In this article I am going to examine a simple scenario for PBR. This is the phyical topology and it roughly corresponds to its logical topology:

EIGRP AS 1 is running on all routers. You may run OSPF as well and you will get the same result.



Two scenarios can be defined here:

R3 is a transit router.

R3 is the originator of the traffic.

When R3 is a transit router we need to define a route-map and add it to incoming interface. This route-map will match a particular traffic using an extended access-list. A prefix-list will not do here. This step is optional i.e. if you do not match any traffic all traffics will be affected.

The next step is to change the next-hop and you do it in two different ways:

You want to use normal routing when there is an entry for the destination in your routing table and fall-back to policy when the route is not present. For this you use default keyword.

You want to use policy at all times.

before applying any policy on R3 a traceroute to R1’s loopback11 interface is issued on R4:

R4#trace 11.11.11.11 Type escape sequence to abort. Tracing the route to 11.11.11.11 1 10.10.34.3 68 msec 52 msec 16 msec 2 10.10.35.5 76 msec 36 msec 44 msec 3 10.10.15.1 68 msec 92 msec 88 msec

I would like to send traffic to this destination from the serial connection between R3 and R2 so I define an access-list:

R3#sh run | s access-list ip access-list extended PBR permit ip any 11.11.11.0 0.0.0.255

This is an extended access-list and mathes all types of traffic (ip) from any source to 11.11.11.0/24 network. Now I need to create the route-map:

R3#sh run | s route-map route-map PBR permit 10 match ip address PBR set ip next-hop 10.10.23.2 route-map PBR permit 1000

Next, I need to assign the route-map to the interface which recieves the traffic, in this case Fa0/1:

R3(config)#int f0/1 R3(config-if)#ip policy route-map PBR

Now I can check the result on R4:

R4#trace 11.11.11.11 Type escape sequence to abort. Tracing the route to 11.11.11.11 1 10.10.34.3 60 msec 52 msec 44 msec 2 10.10.23.2 56 msec 52 msec 32 msec 3 10.10.12.1 56 msec 64 msec 60 msec

As you can see this traffic is sent to R2 instead of its default next-hop that is R5. I test other destinations:

R4#trace 1.1.1.1 Type escape sequence to abort. Tracing the route to 1.1.1.1 1 10.10.34.3 148 msec 44 msec 68 msec 2 10.10.35.5 64 msec 48 msec 36 msec 3 10.10.15.1 116 msec 96 msec 64 msec

And since this does not match the access-list, R3 uses default next-hop from routing table to send this traffic.

The second scenario defines a situation where R3 is the originator of the traffic. In this case I need to use a global configuration command and the same route-map:

R3#sh run | s local ip local policy route-map PBR

To verify this I issue a traceroute on R3:

R3#traceroute 11.11.11.11 Type escape sequence to abort. Tracing the route to 11.11.11.11 1 10.10.23.2 96 msec 56 msec 28 msec 2 10.10.12.1 56 msec 68 msec 8 msec

The result is what I expected!