Manualshelf

F3215-HP Load Balancing Module Network Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
321322323324325326327328329330
311
Configuring policy-based routing
Overview
Different from destination-based routing, policy-based routing (PBR) uses user-defined policies to route
packets based on the source address, packet length, and other criteria. A policy can specify the output
interface, next hop, default output interface, default next hop, and other parameters for packets that
match specific criteria such as ACLs or have specific lengths.
A device uses PBR to forward matching packets and uses the routing table to forward other packets. If
PBR is not configured, a device uses the routing table to forward packets.
PBR falls into local PBR and interface PBR.
Local PBR guides the forwarding of locally generated packets, such as the ICMP packets generated
by using the ping command.
Interface PBR guides the forwarding of packets received on an interface only.
Policy
A policy comprises match criteria and actions to be taken on the matching packets. A policy can
comprise one or multiple nodes. The following describes information about nodes:
Each node is identified by a node number. A smaller node number has a higher priority.
A node comprises if-match and apply clauses. An if-match clause specifies a match criterion, and
an apply clause specifies an action.
A node has a match mode of permit or deny.
A policy matches nodes in priority order against packets. If a packet satisfies the match criteria on a node,
it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the packet
does not match the criteria on any node, it is forwarded according to the routing table.
if-match clause
PBR supports the following types of if-match clauses:
if-match acl—Sets an ACL match criteria.
if-match packet-length—Sets a packet length match criterion.
if-match reverse-input-interface—Sets a reverse input interface match criterion. A response packet
matches the criterion if the specified reverse input interface is the interface that received the
corresponding request packet.
You can specify multiple if-match clauses for a node, but only one if-match clause can be specified for
each type at most. To match a node, a packet must satisfy all the if-match clauses of the node.
apply clause
PBR supports the following types of apply clauses, as shown in Table 28. You can specify multiple apply
clauses for a node, but some of them might not be executed.