Cisco IOS Release 12.0 Quality of Service Solutions Configuration Guide
Configuring Policy-Based Routing
Download this chapter
Configuring Policy-Based RoutingConfiguring Policy-Based Routing
give_us_feedback

Table Of Contents

Configuring Policy-Based Routing

Policy-Based Routing Configuration Task List

Enable PBR

Enable Fast-Switched PBR

Enable Local PBR

Enable CEF-Switched PBR

PBR Configuration Examples

Equal Access Example

Differing Next Hops Example


Configuring Policy-Based Routing

This chapter describes the tasks for configuring policy-based routing (PBR) on a router. For a complete description of the commands mentioned in this chapter, refer to the Quality of Service Solutions Command Reference; the commands are listed alphabetically within that guide. To locate documentation of specific commands, use the command reference, master index, or search online.

Policy-Based Routing Configuration Task List

To configure PBR, perform the tasks in the following sections:

Enable PBR

Enable Fast-Switched PBR

Enable Local PBR

Enable CEF-Switched PBR

The section "PBR Configuration Examples" later in this chapter provides examples of configuring PBR.

Enable PBR

To enable PBR, you must create a route map that specifies the match criteria and the resulting action if all of the match clauses are met. Then you must enable PBR for that route map on a particular interface. All packets arriving on the specified interface matching the match clauses will be subject to PBR.

To enable PBR on an interface, use the following commands beginning in global configuration mode:

Step
Command
Purpose

1

route-map map-tag [permit | deny]
[sequence-number]

Define a route map to control where packets are output. This command puts the router into route-map configuration mode.

2


match length min max

and/or

match ip address {access-list-number | name}
[...access-list-number | name]

Specify the match criteria. You can specify one or both of the following:

Match the Level 3 length of the packet.

and/or

Match the source and destination IP address that is permitted by one or more standard or extended access lists.

If you do not specify a match command, the route map applies to all packets.

3



set ip precedence [number | name]


set ip next-hop ip-address [... ip-address]

set interface interface-type interface-number
[... type number]

set ip default next-hop ip-address [... ip-address]

set default interface interface-type
interface-number [... type ...number]

Specify the action or actions to take on the packets that match the criteria. You can specify any or all of the following:

Set precedence value in the IP header. You can specify either the precedence number or name.

Set next hop to which to route the packet (the next hop must be adjacent).

Set output interface for the packet.

Set next hop to which to route the packet, if there is no explicit route for this destination.

Set output interface for the packet, if there is no explicit route for this destination.

4

interface interface-type interface-number

Specify the interface. This command puts the router into interface configuration mode.

5

ip policy route-map map-tag

Identify the route map to use for PBR. One interface can only have one route-map tag, but you can have multiple route map entries with different sequence numbers. These entries are evaluated in sequence number order until the first match. If there is no match, packets will be routed as usual.


The set commands can be used in conjunction with each other. They are evaluated in the order shown in the previous table. A usable next hop implies an interface. Once the local router finds a next hop and a usable interface, it routes the packet.

Enable Fast-Switched PBR

IP PBR can now be fast-switched. Prior to Cisco IOS Release 12.0, PBR could only be process-switched, which meant that on most platforms the switching rate was approximately 1000 to 10,000 packets per second. This speed was not fast enough for many applications. Users who need PBR to occur at faster speeds can now implement PBR without slowing down the router.

Fast-switched PBR supports all of the match commands and most of the set commands, with the following restrictions:

The set ip default next-hop and set default interface commands are not supported.

The set interface command is supported only over point-to-point links, unless a route-cache entry exists using the same interface specified in the set interface command in the route map. Also, at the process level, the routing table is consulted to determine if the interface is on a reasonable path to the destination. During fast switching, the software does not make this check. Instead, if the packet matches, the software blindly forwards the packet to the specified interface.

PBR must be configured before you configure fast-switched PBR. Fast switching of PBR is disabled by default. To enable fast-switched PBR, use the following command in interface configuration mode:

Command
Purpose

ip route-cache policy

Enable fast switching of PBR.


To display the cache entries in the policy route cache, use the show ip cache policy command. Use the show ip policy command to display which route map is associated with which interface.

Enable Local PBR

Packets that are generated by the router are not normally policy-routed. To enable local PBR for such packets, indicate which route map the router should use by using the following command in global configuration mode:

Command
Purpose

ip local policy route-map map-tag

Identify the route map to use for local PBR.


All packets originating on the router will then be subject to local PBR.

Use the show ip local policy command to display the route map used for local PBR, if one exists.

Enable CEF-Switched PBR

Beginning in Cisco IOS Release 12.0, PBR is supported in the Cisco Express Forwarding (CEF) switching path. CEF-switched PBR has better performance than fast-switched PBR and, therefore, is the optimal way to perform PBR on a router.

No special configuration is required to enable CEF-switched PBR. It is on by default as soon as you enable CEF and PBR on the router.

Note   The ip route-cache policy command is strictly for fast-switched PBR and, therefore, not required for CEF-switched PBR.

PBR Configuration Examples

This section provides the following examples of PBR configurations:

Equal Access Example

Differing Next Hops Example

Equal Access Example

The following example provides two sources with equal access to two different service providers. Packets arriving on asynchronous interface 1 from the source 1.1.1.1 are sent to the router at 6.6.6.6 if the router has no explicit route for the packet's destination. Packets arriving from the source 2.2.2.2 are sent to the router at 7.7.7.7 if the router has no explicit route for the packet's destination. All other packets for which the router has no explicit route to the destination are discarded. 

access-list 1 permit ip 1.1.1.1 

access-list 2 permit ip 2.2.2.2 

!

interface async 1

 ip policy route-map equal-access

!

route-map equal-access permit 10

 match ip address 1

 set ip default next-hop 6.6.6.6

route-map equal-access permit 20

 match ip address 2

 set ip default next-hop 7.7.7.7

route-map equal-access permit 30

 set default interface null0

Differing Next Hops Example

The following example illustrates how to route traffic from different sources to different places (next hops), and how to set the precedence bit in the IP header. Packets arriving from source 1.1.1.1 are sent to the next hop at 3.3.3.3 with the precedence bit set to priority; packets arriving from source 2.2.2.2 are sent to the next hop at 3.3.3.5 with the precedence bit set to critical. 

access-list 1 permit ip 1.1.1.1

access-list 2 permit ip 2.2.2.2

!

interface ethernet 1

   ip policy route-map Texas

!

route-map Texas permit 10

   match ip address 1

   set ip precedence priority

   set ip next-hop 3.3.3.3

!

route-map Texas permit 20

   match ip address 2

   set ip precedence critical

   set ip next-hop 3.3.3.5