Configuring Layer 3 Features > Layer 3 Table Validation > Support for Policy-based Routing
Was this helpful?
Support for Policy-based Routing
Policy-based Routing (PBR) enables flexible packet forwarding and routing through user defined policies. Unlike traditional routing based on destination IP address only, PBR allows you to define routes based on other parameters such as source and destination IP addresses, protocol, or souce and destination port numbers.
Policy-based routes can match packets based on the following criteria:
All Layer 4 and Layer 3 fields similar to those in vFlow configurations.
Policy based routes are higher priority than static and dynamic routes.
If PBR vflow matched and next-hop is not resolved, then traffic is dropped until the next-hop is resolved.
To enable PBR, use the following command:
CLI network-admin@Leaf1 > system-settings-modify policy-based-routing
Note: nvOSd must be restarted for this setting to take effect
 
To disable PBR, use the following command:
CLI network-admin@Leaf1 > system-settings-modify no-policy-based-routing
Note: nvOSd must be restarted for this setting to take effect
 
You configure PBR using vFlow commands. Internally, policy routing of the packets uses a vFlow entry. Netvisor ONE creates PBR vFlow entries in a new vFlow table, System-L3-L4-PBR.
To configure PBR, use the following vFlow commands:
Use the following command to configure the PBR,
CLI network-admin@switch > vflow-create name <name-string> vrouter-name <vr-name> scope local [<match qualifiers>] action to-next-hop-ip action-to-next-hop-ip-value <ip-address> table-name System-L3-L4-PBR-1-0
 
Informational Note: You can only specify the scope as local.
Use the following command to modify the PBR,
CLI network-admin@switch > vflow-modify name <name-string> vrouter-name <vr-name> [<match qualifiers>] action to-next-hop-ip action-to-next-hop-ip-value <ip-address>
Use the following command to delete the PBR,
CLI network-admin@switch > vflow-delete name <string>
Use the following command to view the output,
CLI network-admin@switch > vflow-show
Below is an example on how to configure a sample PBR:
CLI network-admin@switch > vflow-create name test_pbr scope local in-port 10 src-ip 192.168.1.1 src-ip-mask 255.255.255.0 vrouter-name vr1 action to-next-hop-ip action-to-next-hop-ip-value 192.168.10.10
To view the configured PBR, use the command:
CLI network-admin@switch > vflow-show
switch: spine1
name: test_pbr
scope: local
type: pbr
in-port: 10
src-ip: 192.168.1.1/255.255.255.0
burst-size: auto
vrouter-name: vr1
precedence: default
action: to-next-hop-ip
action-to-next-hop-ip-value: 192.168.10.10
enable: enable
table-name: System-L3-L4-PBR-1-0
 
To modify this vflow, vrouter name and action to-next-hop-ip are required to identify it is a PBR vflow that is getting modified. For example,
CLI network-admin@switch > vflow-modify name test_pbr in-port 20 vrouter-name vr1 action to-next-hop-ip action-to-next-hop-ip-value 192.168.10.10
To display the vFlow table, use the following command:
CLI network-admin@Leaf1 > vflow-table-show
name scope src-ip vrouter-name action action-to-next-hop-ip-value
----- ------- ------------ -------------- ---- ----------------
test_pbr local 10.10.10.1/24 vr1 to-next-hop-ip 30.30.30.1
 
CLI network-admin@switch > vflow-show name pbr_test
name scope type src-ip burst-size vrouter-name precedence action action-to-next-hop-ip-value enable table-name
-------- ----- ---- ---------------------- ------- ------------ ---------- ------------ --------------------------- ------ --------------------
 
pbr_test local pbr 10.10.10.1/255.255.255.0 auto vr1 default to-next-hop-ip 30.30.30.1 enable System-L3-L4-PBR-1-0