Policy Based Routing

Policy Based Routing

Policy based routing is the process of altering a packets path based on criteria other than the destination address, commonly referred to as ‘policy routing’. PBR (Policy Based Routing, not Pabst Blue Ribbon… ) can be used to affect the flow of traffic based on source address, the size of the packet, the protocol of the payload, or any other information available in a packet header or payload. In effect, it is a method to allow a predefined policy override routing protocol decisions. While some of this may seem similar, it should not be confused with source routing.

Within the Cisco world, policy routing is implemented using route maps, these route maps can apply different policies based on the match statements used. Generally policy routing is used to change the next-hop of the packet, but ToS markings or IP precedence may be applied as well. Building a route map for PBR is the same two step process used with any route map.

Example

!
access-list 101 permit ip 198.19.200.0 0.0.1.255 any
!
route-map pbr_01 permit 10
 match ip address 101
 set ip next-hop 198.19.100.2
!
interface FastEthernet0/0
 ip policy route-map pbr_01
!

Our route-map pbr_01 is set to match traffic from access list 101, this ACL permits traffic sourced from 198.19.200.0/23 to be matched. Once our traffic has been matched, the next-hop address is changed to 198.19.100.2. As for which interfaces this policy is applied on, only traffic entering the router on FastEthernet 0/0 will be checked, since that is the only interface we have applied the ip policy to. Each interface can only have one route-map policy applied, but each route-map can have several entries with unique sequence numbers.

PBR Rules

  • Policy routing does not affect the IP destination address.
  • Applying policy routing on an interface only affects packets arriving on that interface.
  • Policy routing can be configured at the interface level, or globally.
  • Policy routing can forward traffic based on source AND/OR destination address.
  • Packets that don’t match any of the statements in a route map, or match a line that has an explicit deny, the data is sent to the routing process and will be processed normally. To avoid this, use the set command to send packets to the null0 interface.
    !

route-map pbr_01 permit 10 match ip address 101 set ip next-hop 198.19.100.2 ! route-map deny pbr_01 deny 20 set interface null0 !

Conclusion

While policy routing is nothing new for most experienced network engineers, it is still a tool that is essential to understand as you will find it used creatively in many networks around the globe. If you still have any questions about PBR, please see the Cisco Documentation .

Tags :
comments powered by Disqus

Related Posts

Cisco Live 2015 – Customer Appreciation Event Featuring Aerosmith!!

Cisco Live 2015 – Customer Appreciation Event Featuring Aerosmith!!

Yes, you heard me right. Aerosmith!

One of the most looked forward to social events for Cisco Live has always been the Customer Appreciation Events (CAE). Cisco rarely let’s us …

Read More
Using Deny ACEs in your PBR ACL on your Nexus 7k

Using Deny ACEs in your PBR ACL on your Nexus 7k

Quite a while ago I had a need for some network duct tape… Policy Based Routing while useful should only IMHO be used as a temporary fix. But as you know, temporary things soon …

Read More
Running JunOS under VMWare (updated – again!)

Running JunOS under VMWare (updated – again!)

Interested in trying out JunOS? Can’t afford to build a real Juniper lab? Sounds like you need some Olives. No, we’re not talking about the green fruit commonly seen in a martini …

Read More