297
Configuring PBR
Introduction to PBR
Policy-based routing (PBR) uses user-defined policies to route packets. A policy can specify the next hop,
output interface, default next hop, default output interface, and other parameters for packets that match
specific criteria such as ACLs or that have specific lengths.
A device forwards received packets using the following process:
1. The device uses PBR to forward matching packets.
2. If the packets do not match the PBR policy or the PBR-based forwarding fails, the device uses the
routing table, excluding the default route, to forward the packets.
3. If the routing table-based forwarding fails, the device uses the default next hop or default output
interface defined in PBR to forward packets.
4. If the default next hop or default output interface-based forwarding fails, the device uses the default
route to forward packets.
PBR includes local PBR and interface PBR:
• Local PBR guides the forwarding of locally generated packets, such as the ICMP packets generated
by using the ping command.
• Interface PBR guides the forwarding of packets received on an interface only.
Policy
A policy comprises match criteria and actions to be taken on the matching packets. A policy can have
one or multiple nodes as follows:
• Each node is identified by a node number. A smaller node number has a higher priority.
• A node comprises if-match and apply clauses. An if-match clause specifies a match criterion, and
an apply clause specifies an action.
• A node has a match mode of permit or deny.
A policy matches nodes in priority order against packets. If a packet satisfies the match criteria on a node,
it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the packet
does not match the criteria on any node, it is forwarded according to the routing table.
if-match clause
PBR supports the following types of if-match clauses:
• if-match acl—Sets an ACL match criterion.
• if-match packet-length—Sets a packet length match criterion.
You can specify multiple if-match clauses for a node, but only one if-match clause of each type at most.
A packet that satisfies all the if-match clauses of a node matches the node.
To Next Page
Loading...
Need help?
General