Policy Based Routing on a Nexus

First of all, let's just admit, I am a collab guy, doing work on a Nexus is a foreign experience. While some things are intuitive not everything follows RFC's and the Nexus platform is a bit more restrictive.

First of all, to get PBR going, I had to change the hardware profile, since I have no intention of using QoS internally in my lab, I decided to steal from it:

hardware profile tcam region qos 0
hardware profile tcam region pbr 256

This then requires a reboot. 

After this is done and the pbr feature is enabled:
feature pbr

You can get into creating the route-maps.  However, unlike IOS devices you can only use permits in your acl's and then use a deny statement on the route map itself:

ip access-list PBR_DENY
statistics per-entry
10 permit ip any

ip access-list PBR_PERMIT
 statistics per-entry
 10 permit ip any any

route-map PBR_RULE pbr-statistics
route-map PBR_RULE deny 10
 match ip address PBR_DENY
route-map PBR_RULE permit 20
 match ip address PBR_PERMIT
 set ip next-hop


Popular posts from this blog

Adding 2 Factor Authentication to Guacamole through Duo and Yubikey