Networking Basics: How to Configure Policy-Based Routing on Cisco Routers
The Quick Definition: Policy-based routing (PBR) is a technique used to make routing decisions based on policies set by network administrators.
What is Policy Routing?
Networks have grown in complexity due to factors such as the cloud, mobility, and web-based applications. Not to mention, there's more video and voice data running on those same networks. As a result, there's an increased need to prioritize and segregate traffic on our networks.
Policy-based routing is a powerful feature that allows for nearly limitless customization in routing patterns. Essentially, the administrator identifies a type of traffic (web, VoIP, FTP, etc.) and then sets the predetermined routing pattern of that traffic.
Customization even extends into times of day, IP subnets, and every other possible variation, all achievable with the simple and easily adaptable process laid out here. Let's take a look at how we can configure policy-based routing on a Cisco router.
How to Route Fast and Slow Connections
For purposes of this example, we're going to establish a set of rules that route the IT department of our hypothetical organization to the fast connection while directing all other traffic to the slow connection.
The fast connection will be represented by serial 0/0, and the slow by serial 0/1. The IT department exists on VLAN 1, 10.1.0.0/16, and all other traffic on 10.2.0.0 and all other subnets. The goal is to direct traffic from that first group to serial 0/0, and all others to serial 0/1 using policy-based routing.
How to Create the Access List
The first step in policy-based routing is to create an access list, which helps to filter traffic through your network. In the router console, bring up the configuration with conf t, which will then prompt for configuration commands.
To create the access list for the example case, enter:
access-list 50 permit 10.1.0.0 0.0.255.255
The number, 50, immediately following the 'access-list' command tells us that this is a 'Standard' access list. The string after the permit identifies the source of the traffic. This access list will be the point of reference for the route map in determining the type of traffic set subject to the established routing protocols.
Starting the Route Map
Next, create the route map that will segregate the traffic. Enter the command route-map POLICY. In this case, the POLICY entry is simply naming this route map to reflect its purpose. We are going to call our Route Map "IT-Fast."
A route map is a series of if-then statements that request inputs and feed them to predetermined outputs. In the router console, these if-then commands are represented by match and set.
Configuring the Route Map
The match input is the if statement entry, and the first entry into the route map. Enter match ip address 50. This will set the input to the 10.1 subnets established in access list 50, identifying the IT department. The next command, set, establishes where that subgroup will be routed.
Ideally, the traffic will be routed to the IP address of the service provider's fast connection gateway. In this example we haven't established such a gateway's address, so instead will use the interface configuration.
So, immediately following the match ip address 50 command, which identifies the group to be routed, enter set interface serial 0/0. Now the traffic identified in the access list will be directed to serial 0/0, which was established earlier to represent the fast connection.
Router(config)# route-map IT-Fast Router(config-route-map)# match ip address 50 Router(config-route-map)# set interface serial0/0
Sequencing the Route Map
In the first route map sequence, we didn't establish a number, so it defaulted to 10. So, at the route-map POLICY prompt, enter "route-map IT-Fast 20" to indicate the next step of the route map. If traffic does not fall into the group matched by sequence 10, it will fall into sequence 20 looking for routing directions.
Router(config-route-map)# route-map IT-Fast 20
Directing Remaining Traffic
Because the only group with specialized routing instructions has already been accounted for, there's no need to establish a match statement for sequence 20. In the absence of that match statement, all traffic not routed in line with sequence 10 will be accounted for.
All that's left for this sequence is to enter set interface serial 0/1. Now, all other traffic will be routed to the 0/1 slow connection. If sequence 20 was not created, all other traffic would drop out of the routing policy parameters and return to the normal routing table.
Router(config-route-map)# route-map IT-Fast 20 Router(config-route-map)# set interface serial0/1
To check the route map, enter show route-map, which will bring up the sequences in effect. It should indicate that sequence 10 is matched to access list 50 and set to interface 0/0, and sequence 20 is matched to nothing (meaning it catches everything else) and set to interface 0/1.
Router# sh route-map
route-map IT-Fast, permit, sequence 10
ip address (access-lists): 50
Policy routing matches: 0 packets, 0 bytes
route-map it-fast, permit, sequence 20
How to Apply the Route Map
The final step is to apply the new route map. For the purposes of the example, imagine that the traffic is entering FastEthernet 0/0. Enter the configuration for interface fa0/0. Apply the route-map, followed by ip policy route-map POLICY.
This directs the policy of that entry point to the newly created POLICY map, which is now in effect. Now, all traffic entering Fastethernet 0/0 will run through the sequences and be directed appropriately, and policy-based routing is in full effect.
Router(config)# interface fa0/0 Router(config-if)# ip policy route-map IT-Fast
CBT Nuggets Policy-Based Routing Courses
While we don't have a course that specifically addresses policy-based routing, our entry-level Cisco networking courses discussing the topic.
CBT Nuggets trainer Jeremy Cioara explains policy-based routing more in-depth right here:
delivered to your inbox.