XS-AA-24X1-4X25-ACC
Access & Aggregation24x 1G RJ45 campus access switch with 4x 25G SFP28 for enterprise access and aggregation networks.
- 124Gbps class
- Campus switching class
Overview
Policy-Based Routing (PBR) lets the network steer selected traffic according to policy rather than destination routing alone. It is useful for campus security, WAN edge selection, service insertion, migration, and special application paths.
PBR should be narrow and intentional. The default routing table should still carry normal traffic, while policy rules handle traffic that truly needs a different path.
When To Use PBR
| Scenario | PBR Use |
|---|---|
| Firewall or inspection insertion | Send selected VLANs or applications through security services. |
| WAN edge selection | Steer traffic from a branch, building, or application toward a chosen uplink. |
| Migration | Redirect legacy services while new routing is introduced. |
| Guest or IoT segmentation | Send edge segments through controlled service paths. |
| Troubleshooting | Temporarily steer a narrow class of traffic for validation. |
Policy Components
| Component | Purpose | Design Note |
|---|---|---|
| Match criteria | Defines which traffic is selected. | Keep selectors specific and documented. |
| Next hop | Defines where selected traffic goes. | Use reachable and monitored next hops. |
| Fallback | Defines behavior when policy path fails. | Avoid silent blackholing. |
| Application point | Interface or routing boundary where policy is applied. | Apply close to the source when practical. |
Traffic Flow
Packet enters xSONiC switch
|
v
Does it match PBR policy?
| yes
v
Forward to configured next hop
|
v
If no match or fallback applies, use normal routing tableDesign Warnings
| Risk | Mitigation |
|---|---|
| Policy sprawl | Keep PBR limited to documented use cases. |
| Hidden asymmetric routing | Validate return path and firewall state. |
| Next-hop failure | Define fallback and monitoring behavior. |
| Operational confusion | Label policies by business purpose, not only ACL number. |
| Overlapping match rules | Order and test policy behavior carefully. |
Deployment Checklist
- Document the business reason for each policy.
- Define exact source, destination, protocol, or segment matches.
- Confirm the intended next hop and return path.
- Decide fallback behavior for next-hop failure.
- Apply policy at a controlled boundary and test with representative traffic.
- Monitor counters to confirm policy hit rate and path behavior.
xSONiC Platform Fit
XS-AA access and aggregation switches fit PBR use cases at campus routing boundaries. They can steer guest, IoT, branch, or selected application traffic toward firewall, WAN, inspection, or migration paths while preserving normal routing for the rest of the network.
