beautypg.com

Configuring pbr, Policy-based routing – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 567

background image

Configuring PBR

Policy-Based Routing....................................................................................................567

Policy-Based Routing behavior..................................................................................... 568

Policy-Based Routing with differing next hops.............................................................. 569

Policy-Based Routing uses of NULL0........................................................................... 570

Policy-Based Routing

Policy-Based Routing (PBR) allows you to use ACLs and route maps to selectively modify and route IP
packets in hardware.

(PBR) allows you to use ACLs and route maps to selectively modify and route IP packets in hardware.
Basically, the ACLs classify the traffic and route maps that match on the ACLs set routing attributes for
the traffic.

A PBR policy specifies the next hop for traffic that matches the policy:

• For standard ACLs with PBR, you can route IP packets based on their source IP address.
• For extended ACLs with PBR, you can route IP packets based on all of the matching criteria in the

extended ACL.

To configure PBR, you define the policies using IP ACLs and route maps, then enable PBR on
individual interfaces. The platform programs the ACLs on the interfaces, and routes traffic that matches
the ACLs according to the instructions provided by the “set” statements in the route map entry.

Currently, the following platforms support PBR:

• VDX 8770
• VDX 6740

You can configure the Brocade device to perform the following types of PBR based on a packet’s Layer
3 and Layer 4 information:

• Select the next-hop gateway.
• Send the packet to the null interface (null0) to drop the packets.

Using PBR, you can define a set of classifications that, when met, cause a packet to be forwarded to a
predetermined next-hop interface, bypassing the path determined by normal routing. You can define
multiple match and next-hop specifications on the same interface. The configuration of a set of match
criteria and corresponding routing information (for example next hops and DSCP values) is referred to
as a stanza.

You can create multiple stanzas within a route-map configuration and assign the stanza an
“Instance_ID” that controls the program positioning within the route map. Furthermore, when the route
map is created, you specify a deny or permit construct for the stanza. In addition, the ACL used for the
“match” criteria also contains a deny or permit construct.

The deny or permit nomenclature has a different meaning within the context of the PBR operation than
it does within the normal context of user-applied ACLs (where deny and permit are directly correlated to
the forwarding actions of forward and drop). The following table lists the behavior between the permit
and deny actions specified at the route-map level, in conjunction with the permit and deny actions
specified at the ACL rule level.

Network OS Administrator’s Guide

567

53-1003225-04