diff options
author | Christian Poessinger <christian@poessinger.com> | 2020-11-22 13:29:49 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-11-22 13:29:49 +0100 |
commit | 55b77175b4824384f5540a17f53f4e18fbedbce0 (patch) | |
tree | 56eccc50bab5c52d8b7e57a5fadd8cdf12afd032 /docs/routing/pbr.rst | |
parent | 3db37d469a576bfc6a74441bfa7c64a434de8626 (diff) | |
parent | 47a08261ab21cf6b0eed24ad3bc72680bf4bea46 (diff) | |
download | vyos-documentation-55b77175b4824384f5540a17f53f4e18fbedbce0.tar.gz vyos-documentation-55b77175b4824384f5540a17f53f4e18fbedbce0.zip |
Merge pull request #378 from sever-sever/PBR
pbr: Policy local-route
Diffstat (limited to 'docs/routing/pbr.rst')
-rw-r--r-- | docs/routing/pbr.rst | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/docs/routing/pbr.rst b/docs/routing/pbr.rst index 2a1a56bc..7b0341cb 100644 --- a/docs/routing/pbr.rst +++ b/docs/routing/pbr.rst @@ -104,3 +104,34 @@ from PBR These commands allow the VLAN10 and VLAN20 hosts to communicate with each other using the main routing table. + +Local route +=========== + +The following example allows VyOS to use :abbr:`PBR (Policy-Based Routing)` for traffic, which originated from the router itself. +That solution for multiple ISP's and VyOS router will respond from the same interface that the packet was received. +Also, it used, if we want that one VPN tunnel to be through one provider, and the second through another. + +* ``192.168.1.254`` IP addreess on VyOS eth1 from ISP1 +* ``192.168.2.254`` IP addreess on VyOS eth2 from ISP2 +* ``table 10`` Routing table used for ISP1 +* ``table 11`` Routing table used for ISP2 + + +.. code-block:: none + + set policy local-route rule 101 set table '10' + set policy local-route rule 101 source '192.0.1.254' + set policy local-route rule 102 set table '11' + set policy local-route rule 102 source '192.0.2.254' + set protocols static table 10 route '0.0.0.0/0' next-hop '192.0.1.1' + set protocols static table 11 route '0.0.0.0/0' next-hop '192.0.2.2' + +Add multiple source IP in one rule with same priority + +.. code-block:: none + + set policy local-route rule 101 set table '10' + set policy local-route rule 101 source '192.0.1.254' + set policy local-route rule 101 source '192.0.1.253' + set policy local-route rule 101 source '203.0.113.0/24' |