Policy-based routing behavior – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Route-map level
permit and deny
actions

ACL clause permit and
deny actions

Resulting Ternary Content Addressable Memory (TCAM)
action

Permit

Permit

The “set” statement of the route-map entry is applied.

Permit

Deny

The packet is “passed” and routed normally. The contents of
the “set” command are not applied. A rule is programmed in
the TCAM as a “permit” with no result actions preventing any
further statements of the route-map ACL from being applied.

Deny

Permit

The packet is “passed” and routed normally. There should be
no “set” commands following the “match” command of a
deny route-map stanza. A rule is programmed in the TCAM
as a “permit” with no result actions preventing any further
statements of the route-map ACL from being applied.

Deny

Deny

No TCAM entry is provisioned; no other route-map ACL
entries will be compared against. If no subsequent matches
are made, the packet is forwarded as normal.

Notes:

• Ternary Content Addressable Memory is high-speed hardware memory.
• Consider the permit and deny keywords as allowing the specified match content as either being

permitted to or denied from using the defined “set criteria” of the route map. The permit and deny
keywords do not correlate to the forwarding action of forward and drop as they do in the ACL
application.

• PBR route maps may only be applied to Layer 3 (L3) interfaces. Application of a route map to a

non-L3 interface results in the configuration being rejected.

• Deletion of a route map or deletion of an ACL used in the route map “match” is not allowed when

the route map is actively bound to an interface. Attempts to delete an active route map or
associated ACL is rejected, and an error and log will be generated.

• The “set” commands are only available within the context of a “permit” stanza. The CLI should not

allow the use of a “set” command within a PBR “deny” stanza.

Policy-Based Routing behavior

Policy-Based Routing (PBR) next-hop behavior selects the first live next-hop specified in the policy
that is “UP”. If none of the policy's direct routes or next hops is available, the packets are forwarded as
per the routing table. The order in which the next hop addresses are listed in the route map is an
implicit preference for next hop selection.

When a PBR policy has multiple next hops to a destination, the PBR selects the first live next-hop
specified in the policy that is “UP”. If none of the policy's direct routes or next hops is available, the
packets are forwarded as per the routing table. The order in which the next hop addresses are listed in
the route map is an implicit preference for next hop selection.

For example, if you enter the next hop addresses A, B, and C (in that order), and all paths are
reachable, then A is the preferred selection. If A is not reachable, the next hop is B. If the path to A
becomes reachable, the next hop logic will switch to next-hop A.

PBR does not have implicit “deny ip any any” ACL rule entry, as used in ACLs, to ensure that for route
maps that use multiple ACLs (stanzas), the traffic is compared to all ACLs. However, if an explicit
“deny ip any any” is configured, traffic matching this clause is routed normally using L3 paths and is
not compared to any ACL clauses that follow the clause.

Policy-Based Routing behavior

568

Network OS Administrator’s Guide

53-1003225-04