[mirror_frr.git] / doc / user / pbr.rst

.. _pbr:

***
PBR
***

:abbr:`PBR` is Policy Based Routing.  This implementation supports a very simple
interface to allow admins to influence routing on their router.  At this time
you can only match on destination and source prefixes for an incoming interface.
At this point in time, this implementation will only work on Linux.

.. _starting-pbr:

Starting PBR
============

Default configuration file for *pbrd* is :file:`pbrd.conf`.  The typical
location of :file:`pbrd.conf` is |INSTALL_PREFIX_ETC|/pbrd.conf.

If the user is using integrated config, then :file:`pbrd.conf` need not be
present and the :file:`frr.conf` is read instead.

.. program:: pbrd

:abbr:`PBR` supports all the common FRR daemon start options which are
documented elsewhere.

.. _nexthop-groups:

Nexthop Groups
==============

Nexthop groups are a way to encapsulate ECMP information together.  It's a
listing of ECMP nexthops used to forward packets for when a pbr-map is matched.

.. clicmd:: nexthop-group NAME

   Create a nexthop-group with an associated NAME.  This will put you into a
   sub-mode where you can specify individual nexthops.  To exit this mode type
   exit or end as per normal conventions for leaving a sub-mode.

.. clicmd:: nexthop [A.B.C.D|X:X::X:XX] [interface] [nexthop-vrf NAME]

   Create a v4 or v6 nexthop.  All normal rules for creating nexthops that you
   are used to are allowed here.  The syntax was intentionally kept the same as
   creating nexthops as you would for static routes.

.. clicmd:: [no] pbr table range (10000-4294966272) (10000-4294966272)

   Set or unset the range used to assign numeric table ID's to new
   nexthop-group tables. Existing tables will not be modified to fit in this
   range, so it is recommended to configure this before adding nexthop groups.

   .. seealso:: :ref:`pbr-details`

Showing Nexthop Group Information
---------------------------------

.. clicmd:: show pbr nexthop-groups [NAME]

   Display information on a PBR nexthop-group. If ``NAME`` is omitted, all
   nexthop groups are shown.

.. _pbr-maps:

PBR Maps
========

PBR maps are a way to group policies that we would like to apply to individual
interfaces. These policies when applied are matched against incoming packets.
If matched the nexthop-group or nexthop is used to forward the packets to the
end destination.

.. clicmd:: pbr-map NAME seq (1-700)

   Create a pbr-map with NAME and sequence number specified.  This command puts
   you into a new submode for pbr-map specification.  To exit this mode type
   exit or end as per normal conventions for leaving a sub-mode.

.. clicmd:: match src-ip PREFIX

   When a incoming packet matches the source prefix specified, take the packet
   and forward according to the nexthops specified.  This command accepts both
   v4 and v6 prefixes.  This command is used in conjunction of the
   :clicmd:`match dst-ip PREFIX` command for matching.

.. clicmd:: match dst-ip PREFIX

   When a incoming packet matches the destination prefix specified, take the
   packet and forward according to the nexthops specified.  This command accepts
   both v4 and v6 prefixes.  This command is used in conjuction of the
   :clicmd:`match src-ip PREFIX` command for matching.

.. clicmd:: set nexthop-group NAME

   Use the nexthop-group NAME as the place to forward packets when the match
   commands have matched a packet.

.. clicmd:: set nexthop [A.B.C.D|X:X::X:XX] [interface] [nexthop-vrf NAME]

   Use this individual nexthop as the place to forward packets when the match
   commands have matched a packet.

.. _pbr-policy:

PBR Policy
==========

After you have specified a PBR map, in order for it to be turned on, you must
apply the PBR map to an interface.  This policy application to an interface
causes the policy to be installed into the kernel.

.. index:: pbr-policy
.. clicmd:: pbr-policy NAME

   This command is available under interface sub-mode.  This turns
   on the PBR map NAME and allows it to work properly.

.. _pbr-details:

PBR Details
===========

Under the covers a PBR map is translated into two separate constructs in the
Linux kernel.

.. index:: PBR Rules

The PBR map specified creates a `ip rule ...` that is inserted into the Linux
kernel that points to a table to use for forwarding once the rule matches.

.. index:: PBR Tables

The creation of a nexthop or nexthop-group is translated to a default route in a
table with the nexthops specified as the nexthops for the default route.
Commit	Line	Data
a6c93cb2 DS	1	.. _pbr:
	2
	3	***
	4	PBR
	5	***
	6
6568993b QY	7	:abbr:`PBR` is Policy Based Routing. This implementation supports a very simple
	8	interface to allow admins to influence routing on their router. At this time
	9	you can only match on destination and source prefixes for an incoming interface.
	10	At this point in time, this implementation will only work on Linux.
a6c93cb2 DS	11
	12	.. _starting-pbr:
	13
6568993b	14	Starting PBR
a6c93cb2 DS	15	============
	16
	17	Default configuration file for pbrd is :file:`pbrd.conf`. The typical
	18	location of :file:`pbrd.conf` is \|INSTALL_PREFIX_ETC\|/pbrd.conf.
	19
6568993b QY	20	If the user is using integrated config, then :file:`pbrd.conf` need not be
6568993b QY	21	present and the :file:`frr.conf` is read instead.
a6c93cb2 DS	22
	23	.. program:: pbrd
	24
	25	:abbr:`PBR` supports all the common FRR daemon start options which are
	26	documented elsewhere.
	27
	28	.. _nexthop-groups:
	29
6568993b	30	Nexthop Groups
a6c93cb2 DS	31	==============
	32
	33	Nexthop groups are a way to encapsulate ECMP information together. It's a
6568993b	34	listing of ECMP nexthops used to forward packets for when a pbr-map is matched.
a6c93cb2	35
a6c93cb2 DS	36	.. clicmd:: nexthop-group NAME
a6c93cb2 DS	37
6568993b QY	38	Create a nexthop-group with an associated NAME. This will put you into a
	39	sub-mode where you can specify individual nexthops. To exit this mode type
	40	exit or end as per normal conventions for leaving a sub-mode.
a6c93cb2 DS	41
	42	.. clicmd:: nexthop [A.B.C.D\|X:X::X:XX] [interface] [nexthop-vrf NAME]
	43
6568993b QY	44	Create a v4 or v6 nexthop. All normal rules for creating nexthops that you
	45	are used to are allowed here. The syntax was intentionally kept the same as
	46	creating nexthops as you would for static routes.
	47
2e7c93ac QY	48	.. clicmd:: [no] pbr table range (10000-4294966272) (10000-4294966272)
	49
	50	Set or unset the range used to assign numeric table ID's to new
	51	nexthop-group tables. Existing tables will not be modified to fit in this
	52	range, so it is recommended to configure this before adding nexthop groups.
	53
	54	.. seealso:: :ref:`pbr-details`
	55
	56	Showing Nexthop Group Information
	57	---------------------------------
	58
	59	.. clicmd:: show pbr nexthop-groups [NAME]
	60
	61	Display information on a PBR nexthop-group. If ``NAME`` is omitted, all
	62	nexthop groups are shown.
	63
a6c93cb2 DS	64	.. _pbr-maps:
a6c93cb2 DS	65
6568993b	66	PBR Maps
a6c93cb2 DS	67	========
a6c93cb2 DS	68
2e7c93ac QY	69	PBR maps are a way to group policies that we would like to apply to individual
	70	interfaces. These policies when applied are matched against incoming packets.
	71	If matched the nexthop-group or nexthop is used to forward the packets to the
	72	end destination.
a6c93cb2	73
e5436163	74	.. clicmd:: pbr-map NAME seq (1-700)
a6c93cb2	75
6568993b QY	76	Create a pbr-map with NAME and sequence number specified. This command puts
	77	you into a new submode for pbr-map specification. To exit this mode type
	78	exit or end as per normal conventions for leaving a sub-mode.
a6c93cb2	79
6568993b	80	.. clicmd:: match src-ip PREFIX
a6c93cb2	81
6568993b QY	82	When a incoming packet matches the source prefix specified, take the packet
	83	and forward according to the nexthops specified. This command accepts both
	84	v4 and v6 prefixes. This command is used in conjunction of the
	85	:clicmd:`match dst-ip PREFIX` command for matching.
a6c93cb2	86
6568993b	87	.. clicmd:: match dst-ip PREFIX
a6c93cb2	88
6568993b QY	89	When a incoming packet matches the destination prefix specified, take the
	90	packet and forward according to the nexthops specified. This command accepts
	91	both v4 and v6 prefixes. This command is used in conjuction of the
	92	:clicmd:`match src-ip PREFIX` command for matching.
a6c93cb2 DS	93
	94	.. clicmd:: set nexthop-group NAME
	95
6568993b QY	96	Use the nexthop-group NAME as the place to forward packets when the match
6568993b QY	97	commands have matched a packet.
a6c93cb2 DS	98
	99	.. clicmd:: set nexthop [A.B.C.D\|X:X::X:XX] [interface] [nexthop-vrf NAME]
	100
6568993b QY	101	Use this individual nexthop as the place to forward packets when the match
6568993b QY	102	commands have matched a packet.
a6c93cb2 DS	103
	104	.. _pbr-policy:
	105
6568993b	106	PBR Policy
a6c93cb2 DS	107	==========
a6c93cb2 DS	108
6568993b QY	109	After you have specified a PBR map, in order for it to be turned on, you must
	110	apply the PBR map to an interface. This policy application to an interface
	111	causes the policy to be installed into the kernel.
a6c93cb2	112
6568993b	113	.. index:: pbr-policy
a6c93cb2 DS	114	.. clicmd:: pbr-policy NAME
a6c93cb2 DS	115
6568993b QY	116	This command is available under interface sub-mode. This turns
6568993b QY	117	on the PBR map NAME and allows it to work properly.
a6c93cb2 DS	118
	119	.. _pbr-details:
	120
6568993b	121	PBR Details
a6c93cb2 DS	122	===========
a6c93cb2 DS	123
6568993b QY	124	Under the covers a PBR map is translated into two separate constructs in the
	125	Linux kernel.
	126
	127	.. index:: PBR Rules
a6c93cb2	128
6568993b QY	129	The PBR map specified creates a `ip rule ...` that is inserted into the Linux
6568993b QY	130	kernel that points to a table to use for forwarding once the rule matches.
a6c93cb2	131
6568993b	132	.. index:: PBR Tables
a6c93cb2	133
6568993b QY	134	The creation of a nexthop or nexthop-group is translated to a default route in a
6568993b QY	135	table with the nexthops specified as the nexthops for the default route.
a6c93cb2	136