Configuring Local Policy-Based Routing

This chapter describes how to configure local policy-based routing (PBR) on the Cisco NX-OS device.

Finding Feature Information

Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the Feature History table in this chapter.

Information About Local Policy-Based Routing

Local policy-based routing allows you to configure a defined policy for IPv6 traffic flows, lessening reliance on routes derived from routing protocols. All packets received on an interface with local policy-based routing are configured in route maps. The route maps dictate the policy, determining where to forward packets.

Route maps are composed of match and set statements that you can mark as permit or deny. You can interpret the statements as follows:

  • If the packets match any route map statements, all the set statements are applied. One of these actions involves choosing the next hop.

  • If a statement is marked as deny, the packets that meet the match criteria are sent back through the normal forwarding channels and destination-based routing is performed.

If the statement is marked as permit and the packets do not match any route-map statements, the packets are sent back through the normal forwarding channels and destination-based routing is performed.

Route Maps

You can use route maps for route redistribution or policy-based routing. Route map entries consist of a list of match and set criteria. The match criteria specify match conditions for incoming routes or packets, and the set criteria specify the action taken if the match criteria are met.

You can configure multiple entries in the same route map. These entries contain the same route map name and are differentiated by a sequence number.

You create a route map with one or more route map entries arranged by the sequence number under a unique route map name. The route map entry has the following parameters:

  • Sequence number

  • Permission—permit or deny

  • Match criteria

  • Set changes

By default, a route map processes routes or IP packets in a linear fashion, that is, starting from the lowest sequence number. You can configure the route map to process in a different order using the continue statement, which allows you to determine which route map entry to process next.

Match Criteria

You can use a variety of criteria to match a route or IP packet in a route map. When Cisco NX-OS processes a route or packet through a route map, it compares the route or packet to each of the match statements configured. If the route or packet matches the configured criteria, Cisco NX-OS processes it based on the permit or deny configuration for that match entry in the route map and any set criteria configured.

The match categories and parameters are as follows:

  • IP access lists—(For policy-based routing only). Match based on source or destination IP address, protocol, or QoS parameters.

Set Changes

Once a route or packet matches an entry in a route map, the route or packet can be changed based on one or more configured set statements.

The set changes are as follows:

  • Policy-based routing only—Change the interface or the default next-hop address.

Prerequisites for Local Policy-Based Routing

Local policy-based routing has the following prerequisites:

  • Install the correct license.

  • You must enable local policy-based routing (see the “Enabling the Policy-Based Routing Feature” section).

  • Assign an IP address on the interface and bring the interface up before you apply a route map on the interface for policy-based routing.

  • If you configure VDCs, install the appropriate license and enter the desired VDC (see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide for configuration information and the Cisco NX-OS Licensing Guide for licensing information).

Guidelines and Limitations

Local policy-based routing has the following configuration guidelines and limitations:

  • A local policy-based routing route map can have only one match or set statement per route-map statement.

  • A match command cannot refer to more than one ACL in a route map used for local policy-based routing.

  • An ACL used in a local policy-based routing route map cannot include a deny statement.

  • The same route map can be shared among different interfaces for local policy-based routing as long as the interfaces belong to the same virtual routing and forwarding (VRF) instance.

  • Setting a tunnel interface or an IP address via a tunnel interface as a next hop in a local policy-based routing policy is not supported.

Default Settings for Local Policy-Based Routing

Table 1. Default Local Policy-based Routing Setting

Parameter

Default

Local policy-based routing

Disabled

Configuring Local Policy-Based Routing

Configuring Route Maps

You can use route maps for route redistribution or route filtering. Route maps can contain multiple match criteria and multiple set criteria.

SUMMARY STEPS

  1. switch# configure terminal
  2. switch(config)# route-map map-name [permit | deny] [seq]
  3. (Optional) switch(config-route-map)# continue seq
  4. (Optional) switch(config-route-map)#exit
  5. (Optional) switch(config)# copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose
Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# route-map map-name [permit | deny] [seq]

Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map.

Step 3

(Optional) switch(config-route-map)# continue seq

(Optional)

Determines what sequence statement to process next in the route map. Used only for filtering and redistribution.

Step 4

(Optional) switch(config-route-map)#exit

(Optional)

Exits route-map configuration mode.

Step 5

(Optional) switch(config)# copy running-config startup-config

(Optional)

Saves this configuration change.

You can configure the following optional match parameters for route maps in route-map configuration mode:

SUMMARY STEPS

  1. switch(config-route-map)# match ipv6 address ip access list number

DETAILED STEPS

Command or Action Purpose

switch(config-route-map)# match ipv6 address ip access list number

Matches against one or more IP access lists.

You can configure the following optional set precedence parameter for route maps in route-map configuration mode:

SUMMARY STEPS

  1. [no] set precedence {number | name}

DETAILED STEPS

Command or Action Purpose

[no] set precedence {number | name}

Sets the IPv6 precedence for policy-based routing. The options are as follows:

  • 0—routine

  • 1—priority

  • 2—immediate

  • 3—flash

  • 4—flash-override

  • 5—critical

  • 6—internet

  • 7—network

Use the no form of this command to disable the feature.

Enabling the Policy-Based Routing Feature

You must enable the policy-based routing feature before you can configure a route policy.

Before you begin

Ensure that you are in the correct VDC (or use the switchto vdc command).

SUMMARY STEPS

  1. switch# configure terminal
  2. switch(config)# [no] feature pbr
  3. (Optional) switch(config)# show feature
  4. (Optional) switch(config)# copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose
Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# [no] feature pbr

Enables the policy-based routing feature.

Use the no form of this command to disable the feature.

Step 3

(Optional) switch(config)# show feature

(Optional)

Displays enabled and disabled features.

Step 4

(Optional) switch(config)# copy running-config startup-config

(Optional)

Saves this configuration change.

Configuring a Local Route Policy

You use route maps in local policy-based routing to assign routing policies.

SUMMARY STEPS

  1. switch# configure terminal
  2. switch(config)# feature pbr
  3. switch(config)# [no] ipv6 local policy route-map map-name
  4. (Optional) switch(config)# show ipv6 local policy
  5. (Optional) switch(config)# copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose
Step 1

switch# configure terminal

Enters configuration mode.

Step 2

switch(config)# feature pbr

Enables the policy-based routing feature.

Step 3

switch(config)# [no] ipv6 local policy route-map map-name

Assigns a route map for local policy-based routing to the interface.

Use the no form of this command to disable the feature.

Step 4

(Optional) switch(config)# show ipv6 local policy

(Optional)

Displays information about the policy.

Step 5

(Optional) switch(config)# copy running-config startup-config

(Optional)

Saves this configuration change.

Verifying the Local Policy-Based Routing Configuration

To display the local policy-based routing configuration, perform the following task:

Command

Purpose

show ipv6 local policy

Displays information about the local IPv6 policy.

show route-map name

Displays information about a route map.

For detailed information about the fields in the output from these commands, see the Cisco Nexus 7000 Series NX-OS Quality of Service Command Reference.

Configuration Example for Local Policy-Based Routing

This example shows how to configure a simple local route policy on an interface:


feature pbr
route-map Testmap, permit, sequence 10
  ip address 10
  ip next-hop
  ip precedence: internet

Feature History for Local Policy-Based Routing

The table below summarizes the new and changed features for this document and shows the releases in which each feature is supported. Your software release might not support all the features in this document. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release.

Table 2. Feature History for Local Policy-Based Routing

Feature Name

Release

Feature Information

Local Policy-Based Routing

6.2(2)

This feature was introduced.