Thursday, September 3, 2015

Configuring and Monitoring Policy-based Routing (PBR) in the ProCurve

(This feature is available only on the 3800 Series, and the 5400/8200 Series with v2 or higher modules)

PBR allows path manipulation based on packet attributes. The following steps are required to configure PBR:

- Traffic is selected into one or more classes by using the “match” and “ignore” commands.
- A PBR policy is created, which specifies the actions to be performed on a traffic class.
- The policy is then applied to inbound traffic on a VLAN interface. PBR cannot be applied to a physical port.

Creating a class:

HP-5406zl(config)# class ipv4 Windward
HP-5406zl(config-class)# match tcp 192.168.4.0/24 eq 9801 host 192.168.1.3
HP-5406zl(config-class)# exit

In the example above, a class named "Windward" was created for all TCP traffic with the IP source address belonging to subnet 192.168.4.0/24, TCP port 9801, and destination address 192.168.1.3. For verification, use the command “show class config”. The “match” command accepts a wide range of protocols (tcp, udp, ip, igmp, esp, ospf, pim, and so on). Under each protocol we can specify source/destination IP addresses, TCP/UDP ports, DSCP, VLAN, etc. Use the question mark (?) in the CLI to view the available options.

Creating a PBR policy:

HP-5406zl(config)# policy pbr Alpharetta
HP-5406zl(policy-pbr)# class ipv4 Windward
HP-5406zl(policy-pbr-class)# action ip next-hop 20.0.0.1
HP-5406zl(policy-pbr-class)# exit

In the example above, a PBR policy named "Alpharetta" was created for the traffic class Windward as defined in the previous part. All packets matching the class Windward will have IP address 20.0.0.1 as the next hop. PBR actions also include “interface null”, which will drop the applicable packets. Each class may include up to 8 actions; the first action will be executed first, and the next action will apply if the first action cannot be executed (for example, the specified interface in the first action is down). Using this feature, multiple backup routes can be configured for a class of traffic.

Applying the PBR policy to a VLAN interface:

HP-5406zl(config)# vlan 10
HP-5406zl(vlan-10)# service-policy Alpharetta in

Notice that PBR policies only apply to VLAN interfaces, and only in the inbound direction.

Monitoring PBR:

The show statistics policy command displays hit counts for each policy action.

To enable debug logging for PBR, enter the debug ip pbr command.
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)