policy_map¶

Policy map manipulation.

This module permits the manipulation of policy maps used in the creation of service policies that can be applied to one or more types of hardware features, beginning with Policy Based Routing (PBR).

Policy maps for PBR (policy based routing) can match rules of either an IPv4 access list (including both source, destination addresses and all normal ACL flags) or any MPLS traffic.

Policy maps are constructed by key (consisting of a name and a feature, only eos::POLICY_FEATURE_PBR is presently supported), and the above rules are configured using the policy_map_mgr. For example, to source route traffic matching the existing ACL “netblock-fe” for a PBR policy named “src-routing-fe”, use this code in a handler with access to the policy_map_mgr object as policy_map_mgr() in scope.

eos::policy_map_key_t pm_key("src-routing-fe", eos::POLICY_FEATURE_PBR);
eos::acl_key_t acl_key("netblock-fe", eos::ACL_TYPE_IPV4);
eos::class_map_t cm(pm_key);
eos::class_map_rule_t cm_rule(acl_key);
eos::policy_map_t pm(pm_key);
eos::policy_map_rule_t pm_rule(pm_key);
eos::policy_map_action_t action(eos::POLICY_ACTION_NEXTHOP_GROUP);
action.nexthop_group_name_is("nhg-fe");
pm_rule.action_set(action);
cm.rule_set(1, cm_rule);
pm.rule_set(1, pm_rule);
policy_map_mgr()->policy_map_is(pm);
// Apply to Ethernet3/1 (PBR policies are always applied ACL_IN (inbound).
policy_map_mgr()->policy_map_apply(pm_key, eos::intf_id_t("Ethernet3/1"),
                                   eos::ACL_IN, true);

To instead program that same policy matching MPLS traffic instead of an IPv4 ACL, use the following pattern, noting that we explicitly supply a new class map key referring to the special eos::CLASS_MAP_MPLS_ANY name and skip binding the ACL to the class map entirely:

eos::policy_map_key_t pm_key("src-routing-fe", eos::POLICY_FEATURE_PBR);
eos::class_map_key_t cm_key(eos::CLASS_MAP_MPLS_ANY, eos::POLICY_FEATURE_PBR);
eos::class_map_t cm(cm_key);
eos::policy_map_rule_t pm_rule(cm_key);
eos::policy_map_action_t action(eos::POLICY_ACTION_NEXTHOP_GROUP);
action.nexthop_group_name_is("nhg-fe");
pm_rule.action_set(action);
cm.rule_set(1, cm_rule);
pm.rule_set(1, pm_rule);
policy_map_mgr()->policy_map_is(pm);
// Finally, apply the policy as before

A valid policy map may have either:

One or more rules matching class maps matching one or more IPv4 ACLs.
A single policy map rule matching eos::CLASS_MAP_MPLS_ANY class, which itself may have only a single action

Using both “IP ACL” and “MPLS any” modes in the same policy map is not supported, and a eos::configuration_error will be thrown by the policy map when attempting to set both rules, or attempting to set more than one eos::CLASS_MAP_MPLS_ANY class map match rule per policy map.

template<> struct hash<eos::policy_map_action_t>¶

Public Functions

size_t operator()(eos::policy_map_action_t const&) const¶

template<> struct hash<eos::policy_map_key_t>¶

Public Functions

size_t operator()(eos::policy_map_key_t const&) const¶

namespace eos

class policy_map_iter_t : public eos::iter_base<policy_map_key_t, policy_map_iter_impl>¶

#include <policy_map.h>

An iterator providing forwards only iteration over collections of policy maps.

Private Functions

policy_map_iter_t(policy_map_iter_impl *)¶

Friends

friend eos::policy_map_iter_impl

class policy_map_hw_status_iter_t : public eos::iter_base<policy_map_key_t, policy_map_hw_status_iter_impl>¶

#include <policy_map.h>

An iterator providing forwards only iteration over collections of policy maps.

Private Functions

policy_map_hw_status_iter_t(policy_map_hw_status_iter_impl *const )¶

Friends

friend eos::policy_map_hw_status_iter_impl

class policy_map_handler : public eos::base_handler<policy_map_mgr, policy_map_handler>¶

#include <policy_map.h>

Event handler for policy feature specific events.

Callbacks about failures to program policy features into hardware are reported via this handler.

Public Functions

policy_map_handler(policy_map_mgr *)¶: Constructs a policy map handler for the supplied policy hardware feature.

policy_map_mgr *get_policy_map_mgr() const¶: Returns a pointer to the policy map manager for use in a derived handler.

void watch_all_policy_maps(bool interest)¶

Registers to receive updates on changes to all policy maps.

Parameters

interest: Receives notifications if and only if true.

void watch_policy_map(policy_map_key_t const &key, bool interest)¶

Registers to receive updates on changes to the specified policy map.

Parameters

key: The key identifying the policy map to receive notifications for.
interest: Receives notifications if and only if true.

void watch_policy_map(policy_map_key_t const &key, std::string const &agent_name, bool interest)¶

Registers to receive updates on changes to the specified policy map.

Parameters

key: The key identifying the policy map to receive notifications for.
agent_name: The agent which configures the policy being watched. No longer used.
interest: Receives notifications if and only if true.

virtual void on_policy_map_sync(policy_map_key_t const&)¶

Callback fired upon successful policy map application.

Parameters

policy_map_key_t: The key identifying the updated policy map.

virtual void on_policy_map_sync_fail(policy_map_key_t const&, std::string const &message)¶

Callback fired when policy map commit or apply operations failed.

Parameters

policy_map_key_t: The policy map which failed to update.
message: An error message which may be the empty string.

virtual void on_policy_map_config_set(policy_map_key_t const&)¶

Callback fired when policy map configuration changes.

Parameters

name: Policy map name.

Protected Attributes

policy_map_mgr *policy_map_mgr_¶

policy_feature_t feature_¶

class policy_map_mgr : public eos::base_mgr<policy_map_handler, policy_map_key_t>¶

#include <policy_map.h>

EOS policy map manager.

The policy manager provides access to policy-map management, as well as policy map application to interfaces.

Public Functions

virtual ~policy_map_mgr()¶

virtual void resync_init() = 0¶: Resync

virtual void resync_complete() = 0¶: Completes any underway resync operation.

virtual bool exists(policy_map_key_t const &key) const = 0¶: Returns true if and only if the provided policy map key is configured.

virtual policy_map_t policy_map(policy_map_key_t const &key) const = 0¶

virtual void policy_map_is(policy_map_t const &policy_map) = 0¶

virtual void policy_map_del(policy_map_key_t const &key) = 0¶

virtual policy_map_iter_t policy_map_iter(policy_feature_t) const = 0¶: Provides iteration over the configured policy maps for a feature.

virtual void policy_map_apply(policy_map_key_t const&, intf_id_t, acl_direction_t, bool apply) = 0¶

Applies or unapplies a policy map on the given interface and direction.

Parameters

policy_map_key_t: Name and type of the policy map to [un]apply. Note: When unapplying a PBR policy map, the specified interface’s policy map will be unapplied regardless of whether it matches the specified policy map name.
intf_id_t: The interface ID of the interface to [un]apply the policy map.
acl_direction_t: The direction in which to [un]apply the policy map
bool: Whether to apply or unapply the policy map. If true, policy map is applied on the given interface and direction. If false, policy map is removed from the given interface and direction.

virtual policy_map_hw_status_iter_t policy_map_hw_status_iter(policy_feature_t) const = 0¶: Provides iteration over the policy maps in hardware for a feature.

virtual policy_map_hw_statuses_t hw_status(policy_map_key_t const &key) const = 0¶: Returns the hardware status for a policy map key.

Protected Functions

policy_map_mgr()¶

Private Members

eos::policy_map_mgr::policy_map_mgr

Friends

friend eos::policy_map_handler

namespace std

STL namespace.

template<> struct hash<eos::policy_map_action_t>

Public Functions

size_t operator()(eos::policy_map_action_t const&) const

template<> struct hash<eos::policy_map_key_t>

Public Functions

size_t operator()(eos::policy_map_key_t const&) const

Type definitions in policy_map¶

namespace eos

Typedefs

typedef uint32_t policy_map_tag_t¶

Enums

enum policy_match_condition_t¶

The default match condition for the policy map.

At present, the only supported condition is that any rule in the policy-map matching will trigger the action (POLICY_MAP_CONDITION_ANY).

Values:

POLICY_MAP_CONDITION_NULL¶

POLICY_MAP_CONDITION_ANY¶

enum policy_feature_t¶

A hardware feature a policy map can be used with.

Values:

POLICY_FEATURE_NULL¶

POLICY_FEATURE_PBR¶

POLICY_FEATURE_QOS¶

POLICY_FEATURE_TAP_AGG¶

enum policy_action_type_t¶

The actions a policy map rule may apply to classified packets.

Values:

POLICY_ACTION_NULL¶

POLICY_ACTION_NONE¶: Perform no action.

POLICY_ACTION_DROP¶: Drop traffic for this policy.

POLICY_ACTION_NEXTHOP¶: Forward to one or more IP nexthops.

POLICY_ACTION_NEXTHOP_GROUP¶: Forward to named group of nexthops/interfaces.

POLICY_ACTION_DSCP¶: Set DSCP bits.

POLICY_ACTION_TRAFFIC_CLASS¶: Set traffic class.

enum policy_map_rule_type_t¶

The policy map rule type. Valid types are IPV4 IPV6 and CLASSMAP.

Values:

POLICY_RULE_TYPE_CLASSMAP¶

POLICY_RULE_TYPE_IPV4¶

POLICY_RULE_TYPE_IPV6¶

enum policy_map_status_t¶

The policy map hardware status type.

Values:

POLICY_STATUS_NOT_FOUND¶

POLICY_STATUS_IN_PROGRESS¶

POLICY_STATUS_FAILED¶

POLICY_STATUS_SUCCESS¶

class policy_map_key_t¶

#include <policy_map.h>

The key used to uniquely identify both class and policy maps.

Public Functions

policy_map_key_t()¶

policy_map_key_t(std::string const &name, policy_feature_t feature)¶

policy_map_key_t(const policy_map_key_t &other)¶

policy_map_key_t &operator=(policy_map_key_t const &other)¶

std::string name() const¶

void name_is(std::string const &name)¶

policy_feature_t feature() const¶

void feature_is(policy_feature_t feature)¶

bool operator==(policy_map_key_t const &other) const¶

bool operator!=(policy_map_key_t const &other) const¶

bool operator<(policy_map_key_t const &other) const¶

uint32_t hash() const¶: The hash function for type policy_map_key_t.

void mix_me(hash_mix &h) const¶: The hash mix function for type policy_map_key_t.

std::string to_string() const¶: Returns a string representation of the current object’s values.

Private Members

std::shared_ptr<policy_map_key_impl_t> pimpl¶

Friends

std::ostream &operator<<(std::ostream &os, const policy_map_key_t &obj)¶: A utility stream operator that adds a string representation of policy_map_key_t to the ostream.

class policy_map_action_t¶

#include <policy_map.h>

A single policy map action. Each action defines a single type of action to be performed, presently supporting: “set nexthop”, “set nexthop group” and “drop”. It is illegal to set both nexthop and nexthop group or drop operations in a single policy map rule.

Public Functions

policy_map_action_t()¶

policy_map_action_t(policy_action_type_t action_type)¶

Constructs a policy map action of a particular type.

After construction, set attributes appropriate for the action type using the mutators below; only the action-specific attributes will be considered when the policy is applied. If the action is POLICY_ACTION_DROP, no further attributes require being set.

policy_map_action_t(const policy_map_action_t &other)¶

policy_map_action_t &operator=(policy_map_action_t const &other)¶

~policy_map_action_t()¶

policy_action_type_t action_type() const¶

void action_type_is(policy_action_type_t action_type)¶

std::string nexthop_group_name() const¶: Getter for ‘nexthop_group_name’: the name of the nexthop group to be used when the action is POLICY_ACTION_NEXTHOP_GROUP. If the nexthop group does not yet exist when calling policy_map_is() on the policy_map_mgr, that action will complete successfully but FIB entries for the nextop group will not be programmed until the group is configured.

void nexthop_group_name_is(std::string const &nexthop_group_name)¶: Setter for ‘nexthop_group_name’.

std::unordered_set<ip_addr_t> const &nexthops() const¶

void nexthops_is(std::unordered_set<ip_addr_t> const &nexthops)¶

void nexthop_set(ip_addr_t const &value)¶: Inserts one nexthop of ‘value’ to the set.

void nexthop_del(ip_addr_t const &value)¶: Deletes one nexthop of ‘value’ from the set.

std::string vrf() const¶: Getter for ‘vrf’: the name of the VRF for nexthop action.

void vrf_is(std::string const &vrf)¶: Setter for ‘vrf’.

uint8_t dscp() const¶

Getter for ‘dscp’: the DiffServ Code Point on matching IPv4/IPv6 packets. This sets the 6-bit IPv4 DSCP or IPv6 traffic class field.

Exceptions

eos::invalid_argument_error: if value outside range 0..63.

void dscp_is(uint8_t dscp)¶: Setter for ‘dscp’.

uint8_t traffic_class() const¶

Getter for ‘traffic_class’: the internal EOS traffic class on matching packets. Setting this 3-bit value overrides any interface CoS/DSCP trust mapping.

Exceptions

eos::invalid_argument_error: if value outside range 0..7.

void traffic_class_is(uint8_t traffic_class)¶: Setter for ‘traffic_class’.

bool operator==(policy_map_action_t const &other) const¶

bool operator!=(policy_map_action_t const &other) const¶

bool operator<(policy_map_action_t const &other) const¶

uint32_t hash() const¶: The hash function for type policy_map_action_t.

void mix_me(hash_mix &h) const¶: The hash mix function for type policy_map_action_t.

std::string to_string() const¶: Returns a string representation of the current object’s values.

Private Members

std::shared_ptr<policy_map_action_impl_t> pimpl¶

Friends

std::ostream &operator<<(std::ostream &os, const policy_map_action_t &obj)¶: A utility stream operator that adds a string representation of policy_map_action_t to the ostream.

class policy_map_rule_t¶

#include <policy_map.h>

A policy map rule, describing a traffic match and actions.

A rule works by creating a filter to match only certain types of IP traffic. Any traffic that passes this filter then has the corresponding policy_map_action_t actions applied. For example, a rule can specify that any traffic on Vlan42 should have its traffic class set to 4 and should be forwarded out of nexthop_group “foo”.

The match portion of a rule can take one of two forms: class maps or raw match rules. Class maps let you combine various ACLs to decide whether to match or ignore traffic. These objects are managed by the class_map_mgr in eos/class_map.h. Alternatively, you can use a shorthand and specify just a single acl_rule_ip_t, which will match traffic that passes that rule. Actions can be set at once or added or removed one at a time.

Public Functions

policy_map_rule_t()¶

policy_map_rule_t(class_map_key_t const &class_map_key)¶

policy_map_rule_t(const policy_map_rule_t &other)¶

policy_map_rule_t &operator=(policy_map_rule_t const &other)¶

class_map_key_t class_map_key() const¶: Getter for ‘class_map_key’: the class map key (name is CLASS_MAP_MPLS_ANY if matching MPLS).

void class_map_key_is(class_map_key_t const &class_map_key)¶: Setter for ‘class_map_key’.

policy_map_rule_type_t policy_map_rule_type() const¶: Getter for ‘policy_map_rule_type’: the rule type. Set the rule type to POLICY_RULE_TYPE_CLASSMAP if the rule matches a class. If the rule has the raw match statement set, the rule type should be set to POLICY_RULE_TYPE_IPV4 or POLICY_RULE_TYPE_IPV6.

void policy_map_rule_type_is(policy_map_rule_type_t policy_map_rule_type)¶: Setter for ‘policy_map_rule_type’.

acl_rule_ip_t raw_rule() const¶: Getter for ‘raw_rule’: the raw match statement.

void raw_rule_is(acl_rule_ip_t raw_rule)¶: Setter for ‘raw_rule’.

std::set<policy_map_action_t> const &actions() const¶: Getter for ‘actions’: the set of actions configured for this particular rule.

void actions_is(std::set<policy_map_action_t> const &actions)¶: Setter for ‘actions’.

void action_set(policy_map_action_t const &value)¶: Inserts one action of ‘value’ to the set.

void action_del(policy_map_action_t const &value)¶: Deletes one action of ‘value’ from the set.

void action_del(policy_action_type_t action_type)¶

void raw_rule_is(acl_rule_ip_t acl_rule, policy_map_rule_type_t rule_type)¶

bool operator==(policy_map_rule_t const &other) const¶

bool operator!=(policy_map_rule_t const &other) const¶

bool operator<(policy_map_rule_t const &other) const¶

uint32_t hash() const¶: The hash function for type policy_map_rule_t.

void mix_me(hash_mix &h) const¶: The hash mix function for type policy_map_rule_t.

std::string to_string() const¶: Returns a string representation of the current object’s values.

Private Members

std::shared_ptr<policy_map_rule_impl_t> pimpl¶

Friends

std::ostream &operator<<(std::ostream &os, const policy_map_rule_t &obj)¶: A utility stream operator that adds a string representation of policy_map_rule_t to the ostream.

class policy_map_t¶

#include <policy_map.h>

A policy map instance.

Once appropriately configured, policy maps are committed and applied to interfaces using the policy_map_mgr.

Public Functions

policy_map_t()¶

policy_map_t(policy_map_key_t const &key)¶

policy_map_t(const policy_map_t &other)¶

policy_map_t &operator=(policy_map_t const &other)¶

policy_map_key_t key() const¶

void key_is(policy_map_key_t const &key)¶

std::map<uint32_t, policy_map_rule_t> const &rules() const¶

void rules_is(std::map<uint32_t, policy_map_rule_t> const &rules)¶

void rule_set(uint32_t key, policy_map_rule_t const &value)¶

void rule_del(uint32_t key)¶

bool operator==(policy_map_t const &other) const¶

bool operator!=(policy_map_t const &other) const¶

bool operator<(policy_map_t const &other) const¶

uint32_t hash() const¶: The hash function for type policy_map_t.

void mix_me(hash_mix &h) const¶: The hash mix function for type policy_map_t.

std::string to_string() const¶: Returns a string representation of the current object’s values.

Private Members

std::shared_ptr<policy_map_impl_t> pimpl¶

Friends

std::ostream &operator<<(std::ostream &os, const policy_map_t &obj)¶: A utility stream operator that adds a string representation of policy_map_t to the ostream.

class unsupported_policy_feature_error : public eos::unsupported_error ¶

#include <policy_map.h>

The policy feature requested is unavailable in this SDK release.

Public Functions

unsupported_policy_feature_error(policy_feature_t policy_feature)¶

~unsupported_policy_feature_error()¶

policy_feature_t policy_feature() const¶

void raise() const¶: Throws this exception.

uint32_t hash() const¶: The hash function for type unsupported_policy_feature_error.

void mix_me(hash_mix &h) const¶: The hash mix function for type unsupported_policy_feature_error.

std::string to_string() const¶: Returns a string representation of the current object’s values.

Private Members

policy_feature_t policy_feature_¶

Friends

std::ostream &operator<<(std::ostream &os, const unsupported_policy_feature_error &obj)¶: A utility stream operator that adds a string representation of unsupported_policy_feature_error to the ostream.

class policy_map_hw_status_key_t¶

#include <policy_map.h>

policy map hardware interface key.

Public Functions

policy_map_hw_status_key_t()¶

policy_map_hw_status_key_t(intf_id_t intf_id, acl_direction_t direction)¶

policy_map_hw_status_key_t(const policy_map_hw_status_key_t &other)¶

policy_map_hw_status_key_t &operator=(policy_map_hw_status_key_t const &other)¶

intf_id_t intf_id() const¶: Getter for ‘intf_id’: Interface ID at with a policy map is applied. If the feature type is POLICY_FEATURE_QOS, intf_id will be the default interface ID.

void intf_id_is(intf_id_t intf_id)¶: Setter for ‘intf_id’.

acl_direction_t direction() const¶: Getter for ‘direction’: Direction in which a policy map is applied.

void direction_is(acl_direction_t direction)¶: Setter for ‘direction’.

bool operator==(policy_map_hw_status_key_t const &other) const¶

bool operator!=(policy_map_hw_status_key_t const &other) const¶

bool operator<(policy_map_hw_status_key_t const &other) const¶

uint32_t hash() const¶: The hash function for type policy_map_hw_status_key_t.

void mix_me(hash_mix &h) const¶: The hash mix function for type policy_map_hw_status_key_t.

std::string to_string() const¶: Returns a string representation of the current object’s values.

Private Members

std::shared_ptr<policy_map_hw_status_key_impl_t> pimpl¶

Friends

std::ostream &operator<<(std::ostream &os, const policy_map_hw_status_key_t &obj)¶: A utility stream operator that adds a string representation of policy_map_hw_status_key_t to the ostream.

class policy_map_hw_statuses_t¶

#include <policy_map.h>

policy map hardware statuses.

Public Functions

policy_map_hw_statuses_t()¶

policy_map_hw_statuses_t(std::map<policy_map_hw_status_key_t, policy_map_status_t> const &intf_statuses)¶

policy_map_hw_statuses_t(const policy_map_hw_statuses_t &other)¶

policy_map_hw_statuses_t &operator=(policy_map_hw_statuses_t const &other)¶

std::map<policy_map_hw_status_key_t, policy_map_status_t> const &intf_statuses() const¶: Getter for ‘intf_statuses’: A map of interface key and policy map status.

void intf_statuses_is(std::map<policy_map_hw_status_key_t, policy_map_status_t> const &intf_statuses)¶: Setter for ‘intf_statuses’.

void intf_statuse_set(policy_map_hw_status_key_t const &key, policy_map_status_t const &value)¶: Inserts key/value pair to the map.

void intf_statuse_del(policy_map_hw_status_key_t const &key)¶: Deletes the key/value pair from the map.

bool operator==(policy_map_hw_statuses_t const &other) const¶

bool operator!=(policy_map_hw_statuses_t const &other) const¶

bool operator<(policy_map_hw_statuses_t const &other) const¶

uint32_t hash() const¶: The hash function for type policy_map_hw_statuses_t.

void mix_me(hash_mix &h) const¶: The hash mix function for type policy_map_hw_statuses_t.

std::string to_string() const¶: Returns a string representation of the current object’s values.

Private Members

std::shared_ptr<policy_map_hw_statuses_impl_t> pimpl¶

Friends

std::ostream &operator<<(std::ostream &os, const policy_map_hw_statuses_t &obj)¶: A utility stream operator that adds a string representation of policy_map_hw_statuses_t to the ostream.

policy_map¶

Type definitions in policy_map¶

Table of Contents

Previous topic

Next topic