| Table of Contents | ||
|---|---|---|
|
Configuration Notes and Constraints
When configuring PBR, consider the following points:
...
admin@PICOS# set routing pbr map PBR_map1 sequence 10 match source-ipv4 0.0.0.0/32 |
A PBR rule must contain an action configuration. However, if the action is configured with only DSCP, but no next-hop IP address, as shown in the following command line, this PBR policy only changes the DSCP value of the matched messages which will be forwarded based on the destination address according to the route table.
admin@PICOS# set routing pbr map PBR_map1 sequence 10 match destination-ipv4 1.1.1.0/24
...
the action configuration.
The next-hop address must be directly connected and reachable without supporting recursion.
The next-hop address in the action configuration does not support the tunnel IP address.
Each PBR map can be applied to multiple Layer 3 interfaces, but each Layer 3 interface can have at most one PBR map configured.
If a message matches the Discard rule in the firewall filter ACL and also matches the PBR rule, the Discard rule in the firewall filter ACL has a higher priority than the PBR rule, then the message will be discarded.
IPSG ACL takes precedence over PBR ACL. If a packet is discarded by the IPSG module, it will have no chance to be processed by the PBR module.
When performing matching operations on the DSCP value of a packet, DSCP values (in the received packet and user-configured DSCP value in the match rule) exceeding 7 will undergo internal conversion, taking only the last 3 bits of the binary representation as the DSCP value. This may result in different DSCP values being converted to the same value, leading to potential matching errors. This is the limitation for using DSCP as a match condition.
Configuring Policy-Based Routing
Follow the configuration roadmap below to complete the deployment of Policy-Based Routing:
...