Implementing Pbr According To Source - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
If you enter more than one match command in a particular entry (identified
by the sequence number), a packet must match the criteria for all of the match
commands. If a packet does not match all criteria for the entry, the router
attempts to match it to the route map entry with the next sequence number.
If the packet does not match any of the entries, the router will forward it
according to an route in its routing table.
However, if you do not enter a match command in the route map entry, then
all traffic will match that entry: the router will forward any traffic received on
the interface as specified by the set command for that entry.
Table 13-15. Selecting Traffic for a Route Map Entry
Select According To
IP precedence value
DiffServ value
• source IP address or source and
destination IP address
• application or protocol
payload size
Implementing PBR According to Source
Certain organizational policies may require your router to forward traffic
based on its source as well as its destination. For example, certain hosts may
be authorized to access the router's connection to a remote site or the Internet
directly. However, the organization requires traffic from other hosts to be sent
to a security device that will monitor it before forwarding it to its destination.
In this situation, you would configure a policy that selects traffic from the
unauthorized hosts and forwards it to the security device. Other traffic (from
authorized hosts) can use the routes in the router's routing table.
Another application for source-based PBR is to divide network traffic and
forward it over several connections to the Internet or the same remote site.
However, you should generally use a dynamic routing protocol for load
balancing such as this. See, for example, "Load Balancing" on page 13-74.
You use an ACL to select traffic according to its source. A standard ACL will
select the traffic to be routed according to its source only. If you want to route
traffic according to both its source and its destination, you must configure an
extended ACL.
IP Routing—Configuring RIP, OSPF, BGP, and PBR
Configuring Policy-Based Routing
Command Syntax
match ip precedence [<keyword> | <value>]
match ip dscp [<AF class> | <CS class> | default | ef
| <value>]
match ip address <ACL listname>
match length <minimum length in bytes>
<maximum length in bytes>
13-127
Advertisement
Chapters
Table of Contents
Troubleshooting
