Policy based forwarding rule is not applied when the monitoring host is unreachable

Overview

A Policy Based Forwarding (PBF) rule is not applied to a session when the monitoring host is unreachable. If no IP address is specified for monitoring, then the next hop router is monitored.

Details

When a PBF rule is configured with monitoring enabled ("Monitor" option is checked), the egress interface sends keepalives (KA) to the monitoring IP address or next hop router to ensure that the link is up as shown below.

> show pbf rule name test_PBF

Rule: test_PBF(1)

Rule State: Active

Action: Forward

Symmetric Return: No

Egress IF/VSYS: ethernetl/3

NextHop: 10.66.24.1

Monitor IP: 4.2.2.2

NextHop Status: UP

Monitor: Action:Monitor, Interva1:3, Thresho1d:5

Stats: KA sent:198, KA got:198, Packet Matched:9871

If the keepalives are not received ("KA got"), then the next hop status will show DOWN and the PBF rule is not applied:

> show pbf rule all

Rule       ID   Rule State Action   Egress IF/VSYS NextHop      NextHop Status

---------- ---- ---------- -------- -------------- ------------ --------------

test_PBF   1    Active     Forward  ethernet1/3    10.66.24.1   DOWN

Note: The 'Rule State' will show Disabled if the option "Disable this rule if nexthop/monitor ip is unreachable" is checked in the PBF rule.

For the PBF rule to be applied, always ensure that the monitoring IP address or next hop router is reachable from the forwarding egress interface. If monitoring is disabled in the PBF configuration ("Monitor" option is unchecked), then the PBF rule should be applied.

owner: gchandrasekaran