PBR實驗
路由綜合實驗:PBR的部署實施
1、實驗目的:
(1)掌握PBR的配置並實現路由選路
(2)深刻理解PBR的原理
(3)結合ACL理解路由器的體系結構及選路原理
(4)體會高級路由控制在實際工程中的應用
1、實驗目的:
(1)掌握PBR的配置並實現路由選路
(2)深刻理解PBR的原理
(3)結合ACL理解路由器的體系結構及選路原理
(4)體會高級路由控制在實際工程中的應用
2、拓撲結構:
3、實驗步驟
(1)鏈路配置:
對照拓撲圖依次對R一、R二、R三、R4做鏈路配置,配置完畢查看接口狀態.
(1)鏈路配置:
對照拓撲圖依次對R一、R二、R三、R4做鏈路配置,配置完畢查看接口狀態.
注意:對R二、R3的S0/1配置100的cost值,S0/2配置200的cost值,構建備份鏈路。本實驗的直接目的是使R1的172.16.1.0網段與R4的4.4.4.4互訪時通過192.168.2.4網段,即經過備份鏈路來通訊,途徑192.168.2.6和192.168.2.5。實驗中用ping來模擬兩者的互訪過程。
R2(config)#inter s0/1
R2(config-if)#ip ospf cost 100
R2(config-if)#ip ospf cost 100
R2(config)#inter s0/2
R2(config-if)#ip ospf cost 200
R1(config)#do show ip inter br
Interface IP-Address OK? Method Status Protocol
Serial0/0 192.168.1.1 YES NVRAM up up
Serial0/1 unassigned YES NVRAM administratively down down
Serial0/2 unassigned YES NVRAM administratively down down
Serial0/3 unassigned YES NVRAM administratively down down
Ethernet1/0 172.16.1.10 YES NVRAM up up
Ethernet1/1 172.16.2.20 YES NVRAM up up
Ethernet1/2 unassigned YES NVRAM administratively down down
Ethernet1/3 unassigned YES NVRAM administratively down down
R2(config-if)#ip ospf cost 200
R1(config)#do show ip inter br
Interface IP-Address OK? Method Status Protocol
Serial0/0 192.168.1.1 YES NVRAM up up
Serial0/1 unassigned YES NVRAM administratively down down
Serial0/2 unassigned YES NVRAM administratively down down
Serial0/3 unassigned YES NVRAM administratively down down
Ethernet1/0 172.16.1.10 YES NVRAM up up
Ethernet1/1 172.16.2.20 YES NVRAM up up
Ethernet1/2 unassigned YES NVRAM administratively down down
Ethernet1/3 unassigned YES NVRAM administratively down down
(2) 配置OSPF路由:
依照拓撲圖對路由器進行多區域的OSPF路由配置
R1(config)#router ospf 1
R1(config-router)#router-id 192.168.1.1
R1(config-router)#network 172.16.1.0 0.0.0.255 a 1
R1(config-router)#network 172.16.2.0 0.0.0.255 a 1
R1(config-router)#network 192.168.1.0 0.0.0.3 a 1
R1(config-router)#passive-inter e1/0
R1(config-router)#passive-inter e1/1
依照拓撲圖對路由器進行多區域的OSPF路由配置
R1(config)#router ospf 1
R1(config-router)#router-id 192.168.1.1
R1(config-router)#network 172.16.1.0 0.0.0.255 a 1
R1(config-router)#network 172.16.2.0 0.0.0.255 a 1
R1(config-router)#network 192.168.1.0 0.0.0.3 a 1
R1(config-router)#passive-inter e1/0
R1(config-router)#passive-inter e1/1
R2(config)#router ospf 1
R2(config-router)#router-id 192.168.2.5
R2(config-router)#network 192.168.1.0 0.0.0.3 a 1
R2(config-router)#network 192.168.2.0 0.0.0.3 a 0
R2(config-router)#network 192.168.2.4 0.0.0.3 a 0
R2(config-router)#router-id 192.168.2.5
R2(config-router)#network 192.168.1.0 0.0.0.3 a 1
R2(config-router)#network 192.168.2.0 0.0.0.3 a 0
R2(config-router)#network 192.168.2.4 0.0.0.3 a 0
R3(config)#router ospf 1
R3(config-router)#router-id 192.168.3.1
R3(config-router)#network 192.168.2.0 0.0.0.3 a 0
R3(config-router)#network 192.168.2.4 0.0.0.3 a 0
R3(config-router)#network 192.168.3.0 0.0.0.3 a 2
R3(config-router)#router-id 192.168.3.1
R3(config-router)#network 192.168.2.0 0.0.0.3 a 0
R3(config-router)#network 192.168.2.4 0.0.0.3 a 0
R3(config-router)#network 192.168.3.0 0.0.0.3 a 2
R4(config)#router ospf 1
R4(config-router)#router-id 4.4.4.4
R4(config-router)#network 4.4.4.0 0.0.0.255 a 2
R4(config-router)#network 3.3.3.0 0.0.0.255 a 2
R4(config-router)#network 192.168.3.0 0.0.0.3 a 2
R1(config-router)#passive-inter lo 10
R1(config-router)#passive-inter lo 20
R4(config-router)#router-id 4.4.4.4
R4(config-router)#network 4.4.4.0 0.0.0.255 a 2
R4(config-router)#network 3.3.3.0 0.0.0.255 a 2
R4(config-router)#network 192.168.3.0 0.0.0.3 a 2
R1(config-router)#passive-inter lo 10
R1(config-router)#passive-inter lo 20
配置完畢查看路由表:
R1(config)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/193] via 192.168.1.2, 00:25:30, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/193] via 192.168.1.2, 00:25:30, Serial0/0
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.1.0 is directly connected, Ethernet1/0
C 172.16.2.0 is directly connected, Ethernet1/1
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, Serial0/0
192.168.2.0/30 is subnetted, 2 subnets
O IA 192.168.2.0 [110/128] via 192.168.1.2, 00:27:37, Serial0/0
O IA 192.168.2.4 [110/264] via 192.168.1.2, 00:27:37, Serial0/0
192.168.3.0/30 is subnetted, 1 subnets
O IA 192.168.3.0 [110/192] via 192.168.1.2, 00:25:51, Serial0/0
O IA 3.3.3.3 [110/193] via 192.168.1.2, 00:25:30, Serial0/0
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/193] via 192.168.1.2, 00:25:30, Serial0/0
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.1.0 is directly connected, Ethernet1/0
C 172.16.2.0 is directly connected, Ethernet1/1
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, Serial0/0
192.168.2.0/30 is subnetted, 2 subnets
O IA 192.168.2.0 [110/128] via 192.168.1.2, 00:27:37, Serial0/0
O IA 192.168.2.4 [110/264] via 192.168.1.2, 00:27:37, Serial0/0
192.168.3.0/30 is subnetted, 1 subnets
O IA 192.168.3.0 [110/192] via 192.168.1.2, 00:25:51, Serial0/0
(3) 分別在R2和R3的S0/0上配置實施PBR
R2(config)#access-list 101 permit icmp 172.16.1.0 0.0.0.255 host 4.4.4.4
R2(config)#route-map NET-go permit 10//定義一個NET-go的route-map
R2(config)#match ip address 101//匹配ACL101定義的IP包
R2(config)#set ip next-hop 192.168.2.6//指定匹配ACL101的IP包的下一跳
R2(config)#interface Serial0/0
R2(config-if)#ip policy route-map NET-go//將PBR應用到接口上
R2(config)#route-map NET-go permit 10//定義一個NET-go的route-map
R2(config)#match ip address 101//匹配ACL101定義的IP包
R2(config)#set ip next-hop 192.168.2.6//指定匹配ACL101的IP包的下一跳
R2(config)#interface Serial0/0
R2(config-if)#ip policy route-map NET-go//將PBR應用到接口上
查看PBR配置:
R2(config)#do show ip policy
Interface Route map
Serial0/0 NET-go
R2(config)#do show ip policy
Interface Route map
Serial0/0 NET-go
R3(config)#access-list 101 permit icmp host 4.4.4.4 172.16.1.0 0.0.0.255
R3(config)#route-map NET-back permit 10
R3(config)#match ip address 101
R3(config)#set ip next-hop 192.168.2.5
R3(config)#interface Serial0/0
R3(config-if)#ip policy route-map NET-back
R3(config)#route-map NET-back permit 10
R3(config)#match ip address 101
R3(config)#set ip next-hop 192.168.2.5
R3(config)#interface Serial0/0
R3(config-if)#ip policy route-map NET-back
查看PBR配置:
R3#show ip policy
Interface Route map
Serial0/0 NET-back
R3#show ip policy
Interface Route map
Serial0/0 NET-back
(4) 調試配置後的運行結果:
在R1上採用帶源172.16.1.10 ping 4.4.4.4來調試,並用如下方法之一查看結果:
①trace route 4.4.4.4 source 172.16.1.10(須要IOS版本支持)
②在R2和R3上查看debug 信息
在R1上採用帶源172.16.1.10 ping 4.4.4.4來調試,並用如下方法之一查看結果:
①trace route 4.4.4.4 source 172.16.1.10(須要IOS版本支持)
②在R2和R3上查看debug 信息
R1#ping 4.4.4.4 sour 172.16.1.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 124/148/172 ms
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 124/148/172 ms
在R2和R3上查看debug 信息:
R2#debug ip policy
Policy routing debugging is on
R2#
*Mar 1 00:01:15.291: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, len 100, FIB policy match
*Mar 1 00:01:15.291: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, g=192.168.2.6, len 100, FIB policy routed
*Mar 1 00:01:15.435: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, len 100, FIB policy match
*Mar 1 00:01:15.435: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, g=192.168.2.6, len 100, FIB policy routed
*Mar 1 00:01:15.635: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, len 100, FIB policy match
*Mar 1 00:01:15.635: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, g=192.168.2.6, len 100, FIB policy routed
*Mar 1 00:01:15.771: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, len 100, FIB policy match
R2#
*Mar 1 00:01:15.771: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, g=192.168.2.6, len 100, FIB policy routed
*Mar 1 00:01:15.883: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, len 100, FIB policy match
*Mar 1 00:01:15.883: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, g=192.168.2.6, len 100, FIB policy routed
Policy routing debugging is on
R2#
*Mar 1 00:01:15.291: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, len 100, FIB policy match
*Mar 1 00:01:15.291: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, g=192.168.2.6, len 100, FIB policy routed
*Mar 1 00:01:15.435: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, len 100, FIB policy match
*Mar 1 00:01:15.435: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, g=192.168.2.6, len 100, FIB policy routed
*Mar 1 00:01:15.635: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, len 100, FIB policy match
*Mar 1 00:01:15.635: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, g=192.168.2.6, len 100, FIB policy routed
*Mar 1 00:01:15.771: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, len 100, FIB policy match
R2#
*Mar 1 00:01:15.771: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, g=192.168.2.6, len 100, FIB policy routed
*Mar 1 00:01:15.883: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, len 100, FIB policy match
*Mar 1 00:01:15.883: IP: s=172.16.1.10 (Serial0/0), d=4.4.4.4, g=192.168.2.6, len 100, FIB policy routed
R3#debug ip policy
Policy routing debugging is on
R3#
*Mar 1 00:01:12.319: IP: s=4.4.4.4 (Serial0/0), d=172.16.1.10, len 100, FIB policy match
*Mar 1 00:01:12.319: IP: s=4.4.4.4 (Serial0/0), d=172.16.1.10, g=192.168.2.5, len 100, FIB policy routed
*Mar 1 00:01:12.499: IP: s=4.4.4.4 (Serial0/0), d=172.16.1.10, len 100, FIB policy match
*Mar 1 00:01:12.499: IP: s=4.4.4.4 (Serial0/0), d=172.16.1.10, g=192.168.2.5, len 100, FIB policy routed
*Mar 1 00:01:12.687: IP: s=4.4.4.4 (Serial0/0), d=172.16.1.10, len 100, FIB policy match
*Mar 1 00:01:12.687: IP: s=4.4.4.4 (Serial0/0), d=172.16.1.10, g=192.168.2.5, len 100, FIB policy routed
*Mar 1 00:01:12.839: IP: s=4.4.4.4 (Serial0/0), d=172.16.1.10, len 100, FIB policy match
R3#
*Mar 1 00:01:12.839: IP: s=4.4.4.4 (Serial0/0), d=172.16.1.10, g=192.168.2.5, len 100, FIB policy routed
*Mar 1 00:01:12.943: IP: s=4.4.4.4 (Serial0/0), d=172.16.1.10, len 100, FIB policy match
*Mar 1 00:01:12.943: IP: s=4.4.4.4 (Serial0/0), d=172.16.1.10, g=192.168.2.5, len 100, FIB policy routed
拓展調試:
①在R1上採用帶源172.16.1.10 ping 3.3.3.3來調試
①在R1上採用帶源172.16.1.10 ping 3.3.3.3來調試
R1#ping 3.3.3.3 sour 172.16.1.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 108/137/220 ms
debug信息:
R2#
*Mar 1 00:05:58.355: IP: s=172.16.1.10 (Serial0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:58.579: IP: s=172.16.1.10 (Serial0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:58.683: IP: s=172.16.1.10 (Serial0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:58.839: IP: s=172.16.1.10 (Serial0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:58.931: IP: s=172.16.1.10 (Serial0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) - normal forwarding
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 108/137/220 ms
debug信息:
R2#
*Mar 1 00:05:58.355: IP: s=172.16.1.10 (Serial0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:58.579: IP: s=172.16.1.10 (Serial0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:58.683: IP: s=172.16.1.10 (Serial0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:58.839: IP: s=172.16.1.10 (Serial0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:58.931: IP: s=172.16.1.10 (Serial0/0), d=3.3.3.3, len 100, FIB policy rejected(no match) - normal forwarding
R3#
*Mar 1 00:05:55.439: IP: s=3.3.3.3 (Serial0/0), d=172.16.1.10, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:55.607: IP: s=3.3.3.3 (Serial0/0), d=172.16.1.10, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:55.711: IP: s=3.3.3.3 (Serial0/0), d=172.16.1.10, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:55.863: IP: s=3.3.3.3 (Serial0/0), d=172.16.1.10, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:55.947: IP: s=3.3.3.3 (Serial0/0), d=172.16.1.10, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:55.439: IP: s=3.3.3.3 (Serial0/0), d=172.16.1.10, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:55.607: IP: s=3.3.3.3 (Serial0/0), d=172.16.1.10, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:55.711: IP: s=3.3.3.3 (Serial0/0), d=172.16.1.10, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:55.863: IP: s=3.3.3.3 (Serial0/0), d=172.16.1.10, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:05:55.947: IP: s=3.3.3.3 (Serial0/0), d=172.16.1.10, len 100, FIB policy rejected(no match) - normal forwarding
②在R1上採用帶源172.16.2.20 ping 4.4.4.4來調試
R1#ping 4.4.4.4 source 172.16.2.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 172.16.2.20
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/203/244 ms
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 172.16.2.20
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/203/244 ms
debug信息:
R2#
*Mar 1 00:10:44.651: IP: s=172.16.2.20 (Serial0/0), d=4.4.4.4, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:44.915: IP: s=172.16.2.20 (Serial0/0), d=4.4.4.4, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:45.107: IP: s=172.16.2.20 (Serial0/0), d=4.4.4.4, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:45.299: IP: s=172.16.2.20 (Serial0/0), d=4.4.4.4, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:45.515: IP: s=172.16.2.20 (Serial0/0), d=4.4.4.4, len 100, FIB policy rejected(no match) - normal forwarding
R2#
*Mar 1 00:10:44.651: IP: s=172.16.2.20 (Serial0/0), d=4.4.4.4, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:44.915: IP: s=172.16.2.20 (Serial0/0), d=4.4.4.4, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:45.107: IP: s=172.16.2.20 (Serial0/0), d=4.4.4.4, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:45.299: IP: s=172.16.2.20 (Serial0/0), d=4.4.4.4, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:45.515: IP: s=172.16.2.20 (Serial0/0), d=4.4.4.4, len 100, FIB policy rejected(no match) - normal forwarding
R3#
*Mar 1 00:10:41.719: IP: s=4.4.4.4 (Serial0/0), d=172.16.2.20, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:41.983: IP: s=4.4.4.4 (Serial0/0), d=172.16.2.20, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:42.151: IP: s=4.4.4.4 (Serial0/0), d=172.16.2.20, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:42.391: IP: s=4.4.4.4 (Serial0/0), d=172.16.2.20, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:42.587: IP: s=4.4.4.4 (Serial0/0), d=172.16.2.20, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:41.719: IP: s=4.4.4.4 (Serial0/0), d=172.16.2.20, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:41.983: IP: s=4.4.4.4 (Serial0/0), d=172.16.2.20, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:42.151: IP: s=4.4.4.4 (Serial0/0), d=172.16.2.20, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:42.391: IP: s=4.4.4.4 (Serial0/0), d=172.16.2.20, len 100, FIB policy rejected(no match) - normal forwarding
*Mar 1 00:10:42.587: IP: s=4.4.4.4 (Serial0/0), d=172.16.2.20, len 100, FIB policy rejected(no match) - normal forwarding
4、技術要點總結:
PBR主要用於基於流或源的路由選擇,是路由器轉發層面的行爲。PBR經過Acl來肯定信源,並根據信源來做路由選擇,即從源IP上實現路由選擇。所以只需應用在數據入口上,無需像Acl同樣指定方向。通常狀況下應儘可能少用,除非經過其它方式沒法實現預期目的。此外,本實驗中還能夠在匹配IP的同時匹配ping包的大小,如對長度爲0~200的ping包應用PBR(默認長度爲100),則須要做如下配置:
Match ip address 101
Match length 0 200
PBR主要用於基於流或源的路由選擇,是路由器轉發層面的行爲。PBR經過Acl來肯定信源,並根據信源來做路由選擇,即從源IP上實現路由選擇。所以只需應用在數據入口上,無需像Acl同樣指定方向。通常狀況下應儘可能少用,除非經過其它方式沒法實現預期目的。此外,本實驗中還能夠在匹配IP的同時匹配ping包的大小,如對長度爲0~200的ping包應用PBR(默認長度爲100),則須要做如下配置:
Match ip address 101
Match length 0 200
這樣在做擴展ping測試時經過指定ping包大小來驗證PBR,0~200的ping包會應用PBR,途徑192.168.2.6和192.168.2.5,而不在此範圍中的ping包則會以普通方式轉發。
PBR實施要點彙總:
利用Acl過濾數據包:
Access-list 1 permit 172.16.1.0 0.0.0.255//定義特定的數據包
Access-list 101 permit tcp host 172.16.1.10 host 4.4.4.4 23
全局模式下定義策略路由:
Route-map PBR permit 10//定義一個叫PBR的route-map,10爲編號
Match ip address 1//定義匹配的ip
Set ip next-hop 192.168.2.6//指定下一跳
Route-map PBR permit 10//定義一個叫PBR的route-map,10爲編號
Match ip address 1//定義匹配的ip
Set ip next-hop 192.168.2.6//指定下一跳
將策略應用到數據入口接口上:
Interface S0/0
Ip policy route-map PBR//在數據入口接口上應用,不須要再指定in或out方向
Interface S0/0
Ip policy route-map PBR//在數據入口接口上應用,不須要再指定in或out方向
查看PBR配置:
Show ip policy
Show ip policy
驗證PBR是否被成功應用:
Traceroute DestIP source SourIP
或者在應用PBR的設備上查看debug信息:
Debug ip policy
若應用成功,會出現如下信息:
FIB policy match//成功匹配PBR
g=192.168.2.5, len 100, FIB policy routed//應用策略路由,數據包走指定的下一跳
Traceroute DestIP source SourIP
或者在應用PBR的設備上查看debug信息:
Debug ip policy
若應用成功,會出現如下信息:
FIB policy match//成功匹配PBR
g=192.168.2.5, len 100, FIB policy routed//應用策略路由,數據包走指定的下一跳
注:Traceroute DestIP source SourIP 命令在張選波老師的PBR實驗文檔中出現了,可是個人模擬器不支持帶源的跟蹤,估計是 IOS版本的問題。可是又不敢確定,第一次本身編寫實驗文檔,不免有疏忽甚至是錯誤,歡迎你們批評指正!
但願各路朋友在交流中不斷成長、不斷進步!
另外,藉此機會感謝咱們實驗老師給咱們這個本身編寫實驗文檔的機會!
相關文章
- 1. PBR實驗
- 2. PBR
- 3. pbr
- 4. PBR策略路由實例
- 5. CCNP路由實驗之十六 策略路由(PBR)
- 6. 實驗三十6、策略路由(PBR)配置
- 7. PBR一
- 8. 【原】東拼西湊PBR(1):PBR基礎
- 9. 【PBR系列一】PBR知識體系
- 10. Pbr渲染
- 更多相關文章...
- • XML 驗證 - XML 教程
- • DTD 驗證 - DTD 教程
- • ☆基於Java Instrument的Agent實現
- • Docker容器實戰(一) - 封神Server端技術
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. PBR實驗
- 2. PBR
- 3. pbr
- 4. PBR策略路由實例
- 5. CCNP路由實驗之十六 策略路由(PBR)
- 6. 實驗三十6、策略路由(PBR)配置
- 7. PBR一
- 8. 【原】東拼西湊PBR(1):PBR基礎
- 9. 【PBR系列一】PBR知識體系
- 10. Pbr渲染