Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

Policy Based Routing for only internet traffic

Jump to solution

Team,

Is it possible to configure for internet traffic or IP range in destination, One of my Customer wants to route for particular VLAN  traffic should use third internet link but customer environment have 30 routing entry for their enterprise network so in this case, I need to configure 30 PBR entry for the internal networks?

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Admin
Admin
The way routing works in general is more specific routes will be preferred over routes that are more general (like the default route).
So if you have routes for those other networks on your gateway, then you should just need a single PBR route with source that VLAN, destination default route.
It's possible that you might also need to create more specific PBR routes for those other networks as well as I'm not entirely clear on how "regular" routes and "PBR" routes interact in this case.

View solution in original post

0 Kudos
6 Replies
Highlighted
Admin
Admin
From R80.30, you can create PBR rules where the default route is the destination.
Meaning, you only need one PBR route for that VLAN to be routed out a different Internet connection.

In earlier releases, you can achieve something similar by creating a series of more specific PBR routes.
0 Kudos
Highlighted
Ivory

@PhoneBoy  Agreed that solution provides for internet traffic through another ISP, when I put similar PBR for particular VLAN all the traffic including internal subnet also forwarded to ISP link, herewith I have attached simplified network overview. 

Scenarios:

1. ISP 1 - Primary INT

2.ISP 2 - Specific user internet access (managers)

3.ISP 3 -  Specific server segment internet access

Near Future expansion

4. ISP-4 SIP link for softPBX server

5.ISP-5 secondary internet going to participate ISP redundancy

 

I believe PBR table would be enormous also very hard to manage, Please suggest best practice to maintain less configuration to fulfill the requirement (please consider MPLS network will be used by users/servers to access some service from corporate network)

0 Kudos
Highlighted
Admin
Admin
What precise release are you running?
If it's less than R80.30, I highly recommend upgrading for reasons beyond just this issue.
If you don't want to upgrade, you'd basically have to create a number of routes that exclude your internal address space.
It's difficult to tell from the very generic network diagram you provided what the scope of this challenge would be.
If the environment changes regularly, then even once you've configured it, maintaining it will be an ongoing challenge.
In which case, you'll save yourself a lot of work by upgrading.
0 Kudos
Highlighted
Ivory

Hi

@PhoneBoy  I have upgraded to R80.30 OS, So what is the best way to configure PBR. The best practice??

 

 

0 Kudos
Highlighted
Admin
Admin
The way routing works in general is more specific routes will be preferred over routes that are more general (like the default route).
So if you have routes for those other networks on your gateway, then you should just need a single PBR route with source that VLAN, destination default route.
It's possible that you might also need to create more specific PBR routes for those other networks as well as I'm not entirely clear on how "regular" routes and "PBR" routes interact in this case.

View solution in original post

0 Kudos
Highlighted
Ivory

I understood, but the default route includes all the addresses(any), it would be much easier if there is an option in PBR for internet routes (Public IP addresses only). Please consider this in future releases.

0 Kudos