PBR is Policy Based Routing. This implementation supports a very simple interface to allow admins to influence routing on their router. At this time you can only match on destination and source prefixes for an incoming interface. At this point in time, this implementation will only work on Linux.
Default configuration file for pbrd is
pbrd.conf. The typical
pbrd.conf is /etc/frr/pbrd.conf.
If the user is using integrated config, then
pbrd.conf need not be
present and the
frr.conf is read instead.
PBR supports all the common FRR daemon start options which are documented elsewhere.
Nexthop groups are a way to encapsulate ECMP information together. It’s a listing of ECMP nexthops used to forward packets for when a pbr-map is matched.
Create a nexthop-group with an associated NAME. This will put you into a sub-mode where you can specify individual nexthops. To exit this mode type exit or end as per normal conventions for leaving a sub-mode.
nexthop [A.B.C.D|X:X::X:XX] [interface] [nexthop-vrf NAME] [label LABELS]¶
Create a v4 or v6 nexthop. All normal rules for creating nexthops that you are used to are allowed here. The syntax was intentionally kept the same as creating nexthops as you would for static routes.
PBR maps are a way to group policies that we would like to apply to individual interfaces. These policies when applied are matched against incoming packets. If matched the nexthop-group or nexthop is used to forward the packets to the end destination.
pbr-map NAME seq (1-700)¶
Create a pbr-map with NAME and sequence number specified. This command puts you into a new submode for pbr-map specification. To exit this mode type exit or end as per normal conventions for leaving a sub-mode.
match src-ip PREFIX¶
When a incoming packet matches the source prefix specified, take the packet and forward according to the nexthops specified. This command accepts both v4 and v6 prefixes. This command is used in conjunction of the
match dst-ip PREFIXcommand for matching.
match dst-ip PREFIX¶
When a incoming packet matches the destination prefix specified, take the packet and forward according to the nexthops specified. This command accepts both v4 and v6 prefixes. This command is used in conjunction of the
match src-ip PREFIXcommand for matching.
match mark (1-4294967295)¶
Select the mark to match. This is a linux only command and if attempted on another platform it will be denied. This mark translates to the underlying ip rule …. fwmark XXXX command.
set nexthop-group NAME¶
Use the nexthop-group NAME as the place to forward packets when the match commands have matched a packet.
set nexthop [A.B.C.D|X:X::X:XX] [interface] [nexthop-vrf NAME]¶
Use this individual nexthop as the place to forward packets when the match commands have matched a packet.
set vrf unchanged|NAME¶
If unchanged is set, the rule will use the vrf table the interface is in as its lookup. If NAME is specified, the rule will use that vrf table as its lookup.
Not supported with NETNS VRF backend.
show pbr map [NAME] [detail]¶
Display pbr maps either all or by
detailis set, it will give information about the rules unique ID used internally and some extra debugging information about install state for the nexthop/nexthop group.
After you have specified a PBR map, in order for it to be turned on, you must apply the PBR map to an interface. This policy application to an interface causes the policy to be installed into the kernel.
This command is available under interface sub-mode. This turns on the PBR map NAME and allows it to work properly.
Under the covers a PBR map is translated into two separate constructs in the Linux kernel.
The PBR map specified creates a ip rule … that is inserted into the Linux kernel that points to a table to use for forwarding once the rule matches.
The creation of a nexthop or nexthop-group is translated to a default route in a table with the nexthops specified as the nexthops for the default route.