Policy Based Routing

Policy-Based routing is a neat trick to tweak traffic streams.

For Policy Based Routing to work you will the following;
– Define traffic stream in an access-list.
– Write down a policy.
– Determine the inbound interface.

First use an ACL to define the traffic streams.
You can use standard, extended or named access-list.

In this example traffic sourced from and destined for is defined in ACL 100.

access-list 100 permit ip host host
access-list 100 permit ip host host

Next you will to define the policy.
If you want to want set the next hop for this traffic stream. You have to do;

route-map just-a-name permit 10
 match ip address 100
 set ip default next-hop

Once you have formulated the traffic stream and the tweak all you have to do is apply it to an interface.

interface Ethernet0/0
 ip address
 ip policy route-map just-a-name

Be careful : the name of the route-map is CaSe senSitive.

Why is this a great little trick; you can use policy based routing to prevent asymetric routing in a HSRP setup. Or you can send specific traffic towards an IDS / firewall /deep packet inspection device. Or simply send traffic to an black-hole in case of unwanted/malicious traffic.


This entry was posted in CCNP and tagged , . Bookmark the permalink.