What is Policy Base Routing?
Policy Based Routing (PBR) is a network routing technique used to specify the path that data should take when it leaves one network and enters another. It allows administrators to create rules based on source and destination IP address, type of service (ToS), port numbers, and other protocol information to determine which route traffic should take. This allows for greater control over network traffic and helps ensure that important data is given priority over less important traffic.
What is Cisco Policy Base Routing?
Cisco Policy Based Routing (PBR) is a feature of Cisco routers and switches that enables the administrator to configure routing based on specific criteria. PBR can be used to control how traffic is routed when it enters or leaves the network, allowing for greater flexibility in managing the flow of information. This includes controlling which types of traffic are allowed to enter or leave the network and deciding which route they should take.
- For example, PBR can be used to ensure that VoIP traffic is routed over a dedicated link or prioritize mission-critical data over non-essential traffic. With Cisco PBR, administrators have greater control over how their networks are used and managed.
What are the Types of Policy Base Routing?
There are four types of Policy Base Routing:
- Static PBR
- Dynamic PBR
- Time-Based PBR
- Flow-Based PBR
Static PBR is the most basic form of policy routing. In this type of routing, rules are created to determine which route traffic should take based on the source and destination IP address. These rules are manually configured and are not dynamic.
Dynamic PBR is a more advanced form of routing, where rules can be created to determine which route traffic should take based on the type of service (ToS), port numbers, and other protocol information in addition to source and destination IP address. This type of policy routing can be dynamically changed as needed.
Time-Based PBR allows administrators to specify rules that will only be applied during specific times of the day or week. This type of routing is useful for setting up different policies at different times, such as assigning a higher priority to certain types of traffic during peak hours.
Flow-Based PBR is the most advanced form of policy routing, and it allows for granular control over network traffic. In this type of routing, rules can be created based on the source and destination IP addresses, as well as other parameters such as TCP/UDP port numbers, ToS values, and more. This type of policy routing is best suited for large networks that require a high degree of customization.
What are the Advantages of Using Policy Base Routing?
Here are some of the advantages of using Policy Base Routing:
- Better control and flexibility in managing network traffic
- Ability to prioritize mission-critical traffic
- Enhanced performance when dealing with latency-sensitive applications and services
- Improved security by blocking malicious traffic
- Reduced cost through load balancing between different links.
- Easier troubleshooting and maintenance by having the ability to see exactly which route traffic is taking.
Where We Can Use Policy Base Routing?
Here are a few examples of where Policy Base Routing can be used:
- Prioritizing mission-critical or latency-sensitive traffic
- Controlling access to networks and services
- Ensuring VoIP traffic is routed over a dedicated link
- Optimizing routing paths based on current network conditions
- Load balancing between different links
- Blocking malicious traffic from entering the network
How We Can Block Malicious Traffic with the Help of a Policy Base Routing?
Here are some ways PBR can be used to block malicious traffic:
- Creating rules that drop any traffic coming from or going to known malicious IP addresses.
- Setting up rules that reject all or certain types of traffic based on source or destination IP address, port number, and other protocol information.
- Using access control lists (ACLs) to selectively allow or deny traffic.
- Creating rules that filter out any traffic containing malicious content such as viruses, malware, or other threats.
- Using time-based policies to limit access to certain services during specific times of the day or week.
How to Configure Policy Base Routing on Router?
Here are the steps for configuring Policy Based Routing on a router:
1. Define source and destination IP addresses
2. Specify the ToS value (if applicable)
3. Configure port numbers (if applicable)
4. Choose the route to be taken when traffic matches the criteria
5. Apply the policy to the appropriate interface
6. Verify that the policy is working correctly
7. Save the configuration on the router.
Example:
To configure PBR to prioritize VoIP traffic, you can use the following command:
- IP access-list standard VOIP
- permit 192.168.1.0 0.0.0.255
- exit
- route-map VOIP_ROUTE permit 10
- match IP address VOIP
- set IP next-hop 10.1.1.1
- exit
- interface fa0/0
- IP policy route-map VOIP_ROUTE.
How Track Will Work with Policy Base Routing?
Track objects can be used with PBR to monitor events and trigger actions. You could use track objects to detect when a link fails, or if there is an increase in latency on a certain route.
When the specified conditions are met, you can configure PBR to automatically redirect traffic onto another path. This ensures that your network remains available and functioning optimally, even in the event of an outage.
Example:
To track the performance of a link and trigger an action when it drops below a certain threshold, you can use the following command:
- track 100 IP route 10.1.0.0 255.255.0.0 reachability delay down 5 up 15
- route-map LINK_TRACK permit 10
- match track 100
- set IP next-hop 10.1.1.2
- exit
- interface fa0/0
- IP policy route-map LINK_TRACK.
- This will direct traffic through the 10.1.1.2 link if the performance of the 10.1.0.0 link drops below 5 milliseconds.