01 Dec

ACL Based Forwarding (ABF) on IOS XR

With IOS XR traditional policy-based routing (PBR) is a history. You can’t attach ip policy to interface or subinterface anymore, yet PRB is common if you have to send traffic regardless of routing protocol. With IOS XR new feature is coming – ACL-Based Forwarding (ABF)

On traditional IOS you can configure PBR like that:

interface TenGigabitEthernet0/0
 ip policy route-map myPBR
!
ip access-list extended acl_myPBR
 permit tcp any host 10.0.0.1 eq www
!
route-map myPBR permit 10
 match ip address acl_myPBR
 set ip next-hop 192.168.1.1

ABF was introduced in IOS XR 3.9.2 (is not available in 4.0.0 but will be in 4.0.1 according to Cisco) and is a way to implement PBR, not as complex and flexible as traditional PBR with route-map but will suite all users that uses access-lists for PBR traffic classification. New configuration looks as follows:

ipv4 access-list acl_myABF
 10 permit tcp any host 10.0.0.1 eq www nexthop 192.168.1.1
 20 permit ipv4 any any
!
interface Bundle-Ether5.100
 ipv4 access-group acl_myABF ingress
!
end

ABF is part of ingress ACL attached to interface. If you want to set new next-hop address to traffic that will match ACL entry you have to just set extra parameter in ACL.
ABF have wide range of limitations right now. In example nexthop parameter can be set only to permit statement in ACL. ABF also have to be recognized by both input and output line card, and SIP-700 is not supported. Also next-hop in VRF is not supported.

I’m not yet sure if I like ABF. It’s still to fresh and to limited in comparison to traditional PBR to replace it. I’m also not really sure if I’d like to mix security feature which ACL is with routing feature like PBR. But good that something that will replace PBR is finally available in IOS XR.

3 thoughts on “ACL Based Forwarding (ABF) on IOS XR

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.