42-4
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 42 Configuring Policy-Based Routing
Policy-Based Routing
If the set ip next-hop command is not available then the set ip next-hop recursive command is applied.
If the set ip recursive-next-hop and the set interface command are not present, then the packet is routed
using the default routing table; it is not dropped. If the packet is required to be dropped, use the set
next-hop recursive command followed by a set interface null0 configuration command.
Load Balancing with Recursive Next Hop
If multiple equal-cost routes to the subnet have been configured by the set ip next-hop recursive
command, load balancing will occur only if all the adjacencies to the routes are resolved. If any of the
adjacencies have not been resolved, then load balancing will not happen and only one of the routes whose
adjacency is resolved will be used. If none of the adjacencies are resolved, then packets will be processed
in software, resulting in at least one of the adjacencies to be resolved and programmed in hardware. PBR
relies on routing protocols or other means to resolve all adjacencies and make load balancing happen.
Packet Matching Criteria
Access Control Lists (ACLs) define the allowed match criteria for packets. Each ACL is applied to
incoming packets in a certain order, stopping only when the packet characteristics match the ACL being
applied. Unlike policy maps, route maps do not support the "match any" match semantics.
IPv6 packets are matched via a match ipv6 address statement in the associated PBR route-map. IPv6
PBR requires IPv6 ACL, although the statement may specify either an IPv6 ACL or an IPv6 Prefixlist,
Packets are matched using the following criteria:
• Input interface
• Source IPv4/IPv6 Address (Prefixlist/Standard/Extended ACL)
• Destination IPv4/IPv6 Address (Standard/Extended ACL)
• Protocol (Extended ACL)
• Source Port and Destination Port (Extended ACL)
• DSCP (Extended ACL)
• Flow-label (Extended ACL)
• Fragment (Extended ACL)
PBR Route-Map Processing Logic Example
Consider a route map called rm-test defined as follows:
access-list 101 permit tcp host 61.1.1.1 host 133.3.3.1 eq 101
access-list 102 deny tcp host 61.1.1.1 host 133.3.3.1 eq 102
access-list 2102 permit tcp host 61.1.1.1 host 133.3.3.1 eq 102
access-list 104 deny tcp host 61.1.1.1 host 133.3.3.1 eq 104
access-list 2104 permit tcp host 61.1.1.1 host 133.3.3.1 eq 104
access-list 105 permit tcp host 61.1.1.1 host 133.3.3.1 eq 105
route-map rm-test permit 21
match ip address 101
set ip next-hop 21.1.1.1
!
route-map rm-test permit 22
match ip address 102
set ip next-hop 22.2.2.1
To Next Page
Loading...
