Support for Policy-based Routing


Policy-based Routing (PBR) enables flexible packet forwarding and routing through user defined policies. Unlike traditional routing based on destination IP address only, PBR allows you to define routes based on other parameters such as source and destination IP addresses, protocol, or source and destination port numbers.


Policy-based routes can match packets based on the following criteria:


  • All Layer 4 and Layer 3 fields similar to those in vFlow configurations.
  • Policy based routes are higher priority than static and dynamic routes.
  • If no match or next-hop is not resolved, then traffic is dropped until the next-hop is resolved.


You configure PBR using vFlow commands. Internally, policy routing of the packets uses a vFlow entry. PBR vFlow entries are created in a new vFlow table, System-L3-L4-PBR.


To enable PBR, use the following command:


CLI (network-admin@Leaf1) > system-settings-modify policy-based-routing

 

To disable PBR, use the following command:


CLI (network-admin@Leaf1) > system-settings-modify no-policy-based-routing

 

To display the vFlow table, use the following command:


CLI (network-admin@Leaf1) > vflow-table-show


switch      name                 flow-max   flow-used flow-tbs-slices capability     flow-profile

-------- --------------------  --------   --------- --------------- -------------  ----------------

Spine1   System-L3-L4-PBR-1-0                                       set-metadata  system=>PBR Table

 


Now you configure a vFlow for the routing policy, using the following syntax:

CLI (network-admin@Leaf1) > vflow-create name name-string vrouter-name name-string scope local next-hop-ip gateway-ip-address table-name System-L3-L4-PBR-1-0

 

You can only specify the scope as local.