Policy Based Routing (PBR) Fundamentals

The problem that many network engineers find with typical routing systems and protocols is that they are based on routing the traffic based on the destination of the traffic. Now under normal situations this is fine, but when the traffic on your network requires a more hands on solution policy based routing takes over.

Destination based routing systems make it quite hard to change the routing behavior of specific traffic. With PBR, a network engineer has the ability to dictate the routing behavior based on a number of different criteria other than destination network, including source or destination network, source or destination address, source or destination port, protocol, packet size, and packet classification among others.

PBR also has the ability to implement QoS by classifying and marking traffic at the network edge and then using PBR throughout the network to route marked traffic along a specific path.

So why would you do this? Well consider a company that has two links between locations, one a high bandwidth, low delay expensive link and the other a low bandwidth, higher delay lower expense link.

Now using traditional routing protocols the higher bandwidth link would get most if not all of the traffic sent across it based on the metric savings obtained by the bandwidth and/or delay (using EIGRP or OSPF) characteristics of the link. PBR would give you the ability to route higher priority traffic over the high bandwidth/low delay link while sending all other traffic over the low bandwidth/high delay link.

This way the traffic which requires the characteristics of the high bandwidth/low delay link would be possible without sending all traffic over the link.

The implementation of PBR is rather simple as well; it is setup to be configured using a match/set process. Traffic which is to be handled by PBR will be matched using an ACL and then have its path or parameters changed using a set command.

The first thing that must be done is the configuration of a route map which defines the policy. This is done through the route-map command which is shown here:

router(config)#route-map map-tag {permit | deny} {sequence-number}

The map-tag is simply a name which is used to identify the specific route-map and the sequence-number is used to set the order that route-map statements are evaluated if multiple statements exist.

The second thing that is done is the configuration of a match command which is used to match the specific type(s) of traffic which will be routed using the configured policy. Traffic which does not match any of these commands will be handed off to the destination based routing mechanism. The most common commands which are used as shown here:

router(config-route-map)#match length minimum-length

This command is used to match specific layer 3 packet sizes; this can be used to send packets of various sizes down different paths.

router(config-route-map)#match ip address {access-list-number | access-list-name}

This command is the workhorse of typical PBR configurations; it can be used to match any number of combinations based on a configured access-list.

The third thing that is done is to configure a specific set command, which is used to control the behavior of the matched traffic. The following commands are typically used:

router(config-router-map)#set ip next-hop ip-address

This command is used to specify the IP address of the matched traffics next hop. Make sure that the IP address which is specified in this command is adjacent to the configured router.

router(config-router-map)#set interface interface-type interface-number

This command is used to specify the output interface of the matched traffic.

router(config-router-map)#set ip default next-hop ip-address

This command is used to specify the IP address of the matched traffics next hop, like the set ip next-hop command. However, this command differs from the set ip next-hop command by having a different routing order. When using the set ip next-hop command traffic is policy routed first then passed onto a destination based routing method. When using the set ip default next-hop the destination based routing method is used first then it will be passed to policy routing.

router(config-router-map)#set default interface interface-type interface-number

This command is used to specify a default output interface to send traffic should no explicit route exist.

When using any combination of these commands within a policy the commands are evaluated in the following order:

  1. set ip next-hop
  2. set interface
  3. set ip default next-hop
  4. set default interface

PBR is a very powerful tool which can be used to control the specific paths of network traffic, however make sure to only use PBR when it is needed as destination based routing methods work very well by themselves. Like many other features offered on any type of equipment the feature is designed for a specific set of circumstances and should be used for those purposes to maintain efficiency.

The following are a list of links which can be used to reference PBR:

Ready to test your skills in CISCO? See how they stack up with this assessment from Smarterer, the newest addition to the Pluralsight family. Start thisĀ CISCO test now

 in Cisco


This site uses Akismet to reduce spam. Learn how your comment data is processed.