Overview of ePBR
Enhanced Policy Based Routing (ePBR) is an advanced version of Policy Based Routing (PBR). With this feature, traffic forwarding is based on policies rather than routing tables, and gives you more control over routing. ePBR extends and complements the existing mechanisms provided by routing protocols. ePBR is an advanced local data policy that routes traffic based on flexible match criteria such as IPv4 and IPv6 addresses, port numbers, protocols, or packet size.
ePBR matches traffic using flexible Cisco Common Classification Policy Language (C3PL language). It supports matching prefixes, applications, Differentiated Services Code Point (DSCP), Security Group Tags (SGT), and so on. With ePBR, based on match conditions, you can configure a single or multiple next hops for traffic forwarding. You also have the option to configure Internet Protocol Service Level Agreement (IP SLA) tracking. If a configured next hop is unavailable, traffic is routed to the next available hop through dynamic probing enabled by the IP SLA tracker.
Features and Benefits
-
Supports both IPv4 and IPv6.
-
Supports multiple next hops; and if the next hop isn’t reachable, ePBR automatically switches to the next available hop.
-
You have the option to configure IP SLA tracking. If this is configured, the next hop is selected only when the IP SLA probe is successful.
SLA probes can be configured in the same or a different VRF.
-
If the current hop isn’t reachable, syslog messages are generated and the user is notified of the same.
How ePBR Works
-
ePBR is applicable to unicast routing only and is based on traffic matching using C3PL.
-
All packets received on an ePBR-enabled interface are passed through policy maps. The policy maps used by ePBR dictate the policy, determining where to forward packets.
-
ePBR policies are based on a classification criteria (match) and an action criteria (set) that are applied to traffic flow.
-
To enable ePBR, you must create a policy map that specifies the packet match criteria and desired policy-route action. Then you associate the policy map on the required interface.
-
The match criteria is specified in a class. The policy map then calls the class and takes action based on the set statement.
-
The set statements in ePBR policies define the route in terms of next hops, DSCP, VRFs, and so on.
Usage Example
This example shows that traffic is coming into VPN 1 interface. Based on the classification configured on VPN 1, the traffic overrides the regular route forwarding and is redirected to a next-hop in VPN 100, where additional network services are applied to the incoming traffic. Network services, such as WAN optimization, are then applied on the redirected traffic before it is forwarded to the Cisco Catalyst SD-WAN overlay network through VPN 0.