PBR (Policy Based Routing) is the content of the routing policy, which is called Policy Based Routing.

The so-called policy routing, as the name implies, forwards packets according to a certain policy. Therefore, policy routing is a more flexible routing mechanism than destination routing. When a router forwards a data packet, it first filters the packet according to the configured rules, and forwards the packet according to a certain forwarding policy if the match is successful. This kind of rule can be based on standard and extended access control lists, or based on the length of the message; while the forwarding policy is to control the forwarding of the message according to the specified policy routing table, and it can also modify the IP priority field of the message. Therefore, policy routing is an effective enhancement to the traditional IP routing mechanism.

Policy-based routing provides network managers with more control over packet forwarding and storage than traditional routing protocols. Traditionally, routers use routing tables derived from routing protocols to forward packets based on destination addresses. Compared with traditional routing, policy-based routing has stronger capabilities and is more flexible to use. It enables network managers to select forwarding paths not only based on destination addresses but also based on protocol types, packet sizes, applications or IP source addresses. Policies can be defined as load balancing through multiple routers or Quality of Service (QoS) for packet forwarding across wires based on total traffic.

Policy Route means that when determining the next-hop forwarding address or the next-hop default IP address of an IP packet, it is not simply determined based on the destination IP address, but comprehensively. Consider a number of factors to decide. For example, the path can be selected for the data packet according to the DSCP field, source and destination port numbers, source IP address, etc. Policy-based routing can implement traffic engineering to a certain extent, so that flows with different quality of service or data of different natures (voice, FTP) take different paths.

Policy routing can be set according to the following characteristics of data packets:

802.1p priority


source/destination MAC address

Source/destination IP address (including IP MASK part)

TCP/UDP source/destination port number

IP priority

DSCP priority

IP protocol type field

The following two policy routes can be set for flows that match the above characteristics:

below First-hop IP address: This configuration command indicates that the output packets that match the matching statement will go to the next-hop IP address.

Next Hop Default IP Address: This configuration command sets the default next hop. If there is no clear path in the routing table, the router uses the default next hop. This process is often used for load balancing between two different service providers. When this command is used, the routing table is also used for routing first. If there is no clear path in the routing table, the router uses the default value according to the established policy.

After the policy route is set on the interface that receives the packets, the switch detects the incoming data packets on the interface. It searches for the corresponding policy routing entry, and selects the forwarding path according to the next hop IP address or the default routing IP address specified by the policy routing entry.

Policy routing only affects local behavior, so it may cause traffic in the form of "asymmetric routing". For example, a unit has two uplinks A and B. The unit wants to share all HTTP traffic to A link and FTP traffic to B link. This is no problem, but on its upstream device, it cannot guarantee downlink. The HTTP traffic is shared to link A, and the FTP traffic is shared to link B.


Source-based routing allows different users to choose different ISPs

QOS can be achieved by setting IP Precedence or Tos

< p> Implement load balancing


1. PBR can only be used in one direction, because the route-map is above the routing table. After the traffic enters the interface, if If it is detected that there is a route-map configuration, it will not look up the routing table, but will forward it according to the route-map policy configuration.

2. PBR is affected by the characteristics of CEF. If the experiment does not work, you can try no ip cef on the device.


Although no system is ever 100 percent protected, the ability for differentiating between typical network traffic as well as potentially harmful malware is considered crucial and provides the focus of this associate-level certification path. Also, if you wish to acquire this certification, you should gain the CCNP 350 401 ENCOR Dumps, which are being offered at the EveDumps.


Leave a comment