Policy-based routing

Policy-based routing (for IPv4 and IPv6) is a way to forward packets based on multiple criteria, not only the IP destination.

For that a set of policy routing rules is created. Each policy routing rule consists of a match (source address, input interface, protocol …) and an action predicate (lookup in a specific table, nat …). The rules are scanned in order of decreasing precedence. As soon as the packet matches a rule its action is performed.

Only a subset of policy-based routing options are provided. These options are:

  • key:

    • priority of the rule (high number means lower priority)

  • match:

    • source: source address or prefix

    • destination: destination address or prefix

    • mark: filter for the packet firewall mark

    • inbound-interface: input interface

    • not: flag that inverts the match result

  • action:

    • lookup: longest prefix match lookup in a routing table

To add a policy-based routing rule, do:

vrouter running config# vrf main
vrouter running vrf main# routing policy-based-routing
vrouter running policy-based-routing# ipv4-rule 5 match source 192.15.24.0/24 action lookup 12
vrouter running policy-based-routing# ipv4-rule 6 not match destination 192.168.0.0/16 action lookup 14
vrouter running static# commit
Configuration applied.

To display the policy-based routing state:

vrouter running config# show state vrf main routing policy-based-routing
policy-based-routing
    ipv4-rule 0 action lookup local
    ipv4-rule 5 match source 192.15.24.0/24 action lookup 12
    ipv4-rule 6 not match destination 192.168.0.0/16 action lookup 14
    ipv4-rule 32766 action lookup main
    ipv4-rule 32767 action lookup default
    ipv6-rule 0 action lookup local
    ipv6-rule 32766 action lookup main
    ..

The same configuration can be made using this NETCONF XML configuration:

vrouter running config# show config xml absolute vrf main routing policy-based-routing
<config xmlns="urn:6wind:vrouter">
  <vrf>
    <name>main</name>
    <routing xmlns="urn:6wind:vrouter/routing">
      <policy-based-routing xmlns="urn:6wind:vrouter/pbr">
        <ipv4-rule>
          <priority>5</priority>
          <match>
            <source>192.15.24.0/24</source>
          </match>
          <action>
            <lookup>12</lookup>
          </action>
        </ipv4-rule>
        <ipv4-rule>
          <priority>6</priority>
          <not>
            <match>
              <destination>192.168.0.0/16</destination>
            </match>
          </not>
          <action>
            <lookup>14</lookup>
          </action>
        </ipv4-rule>
      </policy-based-routing>
      <static/>
    </routing>
    <interface xmlns="urn:6wind:vrouter/interface"/>
  </vrf>
</config>
Example

The following configuration allows to forward packets to subnet 192.165.1.0/24 through different interfaces. Packets from subnet 192.168.1.0/24 are forwarded through eth0, other packets through eth1.

vrouter running config# vrf main
vrouter running vrf main# interface physical eth0
vrouter running physical eth0#! port pci-b0s8
vrouter running physical eth0# ipv4 address 10.125.0.2/24
vrouter running physical eth0# .. ..
vrouter running vrf main# interface physical eth1
vrouter running physical eth1#! port pci-b0s7
vrouter running physical eth1# ipv4 address 10.175.0.2/24
vrouter running physical eth1# .. ..
eth0 and eth1 physical interfaces are now configured
vrouter running vrf main# routing static
vrouter running static# ipv4-route 192.165.1.0/24 next-hop 10.175.0.2
vrouter running static# ipv4-route 192.165.1.0/24 next-hop 10.125.0.2 table 100
2 rules to forward packets to 192.165.1.0/24 are created, the first one in
the main route table via eth1, the second one in the table 100 via eth0
vrouter running vrf main# routing policy-based-routing
vrouter running policy-based-routing# ipv4-rule 5 match source 192.168.1.0/24 action lookup 100
A policy-based routing rule is added to indicate that packets from
192.168.1.0/24 must apply routes defined in table 100 (if no route is found
the routes defined in the main table will be applied)
vrouter running static# commit
Configuration applied.

See also

The command reference for details.