Using IP Policy Routing


Traditionally, routing is based on the destination address only and the router takes the shortest path to forward a packet. IP Policy Routing (IPPR) provides a mechanism to override the default routing behavior and alter the packet forwarding based on the policy defined by the network administrator. Policy-based routing is applied to incoming packets on a per interface basis, prior to the normal routing. Network administrators can use IPPR to distribute traffic among multiple paths.For example, if a network has both the Internet and remote node connections, we can route the Web packets to the Internet using one policy and route the FTP packets to the remote LAN using another policy. See the figure below.

policy.gif (5143 bytes)

Use IPPR to distribute traffic among multiple paths


Source-Based Routing - Network administrators can use policy-based routing to direct traffic from different users through different connections.

Quality of Service (QoS)- Organizations can differentiate traffic by setting the precedence or TOS (Type of Service) values in the IP header at the periphery of the network to enable the backbone to prioritize traffic.

Cost Savings- IPPR allows organizations to distribute interactive traffic on high-bandwidth, high-cost path while using low-path for batch traffic.

Load Sharing- Network administrators can use IPPR to distribute traffic among multiple paths.


A policy defines the matching criteria and the action to take when a packet meets the criteria. The action is taken only when all the criteria are met. The criteria include the source address and port, IP protocol (ICMP, UDP, TCP,etc), destination address and port,   TOS and precedence (fields in the IP header) and length. The inclusion of length criterion is to differentiate between interactive and bulk traffic. Interactive applications, e.g., Telnet, tend to have short packets, while bulk traffic, e.g., file transfer, tends to have large packets.

The actions that can be taken include routing the packet to a different gateway (and hence the outgoing interface) and the TOS and precedence fields in the IP header. IPPR follows the existing packet filtering facility of ZyNOS in style and in implementation. The policies are divided into sets, where related policies are grouped together. A use defines the policies before applying them to an interface or a remote node, in the same fashion as the filters. There are 12 policy sets with 6 policies in each set.


 1. Create a routing policy set in menu 25
 


                        Menu 25 - IP Routing Policy Setup

     Policy                               Policy
     Set #         Name                   Set #         Name
     ------  -----------------            ------  -----------------
       1      _______________               7      _______________
       2      _______________               8      _______________
       3      _______________               9      _______________
       4      _______________              10      _______________
       5      _______________              11      _______________
       6      _______________              12      _______________
 
 

                    Enter Policy Set Number to Configure= 1

                    Edit Name= policy1

                    Press ENTER to Confirm or ESC to Cancel:
 

2. Edit a rule or more for this set in menu 25.1.1. See an example below.
 

                          Menu 25.1.1 - IP Routing Policy 

          Policy Set Name= First 
          Active= Yes 
          Criteria: 
            IP Protocol    =
            Type of Service= Don't Care        Packet length= 0 
            Precedence     = Don't Care          Len Comp= N/A 
            Source: 
              addr start= 192.168.1.2          end= 192.168.1.20 
              port start= 0                    end= N/A 
            Destination: 
              addr start= 0.0.0.0              end= N/A 
              port start= 80                   end= 80 
          Action= Matched 
            Gateway addr   = 192.168.1.254      Log= No 
            Type of Service= No Change 
            Precedence     = No Change 

                    Press ENTER to Confirm or ESC to Cancel 
 

This policy example forces the Web packets originated from the clients with IP addresses from 192.168.1.2 to 192.168.1.20 be routed to the remote LAN via the gateway 192.168.1.254.

3. A summary for this set is shown in menu 25.1.
 


                       Menu 25.1 - IP Routing Policy Setup

 # A                         Criteria/Action
 - - -------------------------------------------------------------------------
 1 Y SA=192.168.1.2-192.168.1.20
     DP=80-80 P=6                                 |GW=192.168.1.254 
 2 N __________________________________________________________________________
     __________________________________________________________________________
 3 N __________________________________________________________________________
     __________________________________________________________________________
 4 N __________________________________________________________________________
     __________________________________________________________________________
 5 N __________________________________________________________________________
     __________________________________________________________________________
 6 N __________________________________________________________________________
     __________________________________________________________________________
 

                  Enter Policy Rule Number (1-6) to Configure:
 

4. There are two interfaces to apply the policy set, they are the LAN interface (menu 3.2) and WAN interface (menu 11.3). It depends where the gateway specified in the policy rule is located. If the gateway you specified is located on the local LAN you apply the policy set in menu 3.2 (LAN interface). If the gateway you specified is located on the remote WAN site you apply the policy set in menu 11.3 (WAN interface).
 


           Menu 3.2 - TCP/IP and DHCP Setup

     DHCP Setup
           DHCP= Server
           Client IP Pool Starting Address= 192.168.1.33
           Size of Client IP Pool= 32
           Primary DNS Server= 0.0.0.0
           Secondary DNS Server= 0.0.0.0
           Remote DHCP Server= N/A
      TCP/IP Setup:
           IP Address= 192.168.1.1
           IP Subnet Mask= 255.255.255.0
           RIP Direction= Both
               Version= RIP-1
           Multicast= None
           IP Policies= 1
           Edit IP Alias= No

  Press ENTER to Confirm or ESC to Cancel:

 



                 Menu 11.3 - Remote Node Network Layer Options

     IP Options:                          Bridge Options:
       Rem IP Addr:                         Ethernet Addr Timeout(min)= N/A
       Rem Subnet Mask= 0.0.0.0             
       My WAN Addr= 0.0.0.0                 
       NAT = No               
                                            
       Metric= 2                            
       Private= No
       RIP Direction= Both                
         Version= RIP-2B                    
       Multicast= IGMP-v2
       IP Policies= 1
 

                     Enter here to CONFIRM or ESC to CANCEL:


All contents copyright © 2002 ZyXEL Communications Corporation.