Configuring Policy-Based Routing; Overview; Policy - HPE FlexNetwork HSR6800 Configuration Manual
Layer 3-ip routing configuration guide
Hide thumbs
Also See for FlexNetwork HSR6800:
- Security command reference (538 pages) ,
- Configuration manual (503 pages) ,
- Command reference manual (153 pages)
Table of Contents
Advertisement
Configuring policy-based routing
Overview
Different from destination-based routing, policy-based routing (PBR) uses user-defined policies to
route packets based on the source address, packet length, and other criteria. A policy can specify the
output interface, next hop, default output interface, default next hop, and other parameters for
packets that match specific criteria such as ACLs or have specific lengths.
A device uses PBR to forward matching packets and uses the routing table to forward other packets.
If PBR is not configured, a device uses the routing table to forward packets.
PBR includes local PBR and interface PBR.
•
Local PBR guides the forwarding of locally generated packets, such as the ICMP packets
generated by using the ping command.
•
Interface PBR guides the forwarding of packets received on an interface only.
Policy
A policy comprises match criteria and actions to be taken on the matching packets. A policy can
comprise one or multiple nodes. The following describes information about nodes:
•
Each node is identified by a node number. A smaller node number has a higher priority.
•
A node comprises if-match and apply clauses. An if-match clause specifies a match criterion,
and an apply clause specifies an action.
•
A node has a match mode of permit or deny.
A policy matches nodes in priority order against packets. If a packet matches the criteria on a node,
it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the
packet does not match the criteria on any node, it is forwarded according to the routing table.
if-match clause
PBR supports the following types of if-match clauses:
•
if-match acl—Sets an ACL match criteria.
•
if-match packet-length—Sets a packet length match criterion.
•
if-match reverse-input-interface—Sets a reverse input interface match criterion. A response
packet matches the criterion if the specified reverse input interface is the interface that received
the corresponding request packet.
You can specify multiple if-match clauses for a node, but only one if-match clause can be specified
for each type at most. To match a node, a packet must match all the if-match clauses of the node.
apply clause
PBR supports the following types of apply clauses, as shown in
apply clauses for a node, but some of them might not be executed.
Table 8 Priorities and meanings of apply clauses
Clause
apply ip-df zero
Meaning
Sets the DF (Don't
Fragment) bit in the IP
header to 0, which means
the packet can be
fragmented.
266
Table
Priority
This clause is always executed.
8. You can specify multiple
Advertisement
Table of Contents
Troubleshooting
