Policy Based Routing (PBR)
Policy Based Routing is a powerful network management technique that enables efficient control and prioritization of network traffic flow. Nowadays, a number of applications are working side by side, and it's a must to connect these applications. Because of this, the network traffic nature has become more complicated. Using traditional mechanisms, it may be difficult or even impossible to meet these requirements.
Organizations now must place an even greater emphasis on managing their operating expenses than in the past. One way is to maximize the use of resources. One such area is networking, where rather than investing in more capacity, the focus is on making the most of what already exists. All this can be achieved by implementing Policy Based Routing (PBR). You can learn more about PBR in our CCNP ENCOR 350-401 Training.
Under this Blog, we will understand Policy Based Routing, its benefits, and the configuration of PBR with topology for better understanding. Let's first understand what policy based routing is and the various advantages associated with using PBR.
What is Policy Based Routing?
Policy based routing, sometimes known as PBR is a technique that allows network administrators to control the path of traffic based on specific criteria, such as
- Source address
- Destination address
- Network protocols
- Port number
- The kind of traffic
It can be used to optimize network performance, enhance security, implement load balancing, or enforce policy compliance.
PBR can be used as a versatile alternative to traditional routing protocols, including but not limited to OSPF and BGP. Policy based routing (PBR) allows network engineers to apply distinct policies to various types of traffic, thereby enabling more precise and adaptable control over network traffic, as opposed to routing all traffic based on a uniform set of routing rules.
For example, Different types of data may be sent via distinct paths with varying characteristics, such as higher or lower bandwidth, lower or higher latency, and different security standards or policies. In order to operate properly, Policy Based Routing first compares incoming traffic against a set of rules and then assigns it to a particular set of routes. The specified routing policy is used to inform a set of rules included inside the route map.
Advantages of using Policy Based Routing
There are various advantages of using Policy Based Routing in network infrastructures:
Optimizing network performance
PBR assists in selecting and forwarding network traffic based on the best available path. The optimal path for traffic depends on various factors, such as the shortest distance, lowest latency, or the highest bandwidth. It also enhances the QoS for certain applications and also reduces congestion on overloaded links.
Better network security
PBR can assist in routing traffic with security policies. It can block or redirect malicious or unwanted traffic to a firewall, IPS, or proxy server. This, in return, prevents attacks and filters content.
Implementing load balancing
With PBR, traffic may be routed depending on load balancing parameters, such as delivering it to the multiple links or server that is currently experiencing the lowest volume of traffic. This may improve the network's scalability and availability.
Enforcing policy compliance
Policy Based Routing can also be used to route traffic based on policy compliance. It includes routing traffic from a specified user to specific destinations or services or assigning QoS levels depending on the kind of traffic.
We already understand the basic meaning of policy based routing and the advantages of using PBR. Let's verify PBR using a Lab scenario.
Policy Based Routing configuration
In this lab, we will take a look at Policy Based Routing configuration. PBR is all about telling the router to forward traffic according to what we set rather than what is in the routing table. We define what traffic is via access lists and create instructions for how to route the matched traffic with a route map.
The three steps to configuring PBR are as follows –
- Define the traffic
- Match the traffic and set the next hop IP address
- Apply the policy on the interface or local
Let's quickly start by creating a topology like the one below. In the first phase, we will segregate the traffic transmission so that the traffic coming from LAN2 takes the path via ISP2 to reach the internet (220.127.116.11 in the topology).
Step 1: Configure OSPF on R1, R2, and R3.
Step 2: Configure Static routes on R4, R5, and R6.
Step 3: Configure a default route on R3 towards ISP1 (R4).
Step 4: Define the traffic using the access list.
R3(config)#access-list 1 permit 10.2.3.0 0.0.0.255
Step 5: Create a route map to define the next hop as ISP2 for the traffic coming from LAN2.
R3(config)#route-map REDIRECT 10
R3(config-route-map)#match ip address 1
R3(config-route-map)#set ip next-hop 18.104.22.168
Step 6: Apply the route-map on the required interface
R3(config-if)#ip policy route-map REDIRECT
We are done! Now it's time to verify. Let's trace the path to 22.214.171.124 from R2.
Type escape sequence to abort.
Tracing the route to 126.96.36.199
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.3.3 48 msec 9 msec 9 msec
2 188.8.131.52 20 msec 10 msec 8 msec
3 184.108.40.206 30 msec * 19 msec
We can observe that the traffic is taking ISP2 as the next hop to reach destination 220.127.116.11.
PHASE 2: Now, in this phase 2 we will try to redirect the HTTP traffic from LAN1 and LAN2 to the ISP2 using an extended ACL. Let’s see how this can be configured.
Step 1: Creating an extended ACL to define the traffic.
R3(config)#ip access-list extended 100
R3(config-ext-nacl)#permit tcp any eq 80
Step 2: Creating the route-map to define the next hop for HTTP traffic.
R3(config-route-map)#match ip address 100
R3(config-route-map)#set ip next-hop 18.104.22.168
Step 3: Apply the route-maps to the interfaces attached to our LAN1 and LAN2.
R3(config)#int r g0/0-1
R3(config-if-range)#ip policy route-map HTTP-REDIRECT
It's time to verify!!
Let's try to reach 22.214.171.124 via port 80 now. We can do this with telnet and specifying port 80. Therefore, configure telnet on R6 and enable debugging on R3 to verify the functioning of PBR in this case.
R3#debug ip policy
Policy routing debugging is on
Let's create a telnet connection and observe the debug output on R3.
R1# telnet 126.96.36.199 80
Trying 188.8.131.52, 80 ...
Open You'll observe logs confirming the policy getting matched and data getting routed towards ISP2. This confirms that we were able to configure the PBR successfully.
You can also check out our webinar on Policy-based routing -
This blog mainly focuses on policy based routing (PBR), a technique network administrators use to direct traffic based on parameters such as their source and destination IP addresses, protocol names, port numbers, and applications. We have also shown the topology-based configuration of PBR on Cisco routers. This will provide some understanding of the advantages of PBR and how one can implement Policy Based Routing using a lab scenario.
Related Topics -
Leave a Reply