Cisco Policy Routing (policy route) fine Solutions

Source: Internet
Author: User
Tags ftp

Note: PBR was previously a major tool used by Cisco to discard messages. For example, set interface null 0, which, according to Cisco, would save a bit more overhead than the ACL's deny. Here I remind:

Interface NULL 0
No IP unreachable//Join this command
This avoids the return of many ICMP unreachable messages because of the large number of packets discarded.

When a three-tier device forwards a packet based on the destination address of the packet (the destination network), what are the characteristics of the policy route?

1, can not only according to the destination address forwarding packet, it can be based on the source address, data application, packet length and so on. This makes forwarding packets more flexible.

2, for the QoS service. Use Route-map and Policy routing to modify the associated QoS entries for the QoS service based on the characteristics of the packet.

3, load balance. Use Policy Routing to set the behavior of the packet, such as the next hop, the next interface, etc., so that in the case of multiple links, different links can be used depending on the application of the packet, thus providing an efficient load balancing capability.

Policy Routing affects only local behavior, so traffic in the form of "asymmetric routing" may be caused. For example, a unit has two uplink A and B, the unit wants to share all the HTTP traffic to a link, FTP traffic sharing to B link, this is no problem, but in its uplink equipment, can not guarantee the downlink of the HTTP traffic sharing to a link, FTP traffic sharing to B-Link road.

Policy routing is typically for interfaces into (in) direction packets, but it can also be a policy route for locally emitted packets when the associated configuration is enabled.

This article explains the following four aspects of Policy routing:

1. Enable Policy Routing

2. Enable Fast-switched PBR

3. Enable local PBR

4. Enable Cef-switched PBR

To enable Policy Routing:

1. Start configuring Route-map. Use Route-map Map-tag [Permit | deny] [sequence-number] into the Route-map configuration mode.

2. Use the match statement to define the flow of interest and, if not defined, all traffic. Match length min Max and/or match IP address {access-list-number | name}[...access-list-number | name]

3. Set the packet behavior using the SET command.
Set IP precedence [number | name]
Set IP next-hop ip-address [... ip-address]
Set interface Interface-type interface-number [... type number]
Set IP default Next-hop ip-address [... ip-address]
Set default interface Interface-type Interface-number [... number]

4. Note Here the difference between set IP next-hop and set IP default Next-hop, set interface and set default interface, without default statements, which are forwarded without querying the routing table Packet to the next hop IP or interface, and the statement containing default is to query the routing table before forwarding the packet to the next hop IP or interface specified by the default statement if no exact matching route entry is found.

5. Enter the interface where you want to apply the policy route. interface xxx

6. Apply the defined policy. Note You must define the relevant route-map before you can use the Route-map on the interface, and the command to enable the Route-map policy on the interface is:
IP policy Route-map Map-tag

Enable Fast-switched PBR

Prior to Cisco IOS Release 12.0, Policy routing can only forward packets through process forwarding, so that packet forwarding efficiency is very low, and on different platforms, it is basically 1000 to 10,000 packets per second. With the advent of cache forwarding technology, Cisco realizes the Fast-switched PBR and greatly improves the forwarding speed of packets. The Enable method uses the IP route-cache policy command in the interface.

Note: fast-switched PBR supports all match statements and most set statements, but it has the following two limitations:

1. The set IP default Next-hop and set default interface command are not supported.

2. If the interface-related items specified in Set are not present in Route-cache, then the set interface command can fast-switched PBR only when point-to-point. Also, when "process forwarding" is in progress, the system also queries the routing entries to see if the interface is a reasonable path. This is not checked by the system when fast switching.

Enable local PBR

By default, packets generated by the router itself are not routed by policy, and if you want to route the packets generated by the router itself, you need to use the following command in global mode to enable:
IP Local Policy route-map map-tag

Enable Cef-switched PBR

In support of CEF platform, the system can use cef-switched PBR to improve the forwarding speed of PBR, its forwarding speed than fast-switched PBR faster! As long as you enable CEF on a PBR-enabled router, cef-switched PBR is automatically enabled.
Note: IP Route-cache policy only applies to fast-switched PBR, which is not required in cef-switched PBR, and if you use CEF on a router with PBR enabled, this command has no effect, and the system ignores the existence of this command.

PBR Configuration Case:

Case 1:
Routers are connected to two ISPs through two different links, and for traffic from the Async 1 interface, where there is no "exact route" match, the packet with the source address is forwarded to, using the policy route. Packets with a source address of are forwarded to, and all other data is discarded.

The configuration is as follows:
Access-list 1 Permit IP
Access-list 2 Permit IP
Interface Async 1
IP policy Route-map equal-access
Route-map equal-access Permit 10
Match IP Address 1
Set IP default Next-hop
Route-map Equal-access Permit 20
Match IP Address 2
Set IP default Next-hop
Route-map equal-access Permit 30
Set default interface null0

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.