PBR( Policy Based Routing)是路由策略中的内容,全称为基于策略的路由。The so-called policy-based routing, by definition, that is to forward packets according to a certain strategy, so policy-based routing is
a more flexible way than the destination routing routing mechanism.
When the router forwards a data message, it first filters the message according to the configured rules, and then forwards the message according to a certain forwarding strategy if the match is successful.
This kind of rule can be based on the standard and extended access control list, or based on the length of the message; and the forwarding strategy is to control the message to be forwarded according to the specified policy routing table, and the IP precedence field of the message can also be modified.
Therefore, policy routing is an effective enhancement to the traditional IP routing mechanism. The advantage of PBR is that PBR can select routes based on the source, while the common method can only select routes based on the destination.
Policy-based routing provides network managers with stronger control over the forwarding and storage of messages than traditional routing protocols.
Traditionally, routers use routing tables derived from routing protocols to
forward packets according to the destination address . Policy-based routing is more capable and flexible than traditional routing. It enables network administrators to select forwarding paths not only based on the destination address but also based on the protocol type, message size, application, or IP source address.
The strategy can be defined as the quality of service through multi-router load balancing or packet forwarding on each line according to the total traffic (
QoS)。
The policy routing can be set according to the following characteristics of the data packet:
802.1p priority
VLAN ID
Source/destination MAC address
Source/destination IP address (including IPMASK part)
TCP/UDP source/destination port number
IP priority
DSCP priority
Protocol type field of IP
After the policy routing is set on the interface that receives the message, the switch detects the incoming data message on the interface, and when it detects that there is a data message matching the corresponding flow classification characteristics, it will look up the corresponding policy routing table Item, select the forwarding path according to the next hop IP address specified by the policy routing table item or the default routing IP address.
Policy routing only affects local behavior, so it may cause traffic in the form of "asymmetric routing". For example, a unit has two uplinks A and B. The unit wants to share all HTTP traffic to link A, and FTP traffic to
Link B, this is no problem, but on its upstream device, it cannot guarantee that the downlink HTTP traffic is shared to the A link and the FTP traffic is shared to the B link.
E.g:
The router is connected to the two ISPs through two different links. For the traffic entering from the f0/1 interface, there is no "precise routing
In the case of a match, the data packet with the source address 1.1.1.1 is forwarded to 6.6.6.6 using policy routing, the data packet with the source address 2.2.2.2 is forwarded to 7.7.7.7, and all other data is discarded.
access-list 1 permit ip 1.1.1.1
access-list 2 permit ip 2.2.2.2
interface f0/1
ip policy route-map equal-access
route-map equal-access permit 10
match ip address 1
set ip default next-hop 6.6.6.6
route-map equal-access permit 20
match ip address 2
set ip default next-hop 7.7.7.7
route-map equal-access permit 30
set default interface null0
advantage:
1. Source-based routing allows different users to choose different ISPs
2. Realize QOS by setting IP Precedence or Tos
3. Realize load balancing
note:
1. PBR can only be used in one direction in, because the route-map is above the routing table. After the traffic enters the interface, if a route-map configuration is detected, it will not look up the routing table, but first Forwarding according to the route-map strategy configuration.
2. PBR is affected by the characteristics of CEF. If the experiment does not produce results, you can try to set the device no ip cef