Table Of Contents
Configuring Policy-Based Routing
Information About Policy Based Routing
Policy Route Maps
Set Criteria for Policy-Based Routing
Licensing Requirements for Policy-Based Routing
Prerequisites for Policy-Based Routing
Guidelines and Limitations
Configuring Policy-Based Routing
Enabling the Policy-based Routing Feature
Configuring a Route Policy
Verifying Policy-Based Routing Configuration
Policy Based-Routing Example Configuration
Related Topics
Default Settings
Additional References
Related Documents
Standards
Configuring Policy-Based Routing
This chapter describes how to configure policy based routing.
This chapter includes the following sections:
•
Information About Policy Based Routing
•Licensing Requirements for Policy-Based Routing
•Prerequisites for Policy-Based Routing
•Guidelines and Limitations
•Configuring Policy-Based Routing
•Verifying Policy-Based Routing Configuration
•Policy Based-Routing Example Configuration
•Related Topics
•Default Settings
Information About Policy Based Routing
Policy-based routing allows you to configure a defined policy for traffic flows, lessening reliance on routes derived from routing protocols. All packets received on an interface with policy-based routing enabled are passed through enhanced packet filters or route maps. The route maps dictate the policy, determining where to forward packets.
Route maps are composed of match and set statements that you can mark as permit or deny. You an interpret the statements as follows:
•If the packets match any route map statements, then all the set statements are applied. One of these actions involves choosing the next hop.
•If a statement is marked as deny, the packets that meet the match criteria are sent back through the normal forwarding channels and destination-based routing is performed.
•If the statement is marked as permit and the packets do not match any route map statements, the packets are sent back through the normal forwarding channels and destination-based routing is performed.
See the "Route Maps" section on page 15-2.
Policy-based routing includes the following features:
•Source-based routing—Routes traffic originating from different sets of users through different connections across the policy routers.
•Quality of Service (QoS)—Differentiates traffic by setting the precedence or type of service (ToS) values in the IP packet headers at the periphery of the network and leveraging queuing mechanisms to prioritize traffic in the core or backbone of the network (see the Cisco Nexus 7000 Series NX-OS Quality of Service Configuration Guide, Release 4.0).
•Load sharing—Distributes traffic among multiple paths based on the traffic characteristics.
This section includes the following topics:
•Policy Route Maps
•Set Criteria for Policy-Based Routing
Policy Route Maps
Each entry in a route map contains a combination of match and set statements. The match statements define the criteria for whether appropriate packets meet the particular policy (that is, the conditions to be met). The set clauses explain how the packets should be routed once they have met the match criteria.
You can mark the route map statements as permit or deny. If the statement is marked as a deny, the packets that meet the match criteria are sent back through the normal forwarding channels (destination-based routing is performed). If the statement is marked as permit and the packets meet the match criteria, all the set clauses are applied. If the statement is marked as permit and the packets do not meet the match criteria, then those packets are also forwarded through the normal routing channel.
Note Policy routing is specified on the interface that receives the packets, not on the interface from which the packets are sent.
Set Criteria for Policy-Based Routing
The set criteria in a route map is evaluated in the order listed in the route map. Set criteria specific to route maps used for policy-based routing are as follows:
1. List of interfaces through which the packets can be routed—If more than one interface is specified, then the first interface that is found to be up will be used for forwarding the packets.
2. List of specified IP addresses—The IP address can specify the adjacent next-hop router in the path toward the destination to which the packets should be forwarded. The first IP address associated with a currently up connected interface is used to route the packets.
Note You can optionally configure the set criteria for next-hop addresses to load balance traffic across up to 16 IP addresses. In this case, Cisco NX-OS sends all traffic for each IP flow to a particular IP next-hop address.
3. List of default interfaces—If there is no explicit route available to the destination address of the packet being considered for policy routing, then the route map routes it to the first up interface in the list of specified default interfaces.
4. List of default next-hop IP addresses—Route to the interface or the next-hop address specified by this set statement only if there is no explicit route for the destination address of the packet in the routing table.
Note You can optionally configure the set criteria for the default next-hop addresses to load balance traffic across up to 16 IP addresses. In this case, Cisco NX-OS sends all traffic for each IP flow to a particular IP next-hop address.
If the packets do not meet any of the defined match criteria, then those packets are routed through the normal destination-based routing process.
Licensing Requirements for Policy-Based Routing
The following table shows the licensing requirements for this feature:
Product
|
License Requirement
|
NX-OS
|
Policy-based routing requires an Enterprise Services license. For a complete explanation of the NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco Nexus 7000 Series NX-OS Licensing Guide, Release 4.0.
|
Prerequisites for Policy-Based Routing
Policy-Based Routing has the following prerequisites:
•Install the correct license.
•You must enable the policy-based routing feature (see the "Enabling the Policy-based Routing Feature" section).
•Assign an IP address on the interface and bring the interface up before you apply a route map on the interface for policy-based routing.
•If you configure VDCs, install the Advanced Services license and enter the desired VDC (see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 4.0).
Guidelines and Limitations
Policy-based routing has the following guidelines and limitations:
•A policy-based routing route map can have only one route-map entry (with match and sets) in it.
•A policy-based routing route-map cannot have more than one match and one set command in a route-map entry.
•A match command cannot refer to more than one ACL in a route map used for policy-based routing.
•The same route map can be shared among different interfaces for policy-based routing as long as the interfaces belong to the same VRF.
Configuring Policy-Based Routing
This section contains the following topics:
•Enabling the Policy-based Routing Feature
•Configuring a Route Policy
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Enabling the Policy-based Routing Feature
You must enable the policy-based routing feature before you can configure a route policy.
BEFORE YOU BEGIN
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1. config t
2. feature pbr
3. copy running-config startup-config
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
config t
Example:
switch# config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
feature pbr
Example:
switch(config)# feature pbr
|
Enables the policy-based routing feature.
|
Step 3
|
copy running-config startup-config
Example:
switch(config)# copy running-config
startup-config
|
(Optional) Saves this configuration change.
|
Use the no feature pbr command to disable the policy-based routing feature and remove all associated configuration.
Command
|
Purpose
|
no feature pbr
Example:
switch(config)# no feature pbr
|
Disables the policy-based routing feature and removes all associated configuration.
|
Configuring a Route Policy
You can use route maps in policy-based routing to assign routing policies to the inbound interface. See "Configuring Route Maps" section on page 15-9.
SUMMARY STEPS
1. config t
2. interface type slot/port
3. ip policy route-map map-name
4. exit
5. copy running-config startup-config
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
config t
Example:
switch# config t
switch(config)#
|
Enters configuration mode.
|
Step 2
|
interface type slot/port
Example:
switch(config)# interface ethernet 1/2
switch(config-if)#
|
Enters interface configuration mode.
|
Step 3
|
ip policy route-map map-name
Example:
switch(config-if)# ip policy route-map
Testmap
|
Assigns a route map for IPv4 policy-based routing to the interface.
|
| |
ipv6 policy route-map map-name
Example:
switch(config-if)# ipv6 policy route-map
TestIPv6map
|
Assigns a route map for IPv6 policy-based routing to the interface.
|
Step 4
|
exit
Example:
switch(config-route-map)# exit
|
(Optional) Exits route-map configuration mode.
|
Step 5
|
copy running-config startup-config
Example:
switch(config)# copy running-config
startup-config
|
(Optional) Saves this configuration change.
|
The following example shows how to add a route map to an interface:
switch# config t
switch(config)# interface ethernet 1/2
switch(config-if)# ip policy route-map Testmap
switch(config)# exit
switch(config)# copy running-config startup-config
You can configure the following optional match parameters for route maps in route-map configuration mode:
Command
|
Purpose
|
match ip address access-list-name name
[name...]
Example:
switch(config-route-map)# match ip address
access-list-name ACL1
|
Match an IPv4 address against one or more IP access control lists (ACLs). This command is used for policy-based routing and ignored by route filtering or redistribution.
|
match length min max
Example:
switch(config-route-map)# match length 64
1500
|
Match against the length of the packet. This command is used for policy-based routing.
|
You can configure the following optional set parameters for route maps in route-map configuration mode:
Command
|
Purpose
|
set interface ifname-1 [ifname-2...]
Example:
switch(config-route-map)# set interface
ethernet 1/2
|
Sets the output packet interface for policy-based routing. If ifname-1 is not operational, the system uses one of the optional interfaces configured, such as ifname-2.
|
set default interface ifname-1
[ifname-2...]
Example:
switch(config-route-map)# set default
interface ethernet 2/2
|
Sets the output packet interface for policy-based routing when there is no explicit route to a destination. If ifname-1 is not operational, the system uses one of the optional interfaces configured, such as ifname-2.
|
set ip next-hop address1 [address2...]
{load-share | peer-address}
Example:
switch(config-route-map)# set ip next-hop
209.0.2.1
|
Sets the IPv4 next-hop address for policy-based routing. This command uses the first valid next-hop address if multiple addresses are configured.
Use the optional load-share keyword to load balance traffic across up to 16 next-hop addresses.
|
set ip default next-hop address1
[address2...] {load-share}
Example:
switch(config-route-map)# set ip default
next-hop 209.0.2.2
|
Sets the IPv4 next-hop address for policy-based routing when there is no explicit route to a destination. This command uses the first valid next-hop address if multiple addresses are configured.
Use the optional load-share keyword to load balance traffic across up to 16 next-hop addresses.
|
set vrf vrf-name
Example:
switch(config-route-map)# set vrf MainVRF
|
Sets the VRF for next-hop resolution.
|
Cisco NX-OS routes the packet as soon as it finds a next hop and an interface.
Verifying Policy-Based Routing Configuration
Use the show ip policy command to verify policy-based routing.
Use the route-map map-name pbr-statistics to enable policy statistics. Use the show route-map map-name pbr-statistics to view policy statistics. Use the clear route-map map-name pbr-statistics to clear these policy statistics
Policy Based-Routing Example Configuration
This example shows how to configure a simple route policy on an interface.
ip access-list 1 permit ip 209.0.2.1
ip policy route-map equal-access
route-map equal-access permit 10
set ip default next-hop 209.0.2.10
Related Topics
The following topics can give more information on Policy Based Routing:
•Chapter 15, "Configuring Route Policy Manager"
Default Settings
Table 16-1 lists the default settings for Policy-base routing parameters.
Table 16-1 Default Policy-based Routing Parameters
Parameters
|
Default
|
Policy-based routing
|
disabled
|
Additional References
For additional information related to implementing IP, see the following sections:
•Related Documents
•Standards
Related Documents
Related Topic
|
Document Title
|
Policy-based routing CLI commands
|
Cisco Nexus 7000 Series NX-OS Unicast Routing Command Reference, Release 4.0
|
VDCs and VRFs
|
Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide, Release 4.0
|
Standards
Standards
|
Title
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
|
—
|
