Why write about this?

I once worked with a colleague1, and he didn’t know there was a difference between Policy-Routing and Routing-Policy. Given his senior position, I was surprised at the initial confusion this created as we collaborated with a vendor. His view was both concepts of Routing-Policy and Policy-Routing had the same meaning, that being of Routing-Policy.

Policy-Routing is not the same thing as Routing-Policy. They are distinctly different approaches to manipulate packet flow.

The concepts in short

Policy-Routing

Policy-Routing is making a forwarding decision based upon the IP header attributes. It does not use routing protocols2.

The Policy-Based Routing feature is a process whereby a device puts packets through a route map before routing the packets. The route map determines which packets are routed next to which device. Policy-based routing is a more flexible mechanism for routing packets than destination routing.

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_pi/configuration/xe-3e/iri-xe-3e-book/iri-pbr.html

Policy-based routing (PBR) is a technique that forwards and routes data packets based on policies or filters. Network administrators can selectively apply policies based on specific parameters such as source and destination IP address, source or destination port, traffic type, protocols, access list, packet size, or other criteria and then route the packets on user-defined routes.

https://www.juniper.net/us/en/research-topics/what-is-policy-based-routing.html

Routing-Policy

Routing-Policy is making a forwarding decision based upon routing protocol attributes.

A routing policy instructs the router to inspect routes, filter them, and potentially modify their attributes as they are accepted from a peer, advertised to a peer, or redistributed from one routing protocol to another.

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r7-6/routing/configuration/guide/b-routing-cg-asr9000-76x/implementing-routing-policy.html

Routing policies allow you to control the routing information between the routing protocols and the routing tables and between the routing tables and the forwarding table.

https://www.juniper.net/documentation/us/en/software/junos/routing-policy/index.html

How does Cisco refer to these concepts?

Policy-Routing

Cisco refers to Policy-Routing by several names

  • PBR (Policy Based Routing)
  • ePBR (Enhanced Policy Based Routing)
  • ABF (ACL Based Forwarding)

I’ve only linked to the PBR docs below.

Operating system references

IOS-XR comparison

The following table illustrates the match/set criteria that is supported by ABF, ePBR/Flowspec, and PBR:

match/set criteriaABFePBR/FlowspecPBR
source ipmatchmatchmatch
destination ipmatchmatchmatch
source protocol/portmatchmatchmatch
destination protocol/portmatchmatchmatch
nexthop ipsetsetset
nexthop vrfsetsetset
nexthop ip+vrfsetNAset
dscpNAmatch/setNA
forward-class NANAset
police NAsetNA
access-group NANAmatch
flow-tag NANAmatch
fragment-type NAmatchNA
packet lengthNAmatchNA
ip protocolmatchmatchmatch
tcp-flag matchmatchmatch
ipv4/ipv6 icmp-typeNAmatchNA
ipv4/ipv6 icmp-codeNAmatchNA
portNAmatchNA
port-rangematchmatchmatch
Supported Match and Set Operations—ABF, ePBR/Flowspec, and PBR3

Routing-Policy

How does Juniper refer to these concepts?

Policy-Routing

Juniper refers to Policy-Routing by several names

  • FBF (Filter Based Forwarding)
  • APBR (Advanced policy-based routing)

JUNOS: Filter Based Forwarding (FBF) https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/firewall-filter-option-filter-based-forwarding-overview.html

For IPv4 or IPv6 traffic only, you can use stateless firewall filters in conjunction with forwarding classes and routing instances to control how packets travel in a network. This is called filter-based forwarding (FBF).

Filters That Classify Packets or Direct Them to Routing Instances

JUNOS: Advanced Policy-Based Routing

Advanced policy-based routing (APBR) also known as application-based routing, a new addition to Juniper Networks suite, provides the ability to forward traffic based on applications.

https://www.juniper.net/documentation/us/en/software/junos/application-identification/topics/topic-map/security-application-advanced-policy-based-routing.html

Routing-Policy

JUNOS: https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/policy-routing-overview.html

How does Linux refer to these concepts?

The following is used by Linux to enable policy based routing. The software package used is called iproute2. The CLI command tool is called ip.

  • Policy routing table
  • Policy routing rule

Red Hat Enterprise 7 example4: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/networking_guide/configuring-policy-based-routing-to-define-alternative-routes

Online reference book for Linux policy routing, http://www.policyrouting.org/PolicyRoutingBook/ONLINE/TOC.html


Footnotes and Sources

  1. This colleague was from a different team and not someone I worked with every day.[]
  2. Not to be confused with Segment Routing. https://www.cisco.com/c/en/us/solutions/segment-routing.html[]
  3. https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r7-6/b-ip-addresses-cg-asr9000-76x/Implementing-policy-based-routing.html#id_84172[]
  4. at first this example uses the nmcli command and further down uses the ip command.[]

Last modified: 11/02/2022

Comments

Write a Reply or Comment