PBR enables you to manipulate a packet's path based on attributes of the packet. Traffic with the same destination can be routed over different paths, so that different types of traffic, such as VOIP or traffic with special security requirements, can be better managed.
|
|
|
![[NOTE: ]](images/note.gif) |
NOTE: Policy Based Routing (PBR) is available on the 3800 Series switch and the 5400/8200 series switch which all have v2 or higher modules. Any v1 modules will prevent PBR from functioning. PBR is not available on the 3500, 3500yl, 6200yl, nor 6600 Series switches. |
|
|
The supported actions for PBR are:
-
Setting the next hop for routing the packet (
[ipv4 | ipv6] next-hop [).ip-addr] -
Setting the next hop for routing the packet if there is no explicit route for this destination (
[ipv4 | ipv6] ip default-next-hop [).ip-addr] -
Setting the outbound tunnel interface for the packet (
interface tunnel [). See the IPv6 Configuration Guide for your switch.tunnel-ID] -
Setting
interface null, which specifies that the packets are dropped if no other actions have occurred.
Operating notes for PBR
-
Multiple actions can be configured for a class, up to 8 actions per class.
-
If you configure an action of interface null, no more actions for that class may be configured.
-
Only one of the 8 possible actions can be active at one time.
-
The precedence of actions is indicated by the order in which they are added to the policy.
-
Actions can only be added to a class, and they are added to the end of the action list for the class.
-
To remove actions from a class, the entire class must be removed from the policy.
-
When an action becomes inactive, for example, if the configured address becomes unreachable (for
next-hopanddefault-next-hop)or the interface goes down (for a tunnel), the policy is configured with the next action for that class, if possible. If that action is not active, the next action is tried, and so on, until an interface null or the end of the list of configured actions is encountered. If the end of the list is reached, the policy action for that class behaves as if no PBR policy is applied. -
The maximum combined number of unique IP next-hops and default-next-hops supported is 256.
TCP and UDP traffic routing
The following example shows TCP and UDP traffic routed on different network paths. First, the traffic classes are created, then the PBR policy is created, and lastly the PBR policy is applied to an interface.
HP Switch(config)#: class ipv4 TCP HP Switch(config-class)#: match tcp 10.0.8.1/24 15.29.16.104/24 eq 80 HP Switch(config-class)#: match tcp 10.0.8.1/24 15.29.16.104/24 eq 22 HP Switch(config-class)#: match tcp 10.0.8.1/24 15.29.16.104/24 eq 23 HP Switch(config-class)#: exit HP Switch(config)#: class ipv4 UDP HP Switch(config-class)#: match udp 10.0.8.1/24 15.29.16.104/24 eq 80 HP Switch(config-class)#: match udp 10.0.8.1/24 15.29.16.104/24 eq 22 HP Switch(config-class)#: match upd 10.0.8.1/24 15.29.16.104/24 eq 23 HP Switch(config-class)#: exit HP Switch(config)#: class ipv6 TCP HP Switch(config-class)#: match tcp 2001::1/64 3001::1/64 eq 80 HP Switch(config-class)#: match tcp 2001::1/64 3001::1/64 eq 22 HP Switch(config-class)#: match tcp 2001::1/64 3001::1/64 eq 23 HP Switch(config-class)#: exit HP Switch(config)#: class ipv6 UDP HP Switch(config-class)#: match udp 2001::1/64 3001::1/64 eq 80 HP Switch(config-class)#: match udp 2001::1/64 3001::1/64 eq 22 HP Switch(config-class)#: match udp 2001::1/64 3001::1/64 eq 23 HP Switch(config-class)#: exit HP Switch(config)#: policy pbr TCP_UDP HP Switch(policy-pbr)#: class ipv4 TCP HP Switch(policy-pbr-class)#: action ip next-hop 20.0.0.1 HP Switch(policy-pbr-class)#: action interface null HP Switch(policy-pbr-class)#: exit HP Switch(policy-pbr)#: class ipv4 UDP HP Switch(policy-pbr-class)#: action ip default-next-hop 30.0.0.1 HP Switch(policy-pbr-class)#: action interface tunnel 3 HP Switch(policy-pbr-class)#: exit HP Switch(policy-pbr)#: class ipv6 TCP HP Switch(policy-pbr-class)#: action ip next-hop 20.0.0.1 HP Switch(policy-pbr-class)#: exit HP Switch(policy-pbr)#: class ipv6 UDP HP Switch(policy-pbr-class)#: action ip next-hop 30.0.0.1 HP Switch(policy-pbr-class)#: exit HP Switch(policy-pbr)#: exit HP Switch(config)#: vlan 10 HP Switch(vlan-10)#: service-policy TCP_UDP in
Use the show statistics policy command to display information about which PBR action for an applied policy is active. Hit counts for each entry in the class and policy with the active action are displayed.
HP Switch(vlan-111)#: show statistics policy TCP_UDP vlan 111 in HitCounts for Policy TCP_UDP Total 100 class ipv4 TCP action ( 5 ) 10 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 80 ( 2 ) 20 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 22 ( 2 ) 30 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 23 110 class ipv4 voice action ( 4 ) 10 match tcp 10.0.8.1 0.0.0.255 15.29.16.104 0.0.0.255 eq 80
To enable debug logging for PBR, enter the debug ip pbr command. A message will be logged when a PBR policy is applied, when the action in a class becomes inactive, and when an action in a class becomes active. See the Management and Configuration Guide for your switch.
|
|
|
|
|
NOTE: Policy Based Routing (PBR) is available on the 3800 Series switch and the 5400/8200 series switch which all have v2 or higher modules. Any v1 modules will prevent PBR from functioning. PBR is not available on the 3500, 3500yl, 6200yl, nor 6600 Series switches. |
|
|