Policy Based Routing (PBR) Fundamentals

- select the contributor at the end of the page -
The problem that many network engineers find with typical routing systems and protocols is that they are based on routing the traffic based on the destination of the traffic. Now under normal situations this is fine, but when the traffic on your network requires a more hands on solution policy based routing takes over.

Destination based routing systems make it quite hard to change the routing behavior of specific traffic. With PBR, a network engineer has the ability to dictate the routing behavior based on a number of different criteria other than destination network, including source or destination network, source or destination address, source or destination port, protocol, packet size, and packet classification among others.

PBR also has the ability to implement QoS by classifying and marking traffic at the network edge and then using PBR throughout the network to route marked traffic along a specific path.

Why Use Policy Based Routing?

So why would you do this? Well consider a company that has two links between locations, one a high bandwidth, low delay expensive link and the other a low bandwidth, higher delay lower expense link.

Now using traditional routing protocols the higher bandwidth link would get most if not all of the traffic sent across it based on the metric savings obtained by the bandwidth and/or delay (using EIGRP or OSPF) characteristics of the link. PBR would give you the ability to route higher priority traffic over the high bandwidth/low delay link while sending all other traffic over the low bandwidth/high delay link.

This way the traffic which requires the characteristics of the high bandwidth/low delay link would be possible without sending all traffic over the link.

The implementation of PBR is rather simple as well; it is setup to be configured using a match/set process. Traffic which is to be handled by PBR will be matched using an ACL and then have its path or parameters changed using a set command.

PBR Configuration

The first thing that must be done is the configuration of a route map which defines the policy. This is done through the route-map command which is shown here:

router(config)#route-map map-tag {permit | deny} {sequence-number}

The map-tag is simply a name which is used to identify the specific route-map and the sequence-number is used to set the order that route-map statements are evaluated if multiple statements exist.

The second thing that is done is the configuration of a match command which is used to match the specific type(s) of traffic which will be routed using the configured policy. Traffic which does not match any of these commands will be handed off to the destination based routing mechanism. The most common commands which are used as shown here:

router(config-route-map)#match length minimum-length

This command is used to match specific layer 3 packet sizes; this can be used to send packets of various sizes down different paths.

router(config-route-map)#match ip address {access-list-number | access-list-name}

This command is the workhorse of typical PBR configurations; it can be used to match any number of combinations based on a configured access-list.

The third thing that is done is to configure a specific set command, which is used to control the behavior of the matched traffic. The following commands are typically used:

router(config-router-map)#set ip next-hop ip-address

This command is used to specify the IP address of the matched traffics next hop. Make sure that the IP address which is specified in this command is adjacent to the configured router.

router(config-router-map)#set interface interface-type interface-number

This command is used to specify the output interface of the matched traffic.

router(config-router-map)#set ip default next-hop ip-address

This command is used to specify the IP address of the matched traffics next hop, like the set ip next-hop command. However, this command differs from the set ip next-hop command by having a different routing order. When using the set ip next-hop command traffic is policy routed first then passed onto a destination based routing method. When using the set ip default next-hop the destination based routing method is used first then it will be passed to policy routing.

router(config-router-map)#set default interface interface-type interface-number

This command is used to specify a default output interface to send traffic should no explicit route exist.

When using any combination of these commands within a policy the commands are evaluated in the following order:

  1. set ip next-hop
  2. set interface
  3. set ip default next-hop
  4. set default interface

PBR is a very powerful tool which can be used to control the specific paths of network traffic, however make sure to only use PBR when it is needed as destination based routing methods work very well by themselves. Like many other features offered on any type of equipment the feature is designed for a specific set of circumstances and should be used for those purposes to maintain efficiency.

The following are a list of links which can be used to reference PBR:

Ready to test your skills in CISCO? See how they stack up with this assessment from Smarterer. Start this CISCO test now

Get our content first. In your inbox.

Loading form...

If this message remains, it may be due to cookies being disabled or to an ad blocker.


Sean Wilkins

Sean Wilkins is an accomplished networking consultant who has been in the IT field for more than 20 years, working with several large enterprises. He is a writer for infoDispersion and his educational accomplishments include: a Master’s of Science in Information Technology with a focus in Network Architecture and Design, and a Master’s of Science in Organizational Management. Sean holds certifications with Cisco (CCNP/CCDP), Microsoft (MCSE) and CompTIA (A+ and Network+).