Ethan Banks Not writing about IT.

OECG – Chapter 7


Policy routing is what you do when you need to be absolutely sure that your network is difficult to troubleshoot. Uh…I mean to say…policy routing is what you do when you want the router to make a forwarding decision based on something other than the destination IP address. And, from lots of practical experience with policy routing, I can also tell you that if you’re injudicious in your use of policy routing and/or lousy at documentation, policy routing can be a real pain in the butt. It’s powerful, don’t get me wrong…but if you think policy routing is the answer to whatever the question is, you may need to ask some other questions. Like “Why is my network such that policy routing is the only way I can solve this problem?” Maybe policy routing is your answer…but I can’t recommend highly enough that you use it sparingly and document it to death with very intuitive policy names and remarked ACL’s. You’ll thank yourself 6 months from now when you’re troubleshooting the router.

Using the “ip policy” command on interface let’s the router know he’ll have to think a bit harder before fowarding the packet. You define a policy with a series of clauses that define a condition and an action to perform if that condition is matched. You could send all packets with a source IP of to a next-hop of your choosing, for instance. Or you could classify all packets coming from your IP phone VLAN with IP precedence bits to make sure they are prioritized when they hit the WAN cloud.

Let’s say you want to set a next-hop to You’re set statement would be “set ip next-hop”. Alternatively, you could “set ip default next-hop”, the difference being that the “default” keyword tells the router to attempt to forward the traffic based on the routing table, and will forward to if there’s no routing table match.

(Do you start to see how this could be potentially evil if you go crazy with this on your network?)

By Ethan Banks
Ethan Banks Not writing about IT.

You probably know Ethan Banks because he writes & podcasts about IT. This site is his, but covers other stuff.

Get the details on his about page.