(1) ip - Policy-based routing (PBR)

最新推荐文章于 2024-05-31 10:12:04 发布
最新推荐文章于 2024-05-31 10:12:04 发布
阅读量1k 收藏 1
点赞数
分类专栏: Linux—09—系统管理高级 ip/iptables/tc

http://baturin.org/docs/iproute2/#Add%20a%20route%20via%20interface


Policy-based routing (PBR) in Linux is designed the following way: first you create custom routing tables, then you create rules to tell the kernel it should use those tables instead of the default table for specific traffic.

Some tables are predefined:

local (table 255)
Contains control routes local and broadcast addresses.
main (table 254)
Contains all non-PBR routes. If you don't specify the table when adding a route, it goes here.
default (table 253)
Reserved for post processing, normally unused.

User-defined tables are created automatically when you add the first route to them.

Create a policy route
ip route add ${route options} table ${table id or name}
Examples: 
ip route add 192.0.2.0/27 via 203.0.113.1 table 10
ip route add 0.0.0.0/0 via 192.168.0.1 table ISP2
ip route add 2001:db8::/48 dev eth1 table 100

Notes: You can use any route options described in "Route management" section in policy routes too, the only difference is the "table ${table id/name}" part at the end.

Numeric table identifiers and names can be used interchangeably. To create your own symbolic names, edit/etc/iproute2/rt_tables config file.

"delete", "change", "replace", or any other route actions work with any table too.

"ip route ... table main" or "ip route ... table 254" would have exact same effect to commands without a table part.

View policy routes
ip route show table ${table id or name}
Examples: 
ip route show table 100
ip route show table test

Note: in this case you need the "show" word, the shorthand like "ip route table 120" do not work because the command would be ambiguous.

General rule syntax
ip rule add ${options} <lookup ${table id or name}|blackhole|prohibit|unreachable>

Traffic that matches the ${options} (described below) will be routed according to the table with specified name/id instead of the "main"/254 table if "lookup" action is used.

"blackhole", "prohibit", and "unreachable" actions that work the same way to route types with same names. In most of examples we will use "lookup" action as the most common.

For IPv6 rules, use "ip -6", the rest of the syntax is the same.

"table ${table id or name}" can be used as alias to "lookup ${table id or name}".

Create a rule to match a source network
ip rule add from ${source network} ${action}
Examples: 
ip rule add from 192.0.2.0/24 lookup 10
ip -6 rule add from 2001:db8::/32 prohibit

Notes: "all" can be used as shorthand to 0.0.0.0/0 or ::/0

Create a rule to match a destination network
ip rule add to ${destination network} ${action}
Examples: 
ip rule add to 192.0.2.0/24 blackhole
ip -6 rule add to 2001:db8::/32 lookup 100
Create a rule to match a ToS field value
ip rule add tos ${ToS value} ${action}
Examples: 
ip rule add tos 0x10 lookup 110
Create a rule to match a firewall mark value
ip rule add fwmark ${mark} ${action}
Examples: 
ip rule add fwmark 0x11 lookup 100

Note: See iptables documentation to find out how to set the mark.

Create a rule to match inbound interface
ip rule add iif ${interface name} ${action}
Examples: 
ip rule add iif eth0 lookup 10
ip rule add iif lo lookup 20

Rule with "iif lo" (loopback) will match locally generated traffic.

Create a rule to match outbound interface
ip rule add oif ${interface name} ${action}
Examples: 
ip rule add oif eth0 lookup 10

Note: this works only for locally generated traffic.

Set rule priority
ip rule add ${options} ${action} priority ${value}
Examples: 
ip rule add from 192.0.2.0/25 lookup 10 priority 10
ip rule add from 192.0.2.0/24 lookup 20 priority 20

Note: As rules are traversed from the lowest to the highest priority and processing stops at first match, you need to put more specific rules before less specific. The above example demonstrates rules for 192.0.2.0/24 and its subnet 192.0.2.0/25. If the priorities were reversed and the rule for /25 was placed after the rule for /24, it would never be reached.

Show all rules
ip rule show
ip -6 rule show
Delete a rule
ip rule del ${options} ${action}
Examples: 
ip rule del 192.0.2.0/24 lookup 10

Notes: You can copy/paste from the output of "ip rule show"/"ip -6 rule show".

Delete all rules
ip rule flush
ip -6 rule flush

Notes: this operation is highly disruptive. Even if you have not configured any rules, "from all lookup main" rules are initialized by default. On an unconfigured machine you can see this:

$ ip rule show
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 

$ ip -6 rule show
0:	from all lookup local 
32766:	from all lookup main

The "from all lookup local" rule is special and cannot be deleted. The "from all lookup main" is not, there may be valid reasons not to have it, e.g. if you want to route only traffic you created explicit rules for. As a side effect, if you do "ip rule flush", this rule will be deleted, which will make the system stop routing any traffic until you restore your rules.


ztguang
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
策略路由(Policy-Based-Route)
m0_59331971的博客
02-18 4307
策略路由本地策略路由接口策略路由 PBRPolicy-Based-Route 打破路由表传统选路规则 可以根据管理员定义的策略条件来选择性转发数据包 路由策略 1.基于目的地址按路由表转发 2.基于控制平面,为路由协议和路由表服务 3.与路由协议结合完成策略 4.应用命令: route-policy 策略路由 1.基于策略的转发,失败后再查找路由表转发 2.基于转发平面, 为转发策略服务 3.需要手工逐跳配置,以保证报文按策略转发 4.应用命令: policy-based-route 路由策略中,拒绝的
cisco sr-te policy dynamic path
04-16
5. **配置Policy-Based Routing (PBR)**: 使用PBR指定特定流量应遵循的SR-TE策略。 6. **部署Traffic Engineering Database (TED)**: TED用于存储网络状态和资源信息,帮助计算最佳路径。 7. **监控与调整**: 实施...
【策略路由PBRpolicy-based-route)(1)】(接口下部署、本地部署)
AZK707的博客
05-05 3444
一、策略路由技术背景 二、策略路由PBRPolicy-Based Routing) 1.基本概念 区分:路由策略、策略路由、传统路由 1) 路由策略:控制对象为路由。策略路由:控制对象为数据包(业务)。 2) 传统路由:根据目的ip地址进行转发策略路由: 1-根据更多的其他因素进行转发。(源ip、源Mac、目的Mac、源端口号、目的端口号、vlan-id等等) 2-策略路由优先于传统路由。配置后,可以不根据传统的路由表,直接根据策略路由进行转发 ...
PBR(Policy-Based Routing策略路由)实验举例
最新发布
weixin_56548356的博客
05-31 561
华为官方文档说过PBR适用于本地(本地始发流量)PBR 不适用于接口(转发流量)PBR,尽管你可以在部分设备上使用接口PBR 而且只是部分设备支持PBR 如果你们遇到实验效果不符 那请换成MQC(模块化Qos命令行)路由策略与策略路由的区别 前者是对路由表操作 策略路由则是对数据包进行操作(包括转发接收丢弃等)(2)192.168.5.0/24-192.168.5.0/24访问Internet经ISP2。,**traffic policy(流策略)**进行操作。为了更好的测试 我加了台路由器模拟真实环境。
策略路由PBR
u012451051的博客
07-08 1万+
策略路由
IP 策略路由配置
congwei5106的博客
05-05 661
IP 策略路由配置 IP 策略路由简介 策略路由是一种不经过路由表,根据策略发送、转发报文的机制,它是比根 据数据包的目的地址进行路由更为灵活。路由器通过策略路由转发一个数据 包时,先通过一个routing ...
ip 策略路由 Linux,IP 策略路由配置
weixin_29042035的博客
05-14 508
IP策略路由配置IP策略路由简介策略路由是一种不经过路由表,根据策略发送、转发报文的机制,它是比根据数据包的目的地址进行路由更为灵活。路由器通过策略路由转发一个数据包时,先通过一个routing policy进行过滤,由该routing policy决定哪些包将被转发和转发的下一跳路由器。策略路由是由用户配置的,由一组if-match子句和一组apply子句组成,只有IP报文满足策略路由器中的全部...
PBR-SLA综合实验
08-04
PBR-SLA 综合实验 PBR-SLA 综合实验是一种复杂的网络实验,旨在实现多个 ISP 连接的自动切换和 NAT 功能。本实验主要涉及到 Policy-Based Routing (PBR) 和 Service Level Agreement (SLA) 两种技术。 PBR 技术 ...
PBR-rev.rar
11-05
**PBRPolicy-Based Routing,基于策略的路由)与SLA(Service Level Agreement,服务等级协议)实验** 在计算机网络领域,路由是决定数据包如何在网络中传输的关键过程。PBR是一种高级的路由技术,它允许网络管理...
SR Traffic-Engineering Cisco
04-10
4. **自动化路径选择** - 自动化的路径指导避免了复杂的Policy-Based Routing (PBR)和预先配置的头端路由。 5. **多域支持** - 通过SR-PCE(Path Computation Element)进行跨域计算,并使用Binding-SID (BSID)来...
CCNP(300-410)ENARSI-2022.pdf
11-30
政策路由(Policy-Based RoutingPBR)是一种路由技术,允许网络管理员根据不同的策略来控制数据包的转发。例如,题目 2 中,需要配置 R1 路由器来将来自 192.168.130.0/24 网络的流量转发到 R2。 4. BGP 配置 ...
配置策略路由(基于IP地址)示例
2301_77023501的博客
12-14 548
策略路由PBRPolicy-Based Routing)是一种依据用户制定的策略进行路由选择的机制,其优先级高于直连路由、静态路由和通过动态路由协议生成的路由。设备配置策略路由后,若接收的报文(包括二层报文)匹配策略路由的规则,则按照规则转发;若匹配失败,则根据目的地址按照正常转发流程转发。
PBR (policy-based-route,策略路由)
m0_71264131的博客
11-05 2052
4.2、if-match子句的配置。5.1、基于源地址的PBR应用。4.3、apply子句的配置。4.4、PBR显示与维护。4.1、PBR的创建。
路由工具之策略路由policy-based-routing、MQC三板斧流分类、流行为、流策略
Hades_Ling的CSDN博客
03-31 3502
PBRPolicy-Based Routing,策略路由)策略路由可理解为控制路由,因为PBR策略的优先级高于传统路由表的转发,所以它主要用于影响数据包转发的技术。
H3C路由技术笔记——Policy-Based-Route
qq_45283292的博客
06-03 6584
一.拓扑图 二.IP地址表 设备名称 借口 IP地址 网关 PC A – 192.168.0.2/24 192.168.0.1 PC B – 192.168.0.3/24 192.168.0.1 PC C – 192.168.2.2/24 192.168.2.1 RTA G0/0 192.168.0.1/24 – G0/1 192.168.1.1/30 – S1/0 192.168.1.5/30 – RTB G0/ 192.168.2.1/24 – G0/
路由控制配置policy-based-route命令解析
热门推荐
将勤补拙
12-19 1万+
policy-based-route命令解析 1.命令功能 policy- based- route命令用来创建或修改本地策略路由中策略路由和策略点,并进入本地策略路由视图。 undo policy- based- route命令用来删除本地策略路由中策略路由或策略点。 缺省情况下,本地策略路由中未创建策略路由或策略点。 2.命令格式 policy-based-route policy-name ...
A Policy-Based Routing (PBR) Router based on Distance-Vector Algorithm
baidu_38370610的博客
01-14 715
Objective Design a DV-based router which simulates a RIP router on the Internet. The router can determine the shortest route based on the policy and transport packets. Supported commands The progra...
h3c交换机配置pbr案例
12-09
首先,在H3C交换机上配置PBRPolicy-Based Routing),需要使用policy route命令进行配置。首先进入交换机的全局配置模式,在该模式下使用如下命令进行PBR的配置: 1. 创建策略路由 ``` [H3C] acl number 3000 [H3C-acl-adv-3000] rule 5 permit ip source 10.0.0.0 0.255.255.255 [H3C-acl-adv-3000] rule 10 deny [H3C] # ``` 2. 创建相关路由 ``` [H3C] ip policy-route-policy PBR [H3C-ip-policy-route-pbr-PBR] permit node 10 [H3C-ip-policy-route-pbr-PBR] exit [H3C] # [H3C] ip policy-route-policy PBR [H3C-ip-policy-route-pbr-PBR] apply acl 3000 //将ACL 3000应用到策略路由中 ``` 3. 应用策略路由 ``` [H3C] interface vlan-interface 10 [H3C-Vlan-interface10] ip policy-route PBR //将PBR策略应用到VLAN接口 [H3C-Vlan-interface10] quit ``` 以上是一个简单的H3C交换机配置PBR的案例,通过这样的配置,可以实现根据特定的策
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值