Configuring Policy-Based Routing - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

Configuring Policy-Based Routing

Policy-based routing (PBR) on the ProCurve Router allows you to implement
basic traffic engineering: you can manipulate the path a packet follows based
on characteristics of that packet. Routers use PBR to route traffic with the
same destination over different paths according to the traffic's priority, source,
or size.
Overview
By default, routers forward packets according to their destination address
alone. When a packet arrives on an interface, the router matches the destina-
tion address in the packet's IP header to an entry in the router's routing table.
Unless the routing table changes, the router always routes packets addressed
to a particular destination to the same next hop.
To make your network to function optimally, however, you may want different
types of traffic to travel over different paths, even when that traffic is destined
to the same network.
Applications for PBR include:
Enforcing security
You can configure the router to send certain traffic to a security appliance
such as an intrusion detection system (IDS) for further processing rather
than forwarding it directly over a WAN or Internet connection. An IDS can
provide more security than a firewall because it monitors traffic from both
external and internal users for suspicious activity.
Your organization's security policies may define certain internal hosts as
untrusted. When the router receives traffic from these hosts, the router
should forward traffic to the IDS before forwarding it to the Internet or
remote site. For other hosts, who are trusted, the router may forward
traffic directly over the WAN connection. You could configure a PBR
policy that selects traffic from certain hosts and forwards it through the
correct interface for that host.
IP Routing—Configuring RIP, OSPF, BGP, and PBR
Configuring Policy-Based Routing
13-123