Policy-Based Routing through IPv6 Configuration Example

Available Languages

Download Options

  • PDF     (34.0 KB)
    View with Adobe Reader on a variety of devices
Updated:December 20, 2010
Document ID:112218

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

Policy-based routing provides a mechanism for expressing and implementing forwarding/routing of data packets based on the policies defined by the network administrators. Policy-based routing is applied to incoming packets and uses route maps to define the policies. Based on the criteria defined in the route maps, packets are forwarded/routed to the appropriate next hop. This document provides a sample configuration for policy-based routing through IPv6.

Prerequisites

Requirements

There are no specific requirements for this document.

Note: Refer to Restrictions for IPv6 PBR for more information on restrictions.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Configure

In this configuration scenario, policy-based routing (PBR) is configured on a WAN router and policy routing is applied on the fa1/0 interface. As per the configuration traffic from the network, 6001:66:66:66::6 is redirected to the Intermediate router. This is achieved through the policy-based routing. This configuration example sets the next-hop to 2001:10:10:10::2. If the traffic source is 6001:66:66:66::6, then traffic is redirected to the Intermediate router where it then reaches the Internet router.

Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.

Network Diagram

This document uses this network setup:

policy-based-routing-ipv6-configex-1.gif

Configurations

This document uses these configurations:

WAN Router Configuration 
WAN_Router#
!
ipv6 unicast-routing
ipv6 cef
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed 100
 ipv6 address 1001:10:10:10::1/64
 ipv6 enable
 ipv6 eigrp 55
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed 100
 ipv6 address 2001:10:10:10::1/64
 ipv6 enable
 ipv6 eigrp 55
!
interface FastEthernet1/0
 no ip address
 speed 100
 full-duplex
 ipv6 address 3001:10:10:10::1/64
 ipv6 enable
 ipv6 eigrp 55
 ipv6 policy route-map ipv6
!
ipv6 router eigrp 55
 router-id 3.3.3.3
 no shutdown
!
route-map ipv6 permit 10
 match ipv6 address ALLOW_INTERNAL_NETWORK
 set ipv6 next-hop 2001:10:10:10::2
!
ipv6 access-list ALLOW_INTERNAL_NETWORK
 permit ipv6 6001:66:66:66::/64 any

!--- Creates IPv6 access-list ALLOW_INTERNAL_NETWORK !--- and permits any ipv6 address in the network 6001:66:66:66::/64

!

Intermediate Router Configuration 
Intermediate_Router#
!
ip cef
!
ipv6 unicast-routing
ipv6 cef
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed 100
 ipv6 address 2001:10:10:10::2/64
 ipv6 enable
 ipv6 eigrp 55
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed 100
 ipv6 address 4001:10:10:10::2/64
 ipv6 enable
 ipv6 eigrp 55
!
ipv6 router eigrp 55
 router-id 2.2.2.2
 no shutdown
!

Internet Router Configuration 
Internet_Router#
!
ip cef
!
ipv6 unicast-routing
ipv6 cef
!
!
interface Loopback10
 no ip address
 ipv6 address 5001:55:55:55::5/64
 ipv6 enable
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed 100
 ipv6 address 1001:10:10:10::2/64
 ipv6 enable
 ipv6 eigrp 55
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed 100
 ipv6 address 4001:10:10:10::1/64
 ipv6 enable
 ipv6 eigrp 55
!

ipv6 route ::/64 Loopback10
ipv6 router eigrp 55
 router-id 1.1.1.1
 no shutdown
 redistribute connected
!

Local Router Configuration 
Local_Router#
!
ip cef
!
ipv6 unicast-routing
ipv6 cef
!
!
interface Loopback10
 no ip address
 ipv6 address 6001:66:66:66::6/64
 ipv6 enable
!
interface FastEthernet0/0
 no ip address
 speed 100
 full-duplex
 ipv6 address 3001:10:10:10::2/64
 ipv6 enable
!
!
ipv6 route ::/64 FastEthernet0/0

!--- Static route is configured in the local router.

!

Verify

Issue the ping command from Local_Router in order to check the policy-based routing:

Local_Router#ping ipv6 5001:55:55:55::5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5001:55:55:55::5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/40/76 ms

Enable this debug command on WAN_Router in order to see if the policy-based routing is functioning properly or not:

Wan_Router#
debug ipv6 policy

IPv6 policy-based routing debugging is on

Wan_Router#
*Mar  1 04:10:43.846: IPv6 PBR (CEF): FastEthernet1/0, 
      matched src 6001:66:66:66::6 dst 5001:55:55:55::5 protocol 17
*Mar  1 04:10:43.846: IPv6 PBR (CEF): FIB policy route via FastEthernet0/1
*Mar  1 04:10:46.826: IPv6 PBR (CEF): FastEthernet1/0, 
      matched src 6001:66:66:66::6 dst 5001:55:55:55::5 protocol 17
*Mar  1 04:10:46.826: IPv6 PBR (CEF): FIB policy route via FastEthernet0/1
*Mar  1 04:10:49.834: IPv6 PBR (CEF): FastEthernet1/0, 
      matched src 6001:66:66:66::6 dst 5001:55:55:55::5 protocol 17
*Mar  1 04:10:49.834: IPv6 PBR (CEF): FIB policy route via FastEthernet0/1
*Mar  1 04:10:52.838: IPv6 PBR (CEF): FastEthernet1/0, 
      matched src 6001:66:66:66::6 dst 5001:55:55:55::5 protocol 17
*Mar  1 04:10:52.838: IPv6 PBR (CEF): FIB policy route via FastEthernet0/1

Troubleshoot

Example of an Incorrect Configuration

IPv4 and IPv6 PBR cannot coexist on an interface as this example output shows: 

route-map BGP-NLGP-MSP-I2RandE-ALLOW permit 10
 description For allowing BGP sessions and setting next hops
 match ipv6 address BGP-NLGP-MSP-I2RandE-IPV6-ALLOW		
!
route-map BGP-NLGP-MSP-I2RandE-ALLOW permit 20
 match ip address BGP-NLGP-MSP-I2RandE-IPV4-ALLOW	
!
route-map BGP-NLGP-MSP-I2RandE-ALLOW permit 30
 set ip next-hop 192.168.48.41
 set ipv6 next-hop 2620:32:0:1000::2
!

Example of a Correct Configuration

In order to apply IPv4 and IPv6, you have to use two separate route-maps for IPv4 and IPv6 and then apply them on an interface. This sample output provides an example:

route-map IPv6 permit 10
 match ipv6 address BGP-NLGP-MSP-I2RandE-IPV6-ALLOW
 set ipv6 next-hop 2620:32:0:1000::2
route-map IPV4 permit 10
 match ip address BGP-NLGP-MSP-I2RandE-IPV4-ALLOW
 set ip next-hop 192.168.48.41
Router#show run interface e0/0
Building configuration...

Current configuration : 163 bytes
!
interface Ethernet0/0
 ip address 10.57.253.109 255.255.255.252
 ip policy route-map IPV4
 ipv6 address 2001:468:1900:70::1/64
 ipv6 policy route-map IPv6
end

Related Information

Revision History

Revision Publish Date Comments
1.0
20-Dec-2010
Initial Release

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products