From fd.io
Jump to: navigation, search

ACL Based Forwarding is a poor man's policy based routing.

In normal IP routing the 'lookup' is match using the packet's IP destination address and the result (after ECMP choice) is a path describing what to do with the packet, e.g.. where to send it. In ABF the lookup is replaced by a match involving user defined fields in the packet, but the result is the same. The fields available to match are those that can be expressed by an ACL (hence the name ABF).


An ABF policy is equivalent to an IP route. It express the ACL that is used to match and the path that is used to forward:

abf policy add id <ID> acl <INDEX> via GigE0/0

the ID is a value the control plane gives to the policy so that it can refer to it later (i.e. when it is deleted). the ACL index is a previously created ACL. After the 'via' keyword one can use any of the options supported for IP/MPLS routing.


in order for policies to be used to match packets, they must be 'attached' to an input interface. This step is equivalent to adding the IP route to the interface's VRF.

abf attach <ip4|ip6> policy <ID> priority <X> GigE0/1

the policy ID is the same value as given in the policy create. The priority specifies the order in which the matches will be made.

that's all there is to it.