PBR allows packets to be forwarded based on criteria other than just the destination IP address, such as source address, application, or packet length. It overrides the normal IP routing table and can be used to implement policies for load balancing traffic across different paths or prioritizing certain traffic types. To configure PBR on a Cisco router, access control lists are created to define matching criteria, route maps are used to specify actions for matched packets including next hops or interfaces to use, and the route map is applied to an interface where traffic will be policy routed.

1. How to Configure PBR (Policy-Based Routing)?
Policy-Based Routing (PBR) is a very popular feature in Cisco routers; it allows the creation of
policies that can selectively alter the path that packets take within the network.
PBR provides a method to forward packets by overriding the information available in the IP
routing table. By using PBR, customers can implement policies that selectively cause packets to
take different paths. Traditional IP routing forwards packets based only on the destination IP
address in the packet. PBR can be configured to forward packets based on other criteria, such as
source address, application and the length of the packet.
PBR provides advantages like Source-Based Transit Provider Selection when multihomed to
different providers. This provides cost savings by distributing interactive traffic among low
bandwidth, low cost paths and batch traffic over high bandwidth, high cost paths. PBR can be
used to implement QoS by classifying and marking packets with IP precedence values in the Type
of Service (ToS) field of the IP header. The routers in the core can then implement queuing
techniques to prioritize the already marked traffic. PBR can also be used to route the packets over
specific traffic engineered paths, which provide the desired QoS through the network.
Configuration Overview:
PBR on Cisco router can configure using following steps:
Step1: Configure ACLs.
Permit statement in ACL is what will be matched. You don’t want to permit everything,by default
the implicit deny at the bottom of the ACL and just create an ACL that permits what you going to
take action on in the route-map.
Example:
Router(config)# access-list 101 permit ip any host 10.1.1.1(This ACL permits only traffic with a
destination IP of 10.1.1.1)
Step2: Configure route map instances.
Route maps are similar to Access Control Lists (ACLs), but have these enhanced capabilities:
->Modifying certain fields in the packet.
->Forwarding packets in a specified manner.
->Filtering and modifying the attributes of a route.
Route maps can have a sequence of statements. Each entry in a route map statement contains a
combination of match and set commands. The route map statements also have a permit or deny
action. For PBR, the match command defines the criteria for matching the packets based on the
1

2. defined policy. The set command defines the action to be taken on the matched packets. The action
could either be modifying or forwarding the packet, bypassing the normal routing based on the IP
routing table. Packets that are denied by a route map statement, or those that are not matched by
any statement, are forwarded normally based on the IP routing table.
Route map can configured by issuing the route-map map-tag [permit | deny] [sequence-number]
command in global configuration mode.
Example:
Router(config)# route-map 101traffic permit 10
Step3: Configure match commands.
PBR allows the user to match packets based on the length and characteristics of a packet, using a
standard or extended ACL.
To define the matching criteria based on the policy, issue these commands from route map
configuration mode:
match length minimum-length maximum-length
match ip address {access-list-number | access-list-name}
Step4: Configure set commands.
Define the action to be taken on the packets that match the criteria using set command.
For PBR, this can be done by one of these options:
->A list of interfaces through which the packets should be routed.
->A list of specified next-hop IP addresses to which the packets have to be routed.
->A list of default interfaces.
->A list of default next-hop IP addresses.
->IP precedence or ToS values in the packet.
Issue these commands in route map configuration mode:
->set interface interface-type interface-number
->set ip next-hop ip-address
->set default interface interface-type interface-number
->set ip default next-hop ip-address
->set ip precedence [number | name]
->set ip tos [number]
Step5: Configure PBR on the interface.
You need to apply this policy/route-map to the interface where the traffic is coming in.
Example:
2

3. Router(config)# interface Fast Ethernet 0/0
Router(config-if)#ip policy route-map reroute10traffic
Step6: (Optional) Configure local PBR.
Packets that are generated by the router are not normally policy routed. To enable PBR for packets
generated by the router, issue the
ip local policy route-map <Route map name> command.
Example:
Router(config)#ip local policy route-map 101traffic
Verification Command:
->To test the policy, issue show route-map command on router.You will able to determine whether
packets are being policy routed.
->To check policy,issue Show ip policy command.
Reference:
Configuring Policy-Based Routing:
Policy-Based Routing
Understanding Policy Routing
IPv6 Policy Based Routing (PBR)
Original Doc from: https://supportforums.cisco.com/docs/DOC-1634
3Anetwork.com is a world leading Cisco networking products wholesaler, we wholesale
original new Cisco networking equipments, including Cisco Catalyst switches, Cisco
routers, Cisco firewalls, Cisco wireless products, Cisco modules and interface cards
products at competitive price and ship to worldwide.
Our website: http://www.3anetwork.com
Telephone: +852-3069-7733
Email: info@3Anetwork.com
Address: 23/F Lucky Plaza, 315-321 Lockhart Road, Wanchai, Hongkong
3