Policy-based routing enables you to configure a routing scheme based on traffic’s source IP address, destination IP address, IP protocol, and other characteristics. You can use policy-based routing (PBR) lists to determine the routing of packets that match the rules defined in the list. Each PBR list includes a set of rules, and each rule includes a next hop list. Each next hop list contains up to 20 next hop destinations to which the Branch Gateway sends packets that match the rule. A destination can be either an IP address or an interface.
Policy-based routing takes place only when the packet enters the interface, not when it leaves. Policy-based routing takes place after the packet is processed by the Ingress Access Control List and the Ingress QoS list. Thus, the PBR list evaluates the packet after the packet’s DSCP field has been modified by the Ingress QoS List. See Policy lists to packets.
Note:
The Loopback 1 interface is an exception to this rule. On the Loopback 1 interface, PBR lists are applied when the packet leaves the interface. This enables the PBR list to handle packets sent by the Branch Gateway device itself, as explained below.
Note:
ICMP keepalive provides the interface with the ability to determine whether a next hop is or is not available. See ICMP keepalive.
Note:
Policy-based routing is supported on IPv4 only.
Policy-based routing only operates on routed packets. Packets traveling within the same subnet are not routed, and are, therefore, not affected by policy-based routing.
The Loopback interface is a logical interface which handles traffic that is sent to and from the Branch Gateway itself. This includes ping packets to or from the Branch Gateway, as well as Telnet, SSH, FTP, DHCP Relay, TFTP, HTTP, NTP, SNMP, H.248, and other types of traffic. The Loopback interface is also used for traffic to and from analog and DCP phones connected to the device via IP phone entities.
The Loopback interface is always up. You should attach a PBR list to the Loopback interface if you want to route specific packets generated by the Branch Gateway to a specific next-hop.
Unlike the case with other interfaces, PBR lists on the Loopback interface are applied to packets when they leave the Branch Gateway, rather than when they enter.
Certain types of packets are not considered router packets (on the Loopback interface only), and are, therefore, not affected by policy-based routing. These include RIP, OSPF, VRRP, GRE, and keepalive packets. On the other hand, packets using SNMP, Telnet, Bootp, ICMP, FTP, SCP, TFTP, HTTP, NTP, and H.248 protocols are considered routed packets, and are, therefore, affected by policy-based routing on the Loopback interface.
