Policy Based Routing (PBR) — With Quality of Service (QoS)
In this article, we will implement policy based routing with QoS (Quality of Service). We will also implement ISP Failover using IP SLA. We will also do Load Balancing between HTTP, SMTP and VC Traffic (ISP1 for Web or http and VC traffic, ISP 2 for SMTP). We will also prioritize VC traffic, when it gets turned on, over http traffic.
Objectives:
- ISP Failover using IP SLA.
- Routing should be policy based.
- Load Balancing between HTTP, SMTP and VC Traffic.
- VC Packets should be prioritized (QOS) when VC turns on; where Bandwidth is reserved to 1Mbps from ISP end.
Topology:
Note: In this topology, I am using routers for end users (Internet user, SMTP user and VC) instead of PCs. I have just assigned an IP address to it and add route towards gateway.
Note: All devices are reachable to 8.8.8.8 i.e. internet in our case. I have used static routing in this case.
PBR Configurations:
IP SLA:
Now, let’s shutdown the primary link (i.e. ISP1) and check whether IP sla track it or not. In the given screenshot below, after shutting down the interface of ISP1, we can see the number of failures are increasing for ISP1 (i.e. SLA 10).
Load Balancing for different Kind of Traffic:
- We are load balancing traffic between two ISPs.
- We have set ISP1 as primary link for web (HTTP) and VC Packets, where VC Packets will be prioritized using QoS.
- ISP2 will act as primary link for SMTP traffic.
PBR Configurations:
1. ACL:
#Classification of SMTP
ip access-list extended SMTP
permit tcp 192.168.2.0 0.0.0.255 host 8.8.8.8 eq smtp
permit icmp 192.168.2.0 0.0.0.255 host 8.8.8.8
#Classification of VC
ip access-list extended VC
permit ip 192.168.3.0 0.0.0.255 host 8.8.8.8
#Classification of HTTP
ip access-list extended HTTP
permit tcp 192.168.1.0 0.0.0.255 host 8.8.8.8 eq www
permit icmp 192.168.1.0 0.0.0.255 host 8.8.8.8
2. Route-MAP:
route-map MAP permit 10
match ip address HTTP
set ip next-hop verify-availability 192.168.5.2 10 track 10
set ip next-hop 192.168.6.2
!
route-map MAP permit 20
match ip address VC
set ip next-hop verify-availability 192.168.5.2 10 track 10
set ip next-hop 192.168.6.2
!
route-map MAP permit 30
match ip address SMTP
set ip next-hop verify-availability 192.168.6.2 20 track 20
set ip next-hop 192.168.5.2
3. Applying Route-MAP:
interface Ethernet0/0
ip address 192.168.4.2 255.255.255.0
ip policy route-map MAP
Prioritizing / QoS:
Now we are going to apply QoS for prioritizing VC packets. There are three steps of QoS.
- Classification
- Marking
- Policing/shaping
Classification:
Classification is done using ACL, Class-Map and Policy-Maps.
Marking:
In marking, we mark packets with DSCP value in child policy. Most Prioritize DSCP value is 46 (EF), which is marked for VC packets. Further HTTP and SMTP packets are marked with value 38 (AF43), which has low priority and high dropping probability.
Policing:
We have done policing using shaping. We have shaped the bandwidth to 1 Mbps. Further we have set threshold values for both marked packets according to our requirement.
PBR Configurations:
Verifications:
IP SLA (Before Primary link goes down):
After Primary ISP goes down:
ISP1(config)#int e0/1
ISP1(config-if)#shut
As it can be seen that, Policy based routing is working fine i.e. when primary link goes down, traffic is shifted to secondary link.
Load balancing between different ISPs:
Stats after traffic being hit:
To check whether policy routing is working or not, we are generating traffic for testing purpose. For this purpose, we are doing telnet.
QoS Verification:
When VC is powered off:
When VC is powered on:
It can be seen that http traffic is now getting dropped/degraded because of the policy implemented i.e. prioritize VC traffic. As soon as VC turns on, it gets priority.
Note: Thanks for reading this. Like and share. Give your feedback in the comment section.