定义:
策略路由 PBR(Policy-Based Routing)是一种根据用户制订的策略进行路由抉择的机制,分为本地策略路由、接口策略路由和智能策略路由 SPR(Smart Policy Routing)。
阐明:
· 策略路由与路由策略(Routing Policy)存在以下不同:
o 策略路由的操作对象是数据包,在路由表曾经产生的状况下,不依照路由表进行转发,而是依据须要,按照某种策略扭转数据包转发门路。
o 路由策略的操作对象是路由信息。路由策略次要实现了路由过滤和路由属性设置等性能,它通过扭转路由属性(包含可达性)来扭转网络流量所通过的门路。
目标
传统的路由转发原理是首先依据报文的目标地址查找路由表,而后进行报文转发。然而目前越来越多的用户心愿可能在传统路由转发的根底上依据本人定义的策略进行报文转发和选路。策略路由使网络管理者不仅可能依据报文的目标地址,而且可能依据报文的源地址、报文大小和链路品质等属性来制订策略路由,以扭转数据包转发门路,满足用户需要。
受害
策略路由具备如下长处:
· 能够依据用户理论需要制订策略进行路由抉择,加强路由抉择的灵活性和可控性。
· 能够使不同的数据流通过不同的链路进行发送,进步链路的利用效率。
· 在满足业务服务质量的前提下,抉择费用较低的链路传输业务数据,从而升高企业数据服务的老本。
配置本地策略路由示例:
组网需要:
如图所示,RouterA 与 RouterB 间有两条链路相连。
用户心愿实现本机下发的不同长度的报文通过不同的下一跳地址进行转发,其中:
· 长度为 64~1400 字节的报文设置 192.168.1.2 作为下一跳地址。
· 长度为 1401~1500 字节的报文设置 192.168.2.2 作为下一跳地址。
· 所有其它长度的报文都按基于目标地址的办法进行路由选路。
配置思路:
采纳如下思路配置本地策略路由:
- 在 RouterA 上配置 IP 报文长度匹配条件,以实现本机下发的不同长度的报文匹配不同的策略点。
- 在 RouterA 上配置本地策略路由的动作,以实现本机下发的不同长度的报文通过不同的下一跳地址进行转发。
- 使能本地策略路由。
操作步骤
- 配置各接口的 IP 地址
# 配置 RouterA 的各接口的 IP 地址。
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ip address 192.168.1.1 255.255.255.0
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] ip address 192.168.2.1 255.255.255.0
[RouterA-GigabitEthernet2/0/0] quit
[RouterA] interface loopback 0
[RouterA-LoopBack0] ip address 10.1.1.1 255.255.255.0
[RouterA-LoopBack0] quit
# 配置 RouterB 的各接口的 IP 地址。
<Huawei> system-view
[Huawei] sysname RouterB
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ip address 192.168.1.2 255.255.255.0
[RouterB-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] ip address 192.168.2.2 255.255.255.0
[RouterB-GigabitEthernet2/0/0] quit
[RouterB] interface loopback 0
[RouterB-LoopBack0] ip address 10.1.2.1 255.255.255.0
[RouterB-LoopBack0] quit
- 配置动态路由
# 在 RouterA 上配置动态路由。
[RouterA] ip route-static 10.1.2.0 24 192.168.1.2
[RouterA] ip route-static 10.1.2.0 24 192.168.2.2
# 在 RouterB 上配置动态路由。
[RouterB] ip route-static 10.1.1.0 24 192.168.1.1
[RouterB] ip route-static 10.1.1.0 24 192.168.2.1
- 配置策略路由
# 配置名称为 lab1 的策略路由。
[RouterA] policy-based-route lab1 permit node 10
[RouterA-policy-based-route-lab1-10] if-match packet-length 64 1400
[RouterA-policy-based-route-lab1-10] apply ip-address next-hop 192.168.1.2
[RouterA-policy-based-route-lab1-10] quit
[RouterA] policy-based-route lab1 permit node 20
[RouterA-policy-based-route-lab1-20] if-match packet-length 1401 1500
[RouterA-policy-based-route-lab1-20] apply ip-address next-hop 192.168.2.2
[RouterA-policy-based-route-lab1-20] quit
# 使能本地策略路由。
[RouterA] ip local policy-based-route lab1
- 验证配置后果
# 清空 RouterB 接口统计信息。
<RouterB> reset counters interface gigabitethernet 1/0/0
<RouterB> reset counters interface gigabitethernet 2/0/0
# 查看 RouterB 接口统计信息。
<RouterB> display interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2012-07-30 11:23:24
Description:HUAWEI, AR Series, GigabitEthernet1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.1.2/24
IP Sending Frames’ Format is PKTFMT_ETHNT_2, Hardware address is 0819-a6ce-7d4c
Last physical up time : 2012-07-30 11:23:24
Last physical down time : 2012-07-24 16:54:19
Current system time: 2012-07-30 14:57:28
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 40 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 7568 bits/sec,Record time: 2012-07-30 12:57:02
Output peak rate 1008 bits/sec,Record time: 2012-07-30 12:42:42
Input: 135403 packets, 118911125 bytes
Unicast: 107066, Multicast: 10468
Broadcast: 17869, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 59070 packets, 14217739 bytes
Unicast: 37581, Multicast: 21485
Broadcast: 4, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0.01%
Output bandwidth utilization : 0.01%
<RouterB> display interface gigabitethernet 2/0/0
GigabitEthernet2/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2012-07-30 11:23:29
Description:HUAWEI, AR Series, GigabitEthernet2/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.2.2/24
IP Sending Frames’ Format is PKTFMT_ETHNT_2, Hardware address is 0819-a6ce-7d4d
Last physical up time : 2012-07-30 11:23:29
Last physical down time : 2012-07-30 11:09:17
Current system time: 2012-07-30 14:58:24
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 48 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 11576 bits/sec,Record time: 2012-07-30 13:46:52
Output peak rate 11576 bits/sec,Record time: 2012-07-30 13:46:52
Input: 135403 packets, 118911125 bytes
Unicast: 107066, Multicast: 10468
Broadcast: 17869, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 59070 packets, 14217739 bytes
Unicast: 37581, Multicast: 21485
Broadcast: 4, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0.01%
Output bandwidth utilization : 0.01%
# 在 RouterA 上 Ping RouterB 的 Loopback0,并将报文数据字段长度设为 80 字节。
<RouterA> ping -s 80 10.1.2.1
PING 10.1.2.1: 80 data bytes, press CTRL_C to break
Reply from 10.1.2.1: bytes=80 Sequence=1 ttl=255 time=2 ms
Reply from 10.1.2.1: bytes=80 Sequence=2 ttl=255 time=2 ms
Reply from 10.1.2.1: bytes=80 Sequence=3 ttl=255 time=2 ms
Reply from 10.1.2.1: bytes=80 Sequence=4 ttl=255 time=2 ms
Reply from 10.1.2.1: bytes=80 Sequence=5 ttl=255 time=2 ms
— 10.1.2.1 ping statistics —
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/2 ms
# 查看 RouterB 接口统计信息。
<RouterB> display interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2012-07-30 11:23:24
Description:HUAWEI, AR Series, GigabitEthernet1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.1.2/24
IP Sending Frames’ Format is PKTFMT_ETHNT_2, Hardware address is 0819-a6ce-7d4c
Last physical up time : 2012-07-30 11:23:24
Last physical down time : 2012-07-24 16:54:19
Current system time: 2012-07-30 15:00:15
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 152 bits/sec, 0 packets/sec
Last 300 seconds output rate 16 bits/sec, 0 packets/sec
Input peak rate 7568 bits/sec,Record time: 2012-07-30 12:57:02
Output peak rate 1008 bits/sec,Record time: 2012-07-30 12:42:42
Input: 135403 packets, 118911125 bytes
Unicast: 107066, Multicast: 10468
Broadcast: 17869, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 59070 packets, 14217739 bytes
Unicast: 37581, Multicast: 21485
Broadcast: 4, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0.01%
Output bandwidth utilization : 0.01%
<RouterB> display interface gigabitethernet 2/0/0
GigabitEthernet2/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2012-07-30 11:23:29
Description:HUAWEI, AR Series, GigabitEthernet2/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.2.2/24
IP Sending Frames’ Format is PKTFMT_ETHNT_2, Hardware address is 0819-a6ce-7d4d
Last physical up time : 2012-07-30 11:23:29
Last physical down time : 2012-07-30 11:09:17
Current system time: 2012-07-30 15:01:02
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 112 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 11576 bits/sec,Record time: 2012-07-30 13:46:52
Output peak rate 11576 bits/sec,Record time: 2012-07-30 13:46:52
Input: 135403 packets, 118911125 bytes
Unicast: 107066, Multicast: 10468
Broadcast: 17869, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 59070 packets, 14217739 bytes
Unicast: 37581, Multicast: 21485
Broadcast: 4, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0.01%
Output bandwidth utilization : 0.01%
比拟执行命令 ping -s 80 10.1.2.1 前后 RouterB 接口统计信息,只有 RouterB 接口 GigabitEthernet 1/0/ 0 发送报文总数量减少了 5,即 RouterB 接口 GigabitEthernet 1/0/ 0 在接管到 ICMP 申请报文后给 RouterA 发送 5 个 ICMP 应答报文,所以 RouterA 依据策略路由确定的下一跳为 192.168.1.2。
# 清空 RouterB 接口统计信息。
<RouterB> reset counters interface gigabitethernet 1/0/0
<RouterB> reset counters interface gigabitethernet 2/0/0
# 查看 RouterB 接口统计信息。
<RouterB> display interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2012-07-30 11:23:24
Description:HUAWEI, AR Series, GigabitEthernet1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.1.2/24
IP Sending Frames’ Format is PKTFMT_ETHNT_2, Hardware address is 0819-a6ce-7d4c
Last physical up time : 2012-07-30 11:23:24
Last physical down time : 2012-07-24 16:54:19
Current system time: 2012-07-30 16:04:14
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 7568 bits/sec,Record time: 2012-07-30 12:57:02
Output peak rate 1008 bits/sec,Record time: 2012-07-30 12:42:42
Input: 135403 packets, 118911125 bytes
Unicast: 107066, Multicast: 10468
Broadcast: 17869, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 59070 packets, 14217739 bytes
Unicast: 37581, Multicast: 21485
Broadcast: 4, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0.01%
Output bandwidth utilization : 0.01%
<RouterB> display interface gigabitethernet 2/0/0
GigabitEthernet2/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2012-07-30 11:23:29
Description:HUAWEI, AR Series, GigabitEthernet2/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.2.2/24
IP Sending Frames’ Format is PKTFMT_ETHNT_2, Hardware address is 0819-a6ce-7d4d
Last physical up time : 2012-07-30 11:23:29
Last physical down time : 2012-07-30 11:09:17
Current system time: 2012-07-30 16:04:19
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 11576 bits/sec,Record time: 2012-07-30 13:46:52
Output peak rate 11576 bits/sec,Record time: 2012-07-30 13:46:52
Input: 135403 packets, 118911125 bytes
Unicast: 107066, Multicast: 10468
Broadcast: 17869, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 59070 packets, 14217739 bytes
Unicast: 37581, Multicast: 21485
Broadcast: 4, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0.01%
Output bandwidth utilization : 0.01%
# 在 RouterA 上 Ping RouterB 的 Loopback0,并将报文数据字段长度设为 1401 字节。
<RouterA> ping -s 1401 10.1.2.1
PING 10.1.2.1: 1401 data bytes, press CTRL_C to break
Reply from 10.1.2.1: bytes=1401 Sequence=1 ttl=255 time=1 ms
Reply from 10.1.2.1: bytes=1401 Sequence=2 ttl=255 time=1 ms
Reply from 10.1.2.1: bytes=1401 Sequence=3 ttl=255 time=1 ms
Reply from 10.1.2.1: bytes=1401 Sequence=4 ttl=255 time=1 ms
Reply from 10.1.2.1: bytes=1401 Sequence=5 ttl=255 time=2 ms
— 10.1.2.1 ping statistics —
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/2 ms
# 查看 RouterB 接口统计信息。
<RouterB> display interface gigabitethernet 1/0/0
GigabitEthernet1/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2012-07-30 11:23:24
Description:HUAWEI, AR Series, GigabitEthernet1/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.1.2/24
IP Sending Frames’ Format is PKTFMT_ETHNT_2, Hardware address is 0819-a6ce-7d4c
Last physical up time : 2012-07-30 11:23:24
Last physical down time : 2012-07-24 16:54:19
Current system time: 2012-07-30 16:04:50
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 40 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 7568 bits/sec,Record time: 2012-07-30 12:57:02
Output peak rate 1008 bits/sec,Record time: 2012-07-30 12:42:42
Input: 135403 packets, 118911125 bytes
Unicast: 107066, Multicast: 10468
Broadcast: 17869, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 59070 packets, 14217739 bytes
Unicast: 37581, Multicast: 21485
Broadcast: 4, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0.01%
Output bandwidth utilization : 0.01%
<RouterB> display interface gigabitethernet 2/0/0
GigabitEthernet2/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2012-07-30 11:23:29
Description:HUAWEI, AR Series, GigabitEthernet2/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.2.2/24
IP Sending Frames’ Format is PKTFMT_ETHNT_2, Hardware address is 0819-a6ce-7d4d
Last physical up time : 2012-07-30 11:23:29
Last physical down time : 2012-07-30 11:09:17
Current system time: 2012-07-30 16:04:55
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 200 bits/sec, 0 packets/sec
Last 300 seconds output rate 192 bits/sec, 0 packets/sec
Input peak rate 11576 bits/sec,Record time: 2012-07-30 13:46:52
Output peak rate 11576 bits/sec,Record time: 2012-07-30 13:46:52
Input: 135403 packets, 118911125 bytes
Unicast: 107066, Multicast: 10468
Broadcast: 17869, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 59070 packets, 14217739 bytes
Unicast: 37581, Multicast: 21485
Broadcast: 4, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0.01%
Output bandwidth utilization : 0.01%
比拟执行命令 ping -s 1401 10.1.2.1 前后 RouterB 接口统计信息,只有 RouterB 接口 GigabitEthernet 2/0/ 0 发送报文总数量减少了 5,即 RouterB 接口 GigabitEthernet 2/0/ 0 在接管到 ICMP 申请报文后给 RouterA 发送 5 个 ICMP 应答报文,所以 RouterA 依据策略路由确定的下一跳为 192.168.2.2。