Policy-based routing
NOTE: You must have an advanced features license to use policy-based routing.
Policy-based routing (PBR) allows users to define the next hop for packets based on the packetʼs source or destination IP addresses. You can specify the virtual routing and forwarding (VRF) instance that the next hop belongs to or the default VRF instance is used. You can assign the next hop to a next-hop group to use equal-cost multi-path (ECMP) routing.
Configuring policy-based routing
config router policy
config nexthop-group
edit <name_of_next-hop_group>
config nexthop
edit <configuration_identifier>
set nexthop-ip <IPv4_address>
set nexthop-vrf-name <VRF_name>
next
end
next
end
config pbr-map
edit <PBR_map_name>
set comments <string>
config rule
edit <rule_sequence_number>
set src <IPv4_address_mask>
set dst <IPv4_address_mask>
set nexthop-ip <IPv4_address>
set nexthop-vrf-name <VRF_name>
set nexthop-group name <next-hop_group_name>
next
end
next
end
config interface
edit <interface_name>
set pbr-map-name <PBR_policy_map_name>
next
end
end
Variable |
Description |
|
config nexthop-group | Configure the next-hop group using equal-cost multi-path (ECMP) routing. | |
<name_of_next-hop_group> | Enter the name of the next-hop group. | No default |
config nexthop | Configure the next hop. | |
<configuration_identifier> | Enter the configuration identifier. | No default |
nexthop-ip <IPv4_address> | Enter the IPv4 address of the next hop. | 0.0.0.0 |
nexthop-vrf-name <VRF_name> | Enter the virtual routing and forwarding (VRF) instance name. | No default |
config pbr-map | Configure the policy-based routing (PBR) map . | |
<PBR_map_name> | Enter the name of the PBR map. | No default |
comments <string> | Enter a descriptive comment. | No default |
config rule | Configure the PBR rule. | |
<rule_sequence_number> | Enter a rule identifier. The range of values is 1-10000. | No default |
src <IPv4_address_mask> | Enter the source IPv4 address and mask. | 0.0.0.0 0.0.0.0 |
dst <IPv4_address_mask> | Enter the destination IPv4 address and mask. | 0.0.0.0 0.0.0.0 |
nexthop-ip <IPv4_address> | Enter the IPv4 address of the next hop. | 0.0.0.0 |
nexthop-vrf-name <VRF_name> | Enter the name of the VRF instance that the next-hop address belongs to. If the name is not specified, the default VRF is used. | No default |
nexthop-group name <next-hop_group_name> | Enter the next-hop group name. This setting is used for ECMP. | No default |
config interface | Configure the interface. | |
<interface_name> | Enter the name of the interface to configure. | No default |
pbr-map-name <PBR_map_name> | Enter the name of the PBR map. The PBR map is created with the config pbr-map command. |
No default |
Example
This example creates the “pbrmap1” policy for vlan10, which is an ingress switch virtual interface (SVI). The policy has three rules:
- Rule 1 finds packets with a source address of 22.1.1.0/24 and forwards them to the next hop, 12.1.1.2, which belongs to the default VRF instance.
- Rule 2 finds packets with a destination address of 33.1.1.0/24 and forwards them to the ECMP route with the two next-hop IP addresses in the next-hop group . Both next hops belong to the default VRF instance.
- Rule 3 finds packets with a destination address of 11.1.1.0/24 and forwards them to the next hop, 13.1.1.2, which belongs to the “vrfv4” VRF instance.
config router policy
config nexthop-group
edit "nhgroup1"
config nexthop
edit 1
set nexthop-ip 12.1.1.4
next
edit 2
set nexthop-ip 12.1.1.5
next
end
next
end
config pbr-map
edit "pbrmap1"
config rule
edit 1
set src 22.1.1.0 255.255.255.0
set nexthop-ip 12.1.1.2
next
edit 2
set dst 33.1.1.0 255.255.255.0
set nexthop-group-name "nhgroup1"
next
edit 3
set src 11.1.1.0 255.255.255.0
set nexthop-ip 13.1.1.2
set nexthop-vrf-name "vrfv4"
next
end
next
end
config interface
edit "vlan10"
set pbr-map-name "pbrmap1"
next
end
end
Checking the PBR configuration
Use the following command get information about the specified PBR rule. If the PBR rule is not specified , all rules are returned.
get router info pbr map ["<map-name> <sequence-number> <interface-name>"]
For example:
get router info pbr map "pbrmap1 1 vlan10"
Use the following command to get information about the PBR next-hop group:
get router info pbr nexthop-group