Examining Policy-Based Routing
Problem
You want to see information about how policy-based routing has been applied on a router.
Solution
The show ip policy command shows what routing policies have been applied on a router. Here is the output for a router that has all three of the policies from Recipe 5.7:
Router>show ip policy
Interface Route map
local dlswtraffic
Ethernet0 Websurfers
Serial0 High-priority
You can see more detail on what each of these policies do by looking at the route maps:
Router>show route-map
route-map High-priority, permit, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
ip next-hop 10.15.27.1
Policy routing matches: 0 packets, 0 bytes
route-map Websurfers, permit, sequence 10
Match clauses:
ip address (access-lists): 102
Set clauses:
ip next-hop 10.15.27.1
Policy routing matches: 0 packets, 0 bytes
route-map Websurfers, permit, sequence 20
Match clauses:
Set clauses:
ip default next-hop 10.15.26.1
Policy routing matches: 4 packets, 531 bytes
route-map dlswtraffic, permit, sequence 10
Match clauses:
ip address (access-lists): 103
Set clauses:
ip next-hop 10.15.27.3
Policy routing matches: 5 packets, 500 bytes
Discussion
The first command, show ip policy, tells you about all of the routing policies that have been applied on the router. The second command, show route-map, shows all of the route maps. It is important to note that the first command only shows the routing policies that have actually been applied on the router, whether for local traffic or packets coming from an interface. It shows all applied routing policies, whether the interfaces involved are active or not. The second command shows all configured route-maps, whether or not they've been applied to anything.
The show route-map command also gives useful information about how the route-maps are being used. Notice that the second clause of the Websurfers route-map has matched 4 packets for a total of 531 bytes since it was applied, and the dlswtraffic route-map has similarly matched 5 packets for a total of 500 bytes. You can dig a little further by looking at the access-lists that these route maps use to match packets:
router>show access-list 103
Extended IP access list 103
permit tcp any any eq 2065 (3 matches)
permit tcp any eq 2065 any (2 matches)
This shows not only the details of how the access-list used in the route map works, but also precisely which lines are being used.