- Preface
- New and Changed Information
- Overview
- Configuring IPv4
- Configuring OSPFv2
- Configuring EIGRP
- Configuring Basic BGP
- Configuring Advanced BGP
- Configuring BGP Additional Paths
- Configuring RIP
- Configuring Static Routing
- Configuring Layer 3 Virtualization
- Configuring the Unicast RIB and FIB
- Configuring Route Policy Manager
- Configuring Bidirectional Forwarding Detection
- Configuring Policy-Based Routing
- Configuring HSRP
- Configuring VRRP
- Configuring Object Tracking
- IETF RFCs
- Information About Policy-Based Routing
- Licensing Requirements for Policy-Based Routing
- Prerequisites for Policy-Based Routing
- Guidelines and Limitations for Policy-Based Routing
- Default Settings
- Configuring Policy-Based Routing
- Verifying the Policy-Based Routing Configuration
- Displaying Policy-Based Routing Statistics
- Clearing Policy-Based Routing Statistics
- Configuration Examples for Policy Based-Routing
- Related Topics
- Additional References
- Feature History for Policy-Based Routing
Configuring Policy-Based Routing
This chapter describes how to configure policy based routing on the Cisco NX-OS device.
This chapter includes the following sections:
- Information About Policy-Based Routing
- Licensing Requirements for Policy-Based Routing
- Prerequisites for Policy-Based Routing
- Guidelines and Limitations for Policy-Based Routing
- Default Settings
- Configuring Policy-Based Routing
- Verifying the Policy-Based Routing Configuration
- Displaying Policy-Based Routing Statistics
- Clearing Policy-Based Routing Statistics
- Configuration Examples for Policy Based-Routing
- Related Topics
- Additional References
- Feature History for Policy-Based Routing
Information About Policy-Based Routing
Policy-based routing allows you to configure a defined policy for IPv4 traffic flows, lessening reliance on routes derived from routing protocols. All packets received on an interface with policy-based routing enabled are passed through enhanced packet filters or route maps. The route maps dictate the policy, determining where to forward packets.
Route maps are composed of match and set statements that you can mark as permit or deny. You can interpret the statements as follows:
-
If the packets match any route map statements, all the set statements are applied. One of these actions involves choosing the next-hop.
-
If the statement is marked as permit and the packets do not match any route-map statements, the packets are sent back through the normal forwarding channels and destination-based routing is performed.
For more information, see the Route Maps section.
Policy-based routing includes the following features:
-
Source-based routing—Routes traffic that originates from different sets of users through different connections across the policy routers.
-
Load sharing—Distributes traffic among multiple paths based on the traffic characteristics.
Policy Route Maps
Route-Maps are used to filter routes that are distributed across various routing protocols and between different entities in a given routing protocol. Each entry in a route map contains a combination of match and set statements. The match statements define the criteria for whether appropriate packets meet the particular policy (that is, the conditions to be met). The set clauses explain how the packets should be routed once they have met the match criteria.
You can mark the route-map statements as permit or deny. If the statement is marked as a deny, the packets that meet the match criteria are sent back through the normal forwarding channels (destination-based routing is performed). If the statement is marked as permit and the packets meet the match criteria, all the set clauses are applied. If the statement is marked as permit and the packets do not meet the match criteria, those packets are also forwarded through the normal routing channel.
 Note | Policy routing is specified on the interface that receives the packets, not on the interface from which the packets are sent. |
Set Criteria for Policy-Based Routing
The set criteria in a route map is evaluated in the order listed in the route map. Set criteria specific to route maps used for policy-based routing are as follows:
-
List of specified IP addresses—The IP address can specify the adjacent next-hop router in the path toward the destination to which the packets should be forwarded. The first IP address associated with a currently up connected interface is used to route the packets.
Note
You can optionally configure the set criteria for next-hop addresses to load balance traffic across up to 16 IP addresses. In this case, Cisco NX-OS sends all traffic for each IP flow to a particular IP next-hop address.
-
NULL interface—Traffic that matches the match statement is dropped if you use the set null interface.
If the packets do not meet any of the defined match criteria, those packets are routed through the normal destination-based routing process
Licensing Requirements for Policy-Based Routing
The following table shows the licensing requirements for this feature:
|
Product |
License Requirement |
|---|---|
|
Cisco NX-OS |
Policy-based routing requires an Enterprise Services license. For a complete explanation of the Cisco NX-OS licensing scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide. |
Prerequisites for Policy-Based Routing
Policy-based routing has the following prerequisites:
-
Install the correct license.
-
You must enable policy-based routing (see the Enabling the Policy-Based Routing Feature section).
-
Assign an IP address on the interface and bring the interface up before you apply a route map on the interface for policy-based routing.
Guidelines and Limitations for Policy-Based Routing
Policy-based routing has the following configuration guidelines and limitations:
-
A match command cannot refer to more than one ACL in a route map used for policy-based routing.
-
An ACL used in a policy-based routing route map cannot include a deny statement.
-
The same route map can be shared among different interfaces for policy-based routing as long as the interfaces belong to the same virtual routing and forwarding (VRF) instance.
Default Settings
Table below lists the default settings for policy-based routing parameters.
|
Parameters |
Default |
|---|---|
|
Policy-based routing |
Disabled |
Configuring Policy-Based Routing
Note | If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use. |
Enabling the Policy-Based Routing Feature
You must enable the policy-based routing feature before you can configure a route policy.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | configure terminal Example: switch# configure terminal switch(config)# |
Enters global configuration mode. |
| Step 2 | feature pbr Example: switch(config)# feature pbr |
Enables the policy-based routing feature. |
| Step 3 | show feature Example: switch(config)# show feature | (Optional)
Displays enabled and disabled features. |
| Step 4 | copy running-config startup-config Example: switch(config)# copy running-config startup-config | (Optional)
Saves this configuration change. |
Use the no feature pbr command to disable the policy-based routing feature and remove all associated configuration.
|
Command |
Purpose |
|---|---|
|
no feature pbr
Example: switch(config)# no feature pbr |
Disables policy-based routing and removes all associated configuration. |
Configuring a Route Policy
You can use route maps in policy-based routing to assign routing policies to the inbound interface. See the Configuring Route Maps section.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 | configure terminal Example: switch# configure terminal switch(config)# |
Enters global configuration mode. |
| Step 2 | interface
type slot/port Example: switch(config)# interface ethernet 1/2 switch(config-if)# |
Enters interface configuration mode. |
| Step 3 | ip policy route-map
map-name Example: switch(config-if)# ip policy route-map Testmap |
Assigns a route map for IPv4 policy-based routing to the interface. |
| Step 4 | exit Example: switch(config-route-map)# exit | (Optional)
Exits route-map configuration mode. |
| Step 5 | exit Example: switch(config)# exit | (Optional)
Exits global configuration mode. |
| Step 6 | copy running-config startup-config Example: switch(config)# copy running-config startup-config | (Optional)
Saves this configuration change. |
This example shows how to add a route map to an interface:
switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip policy route-map Testmap switch(config)# exit switch(config)# copy running-config startup-config
You can configure the following optional match parameters for route maps in route-map configuration mode:
|
Command |
Purpose |
|---|---|
|
match ip address access-list-name name [ name... ]
Example: switch(config-route-map)# match ip address access-list-name ACL1 |
Matches an IPv4 address against one or more IP access control lists (ACLs). This command is used for policy-based routing and is ignored by route filtering or redistribution. |
You can configure the following optional set parameters for route maps in route-map configuration mode:
|
Command |
Purpose |
|---|---|
|
set ip next-hop address1 [address2... ] { load-share }
Example: switch(config-route-map)# set ip next-hop 192.0.2.1 |
Sets the IPv4 next-hop address for policy-based routing. This command uses the first valid next-hop address if multiple addresses are configured. Use the optional load-share keyword to load balance traffic across a maximum of 16 next-hop addresses. |
|
set ip default next-hop address1 [ address2... ] { load-share }
Example: switch(config-route-map)# set ip default next-hop 192.0.2.2 |
Sets the IPv4 next-hop address for policy-based routing when there is no explicit route to a destination. This command uses the first valid next-hop address if multiple addresses are configured. Use the optional load-share keyword to load balance traffic across a maximum of 16 next-hop addresses. |
Cisco NX-OS routes the packet as soon as it finds a next-hop and an interface.
Verifying the Policy-Based Routing Configuration
To display policy-based routing configuration information, perform one of the following tasks:
|
Command |
Purpose |
|---|---|
| show ip policy [name] |
Displays information about an IPv4 policy. |
| show route-map [name] pbr-statistics |
Displays policy statistics. |
Use the route-map map-name pbr-statistics to enable policy statistics. Use the clear route-map map-name pbr-statistics to clear these policy statistics.
Displaying Policy-Based Routing Statistics
Use the show route-map rmap-name pbr-statistics command to display the statistics for policy-based routing. The statistics are maintained for each route-map sequence. It shows the number of packets that are policy-routed based on the match condition in a given route-map sequence. All other packets that are routed using the default routing table (could be due to unreachable next-hops in the set command) are also displayed. The PBR statistics collection must be turned on before any statistics can be shown.
This example shows how to display PBR statistics:
switch(config)# show route-map pbr-sample pbr-statistics
Clearing Policy-Based Routing Statistics
Use the clear route-map rmap-name pbr-statistics command to clear the counters maintained for PBR statistics of a route-map.
This example shows how to clear PBR statistics:
switch(config)# clear route-map pbr-sample pbr-statistics
Configuration Examples for Policy Based-Routing
This example shows how to configure a simple route policy on an interface:
feature pbr ip access-list pbr-sample permit tcp host 10.1.1.1 host 192.168.2.1 eq 80 ! route-map pbr-sample match ip address pbr-sample set ip next-hop 192.168.1.1 ! route-map pbr-sample pbr-statistics interface ethernet 1/2 ip policy route-map pbr-sample
The following output verifies this configuration:
n3000# show route-map pbr-sample route-map pbr-sample, permit, sequence 10 Match clauses: ip address (access-lists): pbr-sample Set clauses: ip next-hop 192.168.1.1 n3000# show route-map pbr-sample pbr-statistics route-map pbr-sample, permit, sequence 10 Policy routing matches: 84 packets
Related Topics
The following topics can give more information on Policy Based Routing:
Additional References
For additional information related to implementing IP, see the following sections:
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
Policy-based routing CLI commands |
Cisco Nexus 3000 Series NX-OS Unicast Routing Command Reference |
Standards
|
Standards |
Title |
|---|---|
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
— |
Feature History for Policy-Based Routing
Table below lists the release history for this feature.
|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
Policy-based routing |
6.0(2)A7(1) |
This feature was introduced. |
Feedback