Policy Based Routing Configuration
This chapter contains a sample Policy Based Routing (PBR) configuration.
Overview
Policy Based Routing (PBR) is an advanced packet forwarding feature which is different from conventional destination address based routing. Policy Based Routing (PBR) allows data packets forwarding based on policies defined by network administrators.
In conventional routing, when a packet is received on the router, destination address in the packet is looked upon in the routing table and if the routing entry is found, packet is routed based on routing entry. In policy based routing, routing decision could be made from source address, destination address, transport protocol id, source port, destination port, or a combination of these criteria.
PBR includes a mechanism for selectively applying policies based on an access list or other criteria. Actions taken might include (a) Forwarding a packet to a directly connected ip nexthop (b) Black hole/Drop. If traffic doesn't match the route-map's match criteria, then it will be routed as if no PBR policy exists. PBR config is interface oriented, hence when applied it affects only the traffic ingressing on that interface. It does not apply on traffic egressing on that interface or traffic ingressing on an interface without a pbr route-map.
Topology
IPv4 Configurations for PBR
R1
R1#configure terminal | Enter configure mode. |
R1(config)#feature pbr | Enable PBR support |
R1(config)#hardware-profile filter ingress- ipv4-ext enable | Enable Ingress IPv4 group extended for PBR support |
R1(config)#ip access-list 123 | Create ip access-list named 123 |
R1(config-ip-acl)#10 permit any 101.1.1.0/24 201.1.1.0/24 | Create an access rule to permit IP packets with source 101.1.1.0/24 and destination 201.1.1.0/24 |
R1(config-ip-acl)#commit | Commit the candidate configuration to the running configuration. |
R1(config-ip-acl)#exit | Exit access-list mode |
R1(config)#route-map 123 permit 10 | Configure route-map with name 123 and sequence number 10 |
R1(config-route-map)#match ip address 123 | Match ip address with ACL 123 |
R1(config-route-map)#set ip next-hop 13.1.1.2 | Set next-hop to forward the matching IP packets |
R1(config-route-map)#commit | Commit the candidate configuration to the running configuration. |
R1(config-route-map)#exit | Exit route-map mode |
R1(config)#interface lo | Enter interface mode. |
R1(config-if)#ip address 1.1.1.1/32 | Configure the IP address of the interface. |
R1(config-if)#exit | Exit interface mode. |
R1(config)#interface eth1 | Enter interface mode. |
R1(config-if)#ip address 2.1.1.1/24 | Configure the IP address of the interface. |
R1(config)#interface eth2 | Enter interface mode. |
R1(config-if)#ip address 6.1.1.1/24 | Configure the IP address of the interface. |
R1(config-if)#ip ospf cost 2 | Configuring ospf cost as 2 |
R1(config)#interface eth3 | Enter interface mode. |
R1(config-if)#ip address 13.1.1.1/24 | Configure the IP address of the interface. |
R1(config-if)#ip ospf cost 3 | Configuring ospf cost as 3 |
R1(config)#interface eth4 | Enter interface mode. |
R1(config-if)#ip address 101.1.1.2/24 | Configure the IP address of the interface. |
R1(config-if)#ip policy route-map 123 | Attach PBR on the ingress interface |
R1(config-if)#exit | Exit interface mode. |
R1(config)#router ospf 1 | Set the routing process ID . |
R1(config-router)# ospf router-id 1.1.1.1 | Configure OSPF router-id |
R1(config-router)#network 1.1.1.1/32 area 0.0.0.0 | Configure OSPF network in area 0 |
R1(config-router)# network 2.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R1(config-router)#network 6.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R1(config-router)#network 13.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R1(config-router)#network 101.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R1(config-router)#commit | Commit the candidate configuration to the running configuration. |
R1(config-router)#exit | Exit router mode. |
R2
R2#configure terminal | Enter configure mode. |
R2(config)#interface lo | Enter interface mode. |
R2(config-if)#ip address 2.2.2.2/32 | Configure the IP address of the interface. |
R2(config-if)#exit | Exit interface mode. |
R2(config)#interface eth1 | Enter interface mode. |
R2(config-if)#ip address 2.1.1.2/24 | Configure the IP address of the interface. |
R2(config-if)#exit | Exit interface mode. |
R2(config)#interface eth2 | Enter interface mode. |
R2(config-if)#ip address 10.1.1.1/24 | Configure the IP address of the interface. |
R2(config-if)#exit | Exit interface mode. |
R2(config)#router ospf 1 | Set the routing process ID . |
R2(config-router)# ospf router-id 2.2.2.2 | Configure OSPF router-id |
R2(config-router)#network 2.2.2.2/32 area 0.0.0.0 | Configure OSPF network in area 0 |
R2(config-router)# network 2.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R2(config-router)#network 10.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R2(config-router)#commit | Commit the candidate configuration to the running configuration. |
R2(config-router)#exit | Exit router mode. |
R3
R3#configure terminal | Enter configure mode. |
R3(config)#interface lo | Enter interface mode. |
R3(config-if)#ip address 3.3.3.3/32 | Configure the IP address of the interface. |
R3(config-if)#exit | Exit interface mode. |
R3(config)#interface eth1 | Enter interface mode. |
R3(config-if)#ip address 6.1.1.2/24 | Configure the IP address of the interface. |
R3(config-if)#exit | Exit interface mode. |
R3(config)#interface eth2 | Enter interface mode. |
R3(config-if)#ip address 12.1.1.1/24 | Configure the IP address of the interface. |
R3(config-if)#exit | Exit interface mode. |
R3(config)#router ospf 1 | Set the routing process ID . |
R3(config-router)# ospf router-id 3.3.3.3 | Configure OSPF router-id |
R3(config-router)#network 3.3.3.3/32 area 0.0.0.0 | Configure OSPF network in area 0 |
R3(config-router)# network 6.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R3(config-router)#network 12.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R3(config-router)#commit | Commit the candidate configuration to the running configuration. |
R3(config-router)#exit | Exit router mode. |
R4
R4#configure terminal | Enter configure mode. |
R4(config)#interface lo | Enter interface mode. |
R4(config-if)#ip address 4.4.4.4/32 | Configure the IP address of the interface. |
R4(config-if)#exit | Exit interface mode. |
R4(config)#interface eth1 | Enter interface mode. |
R4(config-if)#ip address 13.1.1.2/24 | Configure the IP address of the interface. |
R4(config-if)#exit | Exit interface mode. |
R4(config)#interface eth2 | Enter interface mode. |
R4(config-if)#ip address 15.1.1.1/24 | Configure the IP address of the interface. |
R4(config-if)#exit | Exit interface mode. |
R4(config)#router ospf 1 | Set the routing process ID . |
R4(config-router)# ospf router-id 4.4.4.4 | Configure OSPF router-id |
R4(config-router)#network 4.4.4.4/32 area 0.0.0.0 | Configure OSPF network in area 0 |
R4(config-router)# network 13.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R4(config-router)#network 15.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R4(config-router)#commit | Commit the candidate configuration to the running configuration. |
R4(config-router)#exit | Exit router mode. |
R5
R5#configure terminal | Enter configure mode. |
R5(config)#interface lo | Enter interface mode. |
R5(config-if)#ip address 5.5.5.5/32 | Configure the IP address of the interface. |
R5(config-if)#exit | Exit interface mode. |
R5(config)#interface eth1 | Enter interface mode. |
R5(config-if)#ip address 10.1.1.2/24 | Configure the IP address of the interface. |
R4(config-if)#exit | Exit interface mode. |
R5(config)#interface eth2 | Enter interface mode. |
R5(config-if)#ip address 12.1.1.1/24 | Configure the IP address of the interface. |
R5(config-if)#exit | Exit interface mode. |
R5(config)#interface eth3 | Enter interface mode. |
R5(config-if)#ip address 15.1.1.2/24 | Configure the IP address of the interface. |
R5(config-if)#exit | Exit interface mode. |
R5(config)#interface eth4 | Enter interface mode. |
R5(config-if)#ip address 202.1.1.2/24 | Configure the IP address of the interface. |
R5(config-if)#exit | Exit interface mode. |
R5(config)#router ospf 1 | Set the routing process ID . |
R5(config-router)# ospf router-id 5.5.5.5 | Configure OSPF router-id |
R5(config-router)#network 5.5.5.5/32 area 0.0.0.0 | Configure OSPF network in area 0 |
R5(config-router)# network 10.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R5(config-router)# network 12.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R5(config-router)#network 15.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R5(config-router)#network 202.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R5(config-router)#commit | Commit the candidate configuration to the running configuration. |
R5(config-router)#exit | Exit router mode. |
Validation
R1
R1#show run aclmgr
ip access-list 123
10 permit any 101.1.1.0/24 201.1.1.0/24
R1#show run interface eth4
!
interface eth4
ip address 101.1.1.2/24
ip policy route-map 123
!
R1#
R1#show route-map 123
route-map 123, permit, sequence 10
Match clauses:
ip address: 123
Set clauses:
ip next-hop 13.1.1.2
R1#
R1#show ip policy
Interface Route-map Status VRF-Name
eth4 123 Active default
R1#
R1#clear route-map 123 pbr-statistics
R1#show route-map 123 pbr-statistics
Route-map 123, family IP
IP PBR Count: 1
VRF-name: default
Sequence 10, permit
Policy routing matches: 38764427 packets
Current action in HW: Route
IPv6 Configurations for PBR
R1
R1#configure terminal | Enter configure mode. |
R1(config)#feature pbr | Enable PBR support |
R1(config)#hardware-profile filter ingress- ipv6 enable | Enable Ingress IPv6 group for PBR support |
R1(config)# ipv6 access-list 123 | Create ipv6 access-list named 123 |
R1(config-ipv6-acl)#10 permit any 101::/64 202::/64 | Create an access rule to permit IPv6 packets with source 101::/64 and destination 202::/64 |
R1(config-ipv6-acl)#commit | Commit the candidate configuration to the running configuration. |
R1(config-ipv6-acl)#exit | Exit access-list mode |
R1(config)#route-map 123 permit 10 | Configure route-map with name 123 and sequence number 10 |
R1(config-route-map)# match ipv6 address 123 | Match ip address with ACL 123 |
R1(config-route-map)#set ipv6 next-hop 6111::2 | Set next-hop to forward the matching IP packets |
R1(config-route-map)#commit | Commit the candidate configuration to the running configuration. |
R1(config-route-map)#exit | Exit route-map mode |
R1(config)#interface lo | Enter interface mode. |
R1(config-if)#ip address 1.1.1.1/32 | Configure the IPv6 address of the interface. |
R1(config-if)#exit | Exit interface mode. |
R1(config)#router ipv6 ospf 100 | Creating OSPFv3 routing instance |
R1(config-router)#exit | Exit router mode. |
R1(config)#interface eth1 | Enter interface mode. |
R1(config-if)#ipv6 address 2111::1/64 | Configure the IPv6 address of the interface. |
R1(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R1(config-if)#exit | Exit interface mode. |
R1(config)#interface eth2 | Enter interface mode. |
R1(config-if)#ipv6 address 6111::1/64 | Configure the IPv6 address of the interface. |
R1(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R1(config-if)# ipv6 ospf cost 2 | Configuring ospf cost as 2 |
R1(config-if)#exit | Exit interface mode. |
R1(config)#interface eth3 | Enter interface mode. |
R1(config-if)#ipv6 address 1311::1/64 | Configure the IPv6 address of the interface. |
R1(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R1(config-if)# ipv6 ospf cost 3 | Configuring ospf cost as 3 |
R1(config-if)#exit | Exit interface mode. |
R1(config)#interface eth4 | Enter interface mode. |
R1(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R1(config-if)#ipv6 address 101::2/64 | Configure the IPv6 address of the interface. |
R1(config-if)#ipv6 policy route-map 123 | Attach PBR on the ingress interface |
R1(config-if)#commit | Commit the candidate configuration to the running configuration. |
R1(config-if)#exit | Exit interface mode. |
R2
R2#configure terminal | Enter configure mode. |
R2(config)#interface lo | Enter interface mode. |
R2(config-if)#ip address 2.2.2.2/32 | Configure the IPv6 address of the interface. |
R2(config-if)#exit | Exit interface mode. |
R2(config)#router ipv6 ospf 100 | Creating OSPFv3 routing instance |
R2(config-router)#exit | Exit router mode. |
R2(config)#interface eth1 | Enter interface mode. |
R2(config-if)#ipv6 address 2111::2/64 | Configure the IPv6 address of the interface. |
R2(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R2(config-if)#exit | Exit interface mode. |
R2(config)#interface eth2 | Enter interface mode. |
R2(config-if)#ipv6 address 1011::1/64 | Configure the IPv6 address of the interface. |
R2(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R2(config-if)#commit | Commit the candidate configuration to the running configuration. |
R2(config-if)#exit | Exit interface mode. |
R3
R3#configure terminal | Enter configure mode. |
R3(config)#router ipv6 ospf 100 | Creating OSPFv3 routing instance |
R3(config-router)#exit | Exit router mode. |
R3(config)#interface lo | Enter interface mode. |
R3(config-if)#ip address 3.3.3.3/32 | Configure the IPv6 address of the interface. |
R3(config-if)#exit | Exit interface mode. |
R3(config)#interface eth1 | Enter interface mode. |
R3(config-if)#ipv6 address 6111::2/64 | Configure the IPv6 address of the interface. |
R3(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R2(config-router)#exit | Exit router mode. |
R3(config)#interface eth2 | Enter interface mode. |
R3(config-if)#ipv6 address 1211::1/64 | Configure the IPv6 address of the interface. |
R3(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R2(config-if)#commit | Commit the candidate configuration to the running configuration. |
R3(config-if)#exit | Exit interface mode. |
R4
R4#configure terminal | Enter configure mode. |
R4(config)#router ipv6 ospf 100 | Creating OSPFv3 routing instance |
R4(config-router)#exit | Exit router mode. |
R4(config)#interface lo | Enter interface mode. |
R4(config-if)#ip address 4.4.4.4/32 | Configure the IPv6 address of the interface. |
R4(config-if)#exit | Exit interface mode. |
R4(config)#interface eth1 | Enter interface mode. |
R4(config-if)#ipv6 address 1311::2/64 | Configure the IPv6 address of the interface. |
R4(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R4(config-if)#exit | Exit interface mode. |
R4(config)#interface eth2 | Enter interface mode. |
R4(config-if)#ipv6 address 1511::1/64 | Configure the IPv6 address of the interface. |
R4(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R4(config-if)#commit | Commit the candidate configuration to the running configuration. |
R4(config-if)#exit | Exit interface mode. |
R5
R5#configure terminal | Enter configure mode. |
R5(config)#router ipv6 ospf 100 | Creating OSPFv3 routing instance |
R5(config-router)#exit | Exit router mode. |
R5(config)#interface lo | Enter interface mode. |
R5(config-if)#ip address 5.5.5.5/32 | Configure the IPv6 address of the interface. |
R5(config-if)#exit | Exit interface mode. |
R5(config)#interface eth1 | Enter interface mode. |
R5(config-if)#ipv6 address 1011::2/64 | Configure the IPv6 address of the interface. |
R5(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R5(config-if)#exit | Exit interface mode. |
R5(config)#interface eth2 | Enter interface mode. |
R5(config-if)#ipv6 address 1211::2/64 | Configure the IPv6 address of the interface. |
R5(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R5(config-if)#exit | Exit interface mode. |
R5(config)#interface eth3 | Enter interface mode. |
R5(config-if)#ipv6 address 1511::2/64 | Configure the IPv6 address of the interface. |
R5(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R5(config-if)#exit | Exit interface mode. |
R5(config)#interface eth4 | Enter interface mode. |
R5(config-if)#ipv6 address 202::2/64 | Configure the IPv6 address of the interface. |
R5(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R5(config-if)#commit | Commit the candidate configuration to the running configuration. |
R5(config-if)#exit | Exit interface mode. |
Validation
R1
R1#show run aclmgr
ipv6 access-list 123
10 permit any 101::/64 202::/64
268435453 permit icmpv6 any any
R1#show run interface eth4
!
interface eth4
ip address 101.1.1.2/24
ipv6 address 101::2/64
ipv6 policy route-map 123
ipv6 router ospf area 0.0.0.0 tag 100
!
R1#show route-map 123
route-map 123, permit, sequence 10
Match clauses:
ipv6 address: 123
Set clauses:
ipv6 next-hop 6111::2
R1#show ipv6 policy
Interface Route-map Status VRF-Name
eth4 123 Active default
R1#
R1#clear route-map 123 pbr-statistics
R1#sho route-map 123 pbr-statistics
Route-map 123, family IPv6
IPv6 PBR Count: 1
VRF-name: default
Sequence 10, permit
Policy routing matches: 1077577 packets
Current action in HW: Route
PBR with Nexthop Tracking
Policy-Based Routing (PBR) with Next-Hop Tracking is a networking feature designed to increase routing resiliency and efficiency by dynamically tracking the availability of the next-hop IP address associated with a PBR policy. When a next-hop IP address becomes unreachable, the system typically waits for the ARP entry to expire before switching traffic to an alternative route, resulting in dropped traffic during this delay. This feature addresses the issue by enabling faster traffic redirection, minimizing disruptions and improving network reliability.
Policy-Based Routing (PBR) can be configured with a tracker-enabled next hop by using the optional tracking argument in the set nexthop command. When the tracker's state changes to UP, the tracker-enabled next hop is installed in hardware. If the tracker's state goes DOWN, the tracker-enabled next hop is removed—provided it is currently active—and PBR automatically reroutes traffic based on the policy’s fallback configuration.
It is important to note that these dynamic state changes do not affect the output of the show running-config command, which remains static regardless of the tracker's status.
Modify the R1 (DUT) configuration to enable nexthop tracking. All other configurations will remain unchanged.
IPv4 Configurations for PBR with Nexthop Tracking
R1
#configure terminal Enter | configure mode. |
R1(config)#feature pbr | Enable PBR support |
R1(config)#hardware-profile filter ingress- ipv4-ext enable | Enable Ingress IPv4 group extended for PBR support |
R1(config)#ip access-list 123 | Create ip access-list named 123 |
R1(config-ip-acl)#10 permit any 101.1.1.0/24 201.1.1.0/24 | Create an access rule to permit IP packets with source 101.1.1.0/24 and destination 201.1.1.0/24 |
R1(config-ip-acl)#commit | Commit the candidate configuration to the running configuration. |
R1(config-ip-acl)#exit | Exit access-list mode |
R1(config)#time-range tr1 | Configure a time-range. |
R1(config-tr)#start-time 11:22 3 july 2025 | Configure a start-time. |
R1(config-tr)#end-time after 200 | Configure end-time. |
R1(config-tr)#exit | Exit time-range mode. |
R1(config)#ip sla 7 | Configure IP SLA with a unique number. |
R1(config-ip-sla)#icmp-echo ipv4 13.1.1.2 source-interface eth3 | Configure the ICMP-echo using destination IPv4 address and source interface name. |
R1(config-ip-sla-echo)#threshold 1000 | Configure the threshold value. |
R1(config-ip-sla-echo)#timeout 1000 | Configure the timeout value. |
R1(config-ip-sla-echo)#frequency 5 | Configure the frequency value. |
R1(config-ip-sla-echo)#exit | Exit IP SLA echo mode. |
R1(config-ip-sla)#exit | Exit IP SLA mode. |
R1(config)#ip sla schedule 7 time-range tr1 | Schedule an IP SLA measurement. |
R1(config)#track 7 ip sla 7 reachability | Configure the track ID for IP SLA. |
R1(config-object-track)#exit | Exit object track mode. |
R1(config)#route-map 123 permit 10 | Configure route-map with name 123 and sequence number 10 |
R1(config-route-map)#match ip address 123 | Match ip address with ACL 123 |
R1(config-route-map)#set ip next-hop 13.1.1.2 verify-availability track 7 | Set next-hop to forward the matching IP packets, enable tracking for nexthop 13.1.1.2 |
R1(config-route-map)#commit | Commit the candidate configuration to the running configuration. |
R1(config-route-map)#exit | Exit route-map mode |
R1(config)#interface lo | Enter interface mode. |
R1(config-if)#ip address 1.1.1.1/32 | Configure the IP address of the interface. |
R1(config-if)#exit | Exit interface mode. |
R1(config)#interface eth1 | Enter interface mode. |
R1(config-if)#ip address 2.1.1.1/24 | Configure the IP address of the interface. |
R1(config)#interface eth2 | Enter interface mode. |
R1(config-if)#ip address 6.1.1.1/24 | Configure the IP address of the interface. |
R1(config-if)#ip ospf cost 2 | Configuring ospf cost as 2 |
R1(config)#interface eth3 | Enter interface mode. |
R1(config-if)#ip address 13.1.1.1/24 | Configure the IP address of the interface. |
R1(config-if)#ip ospf cost 3 | Configuring ospf cost as 3 |
R1(config)#interface eth4 | Enter interface mode. |
R1(config-if)#ip address 101.1.1.2/24 | Configure the IP address of the interface. |
R1(config-if)#ip policy route-map 123 | Attach PBR on the ingress interface |
R1(config-if)#exit | Exit interface mode. |
R1(config)#router ospf 1 | Set the routing process ID . |
R1(config-router)# ospf router-id 1.1.1.1 | Configure OSPF router-id |
R1(config-router)#network 1.1.1.1/32 area 0.0.0.0 | Configure OSPF network in area 0 |
R1(config-router)# network 2.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R1(config-router)#network 6.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R1(config-router)#network 13.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R1(config-router)#network 101.1.1.0/24 area 0.0.0.0 | Configure OSPF network in area 0 |
R1(config-router)#commit | Commit the candidate configuration to the running configuration. |
R1(config-router)#exit | Exit router mode. |
Validation
R1
OcNOS#show track
TRACK Id: 7
IP SLA 7 reachability
Reachability is UP
5 changes, last change : 2025 Jun 19 08:02:07
Track interface :
OcNOS#show track summary
Object Tracking Summary
ID Type Type-Identifier State
----------------------------------------------------
7 ip-sla 7 UP
OcNOS#show nsm obj-track-table
Object Track Table
Track Id Track Status Last Updated
7 Up 2025 Jun 19 08:02:07
OcNOS#show hsl pbr
PBR name : 123, FIB ID : 0, Family : IP
Rule count : 1, Interface count : 1
Interface(RuleCnt) : eth4(2)
PBR rule number: 10
MATCH details:
IP-LIST - ACL-name : 123 (IfRefCnt:2)
SET details:
Action : Route
Next-hop count : 1
Next-hop 13.1.1.2 (eth1), VALID, INSTALLED, NH 0xa40f49d8, TRACKED
Load balance : NO
Egress object ID : 0x20000c06
IPv6 Configurations for PBR with Nexthop Tracking
R1
R1#configure terminal | Enter configure mode. |
R1(config)#feature pbr | Enable PBR support |
R1(config)#hardware-profile filter ingress- ipv6 enable | Enable Ingress IPv6 group for PBR support |
R1(config)# ipv6 access-list 124 | Create ipv6 access-list named 1234 |
R1(config-ipv6-acl)#10 permit any 101::/64 202::/64 | Create an access rule to permit IPv6 packets with source 101::/64 and destination 202::/64 |
R1(config-ipv6-acl)#commit | Commit the candidate configuration to the running configuration. |
R1(config-ipv6-acl)#exit | Exit access-list mode |
R1(config)#time-range tr1 | Configure a time-range. |
R1(config-tr)#start-time 11:22 3 july 2025 | Configure a start-time. |
R1(config-tr)#end-time after 200 | Configure end-time. |
R1(config-tr)#exit | Exit time-range mode. |
R1(config)#ip sla 8 | Configure IP SLA with a unique number. |
R1(config-ip-sla)#icmp-echo ipv6 1311::2 source-interface eth3 | Configure the ICMP-echo using destination IPv6 address and source interface name. |
R1(config-ip-sla-echo)#threshold 1000 | Configure the threshold value. |
R1(config-ip-sla-echo)#timeout 1000 | Configure the timeout value. |
R1(config-ip-sla-echo)#frequency 5 | Configure the frequency value. |
R1(config-ip-sla-echo)#exit | Exit IP SLA echo mode. |
R1(config-ip-sla)#exit | Exit IP SLA mode. |
R1(config)#ip sla schedule 8 time-range tr1 | Schedule an IP SLA measurement. |
R1(config)#track 8 ip sla 8 reachability | Configure the track ID for IP SLA. |
R1(config-object-track)#exit | Exit object track mode. |
R1(config)#route-map 124 permit 10 | Configure route-map with name 124 and sequence number 10 |
R1(config-route-map)# match ipv6 address 124 | Match ip address with ACL 124 |
R1(config-route-map)#set ipv6 next-hop 1311::2 verify-availability track 8 | Set next-hop to forward the matching IP packets |
R1(config-route-map)#commit | Commit the candidate configuration to the running configuration. |
R1(config-route-map)#exit | Exit route-map mode |
R1(config)#interface lo | Enter interface mode. |
R1(config-if)#ip address 1.1.1.1/32 | Configure the IPv4 address of the interface. |
R1(config-if)#exit | Exit interface mode. |
R1(config)#router ipv6 ospf 100 | Creating OSPFv3 routing instance |
R1(config-router)#exit | Exit router mode. |
R1(config)#interface eth1 | Enter interface mode. |
R1(config-if)#ipv6 address 2111::1/64 | Configure the IPv6 address of the interface. |
R1(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R1(config-if)#exit | Exit interface mode. |
R1(config)#interface eth2 | Enter interface mode. |
R1(config-if)#ipv6 address 6111::1/64 | Configure the IPv6 address of the interface. |
R1(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R1(config-if)# ipv6 ospf cost 2 | Configuring ospf cost as 2 |
R1(config-if)#exit | Exit interface mode. |
R1(config)#interface eth3 | Enter interface mode. |
R1(config-if)#ipv6 address 1311::1/64 | Configure the IPv6 address of the interface. |
R1(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R1(config-if)# ipv6 ospf cost 3 | Configuring ospf cost as 3 |
R1(config-if)#exit | Exit interface mode. |
R1(config)#interface eth4 | Enter interface mode. |
R1(config-if)#ipv6 router ospf area 0.0.0.0 tag 100 | Enable OSPFv3 routing on an interface, and assign the Area ID 0. |
R1(config-if)#ipv6 address 101::2/64 | Configure the IPv6 address of the interface. |
R1(config-if)#ipv6 policy route-map 124 | Attach PBR on the ingress interface |
R1(config-if)#commit | Commit the candidate configuration to the running configuration. |
R1(config-if)#exit | Exit interface mode. |
Validation R1
R1#show track
TRACK Id: 8
IP SLA 8 reachability
Reachability is UP
7 changes, last change : 2025 Jun 19 09:05:07
Track interface :
R1#show track summary
Object Tracking Summary
ID Type Type-Identifier State
----------------------------------------------------
8 ip-sla 8 UP
R1#show nsm obj-track-table
Object Track Table
Track Id Track Status Last Updated
8 Up 2025 Jun 19 09:09:07
R1#show hsl pbr
PBR name : 123, FIB ID : 0, Family : IP
Rule count : 1, Interface count : 1
Interface(RuleCnt) : eth4(2)
PBR rule number: 10
MATCH details:
IP-LIST - ACL-name : 124 (IfRefCnt:1)
SET details:
Action : Route
Next-hop count : 1
Next-hop 1311::2 (eth1), VALID, INSTALLED, NH 0x1c19fbe8, TRACKED
Load balance : NO
Egress object ID : 0x2000ccdd