Setting up policy-based routing

Last Updated : Apr 10, 2018 |

About this task

For a full example of a policy-based routing configuration, see Policy-based routing application example.

Procedure

  1. Define PBR lists.

    • In general context, enter ip pbr-list followed by a list number in the range 800 to 899. For example:

      Gxxx-001(super)# ip pbr-list 802
Gxxx-001(super-PBR 802)#

    • To assign a name to the list, use the name command, followed by a text string, in the PBR list context. The default name is list #<list number>. For example:

      Gxxx-001(super-PBR 802)# name voice
Done!
Gxxx-001(super-PBR 802)#

    • To assign an owner to the list, use the owner command, followed by a text string, in the PBR list context. The default owner is other. For example:

      Gxxx-001(super-PBR 802)# owner tom
Done!
Gxxx-001(super-PBR 802)#
  2. Define PBR rules.

    In the PBR list context, enter ip-rule, followed by the number of the rule, to define a rule for the PBR list. Repeat this command to define additional rules. A rule contains: (i) criteria that is matched against the packet, and (ii) a next hop list. When a packet matches the criteria specified in the rule, the rule’s next hop list determines how the packet is routed. Each PBR list can have up to 1,500 rules. The first rule that matches the packet determines the packet’s routing.

    It is important to include a destination address, or range of addresses, in PBR rules to better classify the traffic to be routed. For an illustration, see Policy-based routing application example.

    Note:

    Leave a gap between rule numbers, in order to leave room for inserting additional rules at a later time. For example, ip-rule 10, ip-rule 20, ip-rule 30.

    The following example creates rule 1, which routes packets going to IP address 149.49.43.210 with a DSCP value of 34 according to next hop list 1. The next step explains how to define a next hop list. For additional details about PBR rules, see PBR rules.

    Gxxx-001(super-PBR 802)# ip-rule 1
Gxxx-001(super-PBR 802/ip rule 1)# next-hop list 1
Done!
Gxxx-001(super-PBR 802/ip rule 1)# destination-ip host 149.49.43.210
Done!
Gxxx-001(super-PBR 802/ip rule 1)# dscp 43
Done!
Gxxx-001(super-PBR 802/ip rule 1)#
    Note:

    Rules do not include a default next hop list. Thus, if you do not include a next hop list in the rule, the packet is routed according to destination-based routing, that is, the ordinary routing that would apply without policy-based routing.

  3. Define next hop lists.

    Enter exit twice to return to general context. In general context, define all the next hop lists that you have used in PBR rules.

    Note:

    You can also perform this step before defining PBR lists and rules.

    Enter ip next-hop-list, followed by the number of the list, to define a next hop list. In the next hop list context, use the following commands to define the next hops in the list:

    • Enter next-hop-ip, followed by the index number of the entry in the next hop list, to define an IP address as a next hop. You can optionally apply tracking to monitor the route.

    • Enter next-hop-interface, followed by the index number of the entry in the next hop list, to define an interface as a next hop. You can optionally apply tracking to monitor the route.

    You can also use the name command to assign a name to the next hop list.

    Note:

    You cannot use a FastEthernet Interface as an entry on a next hop list unless the interface was previously configured to use PPPoE encapsulation, or was configured as a DHCP client. See Configuring PPPoE, and DHCP client configuration.

    A next hop list can include the value NULL0. When the next hop is NULL0, the Branch Gateway drops the packet. However, you cannot apply tracking to NULL0.

    The following example creates next hop list 1, named Data to HQ, with the following entries:

    • The first entry is the FastEthernet 10/2 interface. Object tracker 3 is applied to monitor the route. For details about configuring the object tracker see Object tracking.

    • The second entry is IP address 172.16.1.221. This is the IP address of the external Layer 3 router connected to the Branch Gateway.

    • The third entry is NULL0, which means the packet is dropped

    Gxxx-001(super)# ip next-hop-list 1
Gxxx-001(super-next hop list 1)#name Data_to_HQ
Done!
Gxxx-001(super-next hop list 1)#next-hop-interface 1 FastEthernet 10/2 track 3
Done!
Gxxx-001(super-next hop list 1)#next-hop-ip 2 172.16.1.221
Done!
Gxxx-001(super-next hop list 1)#next-hop-interface 3 Null0
Done!
Gxxx-001(super-next hop list 1)#

    For additional details about next hop lists, see Next hop lists.

    This example demonstrates a case where the data traffic is sent over the WAN FastEthernet Interface through the Internet.

    When the track detects that this next hop is not valid, traffic is routed over the external Serial interface connected to the external Layer 3 router.

  4. Apply the PBR list to an interface.

    Enter exit to return to general context. From general context, enter the interface to which you want to apply the PBR list. In the interface context, enter ip pbr-group, followed by the number of the PBR list, to attach the list to the interface. The list will be applied to packets entering the interface.

    The following example applies PBR list 802 to VLAN 2.

    Gxxx-001(super)# interface vlan 2
Gxxx-001(super-if:VLAN 2)# ip pbr-group 802
Done!
Gxxx-001(super-if:VLAN 2)#
  5. Apply the PBR list to the Loopback interface.

    The following example applies PBR list 802 to the Loopback interface.

    Gxxx-001(super)# interface Loopback 1
Gxxx-001(super-if:Loopback 1)# ip pbr-group 802
Done!
Gxxx-001(super-if:Loopback 1)# exit
Gxxx-001(super)#
  6. Enter copy running-config startup-config.

    This saves the new policy-based routing configuration in the startup configuration file.

Related information
Policy-based routing