Policy-Based Routing (PBR)

Content- Before We Start- PBR Overview- How PBR Works- Route-Map Operation- PBR Configuration Procedure- PBR Configuration - Lab

Before We Start

- Destination Based Routing

- Routing from Net A/B to Net C/D via (R1 -> R5 -> R4)

PBR Overview

- Say goodbye to Destination Based Routing- Flexible routing packet decision based on traffic flows

- Overrides routing protocol next-hob decision

PBR Overview

- Routing from Net A to Net C via (R1 -> R5 -> R4)

- Routing from Net B to Net D via (R1 -> R2 -> R3 -> R4)

How PBR Works

- All packets received on an interface are considered for policyrouting

- Each packet is passed through a route-map- Each entry in a route-map has “match” and “set” clauses

- Match clauses are conditions to be met- Route-map is used for condition work

How PBR Works

If match src NetAset next-hob -> R5

If match src NetB

set next-hob -> R2

Route-Map Operation

route-map DEMO permit 10

match X Y Zmatch A

set Bset C

route-map DEMO permit 20match Qset R

route-map DEMO permit 30

If {(X OR Y OR Z)

AND A match}

Then {Set B AND C}

(and exit route-map)

ElseIf Q matches Then set R (and exit route-map)

ElseSet nothing (and exit route-map)

OR

OR

Route-Map Operation

- Match criteria on the same line mean a logical OR condition

- Multiple match and set criteria on separate lines indicates an AND condition

- A route-map statement without any match statements will be considered matched.

- Like an access list, an implicit deny any appears at the end of a route map.

PBR Configuration Procedure

- Define and name the route map with the route-mapcommand.- Define the conditions to match (the matchstatements).- Define access-list for packet identifying

- Define the action to be taken when there is a match (the set statements).

- Define which interface the route map will be attached to using the ip policy route-map interface configuration command.

PBR Configuration - Lab

PBR Configuration – Lab

Configuration on R1

- Create access-list

ip access-list extended Net7-Net4

permit ip 7.7.7.0 0.0.0.255 4.4.4.0 0.0.0.255

!

PBR Configuration – Lab

Configuration on R1

- Configure route-map

route-map DEMO permit 10match ip address Net7-Net4

set ip next-hop 192.168.12.2

!

route-map DEMO permit 20

!interface FastEthernet6/0

PBR Configuration – Lab

Configuration on R1

- Apply route-map into interface

interface FastEthernet6/0

ip policy route-map DEMO

!

PBR Configuration – Lab

Traceroute output from Network 7.7.7.7

- Before Apply into interface

traceroute 4.4.4.4 source 7.7.7.7

Type escape sequence to abort.

Tracing the route to 4.4.4.4

1 192.168.16.1 20 msec 12 msec 12 msec (R1)

2 192.168.15.5 12 msec 36 msec 28 msec (R5)

PBR Configuration – Lab

Traceroute output from Network 7.7.7.7

- After Apply into interface

traceroute 4.4.4.4 source 7.7.7.7

Type escape sequence to abort.

Tracing the route to 4.4.4.4

1 192.168.16.1 12 msec 20 msec 20 msec (R1)

2 192.168.12.2 30 msec * 34 msec (R2)

3 192.168.23.3 32 msec * 36 msec (R3)

4 192.168.34.4 68 msec 56 msec 52 msec (R4)

5 192.168.45.5 56 msec 68 msec 60 msec

Thanks