Cisco Nexus 6000 Series NX-OS Unicast Routing Configuration Guide, Release 6.x
Configuring Policy Based Routing
Downloads: This chapterpdf (PDF - 242.0KB) The complete bookPDF (PDF - 5.5MB) | Feedback

Configuring Policy Based Routing

Table Of Contents

Configuring Policy Based Routing

Information About Policy Based Routing

Policy Route Maps

Set Criteria for Policy-Based Routing

Licensing Requirements for Policy-Based Routing

Prerequisites for Policy-Based Routing

Guidelines and Limitations for Policy-Based Routing

Default Settings

Configuring Policy-Based Routing

Enabling the Policy-Based Routing Feature

Configuring a Route Policy

Verifying the Policy-Based Routing Configuration

Configuration Examples for Policy-Based Routing

Related Topics

Additional References

Related Documents

Standards


Configuring Policy Based Routing


This chapter describes how to configure policy based routing on the Cisco NX-OS device.

This chapter includes the following sections:

Information About Policy Based Routing

Licensing Requirements for Policy-Based Routing

Prerequisites for Policy-Based Routing

Guidelines and Limitations for Policy-Based Routing

Default Settings

Configuring Policy-Based Routing

Verifying the Policy-Based Routing Configuration

Configuration Examples for Policy-Based Routing

Related Topics

Additional References

Information About Policy Based Routing

Policy-based routing allows you to configure a defined policy for IPv4 and IPv6 traffic flows, lessening reliance on routes derived from routing protocols. All packets received on an interface with policy-based routing enabled are passed through enhanced packet filters or route maps. The route maps dictate the policy, determining where to forward packets.

Route maps are composed of match and set statements that you can mark as permit or deny. You can interpret the statements as follows:

If the packets match any route map statements, all the set statements are applied. One of these actions involves choosing the next hop.

If the statement is marked as permit and the packets do not match any route-map statements, the packets are sent back through the normal forwarding channels and destination-based routing is performed.

For more information, see the "Route Maps" section.

Policy-based routing includes the following features:

Source-based routing—Routes traffic that originates from different sets of users through different connections across the policy routers.

This section includes the following topics:

Policy Route Maps

Set Criteria for Policy-Based Routing

Policy Route Maps

Each entry in a route map contains a combination of match and set statements. The match statements define the criteria for whether appropriate packets meet the particular policy (that is, the conditions to be met). The set clauses explain how the packets should be routed once they have met the match criteria.

You can mark the route-map statements as permit or deny. If the statement is marked as a deny, the packets that meet the match criteria are sent back through the normal forwarding channels (destination-based routing is performed). If the statement is marked as permit and the packets meet the match criteria, all the set clauses are applied. If the statement is marked as permit and the packets do not meet the match criteria, those packets are also forwarded through the normal routing channel.


Note Policy routing is specified on the interface that receives the packets, not on the interface from which the packets are sent.


Set Criteria for Policy-Based Routing

The set criteria in a route map is evaluated in the order listed in the route map. Set criteria specific to route maps used for policy-based routing are as follows:

List of specified IP addresses—The IP address can specify the adjacent next-hop router in the path toward the destination to which the packets should be forwarded. The first IP address associated with a connected interface that is currently up is used to route the packets.

If the packets do not meet any of the defined match criteria, the packets are routed through the normal destination-based routing process.

Licensing Requirements for Policy-Based Routing

The following table shows the licensing requirements for this feature:

Product
License Requirement

Cisco NX-OS

Policy-based routing requires an Enterprise Services license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.


Prerequisites for Policy-Based Routing

Policy-based routing has the following prerequisites:

Install the correct license.

You must enable policy-based routing (see the "Enabling the Policy-Based Routing Feature" section).

Assign an IP address on the interface and bring the interface up before you apply a route map on the interface for policy-based routing.

Guidelines and Limitations for Policy-Based Routing

Policy-based routing has the following configuration guidelines and limitations:

A policy-based routing route map can have only one match or set statement per route-map statement.

A match command can refer to only one ACL in a route map used for policy-based routing.

An ACL used in a policy-based routing route map cannot include a deny statement.

The same route map can be shared among different interfaces for policy-based routing as long as the interfaces belong to the same virtual routing and forwarding (VRF) instance.

Setting a tunnel interface or an IP address via a tunnel interface as a next hop in a policy-based routing policy is not supported.

The Cisco Nexus 6000 does not support multi-sequence configuration in policy-based routing.

Default Settings

Table 15-1 lists the default settings for policy-based routing parameters.

Table 15-1 Default Policy-based Routing Parameters 

Parameters
Default

Policy-based routing

Disabled


Configuring Policy-Based Routing

This section includes the following topics:

Enabling the Policy-Based Routing Feature

Configuring a Route Policy


Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.


Enabling the Policy-Based Routing Feature

You must enable the policy-based routing feature before you can configure a route policy.

SUMMARY STEPS

1. configure terminal

2. feature pbr

3. (Optional) show feature

4. (Optional) copy running-config startup-config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters configuration mode.

Step 2 

feature pbr

Example:

switch(config)# feature pbr

Enables the policy-based routing feature.

Step 3 

show feature

Example:

switch(config)# show feature

(Optional) Displays enabled and disabled features.

Step 4 

copy running-config startup-config

Example:

switch(config)# copy running-config startup-config

(Optional) Saves this configuration change.

Use the no feature pbr command to disable the policy-based routing feature and remove all associated configuration.

Command
Purpose

no feature pbr

Example:

switch(config)# no feature pbr

Disables policy-based routing and removes all associated configuration.


Configuring a Route Policy

You can use route maps in policy-based routing to assign routing policies to the inbound interface. See the "Configuring Route Maps" section.

SUMMARY STEPS

1. configure terminal

2. interface type slot/port

3. ip policy route-map map-name

or

ipv6 policy route-map map-nam

4. (Optional) exit

5. (Optional) exit

6. (Optional) copy running-config startup-config

DETAILED STEPS

 
Command
Purpose

Step 1 

configure terminal

Example:

switch# configure terminal

switch(config)#

Enters configuration mode.

Step 2 

interface type slot/port

Example:

switch(config)# interface ethernet 1/2

switch(config-if)#

Enters interface configuration mode.

Step 3 

ip policy route-map map-name

Example:

switch(config-if)# ip policy route-map Testmap

Assigns a route map for IPv4 policy-based routing to the interface.

ipv6 policy route-map map-name

Example:

switch(config-if)# ipv6 policy route-map TestIPv6map

Assigns a route map for IPv6 policy-based routing to the interface.

Step 4 

exit

Example:

switch(config-route-map)# exit

(Optional) Exits route-map configuration mode.

Step 5 

exit

Example:

switch(config)# exit

(Optional) Exits global configuration mode.

Step 6 

copy running-config startup-config

Example:

switch# copy running-config startup-config

(Optional) Saves this configuration change.

This example shows how to add a route map to an interface:

switch# configure terminal

switch(config)# interface ethernet 1/2

switch(config-if)# ip policy route-map Testmap

switch(config)# exit

switch(config)# copy running-config startup-config

 
   

You can configure the following optional match parameters for route maps in route-map configuration mode:

Command
Purpose

match ip address acess-list-name

Example:

switch(config-route-map)# match ip address ACL1

Matches an IPv4 address against an IP access control list (ACL). This command is used for policy-based routing and is ignored by route filtering or redistribution.

match ipv6 address acess-list-name

Example:

switch(config-route-map)# match ipv6 address ACLv6

Matches an IPv6 address against an IPv6 ACL. This command is used for policy-based routing and is ignored by route filtering or redistribution.


You can configure the following optional set parameters for route maps in route-map configuration mode:

Command
Purpose

set ip next-hop address1 [address2...]

Example:

switch(config-route-map)# set ip next-hop 192.0.2.1

Sets the IPv4 next-hop address for policy-based routing. This command uses the first valid next-hop address if multiple addresses are configured.

set ipv6 next-hop address1 [address2...]

Example:

switch(config-route-map)# set ipv6 next-hop 2001:0DB8::1

Sets the IPv6 next-hop address for policy-based routing. This command uses the first valid next-hop address if multiple addresses are configured.

set interface {null0}

Example:

switch(config-route-map)# set interface null0

Sets the interface used for routing. Use the null0 interface to drop packets.


Cisco Nexus 6000 routes the packet as soon as it finds a next hop and an interface.

Verifying the Policy-Based Routing Configuration

To display policy-based routing configuration information, perform one of the following tasks:

Command
Purpose

show [ip | ipv6] policy [name]

Displays information about an IPv4 or IPv6 policy.

show route-map [name] pbr-statistics

Displays policy statistics.


Use the route-map map-name pbr-statistics to enable policy statistics. Use the clear route-map map-name pbr-statistics to clear these policy statistics

Configuration Examples for Policy-Based Routing

This example shows how to configure a simple route policy on an interface:

feature pbr
ip access-list pbr-sample
  permit tcp host 10.1.1.1 host 192.168.2.1 eq 80
! 
route-map pbr-sample
 match ip address pbr-sample
 set ip next-hop 192.168.1.1
!
route-map pbr-sample pbr-statistics
 
   
 interface ethernet 1/2 
  ip policy route-map pbr-sample 
 
   

The following output verifies this configuration:

switch# show route-map pbr-sample
 
   
route-map pbr-sample, permit, sequence 10 
 Match clauses:
   ip address (access-lists): pbr-sample 
 Set clauses:
   ip next-hop 192.168.1.1 
 
   
switch# show route-map pbr-sample pbr-statistics
 
   
route-map pbr-sample, permit, sequence 10
 Policy routing matches: 84 packets
 
   

Related Topics

The following topics can give more information on Policy Based Routing:

Chapter 14 "Configuring Route Policy Manager"

Additional References

For additional information related to implementing IP, see the following sections:

Related Documents

Standards

Related Documents

Related Topic
Document Title

Policy-based routing CLI commands

Cisco Nexus 6000 Series NX-OS Unicast Routing Command Reference, Release 6.x


Standards

Standards
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.