Policy

A policy comprises match criteria and actions to be taken on the matching packets. A policy can have one or multiple nodes as follows:

Each node is identified by a node number. A smaller node number has a higher priority.
A node comprises if-match and apply clauses. An if-match clause specifies a match criterion, and an apply clause specifies an action.
A node has a match mode of permit or deny.

A policy matches nodes in priority order against packets. If a packet matches the criteria on a node, it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the packet does not match the criteria on any node, it is forwarded according to the routing table.

if-match clause

PBR supports only the if-match acl clause to set the ACL match criterion.

You can specify only one if-match clause for a node.

apply clause

PBR supports only the apply next-hop clause to set the next hop for packets.

Relationship between the match mode and clauses on the node

Does a packet match all the if-match clauses on the node?	Match mode
	Permit	Deny
Yes.	If the node is configured with an apply clause, PBR executes the apply clause on the node. If PBR successfully guides the forwarding of the packet, PBR does not match the packet against the next node. If PBR fails to guide the forwarding of the packet and the apply continue clause is not configured, PBR does not match the packet against the next node. If PBR fails to guide the forwarding of the packet and the apply continue clause is configured, PBR matches the packet against the next node. If the node is configured with no apply clause, the packet is forwarded according to the routing table.	The packet is forwarded according to the routing table.
No.	PBR matches the packet against the next node.	PBR matches the packet against the next node.

A node that has no if-match clauses matches any packet.

prev	up	next
Introduction to PBR	home	PBR and Track