594 Configuring Access Control Lists
Policy Based Routing
Overview
In contemporary inter-networks, network administrators often need to
implement packet routing according to specific organizational policies. Policy
Based Routing (PBR) exactly fits this purpose. PBR provides a flexible
mechanism to implement solutions where organizational constraints dictate
that traffic be routed through specific network paths. PBR does not affect
route redistribution that occurs via routing protocols.
PBR is a true routing solution. The packet TTL is decremented in PBR-
routed packets. The destination MAC is rewritten in PBR routed packets.
ARP lookups are sent when required for unresolved next hop addresses. PBR
routed packets are routed via routing table lookups. Routes must exist in the
routing table for PBR next-hop and default next-hop rules.
Configuring PBR consists of installing a route-map with match and set
commands, and then applying the corresponding route-map to the interface.
IP routing must be enabled on the interfaces and globally.
PBR is applied to inbound traffic on IP routing interfaces. Enabling the
feature causes the router to analyze packets entering the interface using a
route-map. A VLAN can only have one associated route-map, but the
administrator can configure multiple route-map entries in the route-map
with different sequence numbers. Packets entering the interface are filtered
by a user-selected ACL. Packets that are allowed by the ACL are evaluated in
order of increasing sequence number until a viable routing destination is
found. Other actions may also be specified. If no action is executed, packets
are routed via normal routing table lookup.
ACLs present in a route-map’s match clauses inherit the ordering of the
containing route-map sequence number. Therefore, it is recommended that
ACLs used in route-map match clauses be independent of ACLs used in
access-groups in order to preserve access-group ordering.
A route-map rule may be configured as a permit or deny rule. If the rule is
marked as deny, traditional destination-based routing is performed on the
packet meeting the ACL match criteria. If the rule is marked as permit, and if
the packet meets the ACL match criteria, then the action specified by the set
commands in the route-map statement are evaluated. If no active route is
found in the route-map, the packet is forwarded using traditional destination-
To Next Page
Loading...
Need help?
General
