The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter describes how to configure local policy-based routing (PBR) on the Cisco NX-OS device.
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the Feature History table in this chapter.
Local policy-based routing allows you to configure a defined policy for IPv6 traffic flows, lessening reliance on routes derived from routing protocols. All packets received on an interface with local policy-based routing are configured in route maps. The route maps dictate the policy, determining where to forward packets.
Route maps are composed of match and set statements that you can mark as permit or deny. You can interpret the statements as follows:
If the packets match any route map statements, all the set statements are applied. One of these actions involves choosing the next hop.
If a statement is marked as deny, the packets that meet the match criteria are sent back through the normal forwarding channels and destination-based routing is performed.
If the statement is marked as permit and the packets do not match any route-map statements, the packets are sent back through the normal forwarding channels and destination-based routing is performed.
You can use route maps for route redistribution or policy-based routing. Route map entries consist of a list of match and set criteria. The match criteria specify match conditions for incoming routes or packets, and the set criteria specify the action taken if the match criteria are met.
You can configure multiple entries in the same route map. These entries contain the same route map name and are differentiated by a sequence number.
You create a route map with one or more route map entries arranged by the sequence number under a unique route map name. The route map entry has the following parameters:
Sequence number
Permission—permit or deny
Match criteria
Set changes
By default, a route map processes routes or IP packets in a linear fashion, that is, starting from the lowest sequence number. You can configure the route map to process in a different order using the continue statement, which allows you to determine which route map entry to process next.
You can use a variety of criteria to match a route or IP packet in a route map. When Cisco NX-OS processes a route or packet through a route map, it compares the route or packet to each of the match statements configured. If the route or packet matches the configured criteria, Cisco NX-OS processes it based on the permit or deny configuration for that match entry in the route map and any set criteria configured.
The match categories and parameters are as follows:
IP access lists—(For policy-based routing only). Match based on source or destination IP address, protocol, or QoS parameters.
Once a route or packet matches an entry in a route map, the route or packet can be changed based on one or more configured set statements.
The set changes are as follows:
Policy-based routing only—Change the interface or the default next-hop address.
Local policy-based routing has the following prerequisites:
Install the correct license.
You must enable local policy-based routing (see the “Enabling the Policy-Based Routing Feature” section).
Assign an IP address on the interface and bring the interface up before you apply a route map on the interface for policy-based routing.
If you configure VDCs, install the appropriate license and enter the desired VDC (see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide for configuration information and the Cisco NX-OS Licensing Guide for licensing information).
Local policy-based routing has the following configuration guidelines and limitations:
A local policy-based routing route map can have only one match or set statement per route-map statement.
A match command cannot refer to more than one ACL in a route map used for local policy-based routing.
An ACL used in a local policy-based routing route map cannot include a deny statement.
The same route map can be shared among different interfaces for local policy-based routing as long as the interfaces belong to the same virtual routing and forwarding (VRF) instance.
Setting a tunnel interface or an IP address via a tunnel interface as a next hop in a local policy-based routing policy is not supported.
|
Parameter |
Default |
|---|---|
|
Local policy-based routing |
Disabled |
Configuring Local Policy-Based Routing
You can use route maps for route redistribution or route filtering. Route maps can contain multiple match criteria and multiple set criteria.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters configuration mode. |
| Step 2 |
switch(config)# route-map map-name [permit | deny] [seq] |
Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map. |
| Step 3 |
(Optional) switch(config-route-map)# continue seq |
(Optional)
Determines what sequence statement to process next in the route map. Used only for filtering and redistribution. |
| Step 4 |
(Optional) switch(config-route-map)#exit |
(Optional)
Exits route-map configuration mode. |
| Step 5 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves this configuration change. |
You can configure the following optional match parameters for route maps in route-map configuration mode:
| Command or Action | Purpose |
|---|---|
|
switch(config-route-map)# match ipv6 address ip access list number |
Matches against one or more IP access lists. |
You can configure the following optional set precedence parameter for route maps in route-map configuration mode:
| Command or Action | Purpose |
|---|---|
|
[no] set precedence {number | name} |
Sets the IPv6 precedence for policy-based routing. The options are as follows:
Use the no form of this command to disable the feature. |
You must enable the policy-based routing feature before you can configure a route policy.
Ensure that you are in the correct VDC (or use the switchto vdc command).
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters configuration mode. |
| Step 2 |
switch(config)# [no] feature pbr |
Enables the policy-based routing feature. Use the no form of this command to disable the feature. |
| Step 3 |
(Optional) switch(config)# show feature |
(Optional)
Displays enabled and disabled features. |
| Step 4 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves this configuration change. |
You use route maps in local policy-based routing to assign routing policies.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters configuration mode. |
| Step 2 |
switch(config)# feature pbr |
Enables the policy-based routing feature. |
| Step 3 |
switch(config)# [no] ipv6 local policy route-map map-name |
Assigns a route map for local policy-based routing to the interface. Use the no form of this command to disable the feature. |
| Step 4 |
(Optional) switch(config)# show ipv6 local policy |
(Optional)
Displays information about the policy. |
| Step 5 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves this configuration change. |
To display the local policy-based routing configuration, perform the following task:
|
Command |
Purpose |
|---|---|
|
show ipv6 local policy |
Displays information about the local IPv6 policy. |
|
show route-map name |
Displays information about a route map. |
For detailed information about the fields in the output from these commands, see the Cisco Nexus 7000 Series NX-OS Quality of Service Command Reference.
This example shows how to configure a simple local route policy on an interface:
feature pbr
route-map Testmap, permit, sequence 10
ip address 10
ip next-hop
ip precedence: internetThe table below summarizes the new and changed features for this document and shows the releases in which each feature is supported. Your software release might not support all the features in this document. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release.
|
Feature Name |
Release |
Feature Information |
|---|---|---|
|
Local Policy-Based Routing |
6.2(2) |
This feature was introduced. |
Feedback