Policy Based Routing (PBR) provides a flexible means of routing packets by configuring defined policy for traffic flows. PBR gives more control over routing, for example in case of high-cost link; you can specify a path for certain traffic as priority traffic. Normal routing is destination based but PBR gives you flexibility in the terms of routing packets by extending and complementing the existing mechanisms provided by routing protocols.
PBR routing can be based on
1) Source IPv6 address
2) Destination IPv6 address
3) Input interface
4) Protocols types (FTP, TFTP, http...Etc)
5) Port based (source and destination) or can be length of packets.
This document explains with an example how to do IPV6 policy routing to control traffic in internetwork.
Understanding of route-map
Understanding of IPv6 Addressing
Understanding of IPv6 Unicast Routing
Policy Based routing packet forwarding overview
A) Traffic criteria in PBR are defined by route-map by using "match" statement.
“route-map” is used to identify interesting traffic passing through or generated by router.
It is similar like if.....then statement, if certain condition gets true then we does something.
1) Permit means packets are policy route.
2) Deny means packets needs to be normal route.
Match ipv6 address/prefix-list.. (Matching of IPV6 packet based on access-list or prefix-list)
Match length.. (We can also match the based on its length in bytes)
B) Action is taken by route-map set statement.
Set ipv6 next-hop ..(global-ipv6 address)
Set interface …….. (Use only when you have point to point interface)
C) Apply this route-map to incoming interface
Ipv6 policy route-map (route-map-name)
D) (Optional) configure local PBR; Packets generated by router are not policy routed. If you want to policy route traffic generated by router, you must globally use the following command.
Ipv6 local policy route-map
E) CEF PBR for IPV6……No special configuration is required to enable cef PBR for IPv6 it will enable default once we enable cef and PBR on the router.
In this network setup a policy route is configured on R1 to control prefixes that exist on SW1 (i.e. vlan2 and vlan3).
We have 2 route-map instances.
1) In First instance match the packet from the VLAN2 of SW1 and set the next hop to be R2 global address 2222::2
2) In second instance match the packet from the VLAN3 of SW1 and set the next hop to be R3 global address 2222::3
Note: Rest of the traffic from SW1 will be normal routing
Routing table of R1:
The routing table on R1 shows there are two paths for R1 to reach the prefix present on R4 end (2001::1, 2001::2).
Traceroute from R1 (2222::1) to subnets of R4 (2001::1)
Policy based configuration on R1:
First configure ipv6 access-list to match ipv6 source subnets i.e vlan 2 and vlan 3, and then configure route-map with 2 instances, where first will match vlan 2 traffic and send it to R2 and second matches vlan 3 traffic send to R3.Once you create route-map you need to apply this to incoming interface, In our case it's fa0/1.
To test new policy, issue extended traceroute commands on SW1 for VLAN2 having source address 2012:0:0:1::1 and destination address as 2001::1 (which is the subnet present on R router 4 (). The below output shows traffic passing through R2 (2222::2)
Similarly, issue extended traceroute commands on SW1 for VLAN3 having source address 2012:0:0:2::1and destination address as 2001::1 (which is the subnet present on R router 4. The below output shows traffic passing through R3 (2222::3)