Policy-Based Routes (PBR) for IPv4 Traffic 编辑

Configuring PBRs involves the following tasks:

• Create a PBR.
• Apply PBRs.
• (Optional) Disable or enable a PBR.
• (Optional) Renumber the priority of the PBR.

Creating or Modifying a PBR

You cannot create two PBRs with the same parameters. If you attempt to create a duplicate, an error message appears.

You can configure the priority of a PBR. The priority (an integer value) defines the order in which the Citrix ADC appliance evaluates PBRs. When you create a PBR without specifying a priority, the Citrix ADC automatically assigns a priority that is a multiple of 10.

If a packet matches the condition defined by the PBR, the Citrix ADC performs an action. If the packet does not match the condition defined by the PBR, the Citrix ADC compares the packet against the PBR with the next highest priority.

Instead of sending the selected packets to a next hop router, you can configure the PBR to send them to a link load balancing virtual server to which you have bound multiple next hops. This configuration can provide a backup if a next hop link fails.

Consider the following example. Two PBRs, p1 and p2, are configured on the Citrix ADC and automatically assigned priorities 20 and 30. You need to add a third PBR, p3, to be evaluated immediately after the first PBR, p1. The new PBR, p3, must have a priority between 20 and 30. In this case, you can specify the priority as 25.

CLI procedures

To create a PBR by using the CLI:

At the command prompt, type:

• add ns pbr <name> <action> [-srcIP [<operator>] <srcIPVal>] [-srcPort [<operator>] <srcPortVal>] [-destIP [<operator>] <destIPVal>] [-destPort [<operator>] <destPortVal>] [-nextHop <nextHopVal>] [-srcMac <mac_addr>] [-protocol <protocol> |-protocolNumber <positive_integer>] [-vlan <positive_integer>] [-interface <interface_name>] [-priority <positive_integer>] [-msr ( ENABLED | DISABLED ) [-monitor <string>]] [-state ( ENABLED | DISABLED )]
• show ns pbr

Example:

> add ns pbr pbr1  allow -srcip 10.102.37.252 -destip 10.10.10.2 -nexthop 10.102.29.77
 Done
<!--NeedCopy-->