Friday, September 01, 2006


Some Thoughts on Policy Based Routing (PBR)

When I first encountered PBR, I understood it mainly as source-based routing as opposed to the usual destination-based routing. The usual forwarding process on routers conceptually does a look-up in the routing table for the destination address in the packet and uses the next-hop information it gets from the routing table to pass the packet onwards towards its destination. The routing table itself is primed by information exchanged by routing protocols or via static routes. (In fact, it is useful to think of even static routes and connected routes themselves as special cases of routing protocols.)

However with PBR, this process is changed because the source address of the packet can affect the handling of the packet. In effect, with the usual packet forwarding scheme all variables other than the destination address of the packet are dont-cares while with PBR those other variables stop being dont-cares. So for instance, PBR would allow a router to forward all packets with the destination address D to be forwarded via interface serial0 except when those packets were some specific source address S in which case the packets would be forwarded to interface serial1. Thus, the forwarding process becomes sensitive to the source address.

Actually, thinking of PBR as mainly source-based or source-sensitive routing is limiting because using PBR one could also make it sensitive to a number of other variables like the length of the packet, any layer4 information in the packet, whether the packet is of a particular protocol type etc. The way these variables are selected and caused to affect the forwarding process is done via route maps.

In some recent reading I realized that there was another way to look at PBR. As with all things, multiple ways of looking at something results in a better understanding of the concept at hand. The other way to look at PBR is to think of it as a powerful static route -- static routes on steroids. Just as static routes define how packets destined prefixes will be handled, PBR specified how packets that match certain criteria will be handled. It is just that the criteria include destination addresses as with static routes but also include much more. Also, just as a static route by virtue of its low administrative distance will override any routes that may be learnt for the same prefix via some routing protocol, PBR specified policies will override what the routing table lookup might have specified for that destination prefix. This way of looking at PBR allows one to understand PBR as a generalization of the idea of static routes.

The generalized nature of PBR causes some representational difficulties w.r.t displaying the semantics of PBR configuration. The effect of a static route is clearly discernible just by looking at the routing table via the "show ip route" command. However, it is not possible to see the effect of PBR simply by looking at the routing table. The very general nature of PBR causes it to be a bit difficult to capture the effect of the PBR configuration on a running system simply by some output from a show command. To see how the PBR configuration would affect the traffic flow, one needs to mentally parse the configured route maps and see which interfaces the policy routing is applied to and then think of the effect on the traffic flow depending on variables like source and destination addresses, source and destination ports, packet lengeth etc in the packet stream. The fact that the multi-variate nature of what PBR deals with makes it hard to display the effect of PBR via show command output is akin to the difficulty of representing and visualizing n-dimensional space for values of n greater than 3.

This comment has been removed by a blog administrator.
This comment has been removed by a blog administrator.
What's happend here? The site hasn't been updated since August and now lots of spammers are putting their crap in these comments! I hope things pick back up here - this is probably one of the best sites on the net when kept going... I really like the regular questions that are asked that aren't necessarily approached by Cisco. I hope you decide to move forward on this again sometime soon...
This comment has been removed by a blog administrator.
This comment has been removed by a blog administrator.
This comment has been removed by a blog administrator.
This comment has been removed by a blog administrator.
CCNP(642-902 ROUTE), CCNP(642-813 SWITCH), CCNP(642-832 TSHOOT) Cert Kit DVD available for free download onhttp://www.azires.comjust visit, click on downloads and open FREE CCNP DOWNLOADS
Hemmm ... thank you to her blog filled with information about the cisco. I also have a blog about Cisco, please go to thx
Wow, really very useful information. You have posts on protocols. I love to learn more on protocols. thanks for sharing the useful information. Ecommerce website developers
Thanks for giving information.
can u give me answer about
"what is Benefits of CCIE Certified Wireless Certification."
Very useful Informat ion of Policy Based Routing.... thanx for sharing.. keep posting
thanks for sharing nice post & great blog

By Sarah
Best CCNA Institute in Delhi

Great info!, I have one query though, what if besides of the web server, you also have other PCs you want to navigate the Internet with. Do those need NAT?. How would the NAT configuration be?......visit more info Cisco Router Support also Call +1-800-231-4635 (Toll Free) .
I would like to share a list of Cisco exam-related articles and tips, at 100Questions Exam Portal ( . CISCO 640-822 CCENT (100 Questions) is the Cisco Certified Networking Entry Technician exam, and covers the skills required for entry-level network support positions, and is the starting point for many networking careers. CCENT is the first step towards CCNA, and our exam volume prepares you to ace your exam.

CISCO CCNA Exam (100 Questions), or the Cisco Certified Network Associate validates the ability to install, configure, operate and troubleshoot medium-sized routed and switched networks. This includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills.

The other good thing is that you can test your Cisco knowledge and prepare for the exam via the exam library, which contains free-to-try exam questions. The Cisco reference section could be accessed from the drop-down menu, and because the portal covers several topics, it could be confusing initially due to the enormous amount of data, but if you spend some time navigating the contents you might be well-rewarded!
Great post! I am actually getting ready to go across, this post is very informative. By the way, Get mothers day quotes from family
mothers day quotes
mothers day messages
This blog provides useful information about new techniques and concepts.very impressive lines are given which is very attractive.
SEO training in chennai
Wonderful blog.. Thanks for sharing informative blog.. its very useful to me..

iOS Training in Chennai
Superb. I really enjoyed very much with this article here. Really it is an amazing article I had ever read. I hope it will help a lot for all. Thank you so much for this amazing posts and please keep update like this excellent article.thank you for sharing such a great blog with us. expecting for your.
Digital Marketing Company in India
Seo Company in India
Impressive post..!!!
I can learn so many interesting or informative post through this blog that are helpful for us...Amazing work you have to do on this blog..Keep sharing much more post...
ccna jobs in hyderabad .
Post a Comment

Links to this post:

Create a Link

<< Home

This page is powered by Blogger. Isn't yours?