Policy Based Routing( PBR)

Policy Based Routing

This section will give information about Policy Based Routing , its usage & implementation.

Projects-9 Policy Based Routing Config

Whenever traffic hits a router, forwarding decision is made on the basis of Destination IP address. Router checks its routing table and checks its next hop address or does Recursive Routing and checks the exit interface which it will take to reach the destination. However, decision is not made on the basis of Source IP address of the originating device by default.

In case, we want to influence the traffic to take different forwarding path on the basis of Source IP or Interface Name, it can be done using Policy Based Routing. We would use Route-map to implement PBR.

We need to create a route-map with permit or deny statement and sequence number, then we will need to match either the access-list or interface , and last we need to make it take decision i.e. either we can change certain parameter . e.g. if acl 10 matches, then change the next hop address or change the local preference. But we need to choose the set parameter which will serve the purpose.

In the above diagram,

We need to use Policy Based Routing (PBR) to change the default path, i.e. Source is 200.1.1.1 and destination is 100.1.1.1. All routers are running EIGRP with advertising all of its local subnets.

When traffic from 200.1.1.1 reaches Router R1, routing table shows 20.1.1.2 as next hop address as its best route, Though EIGRP has feasible Successor ( Backup ) path thru 10.1.1.2 to reach 100.1.1.1.

So, now we can use PBR in two ways , 1) by creating an access-list which will have below statement

Access-list 100 permit ip host 200.1.1.1 host 100.1.1.1    OR second way is that we match the interface e1/1 in route-map

Policy Based Routing (PBR) is always used to make decision on the incoming traffic i.e. source and then forwards per the statement defined in route-map

Policy Based Routing Configuration

First)

Route-map TEST Permit 10

Match ip address 100

Set ip next-hop 10.1.1.2

After that we need to attach this Policy MAP or Route-MAP to the incoming Interface i.e. e1/1 of Router R1

Interface e1/1

Ip policy route-map TEST

Once this is implemented, then we can test it by generating traffic on Router R4 i.e. tracert 100.1.1.1 source 200.1.1.1 . We’d see that the path will be thru 10.1.1.2 instead of 20.1.1.2.

Second)

Route-map TEST permit 10

Match interface e1/1

Set ip next-hop 10.1.1.2     OR     Set interface e0/0    ( Note :- Set interface feature may not work on Some platforms)

Interface e1/1

ip policy route-map TEST

Once this is implemented, then we can test it by generating traffic on Router R4 i.e. tracert 100.1.1.1 source 200.1.1.1 . We’d see that the path will be thru 10.1.1.2 instead of 20.1.1.2.

Normal traffic will take the normal routing path decided by Routing Protocol or EIGRP in this case.

Also note that – The implicit deny at the end of access-list 100 does not mean that traffic will drop. It will simply not participate in PBR.