Home > Articles > Cisco > CCNP Routing and Switching

This chapter is from the book

Implementing Path Control Using Policy-Based Routing

Chapter 4 describes route maps and how you can use them for route filtering. This section describes another use for route maps, with PBR. PBR enables the administrator to define a routing policy other than basic destination-based routing using the routing table. With PBR, route maps can be used to match source and destination addresses, protocol types, and end-user applications. When a match occurs, a set command can be used to define items, such as the interface or next-hop address to which the packet should be sent.

Using PBR to Control Path Selection

In modern high-performance internetworks, organizations need the freedom to implement packet forwarding and routing according to their own defined policies in a way that goes beyond traditional routing protocol concerns.

Routers normally forward packets to destination addresses based on information in their routing tables. By using PBR, introduced in Cisco IOS Release 11.0, you can implement policies that selectively cause packets to take different paths based on source address, protocol types, or application types. Therefore, PBR overrides the router's normal routing procedures.

PBR also provides a mechanism to mark packets with different types of service (ToS). This feature can be used in conjunction with Cisco IOS queuing techniques so that certain kinds of traffic can receive preferential service.

PBR provides an extremely powerful, simple, and flexible tool to implement solutions in cases where legal, contractual, or political constraints dictate that traffic be routed through specific paths. Benefits you can achieve by implementing PBR include the following:

  • Source-based transit provider selection—ISPs and other organizations can use PBR to route traffic originating from different sets of users through different Internet connections across policy routers.
  • QoS—Organizations can provide QoS to differentiated traffic by setting the ToS values in the IP packet headers in routers at the periphery of the network and then leveraging queuing mechanisms to prioritize traffic in the network's core or backbone. This setup improves network performance by eliminating the need to classify the traffic explicitly at each WAN interface in the network's core or backbone.
  • Cost savings—Using PBR, an organization can direct the bulk traffic associated with a specific activity to use a higher-bandwidth, high-cost link for a short time and to continue basic connectivity over a lower-bandwidth, low-cost link for interactive traffic.
  • Load sharing—In addition to the dynamic load-sharing capabilities offered by destination-based routing that the Cisco IOS Software has always supported, network managers can implement policies to distribute traffic among multiple paths based on the traffic characteristics.

Configuring PBR

Configuring PBR involves configuring a route map with match and set commands and then applying the route map to the interface.

When configuring PBR, it is important to note that PBR is applied to incoming packets. Enabling PBR causes the router to evaluate all packets incoming on the interface using a route map configured for that purpose.

The steps required to implement path control include the following:

  1. Choose the path control tool to use. Path control tools manipulate or bypass the IP routing table. For PBR, route-map commands are used.
  2. Implement the traffic-matching configuration, specifying which traffic will be manipulated; match commands are used within route maps.
  3. Define the action for the matched traffic, using set commands within route maps.
  4. Optionally, fast-switched PBR or Cisco Express Forwarding (CEF)-switched PBR can be enabled. Fast-switched PBR must be enabled manually. CEF-switched PBR is automatically enabled when CEF switching is enabled (which it is by default in recent IOS versions) and PBR is enabled.
  5. Apply the route map to incoming traffic or to traffic locally generated on the router.
  6. Verify path control results, using show commands.

You can configure the route map statements used for PBR as permit or deny. The following defines how these options work:

  • If the statement is marked as deny, a packet meeting the match criteria is not policy-based routed. Instead, it is sent through the normal forwarding channels; in other words, destination-based routing is performed.
  • Only if the statement is marked as permit and the packet meets all the match criteria are the set commands applied.
  • If no match is found in the route map, the packet is not dropped; it is forwarded through the normal routing channel, which means that destination-based routing is performed.
  • If you do not want to revert to normal forwarding but instead want to drop a packet that does not match the specified criteria, configure a set statement to route the packets to interface null 0 as the last entry in the route map.

PBR match Commands

IP standard or extended access lists can be used to establish PBR match criteria using the match ip address {access-list-number | name} [...access-list-number | name] | prefix-list prefix-list-name [..prefix-list-name] route map configuration command, as explained in Table 5-9. You can use a standard IP access list to specify match criteria for a packet's source address. You can use extended access lists to specify match criteria based on source and destination addresses, application, protocol type, and ToS.

Table 5-9. match ip address Command

Parameter

Description

access-list-number | name

The number or name of a standard or extended access list to be used to test incoming packets. If multiple access lists are specified, matching any one results in a match.

prefix-list prefix-list-name

Specifies the name of a prefix list to be used to test packets. If multiple prefix lists are specified, matching any one results in a match.

Use the match length min max route map configuration command, explained in Table 5-10, to establish criteria based on the packet length between specified minimum and maximum values. For example, a network administrator could use the match length as the criterion that distinguishes between interactive and file transfer traffic, because file transfer traffic usually has larger packet sizes.

Table 5-10. match length Command

Parameter

Description

min

The packet's minimum Layer 3 length, inclusive, allowed for a match

max

The packet's maximum Layer 3 length, inclusive, allowed for a match

PBR set Commands

If the match statements are satisfied, you can use one or more of the set statements described in this section to specify the criteria for forwarding packets through the router.

The router evaluates the first four set commands for PBR shown in this section in the order they are presented. As soon as a destination address or interface has been chosen, other set commands for changing the destination address or interface are ignored. Note, however, that some of these commands affect only packets for which there is an explicit route in the routing table, and others affect only packets for which there is no explicit route in the routing table.

By default, a packet that is not affected by any of the set commands in a route map statement it has matched is not policy routed and is forwarded normally; in other words, destination-based routing is performed.

set ip next-hop Command

The set ip next-hop ip-address [...ip-address] route map configuration command provides a list of IP addresses used to specify the adjacent next-hop router in the path toward the destination to which the packets should be forwarded. If more than one IP address is specified, the first IP address associated with a currently up and connected interface is used to route the packets. Table 5-11 explains the set ip next-hop command.

Table 5-11. set ip next-hop Command

Parameter

Description

ip-address

The IP address of the next hop to which packets are output. It must be the address of an adjacent router.

The set ip next-hop command affects all packet types and is always used if configured.

set interface Command

The set interface type number [... type number] route map configuration command provides a list of interfaces through which the packets can be routed. If more than one interface is specified, the first interface that is found to be up is used to forward the packets. Table 5-12 explains this command.

Table 5-12. set interface Command

Parameter

Description

type number

The interface type and number to which packets are output

If there is no explicit route for the destination address of the packet in the routing table (for example, if the packet is a broadcast or is destined for an unknown address), the set interface command has no effect and is ignored. A default route in the routing table is not considered an explicit route for an unknown destination address.

set ip default next-hop Command

The set ip default next-hop ip-address [...ip-address] route map configuration command provides a list of default next-hop IP addresses. If more than one IP address is specified, the first next hop specified that appears to be adjacent to the router is used. The optional specified IP addresses are tried in turn. Table 5-13 explains this command.

Table 5-13. set ip default next-hop Command

Parameter

Description

ip-address

The IP address of the next hop to which packets are output. It must be the address of an adjacent router.

A packet is routed to the next hop specified by the set ip default next-hop command only if there is no explicit route for the packet's destination address in the routing table. A default route in the routing table is not considered an explicit route for an unknown destination address.

set default interface Command

The set default interface type number [...type number] route map configuration command provides a list of default interfaces. If no explicit route is available to the destination address of the packet being considered for policy routing, it is routed to the first up interface in the list of specified default interfaces. Table 5-14 provides information about this command.

Table 5-14. set default interface Command

Parameter

Description

type number

The interface type and number to which packets are output.

A packet is routed to the next hop specified by the set default interface command only if there is no explicit route for the packet's destination address in the routing table. A default route in the routing table is not considered an explicit route for an unknown destination address.

PBR also provides a mechanism to mark packets using the set ip tos and set ip precedence commands, as shown in the next two sections.

set ip tos Command

The set ip tos [number | name] route map configuration command is used to set some of the bits in the IP ToS field in the IP packet. The ToS field in the IP header is 8 bits long, with 5 bits for setting the class of service (CoS) and 3 bits for the IP precedence. The CoS bits are used to set the delay, throughput, reliability, and cost.

The set ip tos command is used to set the 5 CoS bits. Values 0 through 15 are used (one of the bits is reserved). Table 5-15 provides the names and numbers of the defined ToS values used in this command.

Table 5-15. set ip tos Command

Parameter number | name

Description

0 | normal

Sets the normal ToS

1 | min-monetary-cost

Sets the min-monetary-cost ToS

2 | max-reliability

Sets the max reliable ToS

4 | max-throughput

Sets the max throughput ToS

8 | min-delay

Sets the min delay ToS

set ip precedence Command

The set ip precedence [number | name] route map configuration command enables you to set the 3 IP precedence bits in the IP packet header. With 3 bits, you have eight possible values for the IP precedence; values 0 through 7 are defined. This command is used when implementing QoS and can be used by other QoS services, such as weighted fair queuing (WFQ) and weighted random early detection (WRED). Table 5-16 provides the names and numbers of the defined IP precedence values used in this command.

Table 5-16. set ip precedence Command

Parameter number | name

Description

0 | routine

Sets the routine precedence

1 | priority

Sets the priority precedence

2 | immediate

Sets the immediate precedence

3 | flash

Sets the Flash precedence

4 | flash-override

Sets the Flash override precedence

5 | critical

Sets the critical precedence

6 | internet

Sets the internetwork control precedence

7 | network

Sets the network control precedence

You can use the set commands in conjunction with each other.

Configuring PBR on an Interface

To identify a route map to use for policy routing on an interface, use the ip policy route-map map-tag interface configuration command. Table 5-17 explains the parameter.

Table 5-17. ip policy route-map Command

Parameter

Description

map-tag

The name of the route map to use for policy routing. It must match a map tag specified by a route-map command.

Remember that policy-based routing is configured on the interface that receives the packets, not on the interface from which the packets are sent.

Packets originating on the router are not normally policy routed. Local policy routing enables packets originating on the router to take a route other than the obvious shortest path. To identify a route map to use for local policy routing, use the ip local policy route-map map-tag global configuration command. Table 5-18 explains the parameter. This command applies the specified route map to packets originating on the router.

Table 5-18. ip local policy route-map Command

Parameter

Description

map-tag

The name of the route map to use for local policy routing. It must match a map tag specified by a route-map command.

Since Cisco IOS Release 12.0, IP PBR can now be fast switched. Before this feature, policy routing could only be process switched, which meant that on most platforms, the switching rate was approximately 1000 to 10,000 packets per second. This was not fast enough for many applications. Users who need policy routing to occur at faster speeds can now implement policy routing without slowing down the router.

PBR must be configured before you configure fast-switched policy routing. Fast switching of policy routing is disabled by default. To enable it, use the ip route-cache policy interface configuration command.

Fast-switched PBR supports all the match commands and most of the set commands, except for the following restrictions:

  • The set ip default next-hop and set default interface commands are not supported.
  • The set interface command is supported only over point-to-point links unless a route-cache entry exists using the same interface specified in the set interface command in the route map. Also, when process switching, the routing table is checked to determine whether the interface is on an appropriate path to the destination. The software does not make this check during fast switching. Instead, if the packet matches, the software blindly forwards the packet to the specified interface.

Verifying PBR

To display the route maps used for policy routing on the router's interfaces, use the show ip policy EXEC command.

To display configured route maps, use the show route-map [map-name] EXEC command, where map-name is an optional name of a specific route map.

Use the debug ip policy EXEC command to display IP policy routing packet activity. This command shows in detail what policy routing is doing. It displays information about whether a packet matches the criteria and, if so, the resulting routing information for the packet.

To discover the routes that the packets follow when traveling to their destination from the router, use the traceroute EXEC command. To change the default parameters and invoke an extended traceroute, enter the command without a destination argument. You are then stepped through a dialog to select the desired parameters.

To check host reachability and network connectivity, use the ping EXEC command. You can use the ping command's extended command mode to specify the supported header options by entering the command without any arguments.

PBR Examples

This section provides three examples of PBR.

Using PBR When Connecting Two ISPs

In Figure 5-11, Router A provides Internet access for a private enterprise and is connected to two different ISPs. This router is advertising a 0.0.0.0 default route into the enterprise network to avoid large routing tables.

Figure 5-11

Figure 5-11 Router A Is Connected to Two ISPs.

Therefore, when traffic from the enterprise networks 10.1.0.0 and 10.2.0.0 reaches Router A, it can go to either ISP A or ISP B. The company prefers to have ISP A and ISP B receive approximately equal amounts of traffic. PBR is implemented on Router A to shape, or load balance, traffic from Router A to each of the ISPs. All traffic sourced from the 10.1.0.0 subnet is forwarded to ISP A if there is no specific route to the destination in the routing table (the default route is not used). All traffic sourced from the 10.2.0.0 subnet is forwarded to ISP B if there is no specific route to the destination in the routing table.

Example 5-14 shows the configuration for Router A. Route map equal-access is configured.

Example 5-14. Configuration of Router A in Figure 5-11

RouterA(config)#access-list 1 permit 10.1.0.0 0.0.255.255
RouterA(config)#access-list 2 permit 10.2.0.0 0.0.255.255

RouterA(config)#route-map equal-access permit 10
RouterA(config-route-map)#match ip address 1
RouterA(config-route-map)#set ip default next-hop 192.168.6.6

RouterA(config-route-map)#route-map equal-access permit 20
RouterA(config-route-map)#match ip address 2
RouterA(config-route-map)#set ip default next-hop 172.16.7.7

RouterA(config-route-map)#route-map equal-access permit 30
RouterA(config-route-map)#set default interface null0
RouterA(config-route-map)#exit
RouterA(config)#interface FastEthernet 0/0
RouterA(config-if)#ip address 10.1.1.1 255.255.255.0
RouterA(config-if)#ip policy route-map equal-access
RouterA(config-if)#exit
RouterA(config)#interface Serial 0/0/0
RouterA(config-if)#ip address 192.168.6.5 255.255.255.0
RouterA(config-if)#exit
RouterA(config)#interface Serial 0/0/1
RouterA(config-if)#ip address 172.16.7.6 255.255.255.0

The ip policy route-map equal-access command is applied to the Fast Ethernet 0/0 interface, the incoming interface receiving the packets to be policy-routed.

Sequence number 10 in route map equal-access is used to match all packets sourced from any host in subnet 10.1.0.0. If there is a match, and if the router has no explicit route for the packet's destination, it is sent to next-hop address 192.168.6.6 (ISP A's router).

Sequence number 20 in route map equal-access is used to match all packets sourced from any host in subnet 10.2.0.0. If there is a match, and if the router has no explicit route for the packet's destination, it is sent to next-hop address 172.16.7.7 (ISP B's router).

Sequence number 30 in route map equal-access is used to drop all traffic not sourced from subnet 10.1.0.0 or 10.2.0.0. The null 0 interface is a route to nowhere; traffic is dropped.

The outputs shown in Examples 5-15, 5-16, and 5-17 are from Router A in Figure 5-11. Example 5-15 provides an example of show ip policy command output, indicating that the route map called equal-access is used for PBR on the router's Fast Ethernet 0/0 interface.

Example 5-15. show ip policy on Router A in Figure 5-11

RouterA#show ip policy
Interface          Route map
FastEthernet0/0   equal-access

Example 5-16 provides an example of show route-map command output, indicating that three packets have matched sequence 10 of the equal-access route map.

Example 5-16. show route-map on Router A in Figure 5-11

RouterA#show route-map
route-map equal-access, permit, sequence 10
  Match clauses:
    ip address (access-lists): 1
  Set clauses:
    ip default next-hop 192.168.6.6
Policy routing matches: 3 packets, 168 bytes
route-map equal-access, permit, sequence 20
  Match clauses:
    ip address (access-lists): 2
  Set clauses:
    ip default next-hop 172.16.7.7
route-map equal-access, permit, sequence 30
Set clauses:
    default interface null0

Example 5-17 provides an example of the debug ip policy command output. The output indicates that a packet from 10.1.1.1 destined for 172.19.1.1 has been received on interface Fast Ethernet 0/0 and that it is policy-routed on Serial 0/0/0 to next hop 192.168.6.6 (because the source address of 10.1.1.1 matches line 10 of route map equal-access).

Example 5-17. debug ip policy on Router A in Figure 5-11

RouterA#debug ip policy
Policy routing debugging is on

11:51:25: IP: s=10.1.1.1 (FastEthernet0/0), d=172.19.1.1, len 100, policy match

 11:51:25: IP: route map equal-access, item 10, permit
11:51:25: IP: s=10.1.1.1 (FastEthernet0/0), d=172.19.1.1 (Serial0/0/0), len 100,
 policy routed                                             

 11:51:25: IP: FastEthernet0/0/0 to Serial0/0/0 192.168.6.6

Using PBR Based on Source Address

In Figure 5-12, Router A has a policy that packets with a source address of 192.168.2.1 (on the other side of Router B) should go out to Router C's interface Serial 0/0/1, 172.17.1.2 (via Router A's S0/0/1 interface). All other packets should be routed according to their destination address. Example 5-18 shows the relevant part of the configuration for Router A.

Figure 5-12

Figure 5-12 Router A Has a Policy That Packets from 192.168.2.1 Go to Router C's Interface S0/0/1.

Example 5-18. Configuration of Router A in Figure 5-12

RouterA(config)#interface Serial0/0/2
RouterA(config-if)#ip address 172.16.1.2 255.255.255.0
RouterA(config-if)#ip policy route-map test
RouterA(config-if)#route-map test permit 10
RouterA(config-route-map)#match ip address 1
RouterA(config-route-map)#set ip next-hop 172.17.1.2
RouterA(config-route-map)#exit
RouterA(config)#access-list 1 permit 192.168.2.1 0.0.0.0

Router A's Serial 0/0/2 interface, where packets from 192.168.2.1 go into Router A, is configured to do policy routing with the ip policy route-map command. The route map test is used for this policy routing. It tests the IP addresses in packets against access list 1 to determine which packets will be policy-routed.

Access list 1 specifies that packets with a source address of 192.168.2.1 are policy routed. Packets that match access list 1 are sent to the next-hop address 172.17.1.2, which is Router C's Serial 0/0/1 interface. All other packets are forwarded normally, according to their destination address. (Recall that access lists have an implicit deny any at the end, so no other packets are permitted by access list 1.)

The outputs shown in Examples 5-19, 5-20, and 5-21 are from Router A in Figure 5-12. Example 5-19 provides an example of the show ip policy command output. It indicates that the route map called test is used for policy routing on the router's interface Serial 0/0/2.

Example 5-19. show ip policy Output on Router A in Figure 5-12

RouterA#show ip policy
Interface            Route map
Serial0/0/2          test

The show route-map command, shown in Example 5-20, indicates that three packets have matched sequence 10 of the test route map.

Example 5-20. show route-map Output on Router A in Figure 5-12

RouterA#show route-map
route-map test, permit, sequence 10
  Match clauses:
    ip address (access-lists): 1
  Set clauses:
    ip next-hop 172.17.1.2
Policy routing matches: 3 packets, 168 bytes

Example 5-21 provides an example of the output of the debug ip policy command. The output indicates that a packet from 172.16.1.1 destined for 192.168.1.1 was received on interface Serial 0/0/2 and that it was rejected by the policy on that interface. The packet is routed normally (by destination). Another packet, from 192.168.2.1 destined for 192.168.1.1, was later received on the same interface, Serial 0/0/2. This packet matched the policy on that interface and therefore was policy routed and sent out interface Serial 0/0/1 to 172.17.1.2.

Example 5-21. Example of debug ip policy on Router A in Figure 5-12

RouterA#debug ip policy
Policy routing debugging is on

...
11:50:51: IP: s=172.16.1.1 (Serial0/0/2), d=192.168.1.1 (Serial0/0/3), len 100,
policy rejected — normal forwarding
...
11:51:25: IP: s=192.168.2.1 (Serial0/0/2), d=192.168.1.1, len 100, policy match

 11:51:25: IP: route map test, item 10, permit
11:51:25: IP: s=192.168.2.1 (Serial0/0/2), d=192.168.1.1 (Serial0/0/1), len 100,
  policy routed

 11:51:25: IP: Serial0/0/2 to Serial0/0/1 172.17.1.2

Alternative Solution IP SLAs Configuration Example Using PBR

This section presents an alternative solution to the configuration of the R3 router in Figure 5-10 given earlier in this chapter in the "Examples of Path Control Using Cisco IOS IP SLAs" section. A partial configuration is shown in Example 5-22, providing just the configuration for reachability to the R1 router. Explanatory comments are provided within the configuration. (Configuration for reachability to the R2 router would be similar.) Using PBR allows the configuration to be very granular, to support other options. In this example, PBR points to a next-hop address that is tracked via Cisco IOS IP SLAs.

Example 5-22. Partial Alternative Configuration for Router R3 in Figure 5-10

!Configure the object to be tracked; object 1 will be up if the router
!can ping 10.0.8.1
ip sla 99
  icmp-echo 10.0.8.1
    frequency 10
    timeout 5000
ip sla schedule 99 start-time now life forever
!
track 1 rtr 99 reachability
!
!Enable policy routing using route map IP-SLA
interface FastEthernet 0/0
  ip address 10.2.8.1 255.255.255.0
  ip policy route-map IP-SLA
!
!Configure a route-map to set the next-hop to 192.168.2.1 (R1) if
! object 1 is up. If object 1 is down, then policy routing fails
! and unicast routing will route the packet.
route-map IP-SLA
  set ip next-hop verify-availability 192.168.2.1 10 track 1

This configuration uses the set ip next-hop verify-availability [next-hop-address sequence track object] route-map configuration command to configure policy routing to verify the reachability of the next hop of a route map before the router performs policy routing to that next hop. Table 5-19 explains the parameters of this command.

Table 5-19. set ip next-hop verify-availability Command

Parameter

Description

next-hop-address

(Optional) IP address of the next hop to which packets will be forwarded.

sequence

(Optional) Sequence of next hops. The acceptable range is from 1 to 65535.

track

(Optional) The tracking method is track.

object

(Optional) Object number that the tracking subsystem is tracking. The acceptable range is from 1 to 500.

Because of the use of route maps, this type of configuration allows you more granularity to define, via access lists or prefix lists, which traffic classes will be subject to changes based on the results of the object tracking. For example routes for voice, mission-critical data, and other traffic types could be changed.

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Pearson IT Certification products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by Adobe Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.pearsonitcertification.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020