实验目的:
将不同协议的引入,根据需求实现路由的操纵。
实验需求:
1、匹配PC1和PC2的流量,利用PBR实现PC1流量走R2,PC2走R3
2、路由互相引入时加入tag
3、实现R1路由表的精简
实验代码:
R1代码如下:
acl number 2000
rule 10 permit source 11.0.0.2 0 //匹配PC1的数据流
acl number 2001
rule 10 permit source 21.0.0.2 0 //匹配PC2的数据流
#
traffic classifier PC2 operator or //PC1的流分类
if-match acl 2001
traffic classifier PC1 operator or
if-match acl 2000
#
traffic behavior R3 //创建流行为,设置重定向下一条
redirect ip-nexthop 192.168.13.3
traffic behavior R2
redirect ip-nexthop 192.168.12.2
#
traffic policy PBR //创建流策略
classifier PC1 behavior R2
classifier PC2 behavior R3
#
interface GigabitEthernet0/0/0
ip address 11.0.0.1 255.255.255.0
traffic-policy PBR inbound //在接口的入方向调用流策略
#
interface GigabitEthernet0/0/1
ip address 21.0.0.1 255.255.255.0
traffic-policy PBR inbound
#
interface GigabitEthernet0/0/2
ip address 192.168.12.1 255.255.255.0
#
interface GigabitEthernet1/0/0
ip address 192.168.13.1 255.255.255.0
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 11.0.0.0 0.0.0.255
network 21.0.0.0 0.0.0.255
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
R2代码如下:
#
acl number 2000
rule 5 permit source 220.16.0.0 0.0.7.255
#
isis 1
network-entity 10.0000.0000.0002.00
is-name R2
import-route ospf 1 tag 892
import-route rip 1 tag 520
#
interface GigabitEthernet0/0/0
ip address 192.168.23.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.32.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/2
ip address 192.168.12.2 255.255.255.0
#
interface GigabitEthernet1/0/0
ip address 192.168.24.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet4/0/0
ip address 192.168.26.2 255.255.255.0
#
ospf 1 router-id 2.2.2.2
import-route isis 1 tag 1212 route-policy is02 //引入isis时使用了route-policy
import-route rip 1 tag 520
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 192.168.12.0 0.0.0.255
network 192.168.23.0 0.0.0.255
#
rip 1
version 2
network 192.168.26.0
import-route ospf 1 cost 2
import-route isis 1
#
route-policy is02 permit node 5
if-match acl 2000
apply cost + 10
#
route-policy is02 permit node 10 //空route-policy,通常为了使未被匹配的路由不被过滤掉
R3代码如下:
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.7.255
#
isis 1
network-entity 10.0000.0000.0003.00
is-name R3
import-route static tag 103
import-route ospf 1 tag 893
#
interface GigabitEthernet0/0/0
ip address 192.168.23.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.32.3 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/2
ip address 192.168.35.3 255.255.255.0
isis enable 1
#
interface GigabitEthernet1/0/0
ip address 192.168.13.3 255.255.255.0
#
interface GigabitEthernet4/0/0
ip address 192.168.37.3 255.255.255.0
#
ospf 1 router-id 3.3.3.3
import-route static tag 103
import-route isis 1 tag 1213 route-policy is03
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 192.168.13.0 0.0.0.255
network 192.168.23.0 0.0.0.255
#
route-policy is03 permit node 5
if-match acl 2000
apply cost + 10
#
route-policy is03 permit node 10
#
ip route-static 7.7.7.7 255.255.255.255 192.168.37.7
R4代码如下:
#
isis 1
is-level level-2
network-entity 10.0000.0000.0004.00
is-name R4
import-route direct tag 1004
#
interface GigabitEthernet1/0/0
ip address 192.168.24.4 255.255.255.0
isis enable 1
#
interface GigabitEthernet2/0/0
ip address 192.168.45.4 255.255.255.0
isis enable 1
R5代码如下:
#
isis 1
is-level level-2
network-entity 10.0000.0000.0005.00
is-name R5
import-route direct tag 1005
#
interface GigabitEthernet0/0/2
ip address 192.168.35.5 255.255.255.0
isis enable 1
#
interface GigabitEthernet1/0/0
#
interface GigabitEthernet2/0/0
ip address 192.168.45.5 255.255.255.0
isis enable 1
实验效果:
查看R1的路由表,可以发现通过R2和R3的route-policy使得R1路由表得到精简
查看PC1和PC2流量走势
引入路由时,会在路由上打入tag,方便后期对于路由的操作
实验总结:
通过ACL匹配路由条目,在路由引入时打tag等方法对于路由进行操作,本次仅apply cost并没有修改优先级,后期会进行尝试。对于PBR,本实验中的PC1和PC2有次优路径的缺点,也再次证明了PBR的优先级是在路由表之上的。