Managing Network Traffic with Protocol-Based Routing

.

Efficient HTTP Traffic Routing Using Cisco Policy-Based Routing

Efficient routing is critical in modern networks. In scenarios where specific traffic (such as HTTP on TCP port 80) must follow a designated path, Policy-Based Routing (PBR) provides granular control beyond traditional routing tables.

---

🎯 Learning Objective

Redirect HTTP traffic for specific source addresses to a defined next-hop IP, while routing all other traffic via a default path.

💡 Key Takeaway: Policy-Based Routing allows routing decisions based on traffic characteristics — not just destination.

---

📘 Configuration Walkthrough

Step 1 – Create the Access Control List (ACL)

The ACL identifies HTTP traffic and filters it based on source subnet.

Router(config)#access-list 101 deny tcp 10.15.25.0 0.0.0.255 any eq www
Router(config)#access-list 101 permit tcp any any eq www

Explanation

• Deny: Blocks HTTP traffic from 10.15.25.0/24 from matching PBR.
• Permit: Allows other HTTP traffic to match the route-map.

💡 ACLs in PBR define traffic to match — not to block.

---

Step 2 – Apply Policy to Interface

Attach the route-map to the ingress interface.

Router(config)#interface Ethernet0
Router(config-if)#ip address 10.15.22.7 255.255.255.0
Router(config-if)#ip policy route-map Websurfers
Router(config-if)#ip route-cache policy
Router(config-if)#exit

Command Breakdown

• ip policy route-map → Activates PBR on interface.
• ip route-cache policy → Enables caching for improved performance.

💡 PBR works on inbound traffic of the configured interface.

---

Step 3 – Define Route Map (Traffic Redirection Logic)

Primary Route (Matched HTTP Traffic)

Router(config)#route-map Websurfers permit 10
Router(config-route-map)#match ip address 101
Router(config-route-map)#set ip next-hop 10.15.27.1
Router(config-route-map)#exit

Traffic matching ACL 101 will be redirected to next-hop 10.15.27.1.

Default Route for Other Traffic

Router(config)#route-map Websurfers permit 20
Router(config-route-map)#set ip default next-hop 10.15.26.1
Router(config-route-map)#end

All unmatched traffic follows next-hop 10.15.26.1.

💡 Route-map sequence numbers determine processing order.

---

⚙ Key Configuration Considerations

IOS Version Differences

• Syntax may vary slightly between IOS versions.
• Enhanced ACL capabilities may be available in newer releases.
• Advanced PBR options (tracking, multiple next-hops, etc.) may exist.

Performance Optimization

• Enable policy route caching where supported.
• Monitor CPU utilization in high-throughput environments.
• Newer IOS versions improve packet handling efficiency.

💡 Always validate configuration compatibility with your IOS version before deployment.

---

📈 Practical Use Cases

1️⃣ Traffic Segmentation

Redirect HTTP traffic through monitoring or security appliances.

2️⃣ Load Balancing

Distribute traffic across multiple next-hop paths.

3️⃣ Policy Enforcement

Ensure compliance with internal routing and security policies.

---

📌 Summary

Using Access Lists, Route Maps, and Policy-Based Routing, administrators can route traffic based on TCP/UDP port numbers or source criteria.

💡 PBR extends routing control beyond traditional destination-based routing.

---

🧪 Suggested Lab Exercise

1. Configure ACL 101 and verify with show access-lists
2. Apply route-map and validate with show route-map
3. Test HTTP traffic and verify next-hop routing
4. Use debug ip policy for troubleshooting

---

End of Interactive Educational Guide