Overview
A policy based forwarding (PBF) rule is not applied to a session when the monitoring host is unreachable. If no IP address is specified for monitoring, then the next hop router is monitored.
Details
When a PBF rule is configured with monitoring enabled ("Monitor" option is checked), the egress interface sends keepalives (KA) to the monitoring IP address or next hop router to ensure that the link is up as shown below.
> show pbf rule name test_PBF
Rule: test_PBF(1)
Rule State: Active
Action: Forward
Symmetric Return: No
Egress IF/VSYS: ethernetl/3
NextHop: 10.66.24.1
Monitor IP: 4.2.2.2
NextHop Status: UP
Monitor: Action:Monitor, Interva1:3, Thresho1d:5
Stats: KA sent:198, KA got:198, Packet Matched:9871
If the keepalives are not received ("KA got"), then the next hop status will show DOWN and the PBF rule is not applied:
> show pbf rule all
Rule ID Rule State Action Egress IF/VSYS NextHop NextHop Status
---------- ---- ---------- -------- -------------- ------------ --------------
test_PBF 1 Active Forward ethernet1/3 10.66.24.1 DOWN
Note: The 'Rule State' will show Disabled if the option "Disable this rule if nexthop/monitor ip is unreachable" is checked in the PBF rule.
For the PBF rule to be applied, always ensure that the monitoring IP address or next hop router is reachable from the forwarding egress interface. If monitoring is disabled in the PBF configuration ("Monitor" option is unchecked), then the PBF rule should be applied.
owner: gchandrasekaran