Describe policy-based routing

3.2 Layer 3

📘CCNP Encore (350-401-ENCORE-v1.1)

What is Policy-Based Routing (PBR)?

Policy-Based Routing (PBR) is a routing method that allows a router to forward traffic based on rules (policies) instead of only using the routing table.

Normally, routers forward packets based on:

  • Destination IP address
  • Best match in the routing table

With PBR, the router can make routing decisions using:

  • Source IP address
  • Application or protocol
  • Traffic type
  • Packet attributes

This gives more control over how traffic flows in the network.

Why Do We Need PBR?

Traditional routing has limitations:

  • It cannot differentiate traffic types
  • It always chooses the best destination route

PBR solves this by allowing network administrators to:

  • Send specific users or applications through specific paths
  • Control traffic flow beyond normal routing logic
  • Apply business or security policies at the routing level

How PBR Works (High-Level)

  1. A packet arrives on a router interface
  2. The router checks if PBR is applied on that interface
  3. If yes:
    • The router evaluates the packet against PBR rules
  4. If the packet matches a policy:
    • The router forwards it as defined by the policy
  5. If no match:
    • The router uses the normal routing table

Where PBR Is Applied

PBR is applied:

  • Inbound on an interface

This means:

  • PBR is checked before normal routing decisions
  • Only traffic entering the interface is evaluated

Key Components of Policy-Based Routing

1. Access Control List (ACL)

ACLs are used to:

  • Identify traffic that should be policy-routed

ACLs can match:

  • Source IP address
  • Destination IP address
  • Protocol (TCP, UDP, ICMP)
  • Port numbers

ACLs do not forward traffic by themselves in PBR; they only classify traffic.

2. Route Map

A route map defines:

  • Which traffic to match
  • What action to take

A route map has:

  • One or more sequence numbers
  • Each sequence has:
    • match conditions
    • set actions

3. Set Actions (What the Router Does)

Common set options in PBR:

  • set ip next-hop → Send traffic to a specific next-hop IP
  • set interface → Send traffic out a specific interface
  • set ip default next-hop → Use next-hop only if routing table has no match

4. Interface Configuration

The route map is applied to an interface using:

ip policy route-map <name>

This tells the router:

  • “Apply this policy to all traffic entering this interface”

PBR Decision Order (Important for Exam)

The router processes traffic in this order:

  1. Packet arrives on interface
  2. PBR is checked first
  3. If a PBR rule matches:
    • The set action is applied
  4. If no PBR rule matches:
    • Normal routing table is used

⚠️ PBR overrides the routing table if a match occurs.

Example Scenario (IT-Focused)

In an enterprise network:

  • Management traffic should use a secure path
  • General user traffic should use the default path

PBR can:

  • Match management IP addresses
  • Force them to use a specific next-hop
  • Allow all other traffic to follow normal routing

This is not possible with destination-based routing alone.

Route Map Logic (Permit vs Deny)

In PBR route maps:

  • permit → Apply the policy (set action)
  • deny → Ignore PBR and use normal routing

If no route map entry matches:

  • Traffic uses standard routing

Multiple Route Map Entries

Route maps are processed:

  • Top to bottom
  • Based on sequence numbers

First match wins.

This allows:

  • Fine-grained control
  • Multiple policies for different traffic types

Verification Commands (Exam-Relevant)

Know these commands:

show route-map

Shows route map configuration and match statistics

show ip policy

Shows interfaces where PBR is applied

show access-lists

Verifies ACL matches used by PBR

Limitations of Policy-Based Routing

Important for exam understanding:

  • PBR is interface-based, not global
  • PBR increases CPU usage if overused
  • PBR does not dynamically adapt like routing protocols
  • PBR is best used for specific traffic, not all traffic

PBR vs Normal Routing (Quick Comparison)

FeatureNormal RoutingPolicy-Based Routing
Decision based onDestination IPPolicy rules
Uses routing tableYesOnly if no PBR match
Traffic controlLimitedVery granular
ConfigurationSimpleMore complex

When PBR Is Commonly Used in Networks

  • Traffic steering for security policies
  • Sending certain traffic through firewalls
  • Application-based routing
  • Segregating management and user traffic
  • Enforcing organizational routing policies

Exam Key Points to Remember

✔ PBR makes routing decisions based on policies
✔ Applied inbound on interfaces
✔ Uses ACLs + route maps
✔ Overrides routing table when matched
✔ Route maps process top-down
permit applies PBR, deny skips it
✔ Verified using show ip policy and show route-map

Summary

Policy-Based Routing allows routers to:

  • Go beyond destination-based routing
  • Control traffic flow using rules
  • Enforce business and security policies

For the CCNP ENCOR exam, you must understand:

  • How PBR works
  • Its components
  • Its processing order
  • Its limitations

This knowledge ensures you can design, describe, and troubleshoot PBR in enterprise networks.

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by