Policy

A policy includes match criteria and actions to be taken on the matching packets. A policy can have one or multiple nodes as follows:

Each node is identified by a node number. A smaller node number has a higher priority.
A node contains if-match and apply clauses. An if-match clause specifies a match criterion, and an apply clause specifies an action.
A node has a match mode of permit or deny.

A policy compares packets with nodes in priority order. If a packet matches the criteria on a node, it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the packet does not match the criteria on any node, it is forwarded according to the routing table.

if-match clause

PBR supports the if-match acl clause to set an ACL match criterion. On a node, you can configure only one if-match clause.

apply clause

PBR supports the apply next-hop clause to set next hops.

Relationship between the match mode and clauses on the node

Does a packet match all the if-match clauses on the node?	Match mode
	Permit	Deny
Yes.	If the node is configured with apply clauses, PBR executes the apply clauses on the node. If the PBR-based forwarding succeeds, PBR does not compare the packet with the next node. If the node is configured with no apply clauses, the packet is forwarded according to the routing table.	The packet is forwarded according to the routing table.
No.	PBR compares the packet with the next node.	PBR compares the packet with the next node.

A node that has no if-match clauses matches any packet.

prev	up	next
Overview	home	PBR and Track