Policy

A policy includes match criteria and actions to be taken on the matching packets. A policy can have one or multiple nodes as follows:

A policy matches nodes in priority order against packets. If a packet matches the criteria on a node, it is processed by the action on the node. Otherwise, it goes to the next node for a match. If the packet does not match the criteria on any node, it is forwarded according to the routing table.

if-match clause

PBR supports the if-match acl clause to set an ACL match criterion. You can specify only one if-match acl clause for a node.

apply clause

PBR supports the apply next-hop clause to set next hops for packets.

Relationship between the match mode and clauses on the node

Does a packet match all the if-match clauses on the node?

Match mode

Permit

Deny

Yes.

  • If the node is configured with an apply clause, PBR executes the apply clause on the node. It does not match the packet against the next node.

  • If the node is configured with no apply clause, the packet is forwarded according to the routing table.

The packet is forwarded according to the routing table.

No.

PBR matches the packet against the next node.

PBR matches the packet against the next node.

A node that has no if-match clauses matches any packet.