Policy map manipulation.
This module permits the manipulation of policy maps used in the creation of service policies that can be applied to one or more types of hardware features, beginning with Policy Based Routing (PBR).
Policy maps for PBR (policy based routing) can match rules of either an IPv4 access list (including both source, destination addresses and all normal ACL flags) or any MPLS traffic.
Policy maps are constructed by key (consisting of a name and a feature, only eos::POLICY_FEATURE_PBR is presently supported), and the above rules are configured using the policy_map_mgr. For example, to source route traffic matching the existing ACL “netblock-fe” for a PBR policy named “src-routing-fe”, use this code in a handler with access to the policy_map_mgr object as policy_map_mgr() in scope.
eos::policy_map_key_t pm_key("src-routing-fe", eos::POLICY_FEATURE_PBR); eos::acl_key_t acl_key("netblock-fe", eos::ACL_TYPE_IPV4); eos::class_map_t cm(pm_key); eos::class_map_rule_t cm_rule(acl_key); eos::policy_map_t pm(pm_key); eos::policy_map_rule_t pm_rule(pm_key); eos::policy_map_action_t action(eos::POLICY_ACTION_NEXTHOP_GROUP); action.nexthop_group_name_is("nhg-fe"); pm_rule.action_set(action); cm.rule_set(1, cm_rule); pm.rule_set(1, pm_rule); policy_map_mgr()->policy_map_is(pm); // Apply to Ethernet3/1 (PBR policies are always applied ACL_IN (inbound). policy_map_mgr()->policy_map_apply(pm_key, eos::intf_id_t("Ethernet3/1"), eos::ACL_IN, true);
To instead program that same policy matching MPLS traffic instead of an IPv4 ACL, use the following pattern, noting that we explicitly supply a new class map key referring to the special eos::CLASS_MAP_MPLS_ANY name and skip binding the ACL to the class map entirely:
eos::policy_map_key_t pm_key("src-routing-fe", eos::POLICY_FEATURE_PBR); eos::class_map_key_t cm_key(eos::CLASS_MAP_MPLS_ANY, eos::POLICY_FEATURE_PBR); eos::class_map_t cm(cm_key); eos::policy_map_rule_t pm_rule(cm_key); eos::policy_map_action_t action(eos::POLICY_ACTION_NEXTHOP_GROUP); action.nexthop_group_name_is("nhg-fe"); pm_rule.action_set(action); cm.rule_set(1, cm_rule); pm.rule_set(1, pm_rule); policy_map_mgr()->policy_map_is(pm); // Finally, apply the policy as before
A valid policy map may have either:
1. One or more rules matching class maps matching one or more IPv4 ACLs. 2. A single policy map rule matching eos::CLASS_MAP_MPLS_ANY class, which itself may have only a single action
Using both “IP ACL” and “MPLS any” modes in the same policy map is not supported, and a eos::configuration_error will be thrown by the policy map when attempting to set both rules, or attempting to set more than one eos::CLASS_MAP_MPLS_ANY class map match rule per policy map.
Public Functions
Public Functions
An iterator providing forwards only iteration over collections of policy maps.
Private Functions
Friends
Event handler for policy feature specific events.
Callbacks about failures to program policy features into hardware are reported via this handler.
Public Functions
Constructs a policy map handler for the supplied policy hardware feature.
Returns a pointer to the policy map manager for use in a derived handler.
Registers to receive updates on changes to this policy feature.
The policy feature to receive notifications for
Receives notifications if and only if true.
Callback fired upon successful policy map application.
The key identifying the updated policy map.
Callback fired when policy map commit or apply operations failed.
The policy map which failed to update.
An error message which may be the empty string.
EOS policy map manager.
The policy manager provides access to policy-map management, as well as policy map application to interfaces.
Public Functions
Resync
Completes any underway resync operation.
Returns true if and only if the provided policy map key is configured.
Provides iteration over the configured policy maps for a feature.
Applies or unapplies the policy map to an interface in a direction.
Protected Functions
Private Members
Friends
STL namespace.
Public Functions
Public Functions
Typedefs
Enums
The default match condition for the policy map.
At present, the only supported condition is that any rule in the policy-map matching will trigger the action (POLICY_MAP_CONDITION_ANY).
Values:
A hardware feature a policy map can be used with.
Values:
The actions a policy map rule may apply to classified packets.
Values:
Perform no action.
Drop traffic for this policy.
Forward to one or more IP nexthops.
Forward to named group of nexthops/interfaces.
Set DSCP bits.
Set traffic class.
The key used to uniquely identify both class and policy maps.
Public Functions
Returns a string representation of the current object’s values.
Private Members
Friends
A utility stream operator that adds a string representation of policy_map_key_t to the ostream.
A single policy map action. Each action defines a single type of action to be performed,presently supporting: “set nexthop”, “set nexthop group” and “drop”. It is illegal to set both nexthop and nexthop group or dropoperations in a single policy map rule.
Public Functions
Constructs a policy map action of a particular type.
After construction, set attributes appropriate for the action type using the mutators below; only the action-specific attributes will be considered when the policy is applied. If the action is POLICY_ACTION_DROP, no further attributes require being set.
Getter for ‘nexthop_group_name’: the name of the nexthop group to be used when the action is POLICY_ACTION_NEXTHOP_GROUP. If the nexthop group does not yet exist when calling policy_map_is() on the policy_map_mgr, that action will complete successfully but FIB entries for the nextop group will not be programmed until the group is configured.
Setter for ‘nexthop_group_name’.
inserts one nexthop of ‘value’ to the set.
deletes one nexthop of ‘value’ from the set.
Getter for ‘dscp’: the DiffServ Code Point on matching IPv4/IPv6 packets. This sets the 6-bit IPv4 DSCP or IPv6 traffic class field.
if value outside range 0..63.
Setter for ‘dscp’.
Getter for ‘traffic_class’: the internal EOS traffic class on matching packets. Setting this 3-bit value overrides any interface CoS/DSCP trust mapping.
if value outside range 0..7.
Setter for ‘traffic_class’.
Returns a string representation of the current object’s values.
Private Members
Friends
A utility stream operator that adds a string representation of policy_map_action_t to the ostream.
A policy map rule, describing a traffic match and actions.
A rule can match IP traffic via a class map, or can choose to match all MPLS traffic. To use a class map, use the explicit constructor or create a default policy map rule and set the class map with class_map_key_is().
Actions can be set at once or added or removed one at a time.
Public Functions
Getter for ‘class_map_key’: the class map key (name is CLASS_MAP_MPLS_ANY if matching MPLS).
Setter for ‘class_map_key’.
Getter for ‘actions’: the set of actions configured for this particular rule.
Setter for ‘actions’.
inserts one action of ‘value’ to the set.
deletes one action of ‘value’ from the set.
Returns a string representation of the current object’s values.
Friends
A utility stream operator that adds a string representation of policy_map_rule_t to the ostream.
A policy map instance.
Once appropriately configured, policy maps are committed and applied to interfaces using the policy_map_mgr.
Public Functions
Getter for ‘persistent’: the config persistence for this policy map (defaults to false). Note: not implemented yet.
Setter for ‘persistent’.
Returns a string representation of the current object’s values.
Private Members
Friends
A utility stream operator that adds a string representation of policy_map_t to the ostream.
The policy feature requested is unavailable in this SDK release.
Public Functions
Throws this exception.
Returns a string representation of the current object’s values.
Private Members
Friends
A utility stream operator that adds a string representation of unsupported_policy_feature_error to the ostream.