /24 from our local RIR and wish to use that space instead.  Our current setup involves having two seperate networks, one for each carrier.  We want to move to a converged network that uses our new ranges.  Because the carriers are using uRPF, each carrier is only allowing the RIR allocation and their respective /25 to route through them.  We want to migrate all internal routing to the new RIR allocation, however we will need to continue routing the legacy space while we migrate.  This post will only cover the Policy Based Routing aspects of this scenario, and will not cover the BGP configurations.  Assume the following

  1. Carrier A has 192.0.2.0/30 assigned to the wan point-to-point link and has allocated 192.0.2.192/26 for your internal use
  2. Carrier B has 198.51.100.0/30 assigned to the wan point-to-point link and has allocated 198.51.100.192/26 for your internal use
  3. You have been assigned 203.0.113.0/24 by your RIR
  4. You need to minimize the differences between to two router configs
  5. Router A is connected to Carrier A and Router B is connected to Carrier B
first we will create 3 acls for each ip range and one to match traffic destined to internal addresses.
ip access-list extended RIR-Block
 permit ip 203.0.113.0 0.0.0.255 any
ip access-list extended CarrierA-Block
 permit ip 192.0.2.192 0.0.0.63 any
ip access-list extended CarrierB-Block
 permit ip 198.51.100.192 0.0.0.63 any
ip access-list extended Internal-Traffic
 permit ip any 203.0.113.0 0.0.0.255
 permit ip any 192.0.2.192 0.0.0.63
 permit ip any 198.51.100.192 0.0.0.63

Now all we need to do is create a multipart route map.  If we have stanzas to drop the RIR block and internal traffic then that traffic will not be Policy Routed and will use the standard routing table.

route-map Carrier-Map deny 10
 match ip address RIR-block
!
route-map Carrier-Map deny 20
 match ip address INTERNAL-Traffic
!
route-map Carrier-Map permit 30
 match ip address CarrierA-Block
 set ip next-hop 192.0.2.1
!
route-map Carrier-Map permit 30
 match ip address CarrierB-Block
 set ip next-hop 198.51.100.1

Now you only need to apply the Carrier-Map to the ip policy of the internal interfaces.

Leave a Reply

Your email address will not be published.