BTEL - CG-NAT Policy Based Route

Because BTEL has both Public IP BNG Subscribers, and private IP BNG subscribers, the BNG routers utilize policy based routing to route customers with a private IP source address to the CGN servers for translation. Public IP customers do not route to the CGN servers.

The PBR is configured as follows:

This Class map and the associated ACL defines all source IPs that should be routed with PBR

ipv4 access-list CGN-PBR-ACL

1 remark IPs that will be routed to CGN

10 permit ipv4 100.64.0.0/19 any

class-map type traffic match-any CGN-PBR-Class

match access-group ipv4 CGN-PBR-ACL

end-class-map

This Class map and the associated ACL defines an exemption for PBR. In this case we dont want to PBR source IPs from the CGN network is their destination is the firewall. This was necessary to resolve management access issues.

ipv4 access-list CGN-PBR-ACL-Exemption

1 remark IPs that will be routed to CGN

10 permit ipv4 100.64.0.0/19 host 66.199.48.75

class-map type traffic match-any CGN-PBR-Exempt-Class

match access-group ipv4 CGN-PBR-ACL-Exemption

end-class-map

The policy map incorporates both the CGN PBR and the exemption list. The policy-map will change the routing next hop to the CGN Virtual IP.

policy-map type pbr CGN-PBR

class type traffic CGN-PBR-Exempt-Class

transmit

class type traffic CGN-PBR-Class

redirect ipv4 nexthop 66.199.48.123

class type traffic class-default

transmit

end-policy-map

The Dynamic-Template is where the PBR policy is applied to subscribers. For BTEL the PBR policy is only applied to subscribers that could have CGN addresses.

dynamic-template

type ipsubscriber dual_stack_cgnat_IPoE_template_1

service-policy type pbr CGN-PBR

accounting aaa list default type session periodic-interval 720

ipv4 verify unicast source reachable-via rx

ipv4 unnumbered Loopback2

ipv6 enable