Policy-Based Routing Tables; Policy-Based Routing Policy; Pbr Execution - D-Link DFL-1600 User Manual

10.7. Policy Based Routing(PBR)
Creating provider-independent metropolitan area networks
– All users share a common active backbone, but can use different
ISPs, subscribing to different streaming media providers.
PBR implementation in D-Link firewalls consists of two elements:
One or more named PBR tables in addition to the normal routing
table.
A separate PBR ruleset, which determines which named routing table
to use.
10.7.2

Policy-based Routing Tables

Policy-based routing tables are alternative tables additional to the main
routing table. These tables contain the same fields for describing routes as
the main routing table, except that there is an Ordering parameter defined
on each of them. This parameter dictates when the PBR table comes into
play in firewall's route lookup, either prior or later than the main table.
10.7.3

Policy-based Routing Policy

The rules defined in PBR policy are selectors of different routing tables.
Each PBR rule is triggered by the fields of service type and source &
destination interface and network. During the firewall's lookup, the first
matching rule is carried out, and routes can be chosen and prioritized by
the order parameter on a per-state basis other than packet-by-packet
lookup, which means that PBR rules can specify which routing table to use
in both forward and return direction.
10.7.4

PBR Execution

The sequence of PBR execution cooperating with the main routing table
and the firewall's rules setting can be summarized as follows:
1. Main routing table checking – looking up the interface for the packets'
destination address.
2. Rules consulting – looking up in the firewall's Rules list to determine
the action to the packets.
3. PBR policy consulting – If the lookup in step 2 results in allowing the
packets to go through, the firewall will perform a lookup in the PBR
D-Link Firewalls User's Guide
89