You are here: Webhelp 5.5R6 > Advanced Routing > Policy-based Route

Policy-based Route

Policy-based Route (PBR) is designed to select a router and forward data based on the source IP address, destination IP address and service type of a packet.

Creating a Policy-based Route

To create a Policy-based route, take the following steps:

  1. Select Network > Routing > Policy-based Routing.
  2. Click New. Select PBR from the drop-down list.
  3. Click OK.

Creating a Policy-based Route Rule

To create a Policy-based Route rule, take the following steps:

  1. Select Network > Routing > Policy-based Routing.
  2. Click New. Select Rule from the drop-down list.

Adjusting Priority of a PBR Rule

To adjust priority of a Policy-based Route rule, take the following steps:

  1. Select Network > Routing > Policy-based Routing.
  2. From the Virtual Router drop-down list, select the Virtual Router for the new route.
  3. Select the rule you want to adjust priority from the list below, click Priority.
  4. Each PBR rule is labeled with a unique ID. When traffic flows into a Hillstone device, the device will query for PBR rules by turn, and process the traffic according to the first matched rule. However, the PBR rule ID is not related to the matching sequence during the query. You can move a PBR rule's location up or down at your own choice to adjust the matching sequence accordingly.

Applying a Policy-based Route

You can apply a policy-based route by binding it to an interface, virtual router or zone.

To apply a policy-based route, take the following steps:

  1. Select Network > Routing > Policy-based Routing.
  2. From the Virtual Router drop-down list, select the Virtual Router for the new route.
  3. Click Bind to.
  4. Click OK.

DNS Redirect

System supports the DNS redirect funtion, which redirects the DNS requests to a specified DNS server. For more information about specifying IP addresses of the DNS server, see Configuring a DNS Server. Currently, the DNS redirect function is mainly used to redirect the video traffic for load balancing. With the policy based route working together, system can redirect the Web video traffic to different links, improving the user experience.

To enable the DNS redirect function, take the following steps:

  1. Select Network > Routing > Policy-based Routing.
  2. Click Enable DNS Redirect.

Configuring the Global Match Order

By default, if the PRB rule is bound to both an interface , VRouter and the security zone the interface belongs to, the traffic matching sequence will be: Interface > Zone > VRouter. You can configure the global match order of PBR.

To configure the global match order, take the following steps:

  1. Select Network > Routing > Policy-based Routing.
  2. Click Config Global Match Order.
  3. Select the items that need to be adjusted, and click and .
  4. To restore the default matching sequence, click Restore Default.
  5. Click OK.

WAP Traffic Distribution

The WAP traffic distribution function is designed to distribute the HTTP flow through the WAP gateway to relieve the traffic.

As shown in the topology above, the device that enabled WAP traffic distribution is deployed in front of the WAP server. When the HTTP traffic goes through the device, the system analyzes the traffic, and then distributes the flow to the WAP gateway or the Internet according to the configuration of the device. Normally, you will want to distribute your business service traffic to the WAP gateway, and allocate other traffic (e.g. Internet surfing or downloading) to the Internet.

The WAP traffic distribution function adopts a policy-based route rule. When the HTTP traffic of an interface matches a policy-based route rule, system will distribute the traffic to the specified next-hop IP address according to the PBR rule. For the traffic distributed to the Internet, you need to enable the IP replacement function. Because the original destination is the WAP gateway address, to enable accessibility, translating the original address to the actual destination is necessary.

To configure WAP traffic distribution, take the following steps:

  • Enabling WAP traffic distribution.
  • Configuring a DNS Server.

  • Creating Host-book.

  • Creating a Policy-based Route Rule.

  • Checking WAP traffic distribution statistics.

Enabling WAP Traffic Distribution

To enable WAP traffic distribution on a specified interface, take the following steps:

  1. Select Network > Interface and double click the interface you want.
  2. Under the Basic tab, select the check box of WAP traffic distribution. For more information about the Host-book, see Configuring an Interface.

Configuring a DNS Server

The DNS server can be used to analyze the real destination IP address. For more information about the DNS server, see "DNS" on page 76. A domain name can correspond to multiple IP addresses, so system can only support the first IP address that is analyzed.

Creating Host Book

To use the WAP traffic distribution function, you need to add a host book into the policy-based route rule. When the HTTP traffic matches the policy-based route rule, system will distribute the traffic to the WAP gateway or the Internet according to the PBR rule and whether the domain entry matches. For more information about the Host-book, see Host Book.

Creating a Policy-based Route Rule

To apply the host book domain entry in the policy-based route rule, bind the policy-based route rule to the interface that enabled the WAP traffic distribution function. For more information about the policy-based route, see Policy-based Route.

Video Streaming Redirection

You can redirect HTTP video streaming to a designated link to ensure a better streaming speed. The configuration of video streaming redirection combines multiple modules. The configuration logic is introduced here.

To configure video streaming redirection, take the following steps:

  1. Configuring application identification: set up traffic control based on the data type.

  2. Enabling video streaming redirection: enable WAP traffic distribution and assign the port number used for certain website's HTTP video. IP replacement is not needed.

  3. Configuring PBR: Create a policy based route and adding the APP or services for video streaming, then binding this route rule to the interface which enables video streaming redirection.