10-3 Policy-Based Routing (PBR)

Previous page
Table of content
Next page

  • PBR provides routing based on a policy rather than a destination address or routing protocol.

  • With PBR, packets matching a condition or policy can be classified by setting the IP Precedence bits.

  • Classified packets are then routed to the next -hop address or to an interface according to the policy.

Configuration

  1. Define a route map to classify traffic.

    1. Specify one or more route-map statements: 

       (global)  route-map   map-tag  [  permit   deny  ] [  sequence  ]

      An action statement is added to the route map named map-tag (a text string). The statements are evaluated in sequential order, according to the sequence number. The action taken on the packet can be to permit it (process the packet through the route-map statement and route it according to PBR) or deny it (route normally).

    2. Define one or more conditions to match against (all must be met).

      • (Optional) Match the Layer 3 packet length: 

         (route-map)  match length   min max

        If the packet length is between min and max bytes, the condition is met.

      • (Optional) Match the IP addresses and/or ports: 

         (route-map)  match ip address   access-list  [  access-list  ]

        A standard IP access list access-list (named or numbered) can be used to match the source address of packets. An extended IP access list can be used to match source and destination addresses, as well as port numbers .

    3. Define actions to perform on the packet.

      • (Optional) Set the IP Precedence bits: 

         (route-map)  set ip precedence  {  number   name  }

        The IP Precedence can be set to a number or name: ( routine ), 1 ( priority ), 2 ( immediate ), 3 ( flash ), 4 ( flash-override ), or 5 ( critical ). Precedence numbers 6 and 7 are reserved for network control information.

      • (Optional) Set the next-hop address: 

         (route-map)  set ip next-hop   ip-address  [  ip-address ...  ]

        Packets will be forwarded to one or more next-hop addresses.

      • (Optional) Set the output interface: 

         (route-map)  set interface   type number

        Packets will be forwarded to the output interface type and number.

  2. Enable PBR.

    1. Apply the route map to an inbound interface: 

       (interface)  ip policy route-map   map-tag

      The route map is applied to the interface where traffic is received. Packets are evaluated and forwarded according to PBR.

    2. (Optional) Enable fast switching for PBR: 

       (interface)  ip route-cache policy

      By default, PBR disables fast switching on the interfaces where it is applied. Enabling fast-switched PBR also causes the set ip default next-hop and set default interface commands to be unsupported.

PBR Example

PBR is configured to classify incoming traffic into two classes: IP Precedence flash for all Telnet traffic, and routine for all other traffic. PBR is not configured with explicit next-hop addresses or output interfaces, so the IP Precedence is set, and normal routing occurs. 

  route-map pbrmap permit 10   match ip address 101   set ip precedence flash   route-map pbrmap permit 20   set ip precedence routine   access-list 101 permit tcp any any eq telnet   interface ethernet 0   ip policy route-map pbrmap   ip route-cache policy

Previous page
Table of content
Next page
Cisco Field Manual[c] Router Configuration
Cisco Field Manual[c] Router Configuration
ISBN: 1587050242
EAN: N/A
Year: 2005
Pages: 185
BUY ON AMAZON
Beginning Cryptography with Java
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Cisco Voice Gateways and Gatekeepers
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Special Edition Using FileMaker 8
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy