Table of Contents
Advertisement
2.
When a policy entry is found for a packet, the table search ends and the packet is processed
according to that entry.
3.
Each entry has a group of match and set clauses. All match clauses must match in order to
process the packet according to the entry. When a match is found, one of the set clauses is
used to process the packet. Set clauses are listed according to the order you configure them
but when one clause specifies an invalid next hop or interface, the next clause is searched.
Match Clauses
Packet flows are identified by use of Access Control Lists (ACL). ACLs specify traffic to be routed
according to a particular end system, higher protocol layer (UDP or TCP), or a port number within
the specified protocol. The XSR associates ACLs with PBR by the
command. Multiple clauses can be configured for each policy entry.
Set Clauses
The XSR provides two ways for the policy to specify the forwarding path in the set statement:
•
through the next-hop router with the
•
through the outgoing interface with the
Forwarding behavior is governed by the following considerations:
•
The next-hop router can be configured only if it belongs to an XSR-connected network.
•
Traffic over Serial sub-interfaces can be forwarded only to the next-hop router.
•
The outgoing interface need not be enabled when the entry is configured but will be
disregarded when a packet is processed if still in down state.
•
If a match is found but no set clause is available to forward the packet, the packet is discarded.
PBR Cache
Since ACL matching is too resource-intensive to perform for all packets, the short-cut cache is
created based on a packet's contents. Each entry in the PBR cache contains a packet's source and
destination IP address, and IP protocol number. Also a port number is kept if the IP protocol is
TCP/UDP, and an ICMP code number kept for ICMP.
Data on how to forward the packet is also saved in the cache. When a packet enters the XSR, the
router first searches the cache for any match on the packet. If a match is made, the packet is
forwarded according to the forwarding data. If no match is found, the policy table is searched and
a cache built up when forwarding information becomes available. You can view real-time PBR
cache data with the
When a newly created cache entry is not accessed within two to four minutes, that cache is deleted
and if the next packet arrives with no cache entry matched, a new cache will be created.
For more information, refer to
set ip next-hop
show ip pbr-cache
command.
"Configuring Policy Based Routing Example"
command
set interface
command
IP Routing Protocols
match ip-address <acl>
on page 5-44.
XSR User's Guide 5-23
Advertisement
Table of Contents
Troubleshooting
