Configuring Policy Based Routing
This chapter describes how to configure policy based routing on the Cisco NX-OS device.
This chapter includes the following sections:
Information About Policy Based Routing
Policy-based routing allows you to configure a defined policy for IPv4 and IPv6 traffic flows, lessening reliance on routes derived from routing protocols. All packets received on an interface with policy-based routing enabled are passed through enhanced packet filters or route maps. The route maps dictate the policy, determining where to forward packets.
Route maps are composed of match and set statements that you can mark as permit or deny. You can interpret the statements as follows:
- If the packets match any route map statements, all the set statements are applied. One of these actions involves choosing the next hop.
- If the statement is marked as permit and the packets do not match any route-map statements, the packets are sent back through the normal forwarding channels and destination-based routing is performed.
For more information, see the “Route Maps” section.
Policy-based routing includes the following features:
- Source-based routing—Routes traffic that originates from different sets of users through different connections across the policy routers.
This section includes the following topics:
Policy Route Maps
Each entry in a route map contains a combination of match and set statements. The match statements define the criteria for whether appropriate packets meet the particular policy (that is, the conditions to be met). The set clauses explain how the packets should be routed once they have met the match criteria.
You can mark the route-map statements as permit or deny. If the statement is marked as a deny, the packets that meet the match criteria are sent back through the normal forwarding channels (destination-based routing is performed). If the statement is marked as permit and the packets meet the match criteria, all the set clauses are applied. If the statement is marked as permit and the packets do not meet the match criteria, those packets are also forwarded through the normal routing channel.
Note Policy routing is specified on the interface that receives the packets, not on the interface from which the packets are sent.
Set Criteria for Policy-Based Routing
The set criteria in a route map is evaluated in the order listed in the route map. Set criteria specific to route maps used for policy-based routing are as follows:
- List of specified IP addresses—The IP address can specify the adjacent next-hop router in the path toward the destination to which the packets should be forwarded. The first IP address associated with a connected interface that is currently up is used to route the packets.
If the packets do not meet any of the defined match criteria, the packets are routed through the normal destination-based routing process.
Licensing Requirements for Policy-Based Routing
The following table shows the licensing requirements for this feature:
|
|
Cisco NX-OS |
Policy-based routing requires an Enterprise Services license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide. |
Prerequisites for Policy-Based Routing
Policy-based routing has the following prerequisites:
- Install the correct license.
- You must enable policy-based routing (see the “Enabling the Policy-Based Routing Feature” section).
- Assign an IP address on the interface and bring the interface up before you apply a route map on the interface for policy-based routing.
Guidelines and Limitations for Policy-Based Routing
Policy-based routing has the following configuration guidelines and limitations:
- A policy-based routing route map can have only one match or set statement per route-map statement.
- A match command can refer to only one ACL in a route map used for policy-based routing.
- An ACL used in a policy-based routing route map cannot include a deny statement.
- The same route map can be shared among different interfaces for policy-based routing as long as the interfaces belong to the same virtual routing and forwarding (VRF) instance.
- Setting a tunnel interface or an IP address via a tunnel interface as a next hop in a policy-based routing policy is not supported.
- The Cisco Nexus 6000 does not support multi-sequence configuration in policy-based routing.
- The Cisco Nexus 6000 does not support policy-based routing over Equal Cost Multi-Path (ECMP).
Default Settings
Table 1-1 lists the default settings for policy-based routing parameters.
Table 1-1 Default Policy-based Routing Parameters
|
|
Policy-based routing |
Disabled |
Configuring Policy-Based Routing
This section includes the following topics:
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Enabling the Policy-Based Routing Feature
You must enable the policy-based routing feature before you can configure a route policy.
SUMMARY STEPS
1. configure terminal
2. feature pbr
3. (Optional) show feature
4. (Optional) copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters configuration mode. |
Step 2 |
feature pbr Example: switch(config)# feature pbr |
Enables the policy-based routing feature. |
Step 3 |
show feature Example: switch(config)# show feature |
(Optional) Displays enabled and disabled features. |
Step 4 |
copy running-config startup-config Example: switch(config)# copy running-config startup-config |
(Optional) Saves this configuration change. |
Use the no feature pbr command to disable the policy-based routing feature and remove all associated configuration.
|
|
no feature pbr Example: switch(config)# no feature pbr |
Disables policy-based routing and removes all associated configuration. |
Configuring a Route Policy
You can use route maps in policy-based routing to assign routing policies to the inbound interface. See the “Configuring Route Maps” section.
SUMMARY STEPS
1. configure terminal
2. interface type slot/port
3. ip policy route-map map - name
or
ipv6 policy route-map map - nam
4. (Optional) exit
5. (Optional) exit
6. (Optional) copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1 |
configure terminal Example: switch# configure terminal switch(config)# |
Enters configuration mode. |
Step 2 |
interface type slot/port Example: switch(config)# interface ethernet 1/2 switch(config-if)# |
Enters interface configuration mode. |
Step 3 |
ip policy route-map map-name Example: switch(config-if)# ip policy route-map Testmap |
Assigns a route map for IPv4 policy-based routing to the interface. |
ipv6 policy route-map map-name Example: switch(config-if)# ipv6 policy route-map TestIPv6map |
Assigns a route map for IPv6 policy-based routing to the interface. |
Step 4 |
exit Example : switch(config-route-map)# exit |
(Optional) Exits route-map configuration mode. |
Step 5 |
exit Example : switch(config)# exit |
(Optional) Exits global configuration mode. |
Step 6 |
copy running-config startup-config Example: switch# copy running-config startup-config |
(Optional) Saves this configuration change. |
This example shows how to add a route map to an interface:
switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# ip policy route-map Testmap
switch(config)# exit
switch(config)# copy running-config startup-config
You can configure the following optional match parameters for route maps in route-map configuration mode:
|
|
match ip address acess-list- name Example: switch(config-route-map)# match ip address ACL1 |
Matches an IPv4 address against an IP access control list (ACL). This command is used for policy-based routing and is ignored by route filtering or redistribution. |
match ipv6 address acess-list- name Example: switch(config-route-map)# match ipv6 address ACLv6 |
Matches an IPv6 address against an IPv6 ACL. This command is used for policy-based routing and is ignored by route filtering or redistribution. |
You can configure the following optional set parameters for route maps in route-map configuration mode:
|
|
set ip next-hop address1 [ address2... ] Example: switch(config-route-map)# set ip next-hop 192.0.2.1 |
Sets the IPv4 next-hop address for policy-based routing. This command uses the first valid next-hop address if multiple addresses are configured. |
set ipv6 next-hop address1 [ address2... ] Example: switch(config-route-map)# set ipv6 next-hop 2001:0DB8::1 |
Sets the IPv6 next-hop address for policy-based routing. This command uses the first valid next-hop address if multiple addresses are configured. |
set interface { null0 } Example: switch(config-route-map)# set interface null0 |
Sets the interface used for routing. Use the null0 interface to drop packets. |
Cisco Nexus 6000 routes the packet as soon as it finds a next hop and an interface.
Verifying the Policy-Based Routing Configuration
To display policy-based routing configuration information, perform one of the following tasks:
|
|
show [ip | ipv6] policy [name] |
Displays information about an IPv4 or IPv6 policy. |
show route-map [name] pbr-statistics |
Displays policy statistics. |
Use the route-map map-name pbr-statistics to enable policy statistics. Use the clear route-map map-name pbr-statistics to clear these policy statistics
Configuration Examples for Policy-Based Routing
This example shows how to configure a simple route policy on an interface:
ip access-list pbr-sample
permit tcp host 10.1.1.1 host 192.168.2.1 eq 80
match ip address pbr-sample
set ip next-hop 192.168.1.1
route-map pbr-sample pbr-statistics
ip policy route-map pbr-sample
The following output verifies this configuration:
switch# show route-map pbr-sample
route-map pbr-sample, permit, sequence 10
ip address (access-lists): pbr-sample
switch# show route-map pbr-sample pbr-statistics
route-map pbr-sample, permit, sequence 10
Policy routing matches: 84 packets
Related Topics
The following topics can give more information on Policy Based Routing:
Additional References
For additional information related to implementing IP, see the following sections:
Related Documents
|
|
Policy-based routing CLI commands |
Cisco Nexus 6000 Series NX-OS Unicast Routing Command Reference, Release 6.x |
Standards
|
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
— |