Forwarding Based on Next-Hop Addresses for Input IPv4 and IPv6 Policies

You can define policies for incoming IPv4 and IPv6 traffic and apply the policy lists to the ingress of an interface to enable packet forwarding and routing operations to be performed based on the configured rules and actions. The forward rules that you define in classifier groups contained in a policy list define the forwarding mechanism for IPv4 and IPv6 packets that match the specified classifier access list (CLACL). You can use the forward interface command to specify multiple IPv4 interfaces for IPv4 policy lists and the forward next-hop command to specify next-hop addresses as possible forwarding solutions for IPv4 and IPv6 policy lists.

The next-hop and next-interface actions override the routing table lookup. In an environment in which GigabitEthernet uplink modules are connected to broadcast networks, you can use the next-hop actions for routing and forwarding of traffic. For IPv6 traffic, you cannot configure a forward rule to transmit packets that match a specific CLACL to a specific interface or multiple interfaces. However, you can configure a rule to forward packets that match a CLACL to multiple interfaces for IPv4 traffic.

You can specify multiple next-hop addresses or actions in a single forwarding policy rule. In such a case, packets are forwarded to the first available next-hop address that contains a route in the routing table. You can use the order keyword with the forward next-hop command in Classifier Group Configuration mode to specify the order of the group of forwarding solutions within a single forward rule.

To enable a forwarding solution to function by overriding the routing table lookup, you can configure policies with one or multiple next-hop addresses. Dynamic selection of the next-hop address is available. If a next-hop with the lowest order becomes reachable or is added freshly to a forward rule, the currently processed element is disregarded and the new next-hop entry is considered. If multiple next-hop addresses specified in the policy list have the same order, the selection is done based on the reachability and the first configured entry. You can specify a maximum of 20 forwarding solutions for a classifier. This limit encompasses the forward next-hop and the next-interface actions.

You can configure multiple next-hop elements in a forward rule for only the same virtual router. You cannot configure multiple forward next-hop rules in a policy that spans across different VRs. If only next-hop elements exist and you do not use the virtual-router option with the forward next-hop command, then the policy assumes the virtual router context of the CLI, making the policy specific to that VR. The policy can be attached only to interfaces that belong to that VR. You can use the virtual-router keyword with the forward next-hop command to specify a VR other than the default VR to enable the configuration of next-hop elements for that VR.

When a next-hop address is reachable, only if it has an entry in the routing table, this next-hop can be a default route in certain scenarios. In such cases, you can include the ignore-default-route keyword with the forward next- hop command to cause the default route to be not considered for the next-hop determination.

If next-hop selection changes dynamically, because of changes in the order of the action or changes in the reachability state of the next-hop, the statistics associated with the next-hop action are preserved, if collection of statistical details is enabled in the policy list. The statistical information is used per classifier rule that has a list of multiple next-hop actions.

Keep the following guidelines in mind while configuring forwarding rules based on next-hop addresses for input IPv6 policies:

Related Documentation