Cisco IOS Dynamic Application Policy Routing Commands

dapr

To configure the DAPR authentication within the Dynamic Application Policy Routing (DAPR) instance, use the dapr command in global configuration mode. To remove the dapr instance, use the no form of this command.

dapr { default | Instance Name }

no dapr { default | Instance Name }

Syntax Description

Instance Name

Specified the user defined DAPR instance name.

Command Default

No default behavior or values.

Command Modes

Global configuration (config)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

The dapr command defined instance is a container for DAPR RM and/or BR configuration. Currently, only a single DAPR instance is supported. DAPR instance is identified by a user-defined string or by the string default.

Examples

The following example configures a dapr instance:

:

Device(config)#dapr default 
DAPR(config-dapr-instance)#
DAPR(config)#dapr dapr-instance-1
 DAPR instance 'default' exits. Single instance allowed.

Related Commands

Command

Description
route-manager

Configures the DAPR route manager (RM) within the DAPR instance.
border-router

Configures the DAPR border router (BR) within the DAPR instance.

route-manager

To configure the route manager within the Dynamic Application Policy Routing (DAPR) instance, use the route-manager command in global configuration mode. To remove the route manager configuration, use the no form of this command.

route-manager

no route-manager

Command Default

No default behavior or values.

Command Modes

DAPR instance configuration (config-dapr-instance)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

The route-manager command configures the DAPR route manager within the DAPR instance,

Examples

The following example configures a route manager:


Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#dapr default
Device(config-dapr-instance)#route-manager

Related Commands

Command

Description

dapr

Configures the DAPR instance.

border-router

To configure the border-router within the Dynamic Application Policy Routing (DAPR) instance, use the border-router command in global configuration mode. To remove the border-router configuration, use the no form of this command.

border-router

no border-router

Command Default

No default behavior or values.

Command Modes

DAPR instance configuration (config-dapr-instance)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

The border-router command configures the DAPR border-router within the DAPR instance.

Examples

The following example configures a route manager:


Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device (config)#dapr default
Device(config-dapr-instance)#border-router

Related Commands

Command

Description

dapr

Configures the DAPR instance.

shutdown

To shutdown border-router and route-manager within the Dynamic Application Policy Routing (DAPR) instance, use the shutdown command in global configuration mode. To remove the shutdown border-router and route-manager configuration, use the no form of this command.

shutdown

no shutdown

Command Default

No default behavior or values.

Command Modes

DAPR route manager configuration (config-dapr-route-manager)

DAPR border router configuration (config-dapr-border-router)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

It is mandatory to shutdown route manager and border router before creating or modifying any configuration at route manager and border router respectively.

Examples

The following example shuts down the RM:

Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#dapr default
Device(config-dapr-instance)#route-manager
Device(config-dapr-route-manager)#shutdown

Examples

The following example shuts down the BR:

Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#dapr default
Device(config-dapr-instance)#border-router
Device(config-dapr-border-router)#shutdown

Related Commands

Command

Description
route-manager

Configures the DAPR route manager (RM) within the DAPR instance.
border-router

Configures the DAPR border router (BR) within the DAPR instance.

authentication password

To configure the DAPR authentication within the Dynamic Application Policy Routing (DAPR) instance, use the authentication password command in global configuration mode. To remove the authentication password, use the no form of this command.

authentication password [ enc-type ] password

no authentication password

Syntax Description

password

User defined password string. The password string should be same at both route manager and border router for successful authentication.

enc-type

(optional) encryption type for password. Controls how password are displayed in running config.

Command Default

No default behavior or values.

Command Modes

DAPR route manager configuration (config-dapr-route-manager)

DAPR border router configuration (config-dapr-border-router)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

RM uses passwords to authenticate BRs. Note that DAPR authentication is unidirectional in that it is only for BR authentication to RM and not vice versa. The password is carried in plaintext over the BR-RM TCP-based control connection.

Examples

The following example shows how to configure authentication password at route manager:

Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#dapr default
Device(config-dapr-instance)#route-manager
Device(config-dapr-route-manager)# authentication password ?
  0     Specifies an UNENCRYPTED password will follow
  4     Specifies an SHA256 HASHED password will follow
  LINE  The UNENCRYPTED (cleartext) 'password' string

The following example shows how to configure authentication password at border router:

Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#dapr default
Device(config-dapr-instance)#border-router
Device(config-dapr-route-manager)# authentication password ?
  0     Specifies an UNENCRYPTED password will follow
  4     Specifies an SHA256 HASHED password will follow
  LINE  The UNENCRYPTED (cleartext) 'password' string

Related Commands

Command

Description
route-manager

Configures the DAPR route manager (RM) within the DAPR instance.
border-router

Configures the DAPR border router (BR) within the DAPR instance.

Source-interface

To configure the source interface for border-router and route-manager within the Dynamic Application Policy Routing (DAPR) instance, use the source-interface command. To remove the source interface, use the no form of this command.

source-interface interface

no source-interface

Syntax Description

Interface

Source interface name. Currently, you can configure only the loopback interface.

Command Default

No default behavior or values.

Command Modes

DAPR route manager configuration (config-dapr-route-manager)

DAPR border router configuration (config-dapr-border-router)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

RM uses the source interface IP address for control communication with BRs.

BRs use the source interface IP address for control communication with RM and for the inter-BR auto-tunnels(IP/GRE). Source interface can only be a loopback interface and it is mandatory configuration.

Examples

The following example shows how to configure route manager source interface:

Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#dapr default
Device(config-dapr-instance)#route-manager
Device(config-dapr-route-manager)#source-interface Loopback 0

Examples

The following example shows how to configure border router source interface:

Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#dapr default
Device(config-dapr-instance)#border-router
Device(config-dapr-border-router)#source-interface Loopback 0

Related Commands

Command

Description

route-manager

Configures the DAPR route-manager within the DAPR instance.

route-manager ip addr

To configure the route manager address for border-router within the Dynamic Application Policy Routing (DAPR) instance, use the route-manager ip addr command in global configuration mode. To remove route manager address for border-router, use the no form of this command.

route-manager ip-addr

no route-manager ip-addr

Syntax Description

ip-addr

Specifies the route manager IP address.

Command Default

No default behavior or values.

Command Modes

DAPR border router configuration (config-dapr-border-router)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

DAPR border router registers with the configured route manager. The RM IP address must be reachable through non DAPR-egress interfaces. This is a mandatory configuration.

Examples

The following example configures a route manager:

Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#dapr default
Device(config-dapr-instance)#border-router
Device(config-dapr-border-router)# route-manager ?
  A.B.C.D  IP address

Related Commands

Command

Description

border-manager

Configures the DAPR border router (BR) within the DAPR instance.

dapr ingress

To configure the Dynamic Application Policy Routing (DAPR) on the ingress interface, use the dapr ingress command in global configuration mode. To remove the DAPR on the ingress interface, use the no form of this command.

dapr ingress

no dapr ingress

Command Default

No default behavior or values.

Command Modes

DAPR border router Interface configuration (config-if)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

The dapr ingress command is used to configure the DAPR ingress interface. At least one interface (LAN facing interface) must be configured as a DAPR ingress interface. It is mandatory to configure DAPR ingress interface for a BR to start registration. However, only the flow-groups entering a BR through DAPR ingress interfaces (DAPR-enabled LAN interfaces) are managed by DAPR.

Examples

The following example configures dapr ingress interface:

Device(config)# interface Ethernet0/0    
Device(config-if)#dapr ingress

Example
interface Ethernet0/0
 dapr ingress

Related Commands

Command

Description
border-router

Configures the DAPR border router (BR) within the DAPR instance.

dapr egress

To configure Dynamic Application Policy Routing (DAPR) on the egress interface, use the dapregress command in global configuration mode. To remove DAPR on the egress interface, use the no form of this command.

dapr egress [ link-group link-group-name ]

no dapr egress

Syntax Description

link-group

(Optional) Configures link-group membership on the BR egress interfaces.

Command Default

No default behavior or values.

Command Modes

DAPR border router Interface configuration (config-if)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

The dapr egress command configures the DAPR egress interface within the DAPR instance. You have to configure at least one interface (WAN facing interface) as a DAPR egress interface. Optionally, you can configure a DAPR egress interface with link-group membership.

Examples

The following example configures a dapr egress:

Device(config)#interface Serial2/0
Device(config-if)#dapr egress link-group LG1

Example
interface Serial2/0
 dapr egress link-group LG2

Related Commands

Command

Description

border-router

Configures the DAPR border router (BR) within the DAPR instance.

border-routers

To configure list of authorized border routers , use the border-routers command under route-manager config of DAPR instance. To remove the list of authorized border routers, use the no form of this command.

border-routers

no border-routers

Command Default

No default behavior or values.

Command Modes

DAPR route manager configuration (config-dapr-route-manager)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

DAPR authorization consists of a list of BR IP addresses that are authorized to register with the RM. The list can have maximum one entry for co- located RM and BR. For standalone RM, the list can contain maximum of 20 entries. From IOS-XE 17.3.1 release onwards, it can contain maximum of 40 entries. You must configure DAPR authorization with at least one entry.


Note
Do not use the border-router command which is used to create BR under dapr instance.

Examples

The following example configures dapr authorization:

Device#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Device(config)#dapr default
Device(config-dapr-instance)#route-manager
Device(config-dapr-route-manager)#border-routers
Device(config-dapr-rm-brs)#?
RM border router configuration commands:
  A.B.C.D  Border router address
  exit     Exit from RM BR admission configuration submode
  no       Negate or set default values of a command

Related Commands

Command

Description

route-manager

Configures the DAPR route-manager within the DAPR instance.

link-thresholds

To configure the DAPR threshold within the Dynamic Application Policy Routing (DAPR) instance, use the link-thresholds command. To remove DAPR threshold, use the no form of this command.

link-thresholds

no link-thresholds

Command Default

The minimum bandwidth default value is 500 kbps.

The maximum utilization default value is 50%.

Command Modes

DAPR route manager configuration (config-dapr-route-manager)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

DAPR defines two thresholds: minimum bandwidth and maximum utilization. Configuring DAPR thresholds is optional and there are default values for thresholds.

Examples

The following example configures a dapr threshold:

Device(config-dapr-route-manager)#link-thresholds 
Device(config-dapr-rm-link-thresholds)#?
RM link threshold configuration commands:
  max-utilization  Maximum % utilization (default = 50)
  min-bandwidth    Minimum bandwidth (kbps) for viability (default = 500)

Example
dapr default
 route-manager
  link-thresholds
   max-utilization 50
   min-bandwidth 500

Related Commands

Command

Description
max-utilization

Configures maximum utilization threshold.
min-bandwidth

Configures minimum viable bandwidth threshold.
route-manager

Configures the DAPR route manager (RM) within the DAPR instance.

max-utilization

To configure the maximum utilization threshold within the Dynamic Application Policy Routing (DAPR) instance,, use the max-utilization command. To remove the maximum utilization threshold, use the no form of this command.

max-utilization utilization

no max-utilization

Syntax Description

utilization

Specifies the utilization value in percentage.

Command Default

Maximum utilization default value is 50%.

Command Modes

DAPR route manager configuration (config-dapr-rm-link-thresholds)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

Maximum percent utilization specifies the maximum utilization (in percentage) beyond which DAPR egress interfaces would be considered out-of-policy. The config is optional. The default value is 50%.

Examples

The following example configures a dapr threshold:

r:

Device(config-dapr-route-manager)#link-thresholds 
Device(config-dapr-rm-link-thresholds)#?
RM link threshold configuration commands:
  max-utilization  Maximum % utilization (default = 50)
  min-bandwidth    Minimum bandwidth (kbps) for viability (default = 500)

Example
dapr default
 route-manager
  link-thresholds
   max-utilization 50
   min-bandwidth 500

Related Commands

Command

Description

link-thresholds

Configures threshold value for route manager.
min-bandwidth

Configure minimum viable bandwidth threshold.

min-bandwidth

To configure the minimum bandwidth threshold within the Dynamic Application Policy Routing (DAPR) instance, use the min-bandwidth command. To remove minimum bandwidth threshold, use the no form of this command.

min-bandwidth bandwidth

no min-bandwidth

Syntax Description

bandwidth

Specifies the bandwidth value in kbps.

Command Default

Minimum bandwidth default value is 500 kbps.

Command Modes

DAPR route manager configuration (config-dapr-rm-link-thresholds)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

Minimum bandwidth threshold specifies the minimum bandwidth (in kbps) for DAPR egress interfaces to be considered viable and used in route computations. This is an optional configuration. The default value is 500 kbps.

Examples

The following example configures a dapr threshold:

Device(config-dapr-route-manager)#link-thresholds 
Device(config-dapr-rm-link-thresholds)#?
RM link threshold configuration commands:
  max-utilization  Maximum % utilization (default = 50)
  min-bandwidth    Minimum bandwidth (kbps) for viability (default = 500)

Example
dapr default
 route-manager
  link-thresholds
   max-utilization 50
   min-bandwidth 500

Related Commands

Command

Description
link-thresholds

Configures threshold value for route manager.
max-utilization

Configures maximum utilization threshold.

class

To configure preference policy and whitelist at route-manager within the Dynamic Application Policy Routing (DAPR) instance, use the class command. To remove preference policy and whitelist at route-manager, use the no form of this command.

class class-name { class-sequence | type bypass }

no class class-name { class-sequence | type bypass }

Syntax Description

class-name

Specifies the name of the class.

class-sequence

Specifies the DAPR preference policy class ordering sequence.

type

Defines a class type.

bypass

Specifies the class type for class containing DAPR whitelist rules.

Command Default

No default behavior or values.

Command Modes

DAPR route manager configuration (config-dapr-route-manager)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

DAPR application preference policy is an ordered sequence of DAPR application classes. Each class specifies match criteria for flow-groups using an access-list and/or list of preferred link-groups. DAPR application classes are processed in the order of class sequence number and first match is used. Up to 255 classes can be configured. Each class must have a unique combination of class name and sequence number.

DAPR whitelist policy can be configured using a DAPR application class of type bypass. The bypass application class specifies match criteria for flow-groups using an access-list or minimum flow rate criteria. Access list match is performed first. Only a single DAPR whitelist policy class can be configured. Configuring DAPR whitelist policy is optional.

Examples

The following example configures DAPR whitelist policy:

Device#configure terminal                                                                  
Enter configuration commands, one per line.  End with CNTL/Z.                                                                                                   
Device(config)#dapr default                                                                                                                           
Device(config-dapr-instance)#route-manager                                                                                                      
Device(config-dapr-route-manager)#class ?                                                  
  WORD  Application class name                                                             
Device(config-dapr-route-manager)#class pref-class ?
  <1-255>  Application class processing sequence
  type     Application class type               
Device(config-dapr-route-manager)#class pref-class 1 ?
  <cr>  <cr>
Device(config-dapr-route-manager)#class bypass-clas type ?
  bypass  Application class type bypass

Device(config-dapr-route-manager)#class bypass-class type bypass ?
  <cr>  <cr>

Related Commands

Command

Description

route-manager

Configures the DAPR route manager within the DAPR instance.

match

To configure DAPR preference policy or whitelist rule using an access list, use the match command. To remove the preference policy configuration, use the no form of this command.

match access-list acl _name

no match access-list acl _name

Syntax Description

acl_name

Name of access list. Application flow-group matching is based on extended ACL and using only source, destination and DSCP.

Command Default

No default behavior or values.

Command Modes

DAPR route manager configuration (config-dapr-rm-class)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

DAPR defines preference policy for flow-groups using a preference policy class. The match criteria for such policy can be defined using an access-list.

DAPR whitelist policy can be configured using a DAPR application class of type bypass and attaching an access list under match criteria

Examples

The following example configures preference policy match:

Device(config)#dapr default                                                                                                                           
Device(config-dapr-instance)#route-manager                                                                                                      
Device(config-dapr-route-manager)#class pref-class 1
Device(config-dapr-rm-class)#match access-list access-list1

Examples

The following example configures whitelist match:

Device(config)#dapr default                                                                                                                           
Device(config-dapr-instance)#route-manager                                                                                                      
Device(config-dapr-route-manager)#class bypass-class type bypass
Device(config-dapr-rm-class)#match access-list bypass-acl

Related Commands

Command

Description

route-manager

Configures the DAPR route manager within the DAPR instance.
class

Configures route manager class.

path-preference

To specify a list of preferred links for a set of flow-groups , use the path-preference command. To remove the configuration, use the no form of this command.

path-preference

no path-preference

Command Default

No default behavior or values.

Command Modes

DAPR route manager configuration (config-dapr-rm-class)

Command History

Release

Modification

Cisco XE Gibraltar 16.11.1

This command was introduced.

Usage Guidelines

Each path preference consist of sequence number and a link group name. Maximum 3 link groups or paths can be configured.

Examples

The following example configures preference policy match:

Device(config)#dapr default                                                                                                                           
Device(config-dapr-instance)#route-manager                                                                                                      
Device(config-dapr-route-manager)#class pref-class 1
Device(config-dapr-rm-class)#path-preference 
Device(config-dapr-rm-class-path-pref)#?
RM class path preference configuration commands:
  <1-255>  Path preference sequence number
Device(config-dapr-rm-class-path-pref)#1 ?
  WORD  Link group name (max 50 characters)
Device(config-dapr-rm-class-path-pref)#1 link-group1
Device(config-dapr-rm-class-path-pref)#2 link-group2
Device(config-dapr-rm-class-path-pref)#3 link-group3
Device(config-dapr-rm-class-path-pref)#4 link-group4
 Max 3 path preferences allowed in a class.

Related Commands

Command

Description
route-manager

Configures the DAPR route manager within the DAPR instance.
class

Configures route manager class.

min-flow-rate

To configure DAPR whitelist rule based on minimum flow rate , use the min-flow-rate command. To remove the minimum flow rate configuration, use the no form of this command.

min-flow-rate flow-rate

no min-flow-rate flow-rate

Syntax Description

flow-rate

Specifies the flow rate value in kbps.

Command Default

No default behavior or values.

Command Modes

DAPR route manager configuration (config-dapr-rm-class)

Command History

Release

Modification

Cisco XE Amsterdam 17.3.1

This command was introduced.

Usage Guidelines

Thi command specifies minimum flow bandwidth for flow admission. If present, flows having bandwidth below the specified value are ignored by DAPR. This configuration is optional and by default all flows are managed by DAPR.

This whitelist criteria has lower priority compared to whitelist rule configured using access list. All flows matching whitelist access list are ignred by DAPR regardless of flow rate value.

Examples

The following example configures preference policy match:

Device(config)#dapr default                                                                                                                           
Device(config-dapr-instance)#route-manager                                                                                                      
Device(config-dapr-route-manager)#class bypass_class type bypass           

Device(config-dapr-rm-class)#min-flow-rate 5000

Related Commands

Command

Description
route-manager

Configures the DAPR route manager within the DAPR instance.
class

Configures route manager class.