Policy-based routing configuration commands 1

apply access-vpn vpn-instance· 1

apply ip-address next-hop· 2

apply ip-precedence· 2

display ip policy-based-route· 3

display ip policy-based-route setup· 4

display ip policy-based-route statistics 5

display policy-based-route· 7

if-match acl 8

ip local policy-based-route· 8

ip policy-based-route· 9

policy-based-route· 9

reset policy-based-route statistics 10

 

 

NOTE: The switch operates in IRF or standalone (the default) mode. For information about the IRF mode, see the IRF Configuration Guide.

 

apply access-vpn vpn-instance

Syntax

apply access-vpn vpn-instance vpn-instance-name

undo apply access-vpn vpn-instance [ vpn-instance-name ]

View

PBR policy node view

Default level

2: System level

Parameters

vpn-instance-name: Specifies an MPLS L3VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters.

Description

Use the apply access-vpn vpn-instance command to set a VPN instance.

Use the undo apply access-vpn vpn-instance command to remove the specified VPN instance.

 

NOTE: ·       The specified VPN instance must exist. ·       You can set only one VPN instance for a policy node. When a packet matches the criteria, it is forwarded according to the forwarding table of the VPN instance. ·       Using the undo apply access-vpn vpn-instance command with a VPN instance specified removes the VPN instance. Using this command without any VPN instance disables packet forwarding in VPN instance.

 

Related commands: apply ip-precedence and apply ip-address next-hop.

Examples

# Set VPN instance vpn1 for forwarding packets.

<Sysname> system-view

[Sysname] policy-based-route policy1 permit node 10

[Sysname-pbr-policy1-10] apply access-vpn vpn-instance vpn1

apply ip-address next-hop

Syntax

apply ip-address next-hop [ vpn-instance vpn-instance-name ] ip-address1 [ direct ] [ track track-entry-number ] [ ip-address2 [ direct ] [ track track-entry-number ] ]

undo apply ip-address next-hop [ [ vpn-instance vpn-instance-name ] ip-address1 | ip-address2 ] *

View

PBR policy node view

Default level

2: System level

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. The specified VPN must already exist.

ip-address1: IP address of the primary next hop.

ip-address2: IP address of the backup next hop.

direct: Specifies the current next hop as valid when it is a directly connected next hop.

track track-entry-number: Specifies a track entry. The track-entry-number argument is in the range of 1 to 1024.

Description

Use the apply ip-address next-hop command to set a next hop for packets.

Use the undo apply ip-address next-hop command to remove the configuration.

You can specify up to two next hops in one policy node.

If you configure two next hops for interface PBR at the same time, only the primary next hop takes effect. The backup next hop takes effect only when the primary next hop is invalid. When neither next hop is effective, packets are forwarded according to the routing table.

If you configure two next hops for local PBR at the same time, both next hops take effect to implement load sharing.

Using the undo apply ip-address next-hop command with a next hop specified removes the next hop. Using this command without any next hop specified removes all next hops.

Examples

# Set the directly connected next hop to 1.1.1.1.

<Sysname> system-view

[Sysname] policy-based-route aa permit node 11

[Sysname-pbr-aa-11] apply ip-address next-hop 1.1.1.1 direct

apply ip-precedence

Syntax

apply ip-precedence value

undo apply ip-precedence

View

PBR policy node view

Default level

2: System level

Parameters

value: Sets the precedence for IP packets. There are eight precedence values (0 to 7). Each precedence value corresponds to a precedence type, as shown in Table 1. You can set either a precedence value or a precedence type for IP packets.

Table 1 IP precedences and the corresponding types

Precedence value	Precedence type
0	routine
1	priority
2	immediate
3	flash
4	flash-override
5	critical
6	internet
7	network

 

Description

Use the apply ip-precedence command to set a precedence for packets.

Use the undo apply ip-precedence command to remove the configuration.

Examples

# Set the precedence to 5 (critical) for packets.

<Sysname> system-view

[Sysname] policy-based-route aa permit node 11

[Sysname-pbr-aa-11] apply ip-precedence critical

display ip policy-based-route

Syntax

display ip policy-based-route [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display ip policy-based-route command to display the PBR routing information.

Examples

# Display the PBR routing information.

<Sysname> display ip policy-based-route

Policy Name             interface

pr02                    local

pr01                    Vlan-interface 1

Table 2 Output description

Field	Description
Policy Name	Policy name.
interface	PBR type: ·       local—Means Local PBR. ·       A specific interface—Means the policy has been applied to the interface to implement interface PBR. For example, Virtual-template0.

 

display ip policy-based-route setup

Syntax

Standalone mode:

display ip policy-based-route setup { policy-name | interface interface-type interface-number [ slot slot-number ] | local [ slot slot-number ] } [ | { begin | exclude | include } regular-expression ]

IRF mode:

display ip policy-based-route setup { policy-name | interface interface-type interface-number [ chassis chassis-number slot slot-number ] | local [ chassis chassis-number slot slot-number ] } [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

policy-name: Displays the PBR routing information of the specified policy. A policy name is a string of 1 to 19 characters.

interface interface-type interface-number: Displays the PBR routing information on the specified interface.

local: Displays the local PBR information.

slot slot-number: Displays the PBR routing information on a card. slot-number represents the number of the slot that holds the card.

chassis chassis-number slot slot-number: Displays the PBR routing information of a card on an IRF member device. chassis-number represents the ID of the IRF member device, and slot-number argument represents the number of the slot that holds the card.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display ip policy-based-route setup command to display the specified PBR routing information.

Examples

# Display the PBR routing information on VLAN-interface 1.

<Sysname> display ip policy-based-route setup interface Vlan-interface 1

Interface Vlan-interface 1 policy based routing configuration information:

 policy-based-route pr01 permit node 1

 if-match acl 3101

 apply ip-address next-hop 1.1.1.1

Table 3 Output description

Field	Description
Interface Vlan-interface 1 policy based routing configuration information	PBR routing information on VLAN-interface 1.
policy-based-route pr01 permit node 1	The referenced policy name is pr01, the match mode is permit, and the policy has a node 1.
if-match acl 3101	Packets satisfying ACL 3101 are matched.
apply ip-address next-hop 1.1.1.1	The matched packets are sent to next hop 1.1.1.1.

 

display ip policy-based-route statistics

Syntax

Standalone mode:

display ip policy-based-route statistics { interface interface-type interface-number | local } [ slot slot-number ] [ | { begin | exclude | include } regular-expression ]

IRF mode:

display ip policy-based-route statistics { interface interface-type interface-number | local } [ chassis chassis-number slot slot-number ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

interface interface-type interface-number: Displays the PBR statistics on the specified interface.

local: Displays the statistics of local PBR.

slot slot-number: Displays the PBR statistics on a card. slot-number represents the number of the slot that holds the card. Use this option when your switch is operating in standalone (the default) mode.

chassis chassis-number slot slot-number: Displays the PBR statistics of a card on an IRF member switch. The chassis-number represents the ID of the IRF member switch, and the slot-number argument represents the number of the slot that holds the card. Use this option when your switch is operating in IRF mode.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display ip policy-based-route statistics command to display PBR statistics.

Examples

# Display the statistics of PBR on GigabitEthernet 3/0/1.

<Sysname> display ip policy-based-route statistic interface GigabitEthernet 3/0/1

policy-based-route: 111

   permit node 1:

     if-match acl 3004

     apply ip-address next-hop 3.3.3.3

   matched: 0

 Total matched: 0

Table 4 Output description

Field	Description
policy-based-route: 111	The policy name is 111.
permit node 1	The match mode of node 1 is permit.
if-match acl 3004	Match packets against ACL 3104
matched: 0	Matching packets on node 1
Total matched: 0	Total matching packets on all nodes of policy 111

 

display policy-based-route

Syntax

display policy-based-route [ policy-name ] [ | { begin | exclude | include } regular-expression ]

View

Any view

Default level

1: Monitor level

Parameters

policy-name: Displays information about the specified policy. A policy name is a string of 1 to 19 characters.

|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.

begin: Displays the first line that matches the specified regular expression and all lines that follow.

exclude: Displays all lines that do not match the specified regular expression.

include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.

Description

Use the display policy-based-route command to display PBR policy information.

If no policy name is specified, all PBR policy information is displayed. If a policy name is specified, information about the specified policy is displayed.

Examples

# Display the PBR policy information.

<Sysname> display policy-based-route

Policy based routing configuration information:

 policy-based-route : p1

    Node 10 permit :

       apply ip-address next-hop 10.1.1.1 

       apply ip-address next-hop vpn-instance vpn1 1.1.1.1

    Node 11 permit :

apply ip-address next-hop vpn-instance vpn2 2.1.1.1

       apply ip-address next-hop vpn-instance vpn3 3.1.1.1

Table 5 Output description

Field	Description
policy-based-route : aaa	The policy name is aaa.
Node  1  permit :	The matching mode of node 1 is permit.
apply ip-address next-hop	Specify a next hop for matched packets. The output shows the backup next hop and then the primary next hop.

 

if-match acl

Syntax

if-match acl acl-number

undo if-match acl

View

PBR policy node view

Default level

2: System level

Parameters

acl-number: ACL number, in the range of 2000 to 3999. The number of a basic ACL ranges from 2000 to 2999 and that of an advanced ACL ranges from 3000 to 3999.

Description

Use the if-match acl command to define an ACL match criterion.

Use the undo if-match acl command to remove the ACL match criterion.

Examples

# Permit the packets matching ACL 2010.

<Sysname> system-view

[Sysname] policy-based-route aa permit node 11

[Sysname-pbr-aa-11] if-match acl 2010

ip local policy-based-route

Syntax

ip local policy-based-route policy-name

undo ip local policy-based-route policy-name

View

System view

Default level

2: System level

Parameters

policy-name: Policy name, a string of 1 to 19 characters.

Description

Use the ip local policy-based-route command to configure local PBR based on a specified policy.

Use the undo ip local policy-based-route command to remove the configuration.

No policy is referenced for local PBR by default.

Only one policy can be referenced for local PBR.

Local PBR is used to route packets generated locally. Unless otherwise required, H3C does not recommend configuring local PBR.

Examples

# Configure local PBR based on policy aaa.

<Sysname> system-view

[Sysname] ip local policy-based-route aaa

ip policy-based-route

Syntax

ip policy-based-route policy-name

undo ip policy-based-route policy-name

View

Interface view

Default level

2: System level

Parameters

policy-name: Policy name, a string of 1 to 19 characters.

Description

Use the ip policy-based-route command to configure PBR based on a specified policy on the interface.

Use the undo ip policy-based-route command to remove the configuration.

No policy is referenced for interface PBR by default.

Only one policy can be referenced by an interface for PBR.

The referenced policy applies to all packets arriving on the interface.

Related commands: ip local policy-based-route.

Examples

# Configure PBR based on policy aaa on VLAN-interface 2000.

<Sysname> system-view

[Sysname] interface Vlan-interface 2000

[Sysname-Vlan-interface2000] ip policy-based-route aaa

policy-based-route

Syntax

policy-based-route policy-name [ deny | permit ] node node-number

undo policy-based-route policy-name [ deny | node node-number | permit ]

View

System view

Default level

2: System level

Parameters

policy-name: Policy name, a string of 1 to 19 characters.

deny: Specifies the match mode of the policy node as deny.

permit: Specifies the match mode of the policy node as permit.

node node-number: Number of a policy node, in the range of 0 to 65535. A node with a smaller node-number has a higher match priority than a node with a greater one.

Description

Use the policy-based-route command to create a policy or/and policy node and enter PBR policy node view.

Use the undo policy-based-route command to remove a created policy or policy node.

No policy or policy node is created by default.

The default match mode of a policy node is permit.

Examples

# Configure the match mode of node 10 of policy 1 as permit, and enter PBR policy node view.

<Sysname> system-view

[Sysname] policy-based-route policy1 permit node 10

[Sysname-pbr-policy1-10]

reset policy-based-route statistics

Syntax

reset policy-based-route statistics [ policy-name ]

View

User view

Default level

1: Monitor level

Parameters

policy-name: Policy name, a string of 1 to 19 characters.

Description

Use the reset policy-based-route statistics command to clear PBR statistics.

If no policy name is specified, this command clears all the PBR statistics.

Examples

# Clear all PBR statistics.

<Sysname> reset policy-based-route statistics