当前位置: article > 正文

H3C多出口策略路由配置_h3c策略路由配置

作者：Gausst松鼠会 | 2024-04-28 20:46:30

踩

h3c策略路由配置

策略路由（policy-based-route）是一种依据用户制定的策略进行路由选择的机制。与单纯依照IP报文的目的地址查找路由表进行转发不同，策略路由基于到达报文的源地址、长度等信息灵活地进行路由选择。对于满足一定条件（报文长度或ACL规则）的报文，将执行一定的操作（设置转发报文的VPN实例、设置报文的优先级、设置报文的出接口和下一跳、设置报文的缺省出接口和下一跳等），以指导报文的转发。

根据作用对象的不同，策略路由可分为本地策略路由和接口策略路由：

· 本地策略路由：对本地产生的报文（比如本地发出的ping报文）进行策略路由，它只对本地产生的报文起作用，对转发的报文不起作用。

· 接口策略路由：对到达该接口的报文进行策略路由，它只对转发的报文起作用，对本地产生的报文不起作用。

对于一般转发和安全等方面的使用需求，大多数情况下只需使用接口策略路由。

一般来讲，策略路由的优先级要高于普通路由，即报文先按照策略路由进行转发。如果报文无法匹配所有的策略路由条件，不能按照策略路由进行转发，再按照普通路由进行转发。

实验拓扑

拓扑图

需求分析

RT为出口路由器，物理出口分别为0/0和0/1。0/10为下联三层接口。
网关配置在SW交换机上，启用两个vlan：10和20。
配置满足以下要求：
vlan10出接口为RT0/0，当0/0接口故障时可以通过0/1访问互联网。
vlan20出接口为RT0/1，当0/1接口故障时可以通过0/0访问互联网。

配置

配置ACL

 acl advanced 3010
 rule permit ip source 192.168.10.0 0.0.0.255
#
acl advanced 3020
 rule permit ip source 192.168.20.0 0.0.0.255
1
2
3
4
5

配置NQA+Track联动

nqa entry 10 10
 type icmp-echo
  destination ip 10.0.0.1
  frequency 5000
  history-record enable
  history-record number 10
  next-hop ip 10.0.0.1
  probe count 10
  probe timeout 500
  reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only

nqa entry 20 20
 type icmp-echo
  destination ip 20.0.0.1
  frequency 5000
  history-record enable
  history-record number 10
  next-hop ip 20.0.0.1
  probe count 10
  probe timeout 500
  reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only

 nqa schedule 10 10 start-time now lifetime forever
 nqa schedule 20 20 start-time now lifetime forever

#
track 1 nqa entry 10 10 reaction 1
#
track 2 nqa entry 20 20 reaction 1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

配置策略路由

policy-based-route 10 permit node 0
 if-match acl 3010
 apply next-hop 10.0.0.1 track 1
 apply next-hop 20.0.0.1
#
policy-based-route 10 permit node 5
 if-match acl 3020
 apply next-hop 20.0.0.1 track 2
 apply next-hop 10.0.0.1
1
2
3
4
5
6
7
8
9

入接口调用策略路由

interface GigabitEthernet0/0/10
 port link-mode route
 combo enable copper
 ip address 192.168.255.1 255.255.255.0
 ip policy-based-route 10
1
2
3
4
5

验证

vlan10
vlan20
模拟故障

附设备配置

RT

sysname RT
#
track 1 nqa entry 10 10 reaction 1
#
track 2 nqa entry 20 20 reaction 1
#
 ip unreachables enable
 ip ttl-expires enable
#
 system-working-mode standard
 xbar load-single
 password-recovery enable
 lpu-type f-series
#
policy-based-route 10 permit node 0
 if-match acl 3010
 apply next-hop 10.0.0.1 track 1
 apply next-hop 20.0.0.1
#
policy-based-route 10 permit node 5
 if-match acl 3020
 apply next-hop 20.0.0.1 track 2
 apply next-hop 10.0.0.1
#
nqa entry 10 10
 type icmp-echo
  destination ip 10.0.0.1
  frequency 5000
  history-record enable
  history-record number 10
  next-hop ip 10.0.0.1
  probe count 10
  probe timeout 500
  reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
#
nqa entry 20 20
 type icmp-echo
  destination ip 20.0.0.1
  frequency 5000
  history-record enable
  history-record number 10
  next-hop ip 20.0.0.1
  probe count 10
  probe timeout 500
  reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
#
 nqa schedule 10 10 start-time now lifetime forever
 nqa schedule 20 20 start-time now lifetime forever
 #
interface GigabitEthernet0/0/0
 port link-mode route
 combo enable copper
 ip address 10.0.0.2 255.255.255.0
 nat outbound
#
interface GigabitEthernet0/0/1
 port link-mode route
 combo enable copper
 ip address 20.0.0.2 255.255.255.0
 nat outbound
#
interface GigabitEthernet0/0/10
 port link-mode route
 combo enable copper
 ip address 192.168.255.1 255.255.255.0
 ip policy-based-route 10
#
ip route-static 0.0.0.0 0 10.0.0.1
 ip route-static 0.0.0.0 0 20.0.0.1
 ip route-static 192.168.10.0 24 192.168.255.2
 ip route-static 192.168.20.0 24 192.168.255.2
#
acl advanced 3010
 rule 5 permit ip source 192.168.10.0 0.0.0.255
#
acl advanced 3020
 rule 5 permit ip source 192.168.20.0 0.0.0.255
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

SW

 sysname SW
#
 ip unreachables enable
 ip ttl-expires enable
#
vlan 1
#
vlan 10
#
vlan 20
#
interface Vlan-interface10
 ip address 192.168.10.254 255.255.255.0
#
interface Vlan-interface20
 ip address 192.168.20.254 255.255.255.0
#
interface GigabitEthernet1/0/48
 port link-mode route
 combo enable fiber
 ip address 192.168.255.2 255.255.255.0
#
interface GigabitEthernet1/0/1
 port link-mode bridge
 port access vlan 10
 combo enable fiber
#
interface GigabitEthernet1/0/10
 port link-mode bridge
 port access vlan 20
 combo enable fiber
#
 ip route-static 0.0.0.0 0 192.168.255.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/Gausst松鼠会/article/detail/504228