Re: Route-Maps

From: Carolyn Camarda (ccamarda@xxxxxxxxxxxxx)
Date: Sun Feb 17 2002 - 12:03:37 GMT-3

• Next message: Spoerr, Mathias: "AW: username and privilege"
• Previous message: alain faure: "Re: access-expression"
• Maybe in reply to: Don Banyong: "Route-Maps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Couple of thoughts:

I tested this and it worked without having to define a big ACL.

route-map PolicyTest permit 10
 match ip route-source 10
 set ip next-hop 161.35.25.4
!
route-map PolicyTest permit 20
!
ip local policy route-map PolicyTest
!
acl 10 deny 161.35.24.3 0.0.0.0

I was able to policy route all packets to 25.4 if they were not in the
routing table or if they were sourced from something other than 24.3. So
on the surface it looks like you could get away with it.

Things to consider.

You would need policy map statement on all affected interfaces (real-world).

Need to define local-policy so router can ping (lab-world).

I don't know how it would affect background functions e.g. PIM, other
routing protocols, dlsw, etc.

If I had more time to debug the idea, I might try it. So now I don't think
I would use it.
There are other solutions that are less all-emcompassing. IMO it's to easy
to miss something. The proctor will eat you up if you miss a valid route or
unintentionally break an application.

----- Original Message -----
From: "Lab Candidate" <labccie@yahoo.com>
To: "Carolyn Camarda" <ccamarda@bellsouth.net>; "Don Banyong"
<don_study@hotmail.com>; <ccielab@groupstudy.com>
Sent: Sunday, February 17, 2002 4:39 x
Subject: Re: Route-Maps

> Don't you think we can use this technique to by-pass the "no static route"
rule in the lab?
>
>
> --- Carolyn Camarda <ccamarda@bellsouth.net> wrote:
> > While my routers reboot, I'll take a stab at this....
> >
> > You could do but remember the router will policy-route before it looks
in
> > the routing table. You would have to use an extended access-list with
the
> > destination of all your good 'routes' to deny them and then a permit any
any
> > statement for the rest.
> >
> > Sound right?
> >
> > IMO it wouldn't be pretty.
> >
> > ----- Original Message -----
> > From: "Don Banyong" <don_study@hotmail.com>
> > To: <ccielab@groupstudy.com>
> > Sent: Saturday, February 16, 2002 7:49 PM
> > Subject: Route-Maps
> >
> >
> > > Hi y'all.
> > > Is it possible to use policy routing (using route-maps) to completely
> > > substitute static routes in an environment where there are no dynamic
> > routes?
> > >
> > > I am trying to create a policy route that will send all internally
> > generated
> > > packets with unknown destination to a next-hop address. This should be
the
> > > same like using ip default-network or the ip route 0.0.0.0 0.0.0.0
cmd.
> > >
> > > Any ideas? This is not part of any lab..... just brain storming!
> > > Thanks,
> > > Don

• Next message: Spoerr, Mathias: "AW: username and privilege"
• Previous message: alain faure: "Re: access-expression"
• Maybe in reply to: Don Banyong: "Route-Maps"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 13:46:25 GMT-3