Network Path Control

1. CEF Switching

Each of the many processes of a router or switch can be assigned to one of three conceptual planes of operation:

  • Forwarding Plane – Moves packets from input to output
  • Control Plane – Determines how packets should be forwarded
  • Management Plane – Methods of configuring the control plane (CLI, SNMP, etc.)

There are 2 types of switching: circuit switching used in the telephone networks, packet switching means the message is broken into packets that can travel through different routes to the destination. Types of packet switching:

  • Process switching: This switching method is the slowest of the three methods.
    Every packet is examined by the CPU in the control plane and all forwarding decisions are made in software.
  • Fast switching: This switching method is faster than process switching. With fast
    switching, the initial packet of a traffic flow is process switched. This means that it
    is examined by the CPU and the forwarding decision is made in software. However,
    the forwarding decision is also stored in the data plane hardware fast-switching
    cache. When subsequent frames in the flow arrive, the destination is found in the
    hardware fast-switching cache and the frames are then forwarded without interrupting the CPU.
  • Cisco Express Forwarding: This switching method is the fastest switching mode
    and is less CPU-intensive than fast switching and process switching. The control
    plane CPU of a CEF-enabled router creates two hardware-based tables called the
    Forwarding Information Base (FIB) table and an adjacency table using Layer 3 and 2
    tables including the routing and Address Resolution Protocol (ARP) tables. When a
    network has converged, the FIB and adjacency tables contain all the information a
    router would have to consider when forwarding a packet.

//Verifying the FIB Table
R# show ip cef

//Verifying the Adjacency Table
R# show adjacency

//Verifying a CEF-Enabled Interface
R# show ip interface fa0/0

2. IP SLA

PBR is a static path control mechanism. It cannot respond dynamically to changes in network health.
Cisco IP SLA can be coupled with PBR or with static routes to achieve dynamic path control.

The following steps are required to configure Cisco IOS IP SLAs functionality:
Step 1. Define one or more IP SLA operations (or probes).
Step 2. Define one or more tracking objects to track the state of IOS IP SLA operations.
Step 3. Define the action associated with the tracking object.

IP SLA example

R(config)# ip sla 11
R(config-ip-sla)# icmp-echo 10.1.3.3 source-interface ethernet 0/0
//send the ICMP echoes to destination 10.1.1.1 using the Ethernet 0/0 interface as a source
R(config-ip-sla-echo)# frequency 10
R(config-ip-sla-echo)# timeout 30

R(config)# ip sla schedule 11 start-time now life forever

R(config)# track 1 ip sla 11 [reachability|state]
R(config-track)# delay down 10 up 1
//Generate a notification after the link is down for 10 seconds, and notify 1 second after it comes back up
R(config)# ip route 0.0.0.0 0.0.0.0 10.1.1.1 track 1

3. PBR

PBR is applied to incoming or locally generated packets sent by the router to bypass and
overrule the routing table. It enables an administrator to configure different routing rules
beyond the original IP routing table. For example, it can be used to route packets that
are based on the source IP address instead of the destination IP address.

Capture

PBR example

R1(config)# access-list 1 permit 10.0.0.0 0.0.0.255
R(config)# access-list 2 permit 20.0.0.0 0.0.0.255

R1(config)# route-map PBR permit 10
R1(config-route-map)# match ip address 1
R1(config-route-map)# set ip next-hop 192.168.1.1

R1(config)# route-map PBR permit 20
R1(config-route-map)# match ip address 2
R1(config-route-map)# set ip next-hop 192.168.2.1

R1(config)# interface f1/0
R1(config-if)# ip policy route-map PBR

To alter the traffic generated by the local router, the route map must be applied
using the ip local policy route-map global configuration command.

Reliable PBR example (with IP SLA)

R1(config)# access-list 1 permit 10.0.0.0 0.0.0.255
R1(config)# access-list 2 permit 20.0.0.0 0.0.0.255

R1(config)# ip sla 1
R1(config-ip-sla)# icmp-echo 192.168.12.2
R1(config-ip-sla-echo)# frequency 10
R1(config)# ip sla schedule 1 start-time now life forever
R1(config)# track 1 ip sla 1

R1(config)# ip sla 2
R1(config-ip-sla)# icmp-echo 192.168.13.2
R1(config-ip-sla-echo)# frequency 10
R1(config)# ip sla schedule 2 start-time now life forever
R1(config)# track 2 ip sla 2

R1(config)# route-map PBR permit 10 
R1(config-route-map)# match ip address 1 
R1(config-route-map)# set ip next-hop verify-availability 192.168.12.2 track 1
R1(config-route-map)# set ip default next-hop 192.168.13.2

R1(config)# route-map PBR permit 20
R1(config-route-map)# match ip address 2
R1(config-route-map)# set ip next-hop verify-availability 192.168.13.2 track 2
R1(config-route-map)# set ip default next-hop 192.168.12.2

R1(config)# interface f1/0 
R1(config-if)# ip policy route-map PBR

Reliable NAT example

R1(config)# route-map RM_NAT_10 permit 10
R1(config-route-map)# match ip address 10
R1(config-route-map)# match interface f0/0
//this will match IP addresses from ACL 10 that will go out interface f0/0

R1(config)# route-map RM_NAT_10 permit 20
R1(config-route-map)# match ip address 20
R1(config-route-map)# match interface f0/0

R1(config)# route-map RM_NAT_20 permit 10
R1(config-route-map)# match ip address 10
R1(config-route-map)# match interface f0/1

R1(config)# route-map RM_NAT_20 permit 20
R1(config-route-map)# match ip address 20
R1(config-route-map)# match interface f0/1

R1(config)# ip nat inside source route-map RM_NAT_10 interface f0/0 overload
R1(config)# ip nat inside source route-map RM_NAT_20 interface f0/1 overload
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s