Overview of PBR
Different from the routing table mechanism, the Policy-Based Routing (PBR) mechanism selects routes based on the customized policy, but not the routing table.
Using PBR, the FW selects routes based on the customized policies and not based on the routing table and forwards packets based on attributes, such as the incoming interface, source security zone, source and destination IP addresses, user, service type, and application type. PBR takes priority over, but does not take place of the routing table mechanism. PBR provides guidance for forwarding the traffic of certain services.
PBR Components
A PBR rule consists of matching conditions and an action. The FW supports the following matching conditions:
The same as a Traffic Policy
- Source security zone
- Incoming interface
- IP address or MAC address
- User
- Service type
- Application
- DSCP Value
The forwarding action of the PBR rule is implemented on the traffic only when the traffic matches all matching conditions.
The FW:
- If PBR exist, implements PBR.
- If not forward based on the existing routing table.
PBR Rule Matching Sequence
The FW will look up the first rule based on the matching sequence.
If none PBR rule is matched, the FW forwards packets based on the route table.
When the policy-based route specifies single egress and the next hop or outbound interface is unreachable, the FW discards the packet.
To enhance reliability, configure the FW to monitor the reachability of the next hop If the next hop is unreachable, the FW looks up the routing table to avoid packet loss.
Precautions
PBR-based intelligent uplink selection cannot be used together with the IP spoofing attack defense or URPF function
Configuring PBR Using the Web UI
- Choose Network > Route > Intelligent Uplink Selection.
- Click the Policy Route tab, then click Add.
- Set the name and description of the PBR rule.
- Configure a tag for the policy.
The tag identifies and categorizes the policy.
- Set the matching conditions of the PBR rule.
- Set the action of the PBR rule.
- Select the Egress Type
Single Egress Mode
- Choose the selection mode from the list.
- Selection Mode is Load balancing based on link bandwidth
Use the Bandwidth of the links to choose the Outgoing Interface. Remember that Ethernet Interface Adjust their Bandwidth to match the current Speed but Serial Links need to configure manually the Bandwidth to match the real speed.
- Selection Mode is Load balancing based on link quality
|
Link quality indicators |
When you set the link selection mode to load balancing by link quality, you can set one or more link quality parameters to evaluate the link quality. The FW supports three link quality parameters:
|
|
Detection Times |
Number of link quality detection times. |
|
Detection Interval |
Interval at which link quality detection is performed. |
|
Destination Subnet Mask Bits |
Mask length of link quality detection. |
|
Protocol |
Protocol for health check. Different protocols are used in different probe mode.
|
3. Selection Mode is Load balancing based on link weights
|
Weight |
Weight of the member interface.
In intelligent uplink selection, the FW forwards traffic to different links based on the link weight ratio. Therefore, the link with a larger weight forwards more traffic, and the link with a smaller weight forwards less traffic. |
- Selection Mode is Active/standby backup based on link priorities
|
Priority |
Priority of the member interface.
A great priority value indicates a high priority. |
- Enable Sticky Session in case it is need it
|
Sticky Session |
With this function enabled, after traffic selects a link for the first time, the FW generates a corresponding sticky session entry. The subsequent traffic is forwards through the outgoing interface recorded in the entry.
|
- Select the Outgoing WAN Interface/Carrier/Interface Group
Follow-up Procedure
- If the policy-based route has multiple outbound interfaces and Selection Mode is set to Load balancing based on link quality, you can view the quality of each link in the link quality check table.
- Choose Network > Route > Intelligent Uplink Selection.
- On the Link Quality Check Table tab, click Refresh to view the latest information.
|
Operation |
Command |
|
Check the PBR configuration. |
display policy-based-route rule { all [ slot slot-id cpu cpu-id ] | name rule-name } display policy-based-route app-cache { all | { tcp | udp } ip-address port } [ slot slot-id cpu cpu-id ] |
This post was last edited by DiegoXD at 2018-10-24 14:02.
