Each PBR list can have up to 1,500 rules. The first rule that matches the packet specifies the next hop list for the packet. If no rule matches the packet, the packet is routed according to the default rule.
You can configure policy rules to match packets based on one or more of the following criteria:
Source IP address, or a range of addresses
Destination IP address or a range of addresses
IP protocol, such as TCP, UDP, ICMP, IGMP
Source TCP or UDP port or a range of ports
Destination TCP or UDP port or a range of ports
ICMP type and code
Fragments
DSCP field
Note:
The fragment criteria is used for non-initial fragments only. You cannot specify TCP/UDP ports or ICMP code/type for a rule when using the fragment command.
Use IP wildcards to specify a range of source or destination IP addresses. The zero bits in the wildcard correspond to bits in the IP address that remain fixed. The one bits in the wildcard correspond to bits in the IP address that can vary. Note that this is the opposite of how bits are used in a subnet mask.
Note:
When you use destination and source ports in a PBR rule, policy-based routing does not catch fragments.
Note:
It is recommended to leave a gap between rule numbers, in order to leave room for inserting additional rules at a later time. For example, ip-rule 10, ip-rule 20, ip-rule 30.
