ABR - HackMD

# Policy --- # ABR application base routing 參考[SK167135](https://app.heptabase.com/5f6af385-68a3-454e-a380-d210e37b09fa/card/22f177e4-60c1-424e-96f4-1000b7aade41)\ 架構示意圖 ![image](https://hackmd.io/_uploads/S1rJ7A1vT.png) 1. interface setting ![image](https://hackmd.io/_uploads/HJQVmCJvp.png) 2. routing setting ![image 2](https://hackmd.io/_uploads/BJgmmCJva.png) 3. PBR Setting ![image 3](https://hackmd.io/_uploads/rJk8XCJPp.png) 4. 啟用Firewall rule讓其可以match\ 因為預設是隱藏的,注意需要重開\ **This feature is currently hidden**. To enable it, run these commands on the Security Gateway in the Expert mode **and reboot**: ```bash HostName:0# dbset process:rtgpbrd:runlevel 4 HostName:0# dbset process:rtgpbrd:path /bin HostName:0# dbset process:rtgpbrd t HostName:0# dbset :save HostName:0# reboot ``` 5. 在SmartConsole上面設定Rule\ 注意Name 要設定starts with the prefix "**PBR\_**" 才會顯示在後面的PBR rule ![image 4](https://hackmd.io/_uploads/Byqwm01Dp.png) 6. 回到Gaia 設定PBR rule ![image](https://hackmd.io/_uploads/rydti0VO6.png) - 注意限制事項\ Make sure that all PBR rules have to be defined above non-PBR rules which have "any-any" in source and destination fields, as shown in the screenshot below. In this case, possible match will be (2), (3) or (4) based on the destination field and not rule number (5). In case of rule number (5), it takes few packets to determine the type of service and initial packets can't be routed on a specific path defined by ABR rules. Remember that for ABR/PBR to work properly, FW rule has to be unique and can be applied to the first packet of the connection. ABR doesn't work with rule base hierarchy (inner layers). See section 5 below for other limitations associated with PBR/ABR.