Policy-Based Routing and NULL0 as route map default action

This example shows the use of the NULL0 interface.

In this example, the use of the NULL0 interface is only applicable to frames that meet the match criteria defined in the created ACL.

  1. Configure the ACLs. 
    device(config)# ip access-list standard Jules
device(conf-ipacl-std)# permit 192.168.0.0 255.255.255.0
device(conf-ipacl-std)# deny 192.168.1.1 255.255.255.0
device(config)# ip access-list standard Vincent
device(conf-ipacl-std)# permit 192.168.2.2 255.255.255.0
  2. Create the first stanza of the route map. (The example is using a route-map named pulp_fiction.) 
    device(config)# route-map pulp_fiction permit 10
device(config-routemap-pulp_fiction/permit/10)# match ip address acl Jules
device(config-routemap-pulp_fiction/permit/10)# set ip vrf pulp_fiction next-hop 3.3.3.3
device(config-routemap-pulp_fiction/permit/10)# set ip interface NULL0
  3. Create the second stanza of the route map. (The example is using a route-map named pulp_fiction.) 
    device(config)# route-map pulp_fiction permit 20
device(config-routemap-pulp_fiction/permit/20)# match ip address acl Vincent
device(config-routemap-pulp_fiction/permit/20)# set ip vrf pulp_fiction next-hop 3.3.3.5
  4. Create the third stanza, which provides the default action of the route map. 
    device(config)# route-map pulp_fiction permit 30
device(config-routemap-pulp_fiction/permit/30)# set ip interface NULL0

    The above configuration introduces a third stanza that defines the routing desired for all frames that do not meet any of the match criteria defined by the route map.

    Based on the above configuration, when address 192.168.0.0 255.255.255.0 is received, it matches stanza 10:

    • If the next hop 3.3.3.3 is selected, the packet is forwarded to 3.3.3.3.
    • If 3.3.3.3 is not selected by the PBR logic, the packet is sent to the next specified next-hop, which is the NULL0 interface, resulting in the traffic being dropped.
    • If address 192.168.1.1 255.255.255.0 is received, since it matches the deny case of the ACL, it is denied from using the next hops specified in the route map and will be forwarded according to global route table.
    • If address 12.12.12.12 is received, because it meets none of the specified match criteria in either of the first two stanzas, it reaches the third stanza. Since a no “match” statement is specified, it is an implicit “match any.” The address 12.12.12.12 is forwarded to the NULL0 interface where it is dropped.

    Providing the default stanza enables a mechanism whereby if any packet is received that does not meet the match criteria set by the route map, the traffic is dropped.

9036684-01 Rev AA