Policy Based Routing
- Tony Mattke
- Routing
- April 5, 2010
- 3 min read
Policy based routing is the process of altering a packets path based on criteria other than the destination address, commonly referred to as ‘policy routing’. PBR (Policy Based Routing, not Pabst Blue Ribbon… ) can be used to affect the flow of traffic based on source address, the size of the packet, the protocol of the payload, or any other information available in a packet header or payload. In effect, it is a method to allow a predefined policy override routing protocol decisions. While some of this may seem similar, it should not be confused with source routing.
Within the Cisco world, policy routing is implemented using route maps, these route maps can apply different policies based on the match statements used. Generally policy routing is used to change the next-hop of the packet, but ToS markings or IP precedence may be applied as well. Building a route map for PBR is the same two step process used with any route map.
Example
!
access-list 101 permit ip 198.19.200.0 0.0.1.255 any
!
route-map pbr_01 permit 10
match ip address 101
set ip next-hop 198.19.100.2
!
interface FastEthernet0/0
ip policy route-map pbr_01
!Our route-map pbr_01 is set to match traffic from access list 101, this ACL permits traffic sourced from 198.19.200.0/23 to be matched. Once our traffic has been matched, the next-hop address is changed to 198.19.100.2. As for which interfaces this policy is applied on, only traffic entering the router on FastEthernet 0/0 will be checked, since that is the only interface we have applied the ip policy to. Each interface can only have one route-map policy applied, but each route-map can have several entries with unique sequence numbers.
PBR Rules
- Policy routing does not affect the IP destination address.
- Applying policy routing on an interface only affects packets arriving on that interface.
- Policy routing can be configured at the interface level, or globally.
- Policy routing can forward traffic based on source AND/OR destination address.
- Packets that don’t match any of the statements in a route map, or match a line that has an explicit deny, the data is sent to the routing process and will be processed normally. To avoid this, use the set command to send packets to the null0 interface.
!
route-map pbr_01 permit 10
match ip address 101
set ip next-hop 198.19.100.2
!
route-map deny pbr_01 deny 20
set interface null0
!Conclusion
While policy routing is nothing new for most experienced network engineers, it is still a tool that is essential to understand as you will find it used creatively in many networks around the globe. If you still have any questions about PBR, please see the Cisco Documentation.
