Brocade Communications Systems 6650 Configuration examples for PBR, Setting the next hop

124 Brocade ICX 6650 Security Configuration Guide

53-1002601-01

Policy Based Routing

Configuration examples for PBR

This section presents configuration examples for configuring and applying a PBR policy.

The following commands configure and apply a PBR policy that routes HTTP traffic received on

virtual routing interface 1 from the 10.10.10.x/24 network to 10.5.5.x/24 through next-hop IP

address 10.1.1.1/24 or, if 10.1 .1.x is u navaila ble, th rough 10 .2.2.1/ 24.

Syntax: [no] route-map map-name permit | deny num

Syntax: [no] set ip next hop ip-addr

This command sets the next-hop IP address for traffic that matches a match statement in the route

map.

Setting the next hop

The following commands configure the Brocade device to apply PBR to traffic from IP subnets

10.157.23.x, 10.157.24.x, and 10.157.25.x. In this example, route maps specify the next-hop

gateway for packets from each of these subnets:

•Packets from 10.157.23.x are sent to 192.168.2.1.

•Packets from 10.157.24.x are sent to 192.168.2.2.

•Packets from 10.157.25.x are sent to 192.168.2.3.

The following commands configure three standard ACLs. Each AC L contains on e of the ACLs l isted

above. Make sure you specify permit instead of deny in the ACLs, so that the Brocade device

permits the traffic that matches the ACLs to be further evaluated by the route map. If you specify

deny, the traffic that matches the deny statements are routed normally. Notice that these ACLs

specify any for the destination address.

Brocade(config)# access-list 50 permit 10.157.23.0 0.0.0.255

Brocade(config)# access-list 51 permit 10.157.24.0 0.0.0.255

Brocade(config)# access-list 52 permit 19.157.25.0 0.0.0.255

The following commands configure three entries in a route map called “test-route”. The first entry

(permit 50) matches on the IP address information in ACL 50 above. For IP traffic from subnet

10.157.23.0/24, this route map entry sets the next-hop IP address to 192.168.2.1.

Brocade(config)# access-list 101 permit tcp 10.10.10.0 0.0.0.255 eq http 10.5.5.0

0.0.0.255

Brocade(config)# route-map net10web permit 101

Brocade(config-routemap net10web)# match ip address 101

Brocade(config-routemap net10web)# set ip next-hop 10.1.1.1

Brocade(config-routemap net10web)# set ip next-hop 10.2.2.2

Brocade(config-routemap net10web)# exit

Brocade(config)# vlan 10

Brocade(config-vlan-10)# tagged ethernet 1/1/1 to 1/1/4

Brocade(config-vlan-10)# router-interface ve 1

Brocade(config)# interface ve 1

Brocade(config-vif-1)# ip policy route-map net10web