What is Policy Based Routing (PBR)?
Introduction
Policy Based Routing is a powerful network management technique that enables efficient control and prioritization of network traffic flow. Nowadays, a number of applications are working side by side, and it's a must to connect these applications. Because of this, the network traffic nature has become more complicated. Using traditional mechanisms, it may be difficult or even impossible to meet these requirements.
Organizations now must place an even greater emphasis on managing their operating expenses than in the past. One way is to maximize the use of resources. One such area is networking, where rather than investing in more capacity, the focus is on making the most of what already exists. All this can be achieved by implementing Policy Based Routing (PBR). You can learn more about PBR in our CCNP ENCOR 350-401 Training.
Under this Blog, we will understand Policy Based Routing, its benefits, and the configuration of PBR with topology for better understanding. Let's first understand what policy based routing is and the various advantages associated with using PBR.
What is Policy Based Routing (PBR)?
Policy based routing, sometimes known as PBR is a technique that allows network administrators to control the path of traffic based on specific criteria, such as
- Source address
- Destination address
- Network protocols
- Port number
- The kind of traffic
- Application
It can be used to optimize network performance, enhance security, implement load balancing, or enforce policy compliance.
PBR can be used as a versatile alternative to traditional routing protocols, including but not limited to OSPF and BGP. Policy based routing (PBR) allows network engineers to apply distinct policies to various types of traffic, thereby enabling more precise and adaptable control over network traffic, as opposed to routing all traffic based on a uniform set of routing rules.
For example, Different types of data may be sent via distinct paths with varying characteristics, such as higher or lower bandwidth, lower or higher latency, and different security standards or policies. In order to operate properly, Policy Based Routing first compares incoming traffic against a set of rules and then assigns it to a particular set of routes. The specified routing policy is used to inform a set of rules included inside the route map.
How does Policy Based Routing works?
PBR's route map supports ACL matching, which allows you to restrict traffic based on factors like origin IP address, destination IP address, protocol, and port.
One can also match:
- QOS markings, such as IP priority or DSCP.
- You may direct data transmission to the desired destination depending on the packet size.
After establishing a successful match, you may configure the next-hop device's IP address. At the same time, you can establish Quality of Service (QOS) values to guarantee that an application receives the required resources to perform optimally.
"Deny" statements may also be included in the route map. (If nothing else is mentioned, "permit" will be assumed.) You may use them as a filter, too. If the route map encounters a deny when matching against an access control list, it will skip over that statement and go on to the next one in the map.
When a route map statement is encountered that does not have a matching permission statement, the route map is marked as "policy rejected." The RIB governs the standard traffic forwarding in the event of a policy-rejected situation.
Problems addressed by PBR
Traditional routing systems are designed to direct network traffic according to the respective destination of the data. The continuous expansion of cloud computing, mobility, and web-based applications demands the network's awareness of every application type of traffic that passes through it. PBR employs a distinct approach for each application type to ensure efficient prioritization, segregation, and traffic routing while maintaining optimal performance and availability.
Moreover, the complexities of voice, data, video, and applications residing on a single network expose networks to potential security breaches or limit their ability to effectively counteract such breaches. Business applications are frequently subjected to various cyber-attacks, which pose a significant threat to their security.
Policy-based routing (PBR) allows network administrators to categorize network traffic according to specific applications and assign them with corresponding labels for more comprehensive analysis. This approach enhances network security by providing increased visibility, control, regulations, and protection.
How can Policy Based Routing be used?
Traditional routing primarily focuses on destination-based forwarding, whereas Policy-Based Routing (PBR) provides more control over the routing process. PBR can be used to:
- It can improve network performance and reliability by easily distributing traffic among users on different factors such as source IP address or application type.
- It can enhance network security by implementing security policies and routing traffic to or from specific hosts through a firewall, VPN, or proxy server.
- To meet the demands of a Service Level Agreement (SLA), it is necessary to stratify traffic and assign priority to certain types of traffic over others, and it can be possible with PBR.
- It can optimize network performance by routing traffic according to the network conditions.
- Choose the amount of network bandwidth to allocate to individual applications.
- Choose the traffic that undergoes deep packet inspection, particularly for specific applications critical to business operations.
- WAN optimizations by singling out traffic for specific applications.
Advantages of using Policy Based Routing
There are various advantages of using Policy Based Routing in network infrastructures:
Optimizing network performance
PBR assists in selecting and forwarding network traffic based on the best available path. The optimal path for traffic depends on various factors, such as the shortest distance, lowest latency, or the highest bandwidth. It also enhances the QoS for certain applications and also reduces congestion on overloaded links.
Better network security
PBR can assist in routing traffic with security policies. It can block or redirect malicious or unwanted traffic to a firewall, IPS, or proxy server. This, in return, prevents attacks and filters content.
Implementing load balancing
With PBR, traffic may be routed depending on load balancing parameters, such as delivering it to the multiple links or server that is currently experiencing the lowest volume of traffic. This may improve the network's scalability and availability.
Enforcing policy compliance
Policy Based Routing can also be used to route traffic based on policy compliance. It includes routing traffic from a specified user to specific destinations or services or assigning QoS levels depending on the kind of traffic.
We already understand the basic meaning of policy based routing and the advantages of using PBR. Let's verify PBR using a Lab scenario.
Policy Based Routing configuration
In this lab, we will take a look at Policy Based Routing configuration. PBR is all about telling the router to forward traffic according to what we set rather than what is in the routing table. We define what traffic is via access lists and create instructions for how to route the matched traffic with a route map.
The three steps to configuring PBR are as follows –
- Define the traffic
- Match the traffic and set the next hop IP address
- Apply the policy on the interface or local
Let's quickly start by creating a topology like the one below. In the first phase, we will segregate the traffic transmission so that the traffic coming from LAN2 takes the path via ISP2 to reach the internet (8.8.8.8 in the topology).
Topology
Step 1: Configure OSPF on R1, R2, and R3.
Step 2: Configure Static routes on R4, R5, and R6.
Step 3: Configure a default route on R3 towards ISP1 (R4).
Step 4: Define the traffic using the access list.
R3(config)#access-list 1 permit 10.2.3.0 0.0.0.255
Step 5: Create a route map to define the next hop as ISP2 for the traffic coming from LAN2.
R3(config)#route-map REDIRECT 10
R3(config-route-map)#match ip address 1
R3(config-route-map)#set ip next-hop 192.3.5.5
R3(config-route-map)#exit
Step 6: Apply the route-map on the required interface
R3(config)#int g0/0
R3(config-if)#ip policy route-map REDIRECT
We are done! Now it's time to verify. Let's trace the path to 8.8.8.8 from R2.
R2#trace 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 10.2.3.3 48 msec 9 msec 9 msec
2 192.3.5.5 20 msec 10 msec 8 msec
3 192.5.6.6 30 msec * 19 msec
R2#
We can observe that the traffic is taking ISP2 as the next hop to reach destination 8.8.8.8.
PHASE 2: Now, in this phase 2 we will try to redirect the HTTP traffic from LAN1 and LAN2 to the ISP2 using an extended ACL. Let’s see how this can be configured.
Step 1: Creating an extended ACL to define the traffic.
R3(config)#ip access-list extended 100
R3(config-ext-nacl)#permit tcp any eq 80
R3(config-ext-nacl)#exit
Step 2: Creating the route-map to define the next hop for HTTP traffic.
R3(config)#route-map HTTP-DATA
R3(config-route-map)#match ip address 100
R3(config-route-map)#set ip next-hop 192.3.5.5
R3(config-route-map)#exit
Step 3: Apply the route-maps to the interfaces attached to our LAN1 and LAN2.
R3(config)#int r g0/0-1
R3(config-if-range)#ip policy route-map HTTP-REDIRECT
R3(config-if-range)#exit R3(config)#^Z
It's time to verify!!
Let's try to reach 8.8.8.8 via port 80 now. We can do this with telnet and specifying port 80. Therefore, configure telnet on R6 and enable debugging on R3 to verify the functioning of PBR in this case.
R3#debug ip policy
Policy routing debugging is on
R3#
Let's create a telnet connection and observe the debug output on R3.
R1# telnet 8.8.8.8 80
Trying 8.8.8.8, 80 ...
Open You'll observe logs confirming the policy getting matched and data getting routed towards ISP2. This confirms that we were able to configure the PBR successfully.
You can also check out our webinar on Policy-based routing -
Frequently Asked Questions
Q1 - Why do we need Policy-Based Routing?
PBR can be useful for implementing different policies for different types of traffic and can be used for the following:
- Regulate the direction of the traffic flow by either the source or destination address.
- To modify the next-hop destination.
- To modify the routing of traffic towards an adjacent router.
- Redirecting traffic to specific devices or servers.
Q2 - What is static and Policy-Based Routing?
Static routing and policy-based routing are two methods of forwarding traffic based on different criteria. Static routing is the simplest form of routing, where the administrator manually configures the routes for each destination network or host on the router. In policy-based routing (PBR), an administrator establishes rules that match certain characteristics of the traffic in order to determine which paths it should take.
Q3 - Why does BGP use Policy-Based Routing?
BGP uses Policy-Based Routing because it allows network administrators to control how traffic flows between different autonomous systems. BGP does not use metrics like other routing protocols but relies on attributes and policies to determine the best path for each destination.
Q4 - What are the capabilities of PBR?
There are many capabilities associated with PBR; some of these are:
- Providing Quality of Service (QoS) to different types of traffic
- Distributing traffic across multiple paths based on cost, bandwidth, or delay
- Routing traffic from different sources to different destinations, even if they have the same destination address
- Implementing equal-access and source-sensitive routing for different networks
Conclusion
This blog mainly focuses on policy based routing (PBR), a technique network administrators use to direct traffic based on parameters such as their source and destination IP addresses, protocol names, port numbers, and applications. We have also shown the topology-based configuration of PBR on Cisco routers. This will provide some understanding of the advantages of PBR and how one can implement Policy Based Routing using a lab scenario.
Related Topics -