IP Routing Protocols

2.When a policy entry is found for a packet, the table search ends and the packet is processed according to that entry.

3.Each entry has a group of match and set clauses. All match clauses must match in order to process the packet according to the entry. When a match is found, one of the set clauses is used to process the packet. Set clauses are listed according to the order you configure them but when one clause specifies an invalid next hop or interface, the next clause is searched.

Match Clauses

Packet flows are identified by use of Access Control Lists (ACL). ACLs specify traffic to be routed according to a particular end system, higher protocol layer (UDP or TCP), or a port number within the specified protocol. The XSR associates ACLs with PBR by the match ip-address <acl> command. Multiple clauses can be configured for each policy entry.

Set Clauses

The XSR provides two ways for the policy to specify the forwarding path in the set statement:

through the next-hoprouter with the set ip next-hopcommand

through the outgoing interface with the set interface command Forwarding behavior is governed by the following considerations:

The next-hop router can be configured only if it belongs to an XSR-connected network.

Traffic over Serial sub-interfaces can be forwarded only to the next-hop router.

The outgoing interface need not be enabled when the entry is configured but will be disregarded when a packet is processed if still in down state.

If a match is found but no set clause is available to forward the packet, the packet is discarded.

PBR Cache

Since ACL matching is too resource-intensive to perform for all packets, the short-cut cache is created based on a packet’s contents. Each entry in the PBR cache contains a packet’s source and destination IP address, and IP protocol number. Also a port number is kept if the IP protocol is TCP/UDP, and an ICMP code number kept for ICMP.

Data on how to forward the packet is also saved in the cache. When a packet enters the XSR, the router first searches the cache for any match on the packet. If a match is made, the packet is forwarded according to the forwarding data. If no match is found, the policy table is searched and a cache built up when forwarding information becomes available. You can view real-time PBR cache data with the show ip pbr-cachecommand.

When a newly created cache entry is not accessed within two to four minutes, that cache is deleted and if the next packet arrives with no cache entry matched, a new cache will be created.

For more information, refer to “Configuring Policy Based Routing Example” on page 5-44.

XSR User’s Guide 5-23

Page 125
Image 125
Enterasys Networks X-PeditionTM manual Match Clauses, Set Clauses, PBR Cache