Policy-based routing¶
Policy-based routing (for IPv4 and IPv6) is a way to forward packets based on multiple criteria, not only the IP destination.
For that a set of policy routing rules is created. Each policy routing rule consists of a match (source address, input interface, protocol …) and an action predicate (lookup in a specific table, nat …). The rules are scanned in order of decreasing precedence. As soon as the packet matches a rule its action is performed.
Only a subset of policy-based routing options are provided. These options are:
key:
priority of the rule (high number means lower priority)
match:
source: source address or prefixdestination: destination address or prefixmark: filter for the packet firewall markinbound-interface: input interfacenot: flag that inverts the match result
action:
lookup: longest prefix match lookup in a routing table
To add a policy-based routing rule, do:
vrouter running config# vrf main
vrouter running vrf main# routing policy-based-routing
vrouter running policy-based-routing# ipv4-rule 5 match source 192.15.24.0/24 action lookup 12
vrouter running policy-based-routing# ipv4-rule 6 not match destination 192.168.0.0/16 action lookup 14
vrouter running static# commit
Configuration applied.
To display the policy-based routing state:
vrouter running config# show state vrf main routing policy-based-routing
policy-based-routing
ipv4-rule 0 action lookup local
ipv4-rule 5 match source 192.15.24.0/24 action lookup 12
ipv4-rule 6 not match destination 192.168.0.0/16 action lookup 14
ipv4-rule 32766 action lookup main
ipv4-rule 32767 action lookup default
ipv6-rule 0 action lookup local
ipv6-rule 32766 action lookup main
..
The same configuration can be made using this NETCONF XML configuration:
vrouter running config# show config xml absolute vrf main routing policy-based-routing
<config xmlns="urn:6wind:vrouter">
<vrf>
<name>main</name>
<routing xmlns="urn:6wind:vrouter/routing">
<policy-based-routing xmlns="urn:6wind:vrouter/pbr">
<ipv4-rule>
<priority>5</priority>
<match>
<source>192.15.24.0/24</source>
</match>
<action>
<lookup>12</lookup>
</action>
</ipv4-rule>
<ipv4-rule>
<priority>6</priority>
<not>
<match>
<destination>192.168.0.0/16</destination>
</match>
</not>
<action>
<lookup>14</lookup>
</action>
</ipv4-rule>
</policy-based-routing>
<static/>
</routing>
<interface xmlns="urn:6wind:vrouter/interface"/>
</vrf>
</config>
- Example
The following configuration allows to forward packets to subnet 192.165.1.0/24 through different interfaces. Packets from subnet 192.168.1.0/24 are forwarded through eth0, other packets through eth1.
vrouter running config# vrf main
vrouter running vrf main# interface physical eth0
vrouter running physical eth0#! port pci-b0s8
vrouter running physical eth0# ipv4 address 10.125.0.2/24
vrouter running physical eth0# .. ..
vrouter running vrf main# interface physical eth1
vrouter running physical eth1#! port pci-b0s7
vrouter running physical eth1# ipv4 address 10.175.0.2/24
vrouter running physical eth1# .. ..
eth0 and eth1 physical interfaces are now configured
vrouter running vrf main# routing static
vrouter running static# ipv4-route 192.165.1.0/24 next-hop 10.175.0.2
vrouter running static# ipv4-route 192.165.1.0/24 next-hop 10.125.0.2 table 100
2 rules to forward packets to 192.165.1.0/24 are created, the first one in
the main route table via eth1, the second one in the table 100 via eth0
vrouter running vrf main# routing policy-based-routing
vrouter running policy-based-routing# ipv4-rule 5 match source 192.168.1.0/24 action lookup 100
A policy-based routing rule is added to indicate that packets from
192.168.1.0/24 must apply routes defined in table 100 (if no route is found
the routes defined in the main table will be applied)
vrouter running static# commit
Configuration applied.
See also
The command reference for details.