Overview of Policy-based Routing

Policy-based routing enables the TCP/IP stack to make routing decisions that take into account criteria other than just the destination IP address/subnet. The additional criteria can include job name, source port, destination port, protocol type (TCP or UDP), source IP address, NetAccess security zone, and MLS security label. With policy-based routing, you define policies to select the network that will be used for outbound traffic based on the application originating the traffic. Examples of situations where policy-based routing would be useful:

  • Favoring high bandwidth links for batch traffic, while preferring low latency links for interactive traffic. If so, you define policies such that Telnet traffic will be routed over the low latency links, while FTP traffic will be routed over the high bandwidth links.
  • Defining a policy to ensure that traffic tagged with a particular security label/zone is routed to a secured network via an appropriate outbound interface.
  • Controlling the links used by Enterprise Extender traffic to keep that traffic from being impacted by other IP traffic loads.

Policy-based routing provides for using these additional routing criteria both for static routes and dynamic routing.

Static Routes
You can configure static routes using policy-based routing rather than using the BEGINROUTES configuration statements in PROFILE.TCPIP. With the BEGINROUTES configuration statement you are restricted to deciding the route based only on the destination IP address. Using policy-based routing you can configure static routes which use additional criteria (source address, ports, etc.) to decide the route.
Dynamic Routes
You can configure additional criteria to aid OMPROUTE in deciding which route to take. OMPROUTE uses industry standards to determine the shortest and best route based on the destination IP address. Using policy-based routing, you can supply OMPROUTE with the additional routing criteria provided by policy-based routing. For example, OMPROUTE may be aware of multiple routes to a specific destination. However, you might want to route your TN3270 traffic only over a specific link and router. Using policy-based routing you can provide this additional routing information to OMPROUTE.
Restrictions:
  • The following traffic will always be routed using the main route table, even when policy-based routing is in use:
    1. traffic using protocols other than TCP and UDP
    2. traffic being forwarded by the TCP/IP stack
  • If Common INET (CINET) is used to run multiple z/OS® Communications Server TCP/IP stacks concurrently, CINET has no knowledge of the policy-based route tables being used by those TCP/IP stacks. CINET only has knowledge of the routes in each TCP/IP stack's main route table. Avoid using policy-based routing in a CINET environment unless at least one of the following statements is true:
    • All applications establish affinity with a particular TCP/IP stack.
    • The routes in each TCP/IP stack route table are mutually exclusive with the routes on the other TCP/IP stacks, including the default route.