How to configure PBR policy settings
An example of how to apply a PBR policy.
In this example, we apply the PBR policy named voip
to all interfaces that receive egress application traffic.
Note: You can apply multiple PBR policies to the
dp0p33p1
interface, if necessary. Likewise, you can apply the voip
policy to multiple interfaces, if necessary.- Create a PBR rule to route traffic through Provider A, if it complies with the
voip
policy.vyatta@vyatta# set policy route pbr voip rule 10 action accept
vyatta@vyatta# set policy route pbr voip rule 10 address-family ipv4
vyatta@vyatta# set policy route pbr voip rule 10 application type voip
vyatta@vyatta# set policy route pbr voip rule 10 path-monitor monitor provider-a policy voip
vyatta@vyatta# set policy route pbr voip rule 10 routing-instance provider-a
Provider A is the preferred provider for IPv4 VoIP traffic, so the system will first check the compliance of Provider A. If theprovider-a
path monitor determines that Provider A complies with thevoip
policy, then the vRouter accepts all IPv4 VoIP traffic and routes it through theprovider-a
routing instance. - Create a PBR rule to route traffic through Provider B, if it complies with the
voip
policy.vyatta@vyatta# set policy route pbr voip rule 20 action accept
vyatta@vyatta# set policy route pbr voip rule 20 address-family ipv4
vyatta@vyatta# set policy route pbr voip rule 20 application type voip
vyatta@vyatta# set policy route pbr voip rule 20 path-monitor monitor provider-b policy voip
vyatta@vyatta# set policy route pbr voip rule 20 routing-instance provider-b
If Provider A does not comply with thevoip
policy, then theprovider-b
path monitor checks the compliance of Provider B with the policy. Ifprovider-b
determines that Provider B complies with thevoip
policy, then the vRouter accepts all IPv4 VoIP traffic and routes it through theprovider-b
routing instance. - Create a PBR rule to route traffic through Provider C.Note: Alternatively, you could check the policy compliance of Provider C and, in this example, if the default routing instance table is used, ECMP chooses the path.
vyatta@vyatta# set policy route pbr voip rule 30 action accept
vyatta@vyatta# set policy route pbr voip rule 30 address-family ipv4
vyatta@vyatta# set policy route pbr voip rule 30 application type voip
vyatta@vyatta# set policy route pbr voip rule 30 routing-instance provider-c
Note: In this example, there is no need for theprovider-c
path monitor — we show its configuration for completeness.Provider C is the final backup link for VoIP traffic. If both Provider A and Provider B do not comply with their respective policies, all VoIP traffic goes through Provider C. There is no need to check policy compliance for Provider C. This step is very important because it ensures that VoIP traffic does not fall through to the default routing table. In PBR, if none of the rules match, the vRouter uses the default table of the routing instance for the ingress interface to route traffic.Note: Alternatively, you could check the policy compliance of Provider C. In this case, ECMP chooses the path if the default routing instance table is used. - Commit the configuration.
vyatta@vyatta# commit
[edit]
- Optional: View the configuration.
vyatta@vyatta# show policy route pbr voip
pbr voip { rule 10 { action accept address-family ipv4 application { type voip } path-monitor { monitor provider-a { policy voip } } routing-instance provider-a } rule 20 { action accept address-family ipv4 application { type voip } path-monitor { monitor provider-b { policy voip } } routing-instance provider-b } rule 30 { action accept address-family ipv4 application { type voip } routing-instance provider-c } } [edit]
- Apply the
voip
routing policy to the inbound traffic on thedp0p33p1
dataplane interface.vyatta@vyatta# set interfaces dataplane dp0p33p1 policy route pbr voip
- Commit the configuration.
vyatta@vyatta# commit [edit]
[edit]
- Optional: View the configuration.
vyatta@vyatta# show interfaces dataplane dp0p33p1 policy
policy { route { pbr voip } } [edit]