Table of Contents
Advertisement
7 - 2
WiNG 5.5 Access Point System Reference Guide
7.1 Policy Based Routing (PBR)
Network configuration
Define a policy based routing (PBR) configuration to direct packets to selective paths. PBR can optionally mark traffic for
preferential services (QoS). PBR minimally provides the following:
• A means to use source address, protocol, application and traffic class as traffic routing criteria
• The ability to load balance multiple WAN uplinks
• A means to selectively mark traffic for QoS optimization
Since PBR is applied to incoming routed packets, a route-map is created containing a set of filters and associated actions.
Based on the actions defined in the route-map, packets are forwarded to the next relevant hop. Route-maps are configurable
under a global policy called routing-policy, and applied to profiles and devices.
Route-maps contain a set of filters which select traffic (match clauses) and associated actions (set clauses) for routing. A route-
map consists of multiple entries, each carrying a precedence value. An incoming packet is matched against the route-map with
the highest precedence (lowest numerical value). If it matches, the routing decision is based on this route-map. If the packet
does not match the route-map, the route-map entry with next highest precedence is matched. If the incoming packet does not
match any of the route-map entries, it's subjected to typical destination based routing. Each route-map entry can optionally
enable/disable logging.
The following criteria can optionally be used as traffic selection segregation criteria:
• IP Access List - A typical IP ACL can be used for traffic permissions. The mark and log actions in ACL rules however are
neglected. Route-map entries have separate logging. Only one ACL can be configured per route map entry.
• IP DSCP - Packet filtering can be performed by traffic class, as determined from the IP DSCP field. One DSCP value is
configurable per route map entry. If IP ACLs on a WLAN, ports or SVI mark the packet, the new/marked DSCP value is used
for matching.
• Incoming WLAN - Packets can be filtered by the incoming WLAN. There are two ways to match the WLAN:
• If the device doing policy based routing has an onboard radio and a packet is received on a local WLAN, then this WLAN
is used for selection.
• If the device doing policy based routing does not have an onboard radio and a packet is received from an extended VLAN,
then the device which received the packet passes the WLAN information in the MINT packet for the PBR router to use
as match criteria.
• Client role - The client role can be used as match criteria, similar to a WLAN. Each device has to agree on a unique identifier
for role definition and pass the same MINT tunneled packets.
• Incoming SVI - A source IP address qualifier in an ACL typically satisfies filter requirements. But if the host originating the
packet is multiple hops away, the incoming SVI can be used as match criteria. In this context the SVI refers to the device
interface performing policy based routing, and not the originating connected device.
Each route map entry has a set of match and set (action) clauses. ACL rules configured under route map entries merge to create
a single ACL. Route map precedence values determine the prioritization of the rules in this merged ACL. An IP DSCP value is
also added to the ACL rules.
Set (or action) clauses determine the routing function when a packet satisfies match criteria. If no set clauses are defined, the
default is to fallback to destination based routing for packets satisfying the match criteria. If no set clause is configured and
fallback to destination based routing is disabled, then the packet is dropped. The following can be defined within set clauses:
• Next hop - The IP address of the next hop or the outgoing interface through which the packet should be routed. Up to two
next hops can be specified. The outgoing interface should be a PPP, a tunnel interface or a SVI which has DHCP client
configured. The first reachable hop should be used, but if all the next hops aren't reachable, typical destination based route
lookup is performed.
Hide quick links:
Advertisement
Table of Contents
