[c-nsp] IOS-XR and PBR

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Sep 11 03:37:59 EDT 2014

>Since we have no default routes and all backbone links are full BGP minus
>default route, I am going to assume that the second permit statement
>won't work here. Would this just get specified as any since the first
>entry would be matched for local netblocks and

sorry, should be "any".. so the first line matches traffic to
your networks (and it just passes through normally and will be forwarded
according to your RIB/FIB), and the 2nd matches traffic from this customer
block to anything else, which then will be ABF'ed to your upstream.

>it would not go further in the ACL?

it actually would, so I missed a "permit ipv4 any any" catch-all at the
end of the ACL to ensure traffic from other sources is forwarded
normally.. it is a regular ACL, the ABF directives are just inserted into
Need more coffee..

>These special case customers all are fed from a single 6509 to the border
>router that contains their one carrier of choice, but that border router
>contains several backbone links and each border router also having links
> to each other. I suspect that for simplifying this, we can match against
>traffic on the link coming from that 6509 to the border router.

exactly, that sounds straight-forward, just apply this inbound and you're


>Thanks for the pointers.
>On Wed, Sep 10, 2014 at 11:09 PM, Oliver Boehmer (oboehmer)
><oboehmer at cisco.com> wrote:
>>I am looking to setup some policy based routing on an IOS-XR router. From
>>what I understand, XR does not have PBR, but ABF. When looking at how ABF
>>works, I don¹t see how to set a next hop route (only next hop per TCP
>well, you can direct any traffic matching an ACE (be it layer 3 or 4) to a
>chosen next-hop.
>>My question then would be, how does one accomplish this on XR? What
>>I need to do is allow a particular IP block to only have access to one of
>>our backbone carriers and not the others. We have their /24 only
>>out the one carrier, but for outbound traffic, I want to make sure their
>>traffic remains on that carrier but also have access to our local routes
>>(all our local customers and local networks). Is this something that can
>>done with ABF
>Yes, it can be done, but possibly a bit more difficult:
>ipv4 access-list ABF
> permit CUST/24 <your-own-netblocks>
> permit CUST/24 <> next-hop
>not sure how your topology looks and where you would need to apply this
>forwarding rule, but the next-hop can be directly connected or resolve via
>some form of tunnel (including LDP/LSP).
>        oli

More information about the cisco-nsp mailing list