Policy Based Routing (PBR)
4 likes1,270 views
Policy-Based Routing (PBR) allows network administrators to override the default routing behavior and specify how traffic should be routed based on matching criteria. PBR uses route-maps to match packets and set the next-hop. Route-maps contain match and set clauses - match clauses define the conditions to match packets, and set clauses define the action to take for matched packets such as specifying the next-hop router. Network administrators configure PBR by defining route-maps with match and set statements, applying the route-map to an interface with the ip policy command.
Policy Based Routing (PBR)
- 2. Content - Before We Start - PBR Overview - How PBR Works - Route-Map Operation - PBR Configuration Procedure - PBR Configuration - Lab
- 3. Before We Start - Destination Based Routing - Routing from Net A/B to Net C/D via (R1 -> R5 -> R4)
- 4. PBR Overview - Say goodbye to Destination Based Routing - Flexible routing packet decision based on traffic flows - Overrides routing protocol next-hob decision
- 5. PBR Overview - Routing from Net A to Net C via (R1 -> R5 -> R4) - Routing from Net B to Net D via (R1 -> R2 -> R3 -> R4)
- 6. How PBR Works - All packets received on an interface are considered for policy routing - Each packet is passed through a route-map - Each entry in a route-map has “match” and “set” clauses - Match clauses are conditions to be met - Route-map is used for condition work
- 7. How PBR Works If match src NetA set next-hob -> R5 If match src NetB set next-hob -> R2
- 8. Route-Map Operation route-map DEMO permit 10 match X Y Z match A set B set C route-map DEMO permit 20 match Q set R route-map DEMO permit 30 If {(X OR Y OR Z) AND A match} Then {Set B AND C} (and exit route-map) Else If Q matches Then set R (and exit route-map) Else Set nothing (and exit route-map) OR OR
- 9. Route-Map Operation - Match criteria on the same line mean a logical OR condition - Multiple match and set criteria on separate lines indicates an AND condition - A route-map statement without any match statements will be considered matched. - Like an access list, an implicit deny any appears at the end of a route map.
- 10. PBR Configuration Procedure - Define and name the route map with the route-map command. - Define the conditions to match (the match statements). - Define access-list for packet identifying - Define the action to be taken when there is a match (the set statements). - Define which interface the route map will be attached to using the ip policy route-map interface configuration command.
- 11. PBR Configuration - Lab
- 12. PBR Configuration – Lab Configuration on R1 - Create access-list ip access-list extended Net7-Net4 permit ip 7.7.7.0 0.0.0.255 4.4.4.0 0.0.0.255 !
- 13. PBR Configuration – Lab Configuration on R1 - Configure route-map route-map DEMO permit 10 match ip address Net7-Net4 set ip next-hop 192.168.12.2 ! route-map DEMO permit 20 !
- 14. PBR Configuration – Lab Configuration on R1 - Apply route-map into interface interface FastEthernet6/0 ip policy route-map DEMO !
- 15. PBR Configuration – Lab Traceroute output from Network 7.7.7.7 - Before Apply into interface traceroute 4.4.4.4 source 7.7.7.7 Type escape sequence to abort. Tracing the route to 4.4.4.4 1 192.168.16.1 20 msec 12 msec 12 msec (R1) 2 192.168.15.5 12 msec 36 msec 28 msec (R5)
- 16. PBR Configuration – Lab Traceroute output from Network 7.7.7.7 - After Apply into interface traceroute 4.4.4.4 source 7.7.7.7 Type escape sequence to abort. Tracing the route to 4.4.4.4 1 192.168.16.1 12 msec 20 msec 20 msec (R1) 2 192.168.12.2 30 msec * 34 msec (R2) 3 192.168.23.3 32 msec * 36 msec (R3) 4 192.168.34.4 68 msec 56 msec 52 msec (R4) 5 192.168.45.5 56 msec 68 msec 60 msec
- 17. Thanks