+(65) 8344 4290 Ciscodumps.net@gmail.com Room 907, Block B, Baoneng Entrepreneurship Center, Guangrong Road, Hongqiao District, Tianjin

ThinkMo EDU Share – network 38.Detailed Explanation of the Principle of Policy Routing PBR

蒂娜 No Comments 11/05/2022

ThinkMo EDU Share – network 38.Detailed Explanation of the Principle of Policy Routing PBR

The concept of common routing

Ordinary route forwarding forwards packets based on the routing table; the establishment of the routing table: direct routing, host routing; statically configured routing entries; dynamic routing protocol learning and generation; viewing the command – show ip route For the same destination network segment, there may be Multiple routing entries with different distances.

The concept of policy routing

Policy routing

The so-called policy routing, as the name implies, is to forward packets according to a certain policy. Therefore, policy routing is a more flexible routing mechanism than destination routing. When a router forwards a data packet, it first filters the packet according to the configured rules, and forwards the packet according to a certain forwarding policy if the match is successful.

This kind of rule can be based on standard and extended access control lists, or based on the length of the message; while the forwarding policy is to control the forwarding of the message according to the specified policy routing table, and it can also modify the IP priority field of the message. Therefore, policy routing is an effective enhancement to the traditional IP routing mechanism.

Policy-based routing can select routes based on source IP addresses, destination IP addresses, protocol fields, and even source and destination ports of TCP and UDP. To put it simply, as long as the IP standard/extended ACL can be set, it can be forwarded as a matching rule of policy routing.

Policy Route means that when determining the next-hop forwarding address or the next-hop default IP address of an IP packet, the decision is not simply based on the destination IP address, but comprehensively considers multiple factors.

For example, the path can be selected for the data packet according to the DSCP field, source and destination port numbers, source IP address, etc. Policy-based routing can implement traffic engineering to a certain extent, so that flows with different quality of service or data of different natures (voice, FTP) take different paths.

Policy-based routing provides network managers with stronger control over packet forwarding and storage than traditional routing protocols. Traditionally, routers use routing tables derived from routing protocols to forward packets based on destination addresses.

Policy-based routing is more powerful and flexible than traditional routing. It enables network managers to select forwarding paths based not only on destination addresses but also on protocol types, packet sizes, applications or IP source addresses. Policies can be defined as load balancing through multiple routers or quality of service (QoS) for packet forwarding across lines based on total traffic.

The policy routing supported by this switch is combined with the flow classification standard of QOS. For simple traffic classification and complex traffic classification, policy routing can be set according to the following characteristics of incoming packets:

802.1p priority.

VLAN ID.

Source/destination MAC address.

Source/destination IP address (including IP MASK part).

TCP/UDP source/destination port numbers.

IP precedence.

DSCP priority.

IP’s protocol type field.

The following two policy routes can be set for flows matching the above characteristics:

Next-hop IP address: This configuration command indicates that the output packets that match the matching statement will go to the next-hop IP address.

Next-hop default IP address: This configuration command sets the default next-hop. If there is no clear path in the routing table, the router uses the default next hop. This process is often used for load balancing between two different service providers. When this command is used, the routing table is also used for routing first. If there is no clear path in the routing table, the router uses the default value according to the established policy.

Policy routing enables network managers to specify a specific path for a packet to take according to the mechanism it provides. In today’s high-performance networks, this freedom of choice is highly desirable. It needs to be clear that policy routing is set on the interface that receives packets, not the interface that sends packets.

After the policy routing is set on the interface that receives the packets, the switch detects the incoming data packets on the interface, and searches the corresponding policy routing table when it detects that there are data packets that match the corresponding traffic classification characteristics. The forwarding path is selected according to the next hop IP address or the default route IP address specified by the policy routing entry.

The policy-based routing function is closely related to traffic classification and traffic policy. For the basic configuration commands of traffic classification and traffic policy, see the QOS configuration section.

Routing strategy

Route optimization is achieved by controlling the method of receiving, publishing, and importing routes through routing policies.

Implementation principle of policy routing

1.Benefits of Policy Routing

Source-based routing enables different users to choose different ISPs.

QOS is achieved by setting IP Precedence or Tos.

achieve load balancing.

2.Process of Policy Routing

Use Route-map to configure the process of policy routing

Policy routing is only valid for ingress packets.

To apply policy routing, you must specify the route map used by policy routing, and create a route map. A route map consists of many policies, and each policy defines one or more matching rules and corresponding operations. After policy routing is applied to an interface, all packets received by the interface will be checked. The packets that do not conform to any policy in the route map will be processed according to the usual route forwarding, and the data packets that conform to a policy in the route map will be processed according to this Actions defined in the policy are processed.

Policy-based routing configures the sending interface and next hop of packets based on multiple forwarding tables.

3.Processing Flow of Policy Routing

  • Streaming mode and packet-by-packet mode

Streaming mode

The first packet checks the routing and forwarding table. If there is a route, the routing entry is placed in the cache with indexes such as source, dest, tos, and inbound interface, and the same flow can be directly checked in the cache in the future.

For low-end routers, all operations are handled by CPU + memory.

For mid-to-high-end equipment, the processing is generally done by NP and Asic chips.

Packet-by-packet mode

Each packet is forwarded after checking the table.

  • Router flow mode and packet-by-packet mode switching commands

ip route-cache policy: Enable fast switching policy routing is flow mode.

no ip route-cache policy: Disabling this function is the packet-by-packet mode.

4.Route-map principle and implementation

  • Route-map concept

The route-map is composed of a set of match clauses and set clauses, which is actually a superset of the access control list. When a packet that needs to be policy-routed matches the rules defined by the match clause in the route-map, the routing mode of the packet will be determined according to the configuration of the set clause, including setting the priority field of the packet and setting the next hop to set the interface for sending packets.

  • Understanding Route-map

Similar to a complex Access-list, it is processed from top to bottom. Once there is a match, the route-map search will be ended immediately. Each entry of the route-map is assigned a number, and entries can be inserted or deleted arbitrarily.

When using policy-based routing, first define the redistribution routing map. A routing map can be composed of many policies. The policies are arranged according to the sequence number. As long as the previous policy is met, the execution of the routing map is exited. Since each policy in the routing map has its number, it can be easily inserted or deleted.

  • Route-map execution statement

route-map test permit 10

match x y z

match a

set b

set c

route-map test permit 20

match q

set r

deny all (implicit by the system)

If (x or y or z) and a

then set (b and c)

else if q

then set r

else set nothing

route-map-name

Define a memorable name for the routing map. The redistribute routing process configuration command refers to the routing graph by this name. A routing map can define multiple routing map policies, and a routing map policy corresponds to a sequence number.

Permit

(Optional) If the permit keyword is defined, it conforms to the matching rules defined by match. The set command controls redistribution routing; for policy routing, the set command controls packet forwarding. and exit the routing map operation.

If the permit keyword is defined, it does not meet the matching rules defined by match. Then it will enter the second route map policy to operate. until the set command is finally executed.

Deny

(Optional) If the deny keyword is defined, it conforms to the matching rules defined by match. No operation is performed, the route map policy does not allow route redistribution or policy routing, and the route map operation is exited.

If the deny keyword is defined, it does not meet the matching rules defined by match. Then it will enter the next route map strategy for operation. until the set command is finally executed.

Sequence-number

The sequence number corresponding to the routing map policy. Strategies with lower sequence numbers are used first, so you need to pay attention to the sequence number settings.

Planning and Design of Policy Routing

1.Applicable Environment of Policy Routing

In the case of multiple exports:

——Campus network (internet network, education network);

——Enterprise network (dual-export Internet access);

Bypass networking needs to modify the packet TOS and dscp;

2.Configuration of Policy Routing

  • Router Basic Configuration

Router configuration steps

1) Define the redistribution routing map. A routing map can be composed of many strategies. The strategies are arranged according to the sequence number. As long as the previous strategy is met, the execution of the routing map will be exited;

Router(config)#route-map route-map-name [permit | deny] sequence Define the route map

Router(config)#no route-map route-map-name {[permit | deny] sequence} delete route map

2) Define the matching rules or conditions for each policy of the routing map;

Define matching rules. Only packets that meet the rules are routed through policies. If no matching rules are configured, all packets meet the rules.

To define matching rules for a policy, execute the following in routemap configuration mode:

Route(config-route-map)#match ip address access-list-number

Match addresses in an access list:

Route(config-route-map)#match length min-length max-length

Match the packet size range:

3) After defining the matching rules, the router sets the IP precedence value and the next hop for the packets that meet the rules.

To define actions after matching rules, execute the following command in routemap configuration mode:

Router(config-route-map)#set default interface interface-type interface-number

Set the output interface of the packet:

Router(config-route-map)#set ip default next-hop ip-address

Set the next hop IP address of the packet:

Router(config-route-map)#set ip next-hop ip-address

Set the next hop IP address of the packet:

Router(config-route-map)#set ip precedence

{precedence| critical | flash | flash-override |

immediate | internet | network | priority |

routine} set the packet IP precedence value

The set ip next-hop and set ip default next-hop commands are very similar, but the order of operations is completely different. The set ip next-hop command enables the router to check the policy-based route first, and then use the routing table to forward data packets if it does not conform to the policy; the set ip default next-hop command enables the router to check the routing table first, and use policy-based routing if no clear route is found. Packet forwarding processing.

The setting of the priority value of the IP data packet header, when the network traffic is heavy, the traffic with a high priority value can be preferentially processed.

By default, RGNOS does not modify the priority value of the IP header and keeps its original value.

When applying policy routing, you can set the priority value of the IP header. When these packets with a certain priority value arrive at other routers, if the router enables the queuing mechanism, the packets with high priority value will be preferentially processed, and the quality of service is guaranteed. If the queue mechanism is not enabled, the priority value will have no meaning, and all packets are sent in a FIFO (first-in, first-out) manner.

The priority value can be set by name or number, the name is from RFC 791.

The corresponding relationship is as follows:

0 Routing1 Priority2 Immediate3 Flash4 flash-override5 Critical6 Internet7 Network

4) Apply the routing graph in the specified interface.

To configure policy routing for packets arriving on a router interface, execute the following command in interface configuration mode:

Router(config-if)#ip policy route-map route-map Apply policy routing on the interface

illustrate:

The data packets generated by the router itself usually do not apply policy routing. If the data packets generated by the router itself also apply policy routing, execute the following commands in the global configuration mode:

Router(config)#ip local policy route-map route-map apply local policy route

When a policy is applied to an interface, by default, fast forwarding of IP packets also supports policy-based forwarding. If you want to disable the fast forwarding function of policy routing, you can use the following command:

Router(config-if)#no ip route-cache policy Disable policy-based routing fast forwarding on the interface.

ThinkMo CCNA Dump exam information exchange group:

CCNA/CCNP/CCIE telegram study group:https://t.me/ccie_ei_lab
CCNA/CCNP/CCIE dump:
WAHTAPP:+65 83444290
WAHTAPP:+63 9750724648

ThinkMo CCNA 200-301 Tutorial VIP Exclusive:
https://www.youtube.com/playlist?list=PLIq0cWorv-oyWHaoH79460mAa3-4AWpvw

The complete EVE_NG file, free learning PDF and PPT that can be used directly, as well as video explaining the technical points are all here!

Post Tags :

Leave a Reply

X