Policy Based Routing

Policy Based Routing (PBR)

Policy-based routing, generally referred to as “policy routing”, is the use of route maps to determine the path a packet will take to get to its final destination.

* I remember the PBR lab in the CCNP Route exam. The requirement was to redirect a users machine via a slow WAN link. This involving setting their next hop IP to that of the 56k WAN link, as apposed to the 2Mbps Serial WAN link. Nice!

* For QoS purposes, traffic can be “marked” by policy routing in order to give different levels of service to various classes of traffic.

PBR Rules

  • Policy routing doesn’t affect the destination of the packet, but does affect the path that is taken to get there.
  • Policy routing can forward traffic based on the source IP address or the destination IP address (with the use of an extended ACL).
  • Policy routing can be configured globally or on a per-interface level.
  • If a packet doesn’t match any of the specific criteria in a route map, or does match a line that has an explicit deny statement, the data is sent to the routing process and will be processed normally.

Applying policy routing on an interface affects only packets arriving on that interface – in this case, Serial0.

R2(config)#int s0
R2(config-if)#ip policy route-map CHANGE_NEXT_HOP

Applying the policy globally applies the route map to packets generated on the router, not on all packets received on all interfaces.

R2(config)#ip local policy route-map CHANGE_NEXT_HOP

Verify either or both with show ip policy.

Chris Bryant Tip: If you don’t want to route packets that don’t match a route-map clause, the set command must be used to send those packets to the null0 interface. Naturally, this set command should be the final set command in the route map.

Route Map Configuration

1. Create an ACL to identify the traffic. (Standard or Extended where relevant)

R2(config)#access-list 32 permit host

2. Create Route Map with intuitive name.

R2(config)#route-map EXAMPLE permit 10
R2(config-route-map)#match ip address 29
R2(config-route-map)#set ip next-hop
R2(config-route-map)#route-map EXAMPLE deny 20
R2(config-route-map)#match ip address 30

3. Apply route map under interface or globally (Where applicable!)

R2(config)#int s0
R2(config-if)#ip policy route-map CHANGE_NEXT_HOP