PBR使得网络设备不仅能够基于报文的目的IP地址进行数据转发,更能基于其他元素进行数据转发,例如源IP地址、源MAC地址、目的MAC地址、源端口号、目的端口号、VLAN-ID等等。
用户还可以使用ACL匹配特定的报文,然后针对该ACL进行PBR部署。
若设备部署了PBR,则被匹配的报文优先根据PBR的策略进行转发,即PBR策略的优先级高于传统路由表。
PBR 与路由策略区别
实验 :本地 PBR 策略路由
1、需求:
1)R1上将报文长度 为 40-400 的 通过 192.168.2.0 线路转发
2)R1上 将报文长度 为1400-1500 的 通过 192.168.3.0 线路转发
2,拓扑:
3,配置:
配置步骤:
1,配置基本IP地址信息
2,配置路由
3,配置R1 的PBR
4,验证
配置路由:
[R1]ip route-static 192.168.4.0 24 192.168.2.2
[R1]ip route-static 192.168.4.0 24 192.168.3.2
[R2]ip route-static 192.168.1.0 24 192.168.2.1
[R2]ip route-static 192.168.1.0 24 192.168.3.1
配置本地策略路由:
[R1]policy-based-route cw permit node 10
[R1-policy-based-route-cw-10]if-match packet-length 40 400
[R1-policy-based-route-cw-10]apply output-interface g0/0/0
[R1-policy-based-route-cw-10]q
[R1]policy-based-route cw permit node 20
[R1-policy-based-route-cw-20]if-match packet-length 1400 1500
[R1-policy-based-route-cw-20]apply output-interface g0/0/1
[R1-policy-based-route-cw-20]q
[R1]ip local policy-based-route cw //本地开启策略路由
验证:
测试 报文小的 走 192.168.2.0 段对应的接口 g0/0/0
[R1]ping -s 50 192.168.4.1 //指定本地发送报文的大小
<R2>reset counters interface g0/0/1 //清除接口报文计数信息
<R2>reset counters interface g0/0/0
[R2]dis interface g0/0/0
GigabitEthernet0/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2023-05-24 14:57:41 UTC-08:00
Description:HUAWEI, AR Series, GigabitEthernet0/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.2.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc5e-2393
Last physical up time : 2023-05-24 14:51:18 UTC-08:00
Last physical down time : 2023-05-24 14:51:12 UTC-08:00
Current system time: 2023-05-24 15:14:41-08:00
Port Mode: FORCE COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 8 bits/sec, 0 packets/sec
Last 300 seconds output rate 8 bits/sec, 0 packets/sec
Input peak rate 520 bits/sec,Record time: 2023-05-24 15:10:58
Output peak rate 520 bits/sec,Record time: 2023-05-24 15:10:58
Input: 5 packets, 410 bytes
Unicast: 5, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 4 packets, 328 bytes
Unicast: 4, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
测试 报文大的 走 192.168.3.0 段对应的接口 g0/0/1
[R1]ping -s 1450 192.168.4.1
[R2]dis interface g0/0/1
GigabitEthernet0/0/1 current state : UP
Line protocol current state : UP
Last line protocol up time : 2023-05-24 14:57:54 UTC-08:00
Description:HUAWEI, AR Series, GigabitEthernet0/0/1 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.3.2/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc5e-2394
Last physical up time : 2023-05-24 14:51:18 UTC-08:00
Last physical down time : 2023-05-24 14:51:12 UTC-08:00
Current system time: 2023-05-24 15:17:23-08:00
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 192 bits/sec, 0 packets/sec
Last 300 seconds output rate 152 bits/sec, 0 packets/sec
Input peak rate 7160 bits/sec,Record time: 2023-05-24 15:17:18
Output peak rate 4768 bits/sec,Record time: 2023-05-24 15:17:18
Input: 5 packets, 7460 bytes
Unicast: 5, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 4 packets, 5968 bytes
Unicast: 4, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0实验: 接口PBR 策略路由
1,需求:
1)通过配置策略路由,实现 VLAN10 的数据通过1001.1.0段线路转发
2)通过配置策略路由,实现 VLAN20 的数据通过100.2.2.0段线路转发
2,拓扑:
3,配置思路
1)配置IP地址信息
2)配置路由
3)配置接口PBR策略路由
4)验证
4,配置命令
[SW1]vlan 10
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 10
[SW1-GigabitEthernet0/0/1]q
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 10
[SW2]vlan 20
[SW2]in g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type access
[SW2-GigabitEthernet0/0/1]port default vlan 20
[SW2-GigabitEthernet0/0/1]q
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type access
[SW2-GigabitEthernet0/0/2]port default vlan 20
[R3]ip route-static 200.1.1.0 24 100.1.1.4
[R3]ip route-static 200.2.2.0 24 100.2.2.5
[R4]ip route-static 172.168.10.0 24 100.1.1.3
[R4]ip route-static 172.168.20.0 24 100.1.1.3
[R4]ip route-static 100.2.2.0 24 100.1.1.3
[R4]ip route-static 200.2.2.0 24 100.1.1.3
[R5]ip route-static 172.168.10.0 24 100.2.2.3
[R5]ip route-static 172.168.20.0 24 100.2.2.3
[R5]ip route-static 100.1.1.0 24 100.2.2.3
[R5]ip route-static 200.1.1.0 24 100.2.2.3
[R3]acl 3000
[R3-acl-adv-3000]rule permit ip source 172.168.10.0 0.0.0.255 destination 200.1.1.0 0.0.0.255
[R3-acl-adv-3000]q
[R3]policy-based-route vlan10 permit node 10
[R3-policy-based-route-vlan10-10]if-match acl 3000
[R3-policy-based-route-vlan10-10]apply ip-address next-hop 100.1.1.4
[R3-policy-based-route-vlan10-10]q
[R3]int g0/0/3
[R3-GigabitEthernet0/0/3]ip policy-based-route vlan10
[R3]acl 3001
[R3-acl-adv-3001]rule permit ip source 172.168.20.0 0.0.0.255 destination 200.2.2.0 0.0.0.255
[R3-acl-adv-3001]q
[R3]policy-based-route vlan20 permit node 10
[R3-policy-based-route-vlan20-10]if-match acl 3001
[R3-policy-based-route-vlan20-10]apply ip-address next-hop 100.2.2.5
[R3-policy-based-route-vlan20-10]q
[R3]int g0/0/2
[R3-GigabitEthernet0/0/2]ip policy-based-route vlan20实验1: 接口PBR 策略路由
备注 : 1)在接口的入方向调用
2)模拟器上 router 路由器 支持接口PBR
1,需求:
1)通过配置策略路由,实现 VLAN10 的数据通过100.1.1.0段线路转发
2)通过配置策略路由,实现 VLAN20 的数据通过100.2.2.0段线路转发
2,拓扑:
3.配置:
动态路由OSPF:
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 172.168.10.0 0.0.0.255
network 172.168.20.0 0.0.0.255
network 100.1.1.0 0.0.0.255
network 100.2.2.0 0.0.0.255
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 100.1.1.0 0.0.0.255
network 200.1.1.0 0.0.0.255
network 200.3.3.0 0.0.0.255
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 100.2.2.0 0.0.0.255
network 200.2.2.0 0.0.0.255
network 200.3.3.0 0.0.0.255
配置ACL:
acl number 3000
rule 5 permit ip source 172.168.10.0 0.0.0.255 destination 200.2.2.0 0.0.0.255
acl number 3001
rule 5 permit ip source 172.168.20.0 0.0.0.255 destination 200.1.1.0 0.0.0.255
policy-based-route vlan10 permit node 10
if-match acl 3000
apply ip-address next-hop 100.1.1.4
policy-based-route vlan20 permit node 10
if-match acl 3001
apply ip-address next-hop 100.2.2.5
interface GigabitEthernet0/0/2
ip address 172.168.20.254 255.255.255.0
ip policy-based-route vlan20
#
interface GigabitEthernet0/0/3
ip address 172.168.10.254 255.255.255.0
ip policy-based-route vlan10
在R3上 查找路由表:发现 VLAN10访问200.2.2.0 下一跳是 100.2.2.5 是最优路由
[R3]dis ip routing-table
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations : 13 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
100.1.1.0/24 Direct 0 0 D 100.1.1.3 GigabitEthernet0/0/0
100.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
100.2.2.0/24 Direct 0 0 D 100.2.2.3 GigabitEthernet0/0/1
100.2.2.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.168.10.0/24 Direct 0 0 D 172.168.10.254 GigabitEthernet0/0/3
172.168.10.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
172.168.20.0/24 Direct 0 0 D 172.168.20.254 GigabitEthernet0/0/2
172.168.20.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
200.1.1.0/24 OSPF 10 2 D 100.1.1.4 GigabitEthernet0/0/0
200.2.2.0/24 OSPF 10 2 D 100.2.2.5 GigabitEthernet0/0/1
在R3 上配置 好 接口PBR 后 , 在 R3-R4 线路上能抓到包 ,说明 接口PBR 生效。四、 MQC
MQC(Modular QoS Command-Line Interface,模块化QoS命令行)是指通过将具有某类共同特征的数据流划分为一类,并为同一类数据流提供相同的服务,也可以对不同类的数据流提供不同的服务。MQC包含三个要素:流分类(traffic classifier)、流行为(traffic behavior)和流策略(traffic policy)。MQC的流行为支持重定向报文,因此可以使用MQC实现IP单播策略路由。
流分类:定义一组流量匹配规则,以对报文进行分类。流分类支持的匹配项如下所示。
流行为:用来定义执行的动作,支持报文过滤、重标记优先级、重定向、流量统计等动作。
更多资源------>黑凤梨 (zhangwujistudy) - Gitee.com
3311
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
