Riverstone Networks WICT1-12 User Manual
Page 475
Riverstone Networks RS Switch Router User Guide Release 8.0 20-3
IP Policy-Based Forwarding Configuration
Configuring IP Policies
Creating Multi-Statement IP Policies
An IP policy can contain more than one
ip-policy
statement. For example, an IP policy can contain one statement
that sends all packets matching a profile to one next-hop gateway, and another statement that sends packets matching
a different profile to a different next-hop gateway. If an IP policy has multiple
ip-policy
statements, you can assign
each statement a sequence number that controls the order in which they are evaluated. Statements are evaluated from
lowest sequence number to highest.
For example, the following commands create an IP policy called “p3”, which consists of two IP policy statements. The
ip policy permit
statement has a sequence number of 1, which means it is evaluated before the
ip policy deny
statement, which has a sequence number of 900.
Setting the IP Policy Action
You can use the
action
parameter with the
ip-policy permit
command to specify when to apply the IP policy
route with respect to dynamic or statically configured routes. The options of the
action
parameter can cause packets
to use the IP policy route first, then the dynamic route if the next-hop gateway specified in the IP policy is unavailable;
use the dynamic route first, then the IP policy route; or drop the packets if the next-hop gateway specified in the IP
policy is unavailable.
For example, the following command causes packets that match the profile to use dynamic routes first and use the IP
policy gateway only if a dynamic route is not available:
Setting Load Distribution for Next-Hop Gateways
You can specify up to 16 next-hop gateways in an
ip-policy
statement. If you specify more than one next-hop
gateway, you can use the
ip-policy set load-policy
command to control how the load is distributed among
them.
By default, each new flow uses the first available next-hop gateway. You can use the
ip-policy set load-policy
command to cause flows to use all the next-hop gateways in the
ip-policy permit
statement sequentially. For
example, the following command picks the next gateway in the list for each new flow for policy ‘p1’:
rs(config)#
ip-policy p3 permit acl prof1 next-hop-list 10.10.10.10 sequence 1
rs(config)#
ip-policy p3 deny acl prof2 sequence 900
rs(config)#
ip-policy p2 permit acl prof1 action policy-last
rs(config)#
ip-policy p1 set load-policy round-robin