Scribd
Upload
190 views10 pages

Cisco Nexus 7000 PBR Guide

This document discusses configuring policy-based routing on Cisco Nexus 7000 devices. It describes enabling the policy-based routing feature, configuring route maps to define policies, and applying route maps to interfaces to implement policy-based routing. The document provides information on match and set statements used in route maps as well as licensing requirements and guidelines.

Uploaded by

zxcd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
190 views10 pages

Cisco Nexus 7000 PBR Guide

This document discusses configuring policy-based routing on Cisco Nexus 7000 devices. It describes enabling the policy-based routing feature, configuring route maps to define policies, and applying route maps to interfaces to implement policy-based routing. The document provides information on match and set statements used in route maps as well as licensing requirements and guidelines.

Uploaded by

zxcd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

S e n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .

CH A P T E R 17
Configuring Policy-Based Routing

This chapter describes how to configure policy based routing.


This chapter includes the following sections:
• Information About Policy Based Routing, page 17-1
• Licensing Requirements for Policy-Based Routing, page 17-3
• Prerequisites for Policy-Based Routing, page 17-3
• Guidelines and Limitations, page 17-3
• Configuring Policy-Based Routing, page 17-3
• Verifying Policy-Based Routing Configuration, page 17-7
• Policy Based-Routing Example Configuration, page 17-7
• Related Topics, page 17-8
• Default Settings, page 17-8
• Additional References, page 17-8
• Feature History for Policy-Based Routing, page 17-9

Information About Policy Based Routing


Policy-based routing allows you to configure a defined policy for IPv4 and IPv6 traffic flows, lessening
reliance on routes derived from routing protocols. All packets received on an interface with policy-based
routing enabled are passed through enhanced packet filters or route maps. The route maps dictate the
policy, determining where to forward packets.
Route maps are composed of match and set statements that you can mark as permit or deny. You an
interpret the statements as follows:
• If the packets match any route map statements, then all the set statements are applied. One of these
actions involves choosing the next hop.
• If a statement is marked as deny, the packets that meet the match criteria are sent back through the
normal forwarding channels and destination-based routing is performed.
• If the statement is marked as permit and the packets do not match any route map statements, the
packets are sent back through the normal forwarding channels and destination-based routing is
performed.
See the “Route Maps” section on page 16-2.

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 4.x
OL-20002-02 17-1
Chapter 17 Configuring Policy-Based Routing
Information About Policy Based Routing

Se n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .

Policy-based routing includes the following features:


• Source-based routing—Routes traffic originating from different sets of users through different
connections across the policy routers.
• Quality of Service (QoS)—Differentiates traffic by setting the precedence or type of service (ToS)
values in the IP packet headers at the periphery of the network and leveraging queuing mechanisms
to prioritize traffic in the core or backbone of the network (see the Cisco Nexus 7000 Series NX-OS
Quality of Service Configuration Guide, Release 4.x).
• Load sharing—Distributes traffic among multiple paths based on the traffic characteristics.
This section includes the following topics:
• Policy Route Maps, page 17-2
• Set Criteria for Policy-Based Routing, page 17-2

Policy Route Maps


Each entry in a route map contains a combination of match and set statements. The match statements
define the criteria for whether appropriate packets meet the particular policy (that is, the conditions to
be met). The set clauses explain how the packets should be routed once they have met the match criteria.
You can mark the route map statements as permit or deny. If the statement is marked as a deny, the
packets that meet the match criteria are sent back through the normal forwarding channels
(destination-based routing is performed). If the statement is marked as permit and the packets meet the
match criteria, all the set clauses are applied. If the statement is marked as permit and the packets do not
meet the match criteria, then those packets are also forwarded through the normal routing channel.

Note Policy routing is specified on the interface that receives the packets, not on the interface from which the
packets are sent.

Set Criteria for Policy-Based Routing


The set criteria in a route map is evaluated in the order listed in the route map. Set criteria specific to
route maps used for policy-based routing are as follows:
1. List of specified IP addresses—The IP address can specify the adjacent next-hop router in the path
toward the destination to which the packets should be forwarded. The first IP address associated
with a currently up connected interface is used to route the packets.

Note You can optionally configure the set criteria for next-hop addresses to load balance traffic across
up to 16 IP addresses. In this case, Cisco NX-OS sends all traffic for each IP flow to a particular
IP next-hop address.

2. List of default next-hop IP addresses—Route to the interface or the next-hop address specified by
this set statement only if there is no explicit route for the destination address of the packet in the
routing table.

Note You can optionally configure the set criteria for the default next-hop addresses to load balance
traffic across up to 16 IP addresses. In this case, Cisco NX-OS sends all traffic for each IP flow
to a particular IP next-hop address.

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 4.x
17-2 OL-20002-02
Chapter 17 Configuring Policy-Based Routing
Licensing Requirements for Policy-Based Routing

S e n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .

If the packets do not meet any of the defined match criteria, then those packets are routed through the
normal destination-based routing process.

Licensing Requirements for Policy-Based Routing


The following table shows the licensing requirements for this feature:

Product License Requirement


NX-OS Policy-based routing requires an Enterprise Services license. For a complete explanation of the NX-OS
licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.

Prerequisites for Policy-Based Routing


Policy-Based Routing has the following prerequisites:
• Install the correct license.
• You must enable the policy-based routing feature (see the “Enabling the Policy-based Routing
Feature” section on page 17-4).
• Assign an IP address on the interface and bring the interface up before you apply a route map on the
interface for policy-based routing.
• If you configure VDCs, install the Advanced Services license and enter the desired VDC (see to the
Cisco NX-OS Virtual Device Context Configuration Guide).

Guidelines and Limitations


Policy-based routing has the following guidelines and limitations:
• A policy-based routing route map can have only one match or set statement per route-map statement.
• A policy-based routing route map cannot have more than one match and one set command in a
route-map entry.
• A match command cannot refer to more than one ACL in a route map used for policy-based routing.
• An ACL used in a policy-based routing route map cannot include a deny statement.
• The same route map can be shared among different interfaces for policy-based routing as long as the
interfaces belong to the same VRF.

Configuring Policy-Based Routing


This section contains the following topics:
• Enabling the Policy-based Routing Feature, page 17-4
• Configuring a Route Policy, page 17-5

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 4.x
OL-20002-02 17-3
Chapter 17 Configuring Policy-Based Routing
Configuring Policy-Based Routing

Se n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .

Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature
might differ from the Cisco IOS commands that you would use.

Enabling the Policy-based Routing Feature


You must enable the policy-based routing feature before you can configure a route policy.

BEFORE YOU BEGIN

Ensure that you are in the correct VDC (or use the switchto vdc command).

SUMMARY STEPS

1. config t
2. feature pbr
3. show feature
4. copy running-config startup-config

DETAILED STEPS

Command Purpose
Step 1 config t Enters configuration mode.
Example:
switch# config t
switch(config)#
Step 2 feature pbr Enables the policy-based routing feature.
Example:
switch(config)# feature pbr
Step 3 show feature (Optional) Displays enabled and disabled features.
Example:
switch(config)# show feature
Step 4 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch(config)# copy running-config
startup-config

Use the no feature pbr command to disable the policy-based routing feature and remove all associated
configuration.

Command Purpose
no feature pbr Disables the policy-based routing feature and
removes all associated configuration.
Example:
switch(config)# no feature pbr

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 4.x
17-4 OL-20002-02
Chapter 17 Configuring Policy-Based Routing
Configuring Policy-Based Routing

S e n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .

Configuring a Route Policy


You can use route maps in policy-based routing to assign routing policies to the inbound interface. See
“Configuring Route Maps” section on page 16-11.

SUMMARY STEPS

1. config t
2. interface type slot/port
3. ip policy route-map map-name
or
4. ipv6 policy route-map map-nam
5. exit
6. copy running-config startup-config

DETAILED STEPS

Command Purpose
Step 1 config t Enters configuration mode.
Example:
switch# config t
switch(config)#
Step 2 interface type slot/port Enters interface configuration mode.
Example:
switch(config)# interface ethernet 1/2
switch(config-if)#
Step 3 ip policy route-map map-name Assigns a route map for IPv4 policy-based routing to
the interface.
Example:
switch(config-if)# ip policy route-map
Testmap
ipv6 policy route-map map-name Assigns a route map for IPv6 policy-based routing to
the interface.
Example:
switch(config-if)# ipv6 policy route-map
TestIPv6map
Step 4 exit (Optional) Exits route-map configuration mode.
Example:
switch(config-route-map)# exit
Step 5 exit (Optional) Exits route-map configuration mode.
Example:
switch(config)# exit
Step 6 copy running-config startup-config (Optional) Saves this configuration change.
Example:
switch# copy running-config
startup-config

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 4.x
OL-20002-02 17-5
Chapter 17 Configuring Policy-Based Routing
Configuring Policy-Based Routing

Se n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .

The following example shows how to add a route map to an interface:


switch# config t
switch(config)# interface ethernet 1/2
switch(config-if)# ip policy route-map Testmap
switch(config)# exit
switch(config)# copy running-config startup-config

You can configure the following optional match parameters for route maps in route-map configuration
mode:

Command Purpose
match ip address access-list-name name Match an IPv4 address against one or more IP
[name...] access control lists (ACLs). This command is used
Example:
for policy-based routing and ignored by route
switch(config-route-map)# match ip address filtering or redistribution.
access-list-name ACL1
match ipv6 address access-list-name name Match an IPv6 address against one or more IPv6
[name...] ACLs. This command is used for policy-based
Example:
routing and ignored by route filtering or
switch(config-route-map)# match ipv6 redistribution.
address access-list-name ACLv6

match length min max Match against the length of the packet. This
command is used for policy-based routing.
Example:
switch(config-route-map)# match length 64
1500

You can configure the following optional set parameters for route maps in route-map configuration
mode:

Command Purpose
set ip next-hop address1 [address2...] Sets the IPv4 next-hop address for policy-based
{load-share | peer-address} routing. This command uses the first valid next-hop
Example:
address if multiple addresses are configured.
switch(config-route-map)# set ip next-hop Use the optional load-share keyword to load
192.0.2.1
balance traffic across up to 16 next-hop addresses.
set ip default next-hop address1 Sets the IPv4 next-hop address for policy-based
[address2...] {load-share} routing when there is no explicit route to a
Example:
destination. This command uses the first valid
switch(config-route-map)# set ip default next-hop address if multiple addresses are
next-hop 192.0.2.2 configured.
Use the optional load-share keyword to load
balance traffic across up to 16 next-hop addresses.

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 4.x
17-6 OL-20002-02
Chapter 17 Configuring Policy-Based Routing
Verifying Policy-Based Routing Configuration

S e n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .

Command Purpose
set ipv6 next-hop address1 [address2...] Sets the IPv6 next-hop address for policy-based
{load-share | peer-address} routing. This command uses the first valid next-hop
Example:
address if multiple addresses are configured.
switch(config-route-map)# set ipv6 Use the optional load-share keyword to load
next-hop 2001:0DB8::1
balance traffic across up to 16 next-hop addresses.
set ipv6 default next-hop address1 Sets the IPv6 next-hop address for policy-based
[address2...] routing when there is no explicit route to a
Example:
destination. This command uses the first valid
switch(config-route-map)# set ipv6 default next-hop address if multiple addresses are
next-hop 2001:0DB8::2 configured.
set vrf vrf-name Sets the VRF for next-hop resolution.
Example:
switch(config-route-map)# set vrf MainVRF

Cisco NX-OS routes the packet as soon as it finds a next hop and an interface.

Verifying Policy-Based Routing Configuration


To display policy-based routing configuration information, perform one of the following tasks:

Command Purpose
show [ip | ipv6] policy [name] Displays information about an IPv4 or IPv6
policy
show route-map [name] pbr-statistics Displays policy statistics.

Use the route-map map-name pbr-statistics to enable policy statistics. Use the clear route-map
map-name pbr-statistics to clear these policy statistics

Policy Based-Routing Example Configuration


This example shows how to configure a simple route policy on an interface.
feature pbr
ip access-list 1 permit ip 192.0.2.1
!
interface ethernet 1/2
ip policy route-map equal-access
route-map equal-access permit 10
match ip address 1
set ip default next-hop 192.0.2.10

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 4.x
OL-20002-02 17-7
Chapter 17 Configuring Policy-Based Routing
Related Topics

Se n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .

Related Topics
The following topics can give more information on Policy Based Routing:
• Chapter 16, “Configuring Route Policy Manager”

Default Settings
Table 17-1 lists the default settings for Policy-base routing parameters.

Table 17-1 Default Policy-based Routing Parameters

Parameters Default
Policy-based routing disabled

Additional References
For additional information related to implementing IP, see the following sections:
• Related Documents, page 17-9
• Standards, page 17-9

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 4.x
17-8 OL-20002-02
Chapter 17 Configuring Policy-Based Routing
Feature History for Policy-Based Routing

S e n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .

Related Documents
Related Topic Document Title
Policy-based routing CLI commands Cisco Nexus 7000 Series NX-OS Unicast Routing Command
Reference
VDCs and VRFs Cisco Nexus 7000 Series NX-OS Virtual Device Context
Configuration Guide, Release 4.x

Standards
Standards Title
No new or modified standards are supported by this —
feature, and support for existing standards has not been
modified by this feature.

Feature History for Policy-Based Routing


Table 17-2 lists the release history for this feature.

Table 17-2 Feature History for Policy-Based Routing

Feature Name Releases Feature Information


IPv6 policies 4.2(1) Added support for IPv6 policies.
policy-based routing 4.0(1) This feature was introduced.

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 4.x
OL-20002-02 17-9
Chapter 17 Configuring Policy-Based Routing
Feature History for Policy-Based Routing

Se n d d o c u m e n t c o m m e n t s t o n ex u s 7 k - d o c f e e d b a ck @ c i s c o . c o m .

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide, Release 4.x
17-10 OL-20002-02

You might also like