Associating Track with PBR
About Track association with PBR
PBR uses user-defined policies to route packets. You can specify parameters in a PBR policy to guide the forwarding of the packets that match specific criteria. For more information about PBR, see Layer 3—IP Routing Configuration Guide.
PBR cannot detect the availability of any action taken on packets. When an action is not available, packets processed by the action might be discarded. For example, if the output interface specified for PBR fails, PBR cannot detect the failure, and continues to forward matching packets out of the interface.
To enable PBR to detect topology changes and improve the flexibility of the PBR application, configure Track-PBR-detection module collaboration.
After you associate a track entry with an apply clause, the detection module associated with the track entry sends Track the detection result of the availability of the tracked object.
The Positive state of the track entry indicates that the object is available, and the apply clause is valid.
The Negative state of the track entry indicates that the object is not available, and the apply clause is invalid.
The NotReady state of the track entry indicates that the apply clause is valid.
The following objects can be associated with a track entry:
Output interface.
Next hop.
Default output interface.
Default next hop.
Prerequisites for Track association with PBR
Before you associate Track with PBR, create a policy node, and set the match criteria.
Associating Track with PBR
Enter system view.
system-view
Create a policy node and enter its view.
policy-based-route policy-name [ deny | permit ] node node-number
Set match criteria. Choose the options to configure as needed:
Set an ACL match criterion.
if-match acl { acl-number | name acl-name }
By default, no ACL match criterion is set.
The ACL match criterion cannot match Layer 2 information.
The permit or deny action and the time range of the specified ACL that an ACL match criterion uses do not take effect after the configuration.
Set a VXLAN match criterion.
if-match vxlan-id vxlan-id
By default, no VXLAN match criterion is set.
Set actions and associate the policy node with a track entry. Choose the options to configure as needed:
Set the output interface.
apply output-interface { interface-type interface-number [ track track-entry-number ] }&<1-n>
By default, no output interface is set.
Set the next hop.
apply next-hop [ vpn-instance vpn-instance-name | inbound-vpn ] { ip-address [ direct ] [ track track-entry-number ] [ weight weight-value ] }&<1-n>
By default, no next hop is set.
Set the default output interface.
apply default-output-interface { interface-type interface-number [ track track-entry-number ] }&<1-n>
By default, no default output interface is set.
Set the default next hop.
apply default-next-hop [ vpn-instance vpn-instance-name | inbound-vpn ] { ip-address [ direct ] [ track track-entry-number ] }&<1-n>
By default, no default next hop is set.
Associating Track with IPv6 PBR
Enter system view.
system-view
Create an IPv6 policy node and enter its view.
ipv6 policy-based-route policy-name [ deny | permit ] node node-number
Set match criteria. Choose the options to configure as needed:
Set an ACL match criterion.
if-match acl { ipv6-acl-number | name ipv6-acl-name }
By default, no ACL match criterion is set.
The ACL match criterion cannot match Layer 2 information.
The permit or deny action and the time range of the specified ACL that an ACL match criterion uses do not take effect after the configuration.
Set actions and associate the policy node with a track entry. Choose the options to configure as needed:
Set the output interface.
apply output-interface { interface-type interface-number [ track track-entry-number ] }&<1-n>
By default, no output interface is set.
Set the next hop.
apply next-hop [ vpn-instance vpn-instance-name | inbound-vpn ] { ipv6-address [ direct ] [ track track-entry-number ] [ weight weight-value ] } &<1-n>
By default, no next hop is set.
Set the default output interface.
apply default-output-interface { interface-type interface-number [ track track-entry-number ] }&<1-n>
By default, no default output interface is set.
Set the default next hop.
apply default-next-hop [ vpn-instance vpn-instance-name | inbound-vpn ] { ipv6-address [ direct ] [ track track-entry-number ] }&<1-n>
By default, no default next hop is set.