Exploring PBR in NX-OS With Practical LAB Demo

PBR is a powerful tool that allows you to configure a defined policy for IP traffic flows, reducing reliance on routes derived from routing protocols. With PBR, all packets received on an interface are passed through enhanced packet filters or route maps, which dictate the policy that determines where to forward packets.

In this article, we will delve into the world of Policy-Based Routing (PBR) on Cisco Nexus switches.

PBR is a feature that overrides the router’s typical longest prefix match (LPM) destination-based forwarding logic. Where PBR intercepts the packet in the incoming interface before the router performs the FIB table lookup. Then, PBR chooses how to forward the packet using route-map criteria.

PBR allows for conditional forwarding and a more flexible mechanism for routing packets than destination-based routing. You might enable PBR if you want certain packets to be routed in some way other than the LPM shortest path.

In the figure above, we have three routers A, B, and C that are connected to the local router on Eth1/10, Eth1/11 and Eth1/12 respectively. The packet comes from the Eth1/1 to the local router where the PBR policy is deployed.

If the packet matches condition X in the route map then the next hop will be router A, but if the packet matches condition Y, the next hop will be router B. However, if the packet matches condition Z, the next hop will be router C.

If the packet doesn’t match any of these conditions (X, Y & Z), then the IP routing table (FIB) is considered, and the packet is forwarded normally using the destination-based LPM way.

The figure below shows the PBR operation’s finite state machine (FSM). It shows when the PBR-based routing happens and when the destination-based routing (LPM) happens.

Possible applications for policy-based routing:

• Protocol-sensitive routing.
• Source-sensitive routing.
• Distributes traffic among multiple paths based on traffic characteristics.
• Routing based on dedicated links.

NX-OS PBR configuration uses a route-map with match and set statements that are then attached to the inbound L3 interface.

The PBR configuration steps:

• Step 1. Enable the PBR feature.
  
• Step 2. Define a route-map.
  
• Step 3. Identify the conditional match criteria.
  
• Step 4. Specify one or more next-hops for packets that match the criteria.
  
• Step 5. Apply the route-map to the inbound interface.
  
• Step 6. (optional) Enable PBR statistics.
  

Useful show commands:

• To display policy statistics: show route-map <name> pbr-statistics
• To show all PBR policies applied on the switch: show ip policy
• To display the route policy manager information: show run rpm

• Before forwarding the packet, PBR verifies the existence of the next-hop IP address.
• Additional next-hop addresses can be configured for failover scenarios or load sharing.
• The packets are not conditionally forwarded if none of the specified next-hop addresses exist in the routing table. (will use LPM forwarding).
• Using a prefix list as a match criterion is not supported.
• PBR supports only unicast traffic. Multicast traffic is not supported.
• Policy-based routing is not supported with inbound traffic on FEX ports.
• An ACL in a PBR route map cannot include a deny statement (ACE).
• In some Nexus models, to apply the PBR on locally generated traffic, use the command ip local policy route-map route-map-name.

Policy-based routing (PBR) is one of the path control tools that influences routing decisions. It overrides the router’s natural destination-based forwarding logic. PBR intercepts the packet incoming interface before the router performs the FIB table lookup. PBR then chooses how to forward the packet using criteria other than the usual matching of the packet’s destination address with the LPM mechanism.

References: Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide

I hope this article was useful. You can refer to my Cisco Data Centers | L2 & L3 Technologies course for more routing content.
Feel free to leave a comment or a question.