policy_map

Policy map manipulation.

This module permits the manipulation of policy maps used in the creation of service policies that can be applied to one or more types of hardware features, beginning with Policy Based Routing (PBR).

Policy maps for PBR (policy based routing) can match rules of either an IPv4 access list (including both source, destination addresses and all normal ACL flags) or any MPLS traffic.

Policy maps are constructed by key (consisting of a name and a feature, only eos::POLICY_FEATURE_PBR is presently supported), and the above rules are configured using the policy_map_mgr. For example, to source route traffic matching the existing ACL “netblock-fe” for a PBR policy named “src-routing-fe”, use this code in a handler with access to the policy_map_mgr object as policy_map_mgr() in scope.

   eos::policy_map_key_t pm_key("src-routing-fe", eos::POLICY_FEATURE_PBR);
   eos::acl_key_t acl_key("netblock-fe", eos::ACL_TYPE_IPV4);
   eos::class_map_t cm(pm_key);
   eos::class_map_rule_t cm_rule(acl_key);
   eos::policy_map_t pm(pm_key);
   eos::policy_map_rule_t pm_rule(pm_key);
   eos::policy_map_action_t action(eos::POLICY_ACTION_NEXTHOP_GROUP);
   action.nexthop_group_name_is("nhg-fe");
   pm_rule.action_set(action);
   cm.rule_set(1, cm_rule);
   pm.rule_set(1, pm_rule);
   policy_map_mgr()->policy_map_is(pm);
   // Apply to Ethernet3/1 (PBR policies are always applied ACL_IN (inbound).
   policy_map_mgr()->policy_map_apply(pm_key, eos::intf_id_t("Ethernet3/1"),
                                      eos::ACL_IN, true);

To instead program that same policy matching MPLS traffic instead of an IPv4 ACL, use the following pattern, noting that we explicitly supply a new class map key referring to the special eos::CLASS_MAP_MPLS_ANY name and skip binding the ACL to the class map entirely:

   eos::policy_map_key_t pm_key("src-routing-fe", eos::POLICY_FEATURE_PBR);
   eos::class_map_key_t cm_key(eos::CLASS_MAP_MPLS_ANY, eos::POLICY_FEATURE_PBR);
   eos::class_map_t cm(cm_key);
   eos::policy_map_rule_t pm_rule(cm_key);
   eos::policy_map_action_t action(eos::POLICY_ACTION_NEXTHOP_GROUP);
   action.nexthop_group_name_is("nhg-fe");
   pm_rule.action_set(action);
   cm.rule_set(1, cm_rule);
   pm.rule_set(1, pm_rule);
   policy_map_mgr()->policy_map_is(pm);
   // Finally, apply the policy as before

A valid policy map may have either:

1. One or more rules matching class maps matching one or more IPv4 ACLs. 2. A single policy map rule matching eos::CLASS_MAP_MPLS_ANY class, which itself may have only a single action

Using both “IP ACL” and “MPLS any” modes in the same policy map is not supported, and a eos::configuration_error will be thrown by the policy map when attempting to set both rules, or attempting to set more than one eos::CLASS_MAP_MPLS_ANY class map match rule per policy map.

template <>
struct policy_map_action_t >

Public Functions

size_t operator()(eos::policy_map_action_t const &) const
template <>
struct policy_map_key_t >

Public Functions

size_t operator()(eos::policy_map_key_t const &) const
namespace eos
class policy_map_iter_t
#include <policy_map.h>

An iterator providing forwards only iteration over collections of policy maps.

Private Functions

policy_map_iter_t(policy_map_iter_impl * const)

Friends

friend class policy_map_iter_impl
class policy_map_handler
#include <policy_map.h>

Event handler for policy feature specific events.

Callbacks about failures to program policy features into hardware are reported via this handler.

Public Functions

policy_map_handler(policy_map_mgr *)

Constructs a policy map handler for the supplied policy hardware feature.

policy_map_mgr * get_policy_map_mgr() const

Returns a pointer to the policy map manager for use in a derived handler.

void watch_policy_map(policy_map_key_t const & key, bool interest)

Registers to receive updates on changes to this policy feature.

Parameters
  • key -

    The policy feature to receive notifications for

  • watch -

    Receives notifications if and only if true.

virtual void on_policy_map_sync(policy_map_key_t const &)

Callback fired upon successful policy map application.

Parameters

virtual void on_policy_map_sync_fail(policy_map_key_t const &, std::string const & message)

Callback fired when policy map commit or apply operations failed.

Parameters
  • policy_map_key_t -

    The policy map which failed to update.

  • message -

    An error message which may be the empty string.

Protected Attributes

policy_map_mgr * policy_map_mgr_
policy_feature_t feature_
class policy_map_mgr
#include <policy_map.h>

EOS policy map manager.

The policy manager provides access to policy-map management, as well as policy map application to interfaces.

Public Functions

virtual ~policy_map_mgr()
virtual void resync_init() = 0

Resync

virtual void resync_complete() = 0

Completes any underway resync operation.

virtual bool exists(policy_map_key_t const & key) const = 0

Returns true if and only if the provided policy map key is configured.

virtual policy_map_t policy_map(policy_map_key_t const & key) const = 0
virtual void policy_map_is(policy_map_t const & policy_map) = 0
virtual void policy_map_del(policy_map_key_t const & key) = 0
virtual policy_map_iter_t policy_map_iter(policy_feature_t) const = 0

Provides iteration over the configured policy maps for a feature.

virtual void policy_map_apply(policy_map_key_t const &, intf_id_t, acl_direction_t, bool apply) = 0

Applies or unapplies the policy map to an interface in a direction.

Protected Functions

policy_map_mgr()

Private Members

policy_map_mgr

Friends

friend class policy_map_handler
namespace std

STL namespace.

template <>
struct policy_map_action_t >

Public Functions

size_t operator()(eos::policy_map_action_t const &) const
template <>
struct policy_map_key_t >

Public Functions

size_t operator()(eos::policy_map_key_t const &) const

Type definitions in policy_map

namespace eos

Typedefs

typedef uint32_t policy_map_tag_t

Enums

policy_match_condition_t enum

The default match condition for the policy map.

At present, the only supported condition is that any rule in the policy-map matching will trigger the action (POLICY_MAP_CONDITION_ANY).

Values:

  • POLICY_MAP_CONDITION_NULL -
  • POLICY_MAP_CONDITION_ANY -
policy_feature_t enum

A hardware feature a policy map can be used with.

Values:

  • POLICY_FEATURE_NULL -
  • POLICY_FEATURE_PBR -
  • POLICY_FEATURE_QOS -
  • POLICY_FEATURE_TAP_AGG -
policy_action_type_t enum

The actions a policy map rule may apply to classified packets.

Values:

  • POLICY_ACTION_NULL -
  • POLICY_ACTION_NONE -

    Perform no action.

  • POLICY_ACTION_DROP -

    Drop traffic for this policy.

  • POLICY_ACTION_NEXTHOP -

    Forward to one or more IP nexthops.

  • POLICY_ACTION_NEXTHOP_GROUP -

    Forward to named group of nexthops/interfaces.

  • POLICY_ACTION_DSCP -

    Set DSCP bits.

  • POLICY_ACTION_TRAFFIC_CLASS -

    Set traffic class.

class policy_map_key_t
#include <policy_map.h>

The key used to uniquely identify both class and policy maps.

Public Functions

policy_map_key_t()
policy_map_key_t(std::string const & name, policy_feature_t feature)
std::string name() const
void name_is(std::string const & name)
policy_feature_t feature() const
void feature_is(policy_feature_t feature)
bool operator==(policy_map_key_t const & other) const
bool operator!=(policy_map_key_t const & other) const
bool operator<(policy_map_key_t const & other) const
std::string to_string() const

Returns a string representation of the current object’s values.

Private Members

std::string name_
policy_feature_t feature_

Friends

friend std::ostream & operator<<

A utility stream operator that adds a string representation of policy_map_key_t to the ostream.

class policy_map_action_t
#include <policy_map.h>

A single policy map action. Each action defines a single type of action to be performed,presently supporting: “set nexthop”, “set nexthop group” and “drop”. It is illegal to set both nexthop and nexthop group or dropoperations in a single policy map rule.

Public Functions

policy_map_action_t()
policy_map_action_t(policy_action_type_t action_type)

Constructs a policy map action of a particular type.

After construction, set attributes appropriate for the action type using the mutators below; only the action-specific attributes will be considered when the policy is applied. If the action is POLICY_ACTION_DROP, no further attributes require being set.

virtual ~policy_map_action_t()
policy_action_type_t action_type() const
void action_type_is(policy_action_type_t action_type)
std::string nexthop_group_name() const

Getter for ‘nexthop_group_name’: the name of the nexthop group to be used when the action is POLICY_ACTION_NEXTHOP_GROUP. If the nexthop group does not yet exist when calling policy_map_is() on the policy_map_mgr, that action will complete successfully but FIB entries for the nextop group will not be programmed until the group is configured.

void nexthop_group_name_is(std::string const & nexthop_group_name)

Setter for ‘nexthop_group_name’.

std::unordered_set< ip_addr_t > const & nexthops() const
void nexthops_is(std::unordered_set< ip_addr_t > const & nexthops)
void nexthop_set(ip_addr_t const & value)

inserts one nexthop of ‘value’ to the set.

void nexthop_del(ip_addr_t const & value)

deletes one nexthop of ‘value’ from the set.

uint8_t dscp() const

Getter for ‘dscp’: the DiffServ Code Point on matching IPv4/IPv6 packets. This sets the 6-bit IPv4 DSCP or IPv6 traffic class field.

Exceptions

void dscp_is(uint8_t dscp)

Setter for ‘dscp’.

uint8_t traffic_class() const

Getter for ‘traffic_class’: the internal EOS traffic class on matching packets. Setting this 3-bit value overrides any interface CoS/DSCP trust mapping.

Exceptions

void traffic_class_is(uint8_t traffic_class)

Setter for ‘traffic_class’.

bool operator==(policy_map_action_t const & other) const
bool operator!=(policy_map_action_t const & other) const
bool operator<(policy_map_action_t const & other) const
std::string to_string() const

Returns a string representation of the current object’s values.

Private Members

policy_action_type_t action_type_
std::string nexthop_group_name_
std::unordered_set< ip_addr_t > nexthops_
uint8_t dscp_
uint8_t traffic_class_

Friends

friend std::ostream & operator<<

A utility stream operator that adds a string representation of policy_map_action_t to the ostream.

class policy_map_rule_t
#include <policy_map.h>

A policy map rule, describing a traffic match and actions.

A rule can match IP traffic via a class map, or can choose to match all MPLS traffic. To use a class map, use the explicit constructor or create a default policy map rule and set the class map with class_map_key_is().

Actions can be set at once or added or removed one at a time.

Public Functions

policy_map_rule_t()
policy_map_rule_t(class_map_key_t const & class_map_key)
class_map_key_t class_map_key() const

Getter for ‘class_map_key’: the class map key (name is CLASS_MAP_MPLS_ANY if matching MPLS).

void class_map_key_is(class_map_key_t const & class_map_key)

Setter for ‘class_map_key’.

std::set< policy_map_action_t > const & actions() const

Getter for ‘actions’: the set of actions configured for this particular rule.

void actions_is(std::set< policy_map_action_t > const & actions)

Setter for ‘actions’.

void action_set(policy_map_action_t const & value)

inserts one action of ‘value’ to the set.

void action_del(policy_map_action_t const & value)

deletes one action of ‘value’ from the set.

void action_del(policy_action_type_t action_type)
bool operator==(policy_map_rule_t const & other) const
bool operator!=(policy_map_rule_t const & other) const
bool operator<(policy_map_rule_t const & other) const
std::string to_string() const

Returns a string representation of the current object’s values.

Private Members

class_map_key_t class_map_key_
std::set< policy_map_action_t > actions_

Friends

friend std::ostream & operator<<

A utility stream operator that adds a string representation of policy_map_rule_t to the ostream.

class policy_map_t
#include <policy_map.h>

A policy map instance.

Once appropriately configured, policy maps are committed and applied to interfaces using the policy_map_mgr.

Public Functions

policy_map_t()
policy_map_t(policy_map_key_t const & key)
policy_map_key_t key() const
void key_is(policy_map_key_t const & key)
std::map< uint32_t, policy_map_rule_t > const & rules() const
void rules_is(std::map< uint32_t, policy_map_rule_t > const & rules)
void rule_set(uint32_t key, policy_map_rule_t const & value)
void rule_del(uint32_t key)
bool persistent() const

Getter for ‘persistent’: the config persistence for this policy map (defaults to false). Note: not implemented yet.

void persistent_is(bool persistent)

Setter for ‘persistent’.

bool operator==(policy_map_t const & other) const
bool operator!=(policy_map_t const & other) const
bool operator<(policy_map_t const & other) const
std::string to_string() const

Returns a string representation of the current object’s values.

Private Members

policy_map_key_t key_
std::map< uint32_t, policy_map_rule_t > rules_
bool persistent_

Friends

friend std::ostream & operator<<

A utility stream operator that adds a string representation of policy_map_t to the ostream.

class unsupported_policy_feature_error
#include <policy_map.h>

The policy feature requested is unavailable in this SDK release.

Public Functions

unsupported_policy_feature_error(policy_feature_t policy_feature)
virtual ~unsupported_policy_feature_error()
policy_feature_t policy_feature() const
virtual void raise() const

Throws this exception.

std::string to_string() const

Returns a string representation of the current object’s values.

Private Members

policy_feature_t policy_feature_

Friends

friend std::ostream & operator<<

A utility stream operator that adds a string representation of unsupported_policy_feature_error to the ostream.

Table Of Contents

Previous topic

panic

Next topic

sdk