Policy Based Routing (PBR): How to Configure?


Routing is an important aspect of networking. Routing is the process to discover destination networks, advertising them, determine the best path for traffic and maintain route information. Routing occurs at layer 3 and there are several protocols available on layer 3 and they perform a typical set of similar tasks such as advertise, build local route tables in memory, choose the best path.

Alternate to conventional routing a more flexi approach to routing is offered by PBR or Policy Based Routing for better control and management of network traffic by network administrators. 

Today we look more in detail about policy based routing, how it works, its features, architecture components, advantages and use cases etc.

What is PBR or Policy Based Routing?

As the name suggests in Policy based routing data packets are routed or forwarded using policies or filters. Network administrators can apply selective policies based on specific set of parameters such as source and destination IP address, source or destination port, traffic type, protocols, access lists, packet size, or any other criteria to route packets on user defined routes. The objective is to make network agile and flexible. By defining routing behaviour based on application attributes, network administrators can optimize how bandwidth get used by most business-critical applications. 

Traditional routing which is based on the destination of traffic has limitations. With the advent of cloud computing, mobility and web-based applications there is a need for more agile networks which know each application traffic type traversing the network. PBR handles applications individually to effectively prioritize , segregate, and route traffic without compromising its availability and performance. 

How does PBR work?

PBR is an alternative to routing protocols which let you configure a policy for unicast traffic flows to provide more control over routing than a routing protocol does and avoid the need to configure interface level traffic classification. PBR provides equal access, protocol sensitive routing, source sensitive routing, interactive rather than batch routing, routing based on dedicated links. 

PBR applied route maps can be configured to allow or deny paths based on the identity of a specific end system , an application protocol, or packet size or combination of any of these values. Classification of traffic based on criteria of extended list, set IP precedence bits and so on.

PBR applies route map to all ingress unicast traffic received on a PBR enabled interface. PBR cannot be applied to egress traffic or to multicast traffic. If the ingress unicast traffic does not match the route map, then route map applies to all configured set clauses. Routing protocols forward traffic which match a route map deny statement and traffic which does not match any route map permit statements.

Advantages of PBR 

  • Prioritization of applications by choosing high bandwidth, low latency links for critical applications.
  • Load sharing by creating a fallback link for critical traffic in case main link carrying critical application traffic suffers an outage.
  • Segregation of traffic for deep analysis or inspection. 
  • Controlling flow of subscriber traffic in service provider networks via traffic management policies and rules based on subscriber profiles. 
  • Provide guaranteed service level agreements (SLAs) for delivery of the specific traffic to ensure it receives appropriate priority, routing and bandwidth to ensure enhanced user experience.
  • Send specific applications for WAN optimization. Classify traffic based on applications, send to WAN optimizer to speed up access to critical applications and data. 

policy based routing pbr

How to configure PBR?

To configure PBR on an interface following commands are used in global configuration mode.


Step 1 Router(config)# route-map map-tag [permit | deny] [sequence-number] 

This command is used to define a route map to control where packets are output. 


Step 2 Router(config-route-map)# match length min max 

Router(config-route-map)# match ip address {access-list-number | name} […access-list-number | name]

Specifies match criteria for length and ip address 

Length matches level 3 length of packet

IP address matches source or destination IP address permitted by one or more standard or extended access lists

Default is to apply to all packets


Step 3 Router(config-route-map)# set ip precedence [number | name]

Router(config-route-map)# set ip df

Router(config-route-map)# set ip vrf vrf_name

Router(config-route-map)# set ip next-hop ip-address [… ip-address]

Router(config-route-map)# set ip next-hop recursive ip-address [… ip-address]

Router(config-route-map)# set interface interface-type interface-number [… type number]

Router(config-route-map)# set ip default next-hop ip-address [… ip-address]

Router(config-route-map)# set default interface interface-type interface-number [… type …number]

Specify action taken on every packet which is in scope of criteria 

Precedence – set precedence value in ip header 

Df set the ‘don’t fragment’ bit in ip header

Vrf sets VPN routing and forwarding instance

Next-hop – next hop to which route the packet

Next-hop recursive – set next hop to which route packet if hop is a router which is not adjacent

Interface – output interface for packet

Default next-hop – set next hop to route packet if there is no explicit route to destination

Default interface – set output interface for packet if there is no explicit route to destination 


Step 4 Router(config-route-map)# interface interface-type interface-number

Specify interface and put router into interface configuration mode


Step 5 Router(config-if)# ip policy route-map map-tag

Identify route map to use for PBR 


Continue Reading:

What is Segment Routing?

MPLS vs IP Routing : Know the difference

About The Author

Add Comment

Social Media Auto Publish Powered By : XYZScripts.com
Select your currency
USD United States (US) dollar