The PBR is achieved depending on the packet filtering by the ACL rule. The ACL rule first filters the qualified packets and then forward the packets to the next hop by executing the PBR.
Configuration Condition
Before configuring the PBR function, first complete the following task:
- Configure the ACL and the ACL rule.
Configure Next Hop IP Address for Forwarding Packet
Configure the next hop IP address for the forwarding the packet to specify the destination IP address of the PBR.
Up to 6 next hop IP addresses can be specified for forwarding the packet. If the user configures multiple next hop IP addresses simultaneously and multiple next hop IP addresses are reachable, then the packet will choose the next hop IP address for forwarding using the load balancing mode.
Table 14-2 Configure the next hop IP address for forwarding the packet
Step
|
Command
|
Description
|
Enter the global configuration mode
|
configure terminal
|
-
|
Enter the PBR action group configuration mode
|
pbr-action-group pbr-action-group-name
|
-
|
Configure the next hop IP address for forwarding the packet
|
redirect ipv4-nexthop ip-address [ip-address] [ip-address ] [ip-address ] [ip-address ] [ip-address ] [vrf vrf-name]
|
Mandatory
By default, the next hop IP address for forwarding the packet is not configured.
|
-
If all the configured next hop IP addresses are unreachable, then the PBR function will not take effect.
- The next hop IP address cannot be configured as the local IP address, multicast IP address, and broadcast IP address.
Configure Standby Next Hop IP Address for Forwarding Packet
Configure the standby next hop IP address for the forwarding the packet to specify the destination IP address of the PBR.
When the active next hop is not reachable, if the standby next hop IP address is reachable, the packet will be forwarded to the standby next hop IP address. If the active next hop is reachable, the packet will continue to be forwarded to the active next hop IP address.
Table 14-3 Configure the standby next hop IP address for forwarding the packet
Step
|
Command
|
Description
|
Enter the global configuration mode
|
configure terminal
|
-
|
Enter the PBR action group configuration mode
|
pbr-action-group pbr-action-group-name
|
-
|
Configure the standby next hop IP address for forwarding the packet
|
redirect ipv4-nexthop backup ip-address [vrf vrf-name]
|
Mandatory
By default, the standby next hop IP address for forwarding the packet is not configured.
|
-
If all the configured standby next hop IP addresses are unreachable, then the PBR function will not take effect.
- The next hop IP address cannot be configured as the multicast IP address and broadcast IP address.
Configure the Next-hop IPv6 Address of Packet Forwarding
Configure the next-hop IPv6 address of the packet forwarding, so as to specify the destination address of the policy route.
You can specify six next-hop IPv6 addresses of the packet forwarding at most. If the user configures multiple next-hop IPv6 addresses at the same time, and there are multiple next-hop IPv6 addresses reachable, the packet adopts the load balancing mode to specify the next-hop IPv6 address for forwarding.
Table 14-4 Configure the next-hop IPv6 address of the packet forwarding
Step
|
Command
|
Description
|
Enter the global configuration mode
|
configure terminal
|
-
|
Enter the PBR action group configuration mode
|
pbr-action-group pbr-action-group-name
|
-
|
Configure the next-hop IPv6 address of the packet forwarding
|
redirect ipv6-nexthop ipv6-address [ipv6-address] [ipv6-address ] [ipv6-address ] [ipv6-address ] [ipv6-address ] [vrf vrf-name]
|
Mandatory
By default, do not configure the next-hop IPv6 address of the packet forwarding.
|
-
If the configured next-hop IPv6 addresses are unreachable, then the PBR function will not take effect.
- The next-hop IP address cannot be configured as the local IPv6 address, multicast address, or broadcast address.
Configure Standby Next Hop IPv6 Address for Forwarding Packet
Configure the standby next hop IPv6 address for the forwarding the packet to specify the destination IP address of the PBR.
When the active next hop is not reachable, if the standby next hop IPv6 address is reachable, the packet will be forwarded to the standby next hop IPv6 address. If the active next hop is reachable, the packet will continue to be forwarded to the active next hop IPv6 address.
Table 14-5 Configure the standby next hop IPv6 address for forwarding the packet
Step
|
Command
|
Description
|
Enter the global configuration mode
|
configure terminal
|
-
|
Enter the PBR action group configuration mode
|
pbr-action-group pbr-action-group-name
|
-
|
Configure the standby next hop IPv6 address for forwarding the packet
|
redirect ipv6-nexthop backup ipv6-address [vrf vrf-name]
|
Mandatory
By default, the standby next hop IPv6 address for forwarding the packet is not configured.
|
-
If the configured standby next hop IPv6 addresses are unreachable, then the PBR function will not take effect.
- The next hop IPv6 address cannot be configured as the multicast IP address and broadcast IP address.
Configure PBR Action Group to Bind with ACL
Configure the PBR action group to bind with the ACL to achieve all rules in the ACL to associate with the PBR execution actions.
After the PBR action group is bound to the ACL, all rules in the ACL will establish the association with the PBR execution actions. If the packet received by the interface matches the ACL rule, then the packet will be forwarded to the next hop.
Table 14-6 Configure the PBR action group to bind with the ACL
Step
|
Command
|
Description
|
Enter the global configuration mode
|
configure terminal
|
-
|
Configure the PBR action group to bind with the ACL
|
ip pbr-action-group pbr-action-group-name access-list { access-list-number | access-list-name }
|
Optional
By default, the PBR action group is not bound with the IP ACL.
The PBR action group supports the IP ACL binding. The IP ACL contains the IP standard ACL and IP extended ACL.
|
|
ipv6 pbr-action-group pbr-action-group-name access-list { access-list-number | access-list-name }
|
Optional
By default, do not bind PBR action group with the IPv6 ACL.
The PBR action group supports IPv6 ACL binding. IPv6 ACL contains IPv6 standard ACL and IPv6 extended ACL.
|
-
Only when the configured next hop IP address is reachable, the PBR can take effect.
- The PBR can take effect only for the rules allowed in the ACL.
Configure PBR Action Group to Bind ACL Rule
Configure the PBR action group to bind with the ACL rule to achieve the ACL rule to associate with the PBR execution actions.
After the PBR action group is bound to the ACL rule, the ACL rule will establish the association with the PBR execution actions. If the packet received by the interface matches the ACL rule, then the packet will be forwarded to the next hop specified by the action group.
Table 14-7Configure the PBR action group to bind with the ACL rule
Step
|
Command
|
Description
|
Enter the global configuration mode
|
configure terminal
|
-
|
Configure the PBR action group to bind with the ACL rule
|
Refer to the section "Configure IP standard ACL".
Refer to the section "Configure IP extended ACL".
Refer to “Configure IPv6 Standard ACL”.
Refer to “Configure IPv6 Extended ACL”.
|
In the permit rules of the IP standard ACL and extended ACL, the PBR action group must be specified to take the PBR into effect.
When configuring the permit rules of the IPv6 standard ACL and extended ACL, the PBR action group must be specified to take the PBR into effect.
|
-
Only when the configured next hop IP address is reachable, the PBR can take effect.
- The PBR can take effect only for the rules allowed in the ACL.