Information About Policy-Based Routing
Note |
The documentation set for this product strives to use bias-free language. For purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. |
PBR (Policy Based Routing) is a technique used to make routing decisions based on configured policies.
When a router or switch receives a packet, a forwarding decision is based on the destination IP address of the packet, which is used to look up an entry in a routing table. However, in some cases, there may be a need to forward the packet based on other criteria, for example, the source IP address and not the destination IP address. This permits routing of packets originating from different sources to different networks, even when the destinations are the same, and can be useful when interconnecting several private networks.
With PBR, you classify traffic using access control lists (ACLs) and then make traffic go through a different path. PBR is applied to incoming packets. All packets received on an interface with PBR enabled are passed through route maps. Based on the criteria defined in the route maps, packets are forwarded (routed) to the appropriate next hop.
-
Route map statement marked as permit is processed as follows:
-
A match command can match on multiple ACLs. A route map statement can contain multiple match commands. Logical or algorithm function is performed across all the match commands to reach a permit or deny decision.
For example:
match ip address acl1 acl2
match ip address acl3
Note
IPv6 is not supported.
A packet is permitted if it is permitted by acl1 or acl2 or acl3.
-
If the decision reached is permit, then the action specified by the set command is applied on the packet.
-
If the decision reached is deny, then the PBR action (specified in the set command) is not applied. Instead the processing logic moves forward to look at the next route-map statement in the sequence (the statement with the next higher sequence number). If no next statement exists, PBR processing terminates, and the packet is routed using the default IP routing table.
-
-
For PBR, route-map statements and ACLs marked as deny are not supported.
You can use standard IP ACLs to specify match criteria for a source address or extended IP ACLs to specify match criteria based on an end station. The process proceeds through the route map until a match is found. If no match is found, normal destination-based routing occurs. There is an implicit deny at the end of the list of match statements.
If match clauses are satisfied, you can use a set clause to specify the IP addresses identifying the next hop router in the path. You can also set an IP precedence value using the precedence number or name.