NetFlow policy routing (NPR) integrates policy routing, which enables traffic engineering and traffic classification, with NetFlow services, which provide billing, capacity planning, and monitoring information on real-time traffic flows. IP policy routing now works with Cisco Express Forwarding (CEF), distributed CEF (dCEF), and NetFlow.
As quality of service (QoS) and traffic engineering become more popular, so does interest in the ability of policy routing to selectively set IP Precedence and type of service (ToS) bits (based on access lists and packet size), thereby routing packets based on predefined policy. It is important that policy routing work well in large, dynamic routing environments. Hence, distributed support allows customers to leverage their investment in distributed architecture.
NetFlow policy routing leverages the following technologies:
CEF, which looks at a Forwarding Information Base (FIB) instead of a routing table when switching packets, to address maintenance problems of a demand caching scheme.
dCEF, which addresses the scalability and maintenance problems of a demand caching scheme.
NetFlow, which provides accounting, capacity planning, and traffic monitoring capabilities.
Following are NPR benefits:
NPR takes advantage of the new switching services. CEF, dCEF, and NetFlow can now use policy routing.
Now that policy routing is integrated into CEF, policy routing can be deployed on a wide scale and on high-speed interfaces.
Following are NPR restrictions:
NPR is only available on Cisco IOS platforms that support CEF.
Distributed FIB-based policy routing is only available on platforms that support dCEF.
The set ip next-hop verify-availability command is not supported in dCEF because dCEF does not support the Cisco Discovery Protocol (CDP) database.
In order for NetFlow policy routing to work, the following features must already be configured:
CEF, dCEF, or NetFlow
To configure CEF, or dCEF, refer to the "Cisco Express Forwarding Overview" chapter of the Cisco IOS IP Switching Configuration Guide. To configure NetFlow, refer to the "Cisco IOS NetFlow Overview" chapter of the Cisco IOS NetFlow Configuration Guide.
NPR is the default policy routing mode. No additional configuration tasks are required to enable policy routing in conjunction with CEF, dCEF, or NetFlow. As soon as one of these features is turned on, packets are automatically subject to policy routing in the appropriate switching path.
There is one new, optional configuration command (set ip next-hop verify-availability). This command has the following restrictions:
It can cause some performance degradation due to CDP database lookup overhead per packet.
CDP must be enabled on the interface.
The directly connected next hop must be a Cisco device with CDP enabled.
The command will not work with dCEF configurations, due to the dependency of the CDP neighbor database.
It is assumed that policy routing itself is already configured.
If the router is policy routing packets to the next hop and the next hop happens to be down, the router will try unsuccessfully to use Address Resolution Protocol (ARP) for the next hop (which is down). This behavior can continue indefinitely.
To prevent this situation from occurring, you can configure the router to first verify that the next hop, using a route map, are CDP neighbors of the router before routing to that next hop.
This task is optional because some media or encapsulations do not support CDP, or it may not be a Cisco device that is sending the router traffic.
To configure the router to verify that the next hop is a CDP neighbor before the router tries to policy-route to it, use the set ip next-hop verify-availability command in route map configuration mode.
If the command shown is set and the next hop is not a CDP neighbor, the router looks to the subsequent next hop, if there is one. If there is none, the packets are simply not policy-routed.
If the command shown is not set, the packets are either policy-routed or remain forever unrouted.
If you want to selectively verify availability of only some next hops, you can configure different route-map entries (under the same route-map name) with different criteria (using access list matching or packet size matching), and use the set ip next-hop verify-availability configuration command selectively.
Typically, you would use existing policy routing and NetFlow show commands to monitor these features. For more information on these show commands, refer to the Cisco IOS IP Routing: Protocol Independent Command Reference for policy routing commands and the appropriate chapter of the Cisco IOS IP NetFlow Command Reference for NetFlow commands.
To display the route-map Inter Processor Communication (IPC) message statistics in the Route Processor (RP) or Versatile Interface Processor (VIP), use the show route-map ipc command in EXEC mode.