Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

492

Brocade Mobility Access Point System Reference Guide

53-1003100-01

7

•

IP DSCP - Packet filtering can be performed by traffic class, as determined from the IP DSCP
field. One DSCP value is configurable per route map entry. If IP ACLs on a WLAN, ports or SVI
mark the packet, the new/marked DSCP value is used for matching.

•

Incoming WLAN - Packets can be filtered by the incoming WLAN. There are two ways to match
the WLAN:

•

If the device doing policy based routing has an onboard radio and a packet is received on a
local WLAN, then this WLAN is used for selection.

•

If the device doing policy based routing does not have an onboard radio and a packet is
received from an extended VLAN, then the device which received the packet passes the
WLAN information in the MINT packet for the PBR router to use as match criteria.

•

Client role - The client role can be used as match criteria, similar to a WLAN. Each device has to
agree on a unique identifier for role definition and pass the same MINT tunneled packets.

•

Incoming SVI - A source IP address qualifier in an ACL typically satisfies filter requirements. But
if the host originating the packet is multiple hops away, the incoming SVI can be used as match
criteria. In this context the SVI refers to the device interface performing policy based routing,
and not the originating connected device.

Each route map entry has a set of match and set (action) clauses. ACL rules configured under route
map entries merge to create a single ACL. Route map precedence values determine the
prioritization of the rules in this merged ACL. An IP DSCP value is also added to the ACL rules.

Set (or action) clauses determine the routing function when a packet satisfies match criteria. If no
set clauses are defined, the default is to fallback to destination based routing for packets satisfying
the match criteria. If no set clause is configured and fallback to destination based routing is
disabled, then the packet is dropped. The following can be defined within set clauses:

•

Next hop - The IP address of the next hop or the outgoing interface through which the packet
should be routed. Up to two next hops can be specified. The outgoing interface should be a
PPP, a tunnel interface or a SVI which has DHCP client configured. The first reachable hop
should be used, but if all the next hops aren’t reachable, typical destination based route
lookup is performed.

•

Default next hop - If a packet subjected to PBR does not have an explicit route to the
destination, the configured default next hop is used. This can be either the IP address of the
next hop or the outgoing interface. Only one default next hop can be defined. The difference
between the next hop and the default next-hop is in case of former, PBR occurs first, then
destination based routing. In case of the latter, the order is reversed. With both cases:

•

If a defined next hop is reachable, it’s used. If fallback is configured refer to (b).

•

Do normal destination based route lookup. If a next hop is found its used, if not refer to (c)

•

If default next hop is configured and reachable, it’s used. If not, drop the packet.

•

Fallback - Fallback to destination based routing if none of the configured next hops are
reachable (or not configured). This is enabled by default.

•

Mark IP DSCP - Set IP DSCP bits for QoS using an ACL. The mark action of the route maps takes
precedence over the mark action of an ACL.

NOTE

A packet should optimally satisfy all the match criteria, if no match clause is defined in a route-map,
it would match everything. Packets not conforming to any of the match clauses are subjected to
normal destination based routing.

To define a PBR configuration: