In some deployments, operators may want to specify a backup PBR/PBF target if the primary target is down. SR OS allows the configuration of a primary action (config>filter>{ip-filter | ipv6-filter | mac-filter}>entry>action) and a secondary action (config>filter>{ip-filter | ipv6-filter | mac-filter}>entry>action secondary) as part of a single filter policy entry. The secondary action can only be configured if the primary action is configured.
For Layer 2 PBF redundancy, the operator can configure the following redundancy options:
action forward sap and action secondary forward sap
action forward sdp and action secondary forward sdp
action forward sap and action secondary forward sdp
action forward sdp and action secondary forward sap
For Layer 3 PBR redundancy, an operator can configure any of the following actions as a primary action and any (either same or different than primary) of the following as a secondary action. Furthermore, none of the parameters need to be the same between primary and secondary actions. Although the following commands pertain to IPv4 in the ip-address parameter, they also apply to IPv6.
forward next-hop ip-address router router-instance
forward next-hop ip-address router service-name service-name
forward next-hop indirect ip-address router router-instance
forward next-hop indirect ip-address router service-name service-name
forward vprn-target bgp-nh ip-address router service-name service-name [adv-prefix ip-address/mask] [lsp lsp-name]
When primary and secondary actions are configured, PBR/PBF uses the primary action if its target is operationally up, or it uses the secondary action if the primary PBR/PBF target is operationally down. If both targets are down, the default action when the target is down (see Table: Default behavior when a PBR/PBF target is down), as per the primary action, is used, unless pbr-down-action-override is configured.
When PBR/PBF redundancy is configured, the operator can use sticky destination functionality for a redundant filter entry. When sticky destination is configured (config>filter>{ip-filter | ipv6-filter | mac-filter}>entry>sticky-dest), the functionality mimics that of sticky destination configured for redirect policies. To force a switchover from the secondary to the primary action when sticky destination is enabled and secondary action is selected, the operator can use the tools>perform>filter>{ip-filter | ipv6-filter | mac-filter}>entry>activate-primary-action command. Sticky destination can be configured even if no secondary action is configured.
The control plane monitors whether primary and secondary actions can be performed and programs forwarding filter policy to use either the primary or secondary action as required. More generally, the state of PBR/PBF targets is monitored in the following situations:
when a secondary action is configured
when sticky destination is configured
when a pbr-down-action-override is configured
The show>filter>{ip-filter | ipv6-filter | mac-filter} [entry] command displays which redundant action is activated or downloaded, including when both PBR/PBF targets are down. The following example shows partial output of the command as applicable for PBF redundancy.
*A:vsim-200001# show filter ip 10 entry 1000
…
Primary Action : Forward (SAP) <-details of (primary) action
Next Hop : 1/1/1
Service Id : Not configured
PBR Target Status : Does not exist
Secondary Action : Forward (SAP) <-details of secondary action
Next Hop : 1/1/2
Service Id : Not configured
PBR Target Status : Does not exist
PBR Down Action : Forward (pbr-down-action-override) <- PBR down behavior
Downloaded Action : None <- currently downloaded action
Dest. Stickiness : 1000 Hold Remain : 0 <-
sticky dest details