Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

How to configure PBR policy settings

An example of how to apply a PBR policy.

In this example, we apply the PBR policy named voip to all interfaces that receive egress application traffic.

Note: You can apply multiple PBR policies to the dp0p33p1 interface, if necessary. Likewise, you can apply the voip policy to multiple interfaces, if necessary.
  1. Create a PBR rule to route traffic through Provider A, if it complies with the voip policy.
    vyatta@vyatta# set policy route pbr voip rule 10 action accept
    vyatta@vyatta# set policy route pbr voip rule 10 address-family ipv4
    vyatta@vyatta# set policy route pbr voip rule 10 application type voip
    vyatta@vyatta# set policy route pbr voip rule 10 path-monitor monitor provider-a policy voip
    vyatta@vyatta# set policy route pbr voip rule 10 routing-instance provider-a
    Provider A is the preferred provider for IPv4 VoIP traffic, so the system will first check the compliance of Provider A. If the provider-a path monitor determines that Provider A complies with the voip policy, then the vRouter accepts all IPv4 VoIP traffic and routes it through the provider-a routing instance.
  2. Create a PBR rule to route traffic through Provider B, if it complies with the voip policy.
    vyatta@vyatta# set policy route pbr voip rule 20 action accept
    vyatta@vyatta# set policy route pbr voip rule 20 address-family ipv4
    vyatta@vyatta# set policy route pbr voip rule 20 application type voip
    vyatta@vyatta# set policy route pbr voip rule 20 path-monitor monitor provider-b policy voip
    vyatta@vyatta# set policy route pbr voip rule 20 routing-instance provider-b
    If Provider A does not comply with the voip policy, then the provider-b path monitor checks the compliance of Provider B with the policy. If provider-b determines that Provider B complies with the voip policy, then the vRouter accepts all IPv4 VoIP traffic and routes it through the provider-b routing instance.
  3. Create a PBR rule to route traffic through Provider C.
    Note: Alternatively, you could check the policy compliance of Provider C and, in this example, if the default routing instance table is used, ECMP chooses the path.
    vyatta@vyatta# set policy route pbr voip rule 30 action accept
    vyatta@vyatta# set policy route pbr voip rule 30 address-family ipv4
    vyatta@vyatta# set policy route pbr voip rule 30 application type voip
    vyatta@vyatta# set policy route pbr voip rule 30 routing-instance provider-c
    Note: In this example, there is no need for the provider-c path monitor — we show its configuration for completeness.
    Provider C is the final backup link for VoIP traffic. If both Provider A and Provider B do not comply with their respective policies, all VoIP traffic goes through Provider C. There is no need to check policy compliance for Provider C. This step is very important because it ensures that VoIP traffic does not fall through to the default routing table. In PBR, if none of the rules match, the vRouter uses the default table of the routing instance for the ingress interface to route traffic.
    Note: Alternatively, you could check the policy compliance of Provider C. In this case, ECMP chooses the path if the default routing instance table is used.
  4. Commit the configuration.
    vyatta@vyatta# commit
    [edit]
  5. Optional: View the configuration.
    vyatta@vyatta# show policy route pbr voip
    
    pbr voip {
            rule 10 {
                    action accept
                    address-family ipv4
                    application {
                            type voip
                    }
                    path-monitor {
                            monitor provider-a {
                                    policy voip
                            }
                    }
                    routing-instance provider-a
            }
            rule 20 {
                    action accept
                    address-family ipv4
                    application {
                            type voip
                    }
                    path-monitor {
                            monitor provider-b {
                                    policy voip
                            }
                    }
                    routing-instance provider-b
            }
            rule 30 {
                    action accept
                    address-family ipv4
                    application {
                            type voip
                    }
                    routing-instance provider-c
            }
     }
    [edit]
  6. Apply the voip routing policy to the inbound traffic on the dp0p33p1 dataplane interface.
    vyatta@vyatta# set interfaces dataplane dp0p33p1 policy route pbr voip
  7. Commit the configuration.
    vyatta@vyatta# commit
    [edit]
    [edit]
  8. Optional: View the configuration.
    vyatta@vyatta# show interfaces dataplane dp0p33p1 policy
    
    policy {
            route {
                    pbr voip
            }
     }
    [edit]