PyNet Labs- Network Automation Specialists

Policy Based Routing (PBR)

Last Updated : May 20, 2023
What is Policy Based Routing and Its Configuration

Policy Based Routing is a powerful network management technique that enables efficient control and prioritization of network traffic flow. Nowadays, a number of applications are working side by side, and it's a must to connect these applications. Because of this, the network traffic nature has become more complicated. Using traditional mechanisms, it may be difficult or even impossible to meet these requirements.

Organizations now must place an even greater emphasis on managing their operating expenses than in the past. One way is to maximize the use of resources. One such area is networking, where rather than investing in more capacity, the focus is on making the most of what already exists. All this can be achieved by implementing Policy Based Routing (PBR). You can learn more about PBR in our CCNP ENCOR 350-401 Training.

Under this Blog, we will understand Policy Based Routing, its benefits, and the configuration of PBR with topology for better understanding. Let's first understand what policy based routing is and the various advantages associated with using PBR.

What is Policy Based Routing?

Policy based routing, sometimes known as PBR is a technique that allows network administrators to control the path of traffic based on specific criteria, such as

  • Source address
  • Destination address
  • Network protocols
  • Port number
  • The kind of traffic
  • Application

It can be used to optimize network performance, enhance security, implement load balancing, or enforce policy compliance.

PBR can be used as a versatile alternative to traditional routing protocols, including but not limited to OSPF and BGP. Policy based routing (PBR) allows network engineers to apply distinct policies to various types of traffic, thereby enabling more precise and adaptable control over network traffic, as opposed to routing all traffic based on a uniform set of routing rules.

For example, Different types of data may be sent via distinct paths with varying characteristics, such as higher or lower bandwidth, lower or higher latency, and different security standards or policies. In order to operate properly, Policy Based Routing first compares incoming traffic against a set of rules and then assigns it to a particular set of routes. The specified routing policy is used to inform a set of rules included inside the route map.

Advantages of using Policy Based Routing

There are various advantages of using Policy Based Routing in network infrastructures:

Optimizing network performance

PBR assists in selecting and forwarding network traffic based on the best available path. The optimal path for traffic depends on various factors, such as the shortest distance, lowest latency, or the highest bandwidth. It also enhances the QoS for certain applications and also reduces congestion on overloaded links.

Better network security

PBR can assist in routing traffic with security policies. It can block or redirect malicious or unwanted traffic to a firewall, IPS, or proxy server. This, in return, prevents attacks and filters content.

Implementing load balancing

With PBR, traffic may be routed depending on load balancing parameters, such as delivering it to the multiple links or server that is currently experiencing the lowest volume of traffic. This may improve the network's scalability and availability.

Enforcing policy compliance

Policy Based Routing can also be used to route traffic based on policy compliance. It includes routing traffic from a specified user to specific destinations or services or assigning QoS levels depending on the kind of traffic.

We already understand the basic meaning of policy based routing and the advantages of using PBR. Let's verify PBR using a Lab scenario.

Policy Based Routing configuration

In this lab, we will take a look at Policy Based Routing configuration. PBR is all about telling the router to forward traffic according to what we set rather than what is in the routing table. We define what traffic is via access lists and create instructions for how to route the matched traffic with a route map.

The three steps to configuring PBR are as follows –

  • Define the traffic
  • Match the traffic and set the next hop IP address
  • Apply the policy on the interface or local

Let's quickly start by creating a topology like the one below. In the first phase, we will segregate the traffic transmission so that the traffic coming from LAN2 takes the path via ISP2 to reach the internet (8.8.8.8 in the topology).

Topology

Policy Based Routing Configuration

Step 1: Configure OSPF on R1, R2, and R3.

Step 2: Configure Static routes on R4, R5, and R6.

Step 3: Configure a default route on R3 towards ISP1 (R4).

Step 4: Define the traffic using the access list.

R3(config)#access-list 1 permit 10.2.3.0 0.0.0.255

Step 5: Create a route map to define the next hop as ISP2 for the traffic coming from LAN2.

R3(config)#route-map REDIRECT 10

R3(config-route-map)#match ip address 1

R3(config-route-map)#set ip next-hop 192.3.5.5

R3(config-route-map)#exit

Step 6: Apply the route-map on the required interface

R3(config)#int g0/0

R3(config-if)#ip policy route-map REDIRECT

We are done! Now it's time to verify. Let's trace the path to 8.8.8.8 from R2.

R2#trace 8.8.8.8

Type escape sequence to abort.

Tracing the route to 8.8.8.8

VRF info: (vrf in name/id, vrf out name/id)

1 10.2.3.3 48 msec 9 msec 9 msec

2 192.3.5.5 20 msec 10 msec 8 msec

3 192.5.6.6 30 msec * 19 msec

R2#

We can observe that the traffic is taking ISP2 as the next hop to reach destination 8.8.8.8.

PHASE 2: Now, in this phase 2 we will try to redirect the HTTP traffic from LAN1 and LAN2 to the ISP2 using an extended ACL. Let’s see how this can be configured.

Step 1: Creating an extended ACL to define the traffic.

R3(config)#ip access-list extended 100

R3(config-ext-nacl)#permit tcp any eq 80

R3(config-ext-nacl)#exit

Step 2: Creating the route-map to define the next hop for HTTP traffic.

R3(config)#route-map HTTP-DATA

R3(config-route-map)#match ip address 100

R3(config-route-map)#set ip next-hop 192.3.5.5

R3(config-route-map)#exit

Step 3: Apply the route-maps to the interfaces attached to our LAN1 and LAN2.

R3(config)#int r g0/0-1

R3(config-if-range)#ip policy route-map HTTP-REDIRECT

R3(config-if-range)#exit R3(config)#^Z

It's time to verify!!

Let's try to reach 8.8.8.8 via port 80 now. We can do this with telnet and specifying port 80. Therefore, configure telnet on R6 and enable debugging on R3 to verify the functioning of PBR in this case.

R3#debug ip policy

Policy routing debugging is on

R3#

Let's create a telnet connection and observe the debug output on R3.

R1# telnet 8.8.8.8 80

Trying 8.8.8.8, 80 ...

Open You'll observe logs confirming the policy getting matched and data getting routed towards ISP2. This confirms that we were able to configure the PBR successfully.

You can also check out our webinar on Policy-based routing -

Conclusion

This blog mainly focuses on policy based routing (PBR), a technique network administrators use to direct traffic based on parameters such as their source and destination IP addresses, protocol names, port numbers, and applications. We have also shown the topology-based configuration of PBR on Cisco routers. This will provide some understanding of the advantages of PBR and how one can implement Policy Based Routing using a lab scenario.

Related Topics -

What is Port Security?

Route Redistribution

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram