路由策略实验配置

0.原理

0.1、策略路由原理

策略路由:通过定义策略和应用,实现数据流量按照规划的路径走,比如张三走联通出口,李四走电信出口(策略路由的优先级比普通路由表优先级更高)。

路由策略是通过ACL等方式控制路由发布,让对方学到适当路由条目,比如有20条路由条目,只想让某个路由器学到10条,可以通过路由策略进行过滤。

路由策略和策略路由是两种不同的机制,主要区别如下:

路由策略 策略路由
基于策略控制路由信息的引入、发布、接收 基于策略控制报文的转发,即可以不按照路由表转发报文,而是通过按照策略需要转发,转发失败后再通过查找路由表转发
基于控制平面,为路由协议和路由表服务 基于转发平面,为转发策略服务
与路由协议结合完成策略,应用命令route-policy 需要手工逐跳配置,以保证报文按策略转发,应用命令traffic-policy

1.拓扑图

2.实验步骤

实现的效果:

三个路由器,分配配置RIPv2,OSPF,分别学到路由信息,并设备cost。

复制代码
在R1中配置IP地址和RIPv2
<Huawei>sys
[Huawei]sysname R1
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip add 12.1.1.1 30
[R1-GigabitEthernet0/0/0]int lo0
[R1-LoopBack0]ip add 10.1.1.1 24
[R1-LoopBack0]int lo1
[R1-LoopBack1]ip add 10.1.2.1 24
[R1-LoopBack1]int lo2
[R1-LoopBack2]ip add 10.1.3.1 24
[R1-LoopBack2]q

[R1]rip 
[R1-rip-1]version 2
[R1-rip-1]network 12.0.0.0
[R1-rip-1]network 10.0.0.0
[R1-rip-1]q

在R2中配置IP地址、RIPv2、OSPF
<Huawei>sys
[Huawei]sysname R2 
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 12.1.1.2 30
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 23.1.1.1 30
[R2-GigabitEthernet0/0/1]q
[R2]ping 12.1.1.1
  PING 12.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 12.1.1.1: bytes=56 Sequence=1 ttl=255 time=70 ms
    Reply from 12.1.1.1: bytes=56 Sequence=2 ttl=255 time=30 ms
    Reply from 12.1.1.1: bytes=56 Sequence=3 ttl=255 time=10 ms
    Reply from 12.1.1.1: bytes=56 Sequence=4 ttl=255 time=10 ms
    Reply from 12.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms

  --- 12.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 10/28/70 ms

[R2]rip 
[R2-rip-1]version 2
[R2-rip-1]network 12.0.0.0
[R2-rip-1]q


[R2]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 13       Routes : 13       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/24  RIP     100  1           D   12.1.1.1        GigabitEthernet0/0/0
       10.1.2.0/24  RIP     100  1           D   12.1.1.1        GigabitEthernet0/0/0
       10.1.3.0/24  RIP     100  1           D   12.1.1.1        GigabitEthernet0/0/0
       12.1.1.0/30  Direct  0    0           D   12.1.1.2        GigabitEthernet0/0/0
       12.1.1.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       12.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       23.1.1.0/30  Direct  0    0           D   23.1.1.1        GigabitEthernet0/0/1
       23.1.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
       23.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[R2]ospf 
[R2-ospf-1]are	
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]net	
[R2-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.3
[R2-ospf-1-area-0.0.0.0]q
[R2-ospf-1]

在R3中配置,IP地址、OSPF
<Huawei>sys
[Huawei]sysname R3
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 23.1.1.2 30
[R3-GigabitEthernet0/0/0]int lo0
[R3-LoopBack0]ip add 30.1.1.1 24
[R3-LoopBack0]int lo1
[R3-LoopBack1]ip add 30.1.2.1 24
[R3-LoopBack1]int lo2
[R3-LoopBack2]ip add 30.1.3.1 24
[R3-LoopBack2]q

[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.3
[R3-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0
[R3-ospf-1-area-0.0.0.0]q
[R3-ospf-1]q

在R2中查看路由表有没有学到R2中的路由信息
<R2>dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 16       Routes : 16       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/24  RIP     100  1           D   12.1.1.1        GigabitEthernet0/0/0
       10.1.2.0/24  RIP     100  1           D   12.1.1.1        GigabitEthernet0/0/0
       10.1.3.0/24  RIP     100  1           D   12.1.1.1        GigabitEthernet0/0/0
       12.1.1.0/30  Direct  0    0           D   12.1.1.2        GigabitEthernet0/0/0
       12.1.1.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       12.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       23.1.1.0/30  Direct  0    0           D   23.1.1.1        GigabitEthernet0/0/1
       23.1.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
       23.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
       30.1.1.1/32  OSPF    10   1           D   23.1.1.2        GigabitEthernet0/0/1
       30.1.2.1/32  OSPF    10   1           D   23.1.1.2        GigabitEthernet0/0/1
       30.1.3.1/32  OSPF    10   1           D   23.1.1.2        GigabitEthernet0/0/1
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

经过上述配置之后,R2拥有R1和R3的路由信息,但是R1和R3并没有彼此的路由信息,需要在R2上进行路由的重分发。

复制代码
在R2中配置,实现指定的网段,被引用到R3中
1.配置ACL,允许10.1.2.0 和 10.1.3.0 两个网段
[R2]acl 2000
[R2-acl-basic-2000]rule 10 permit source 10.1.2.0 0.0.0.255
[R2-acl-basic-2000]rule 20 permit source 10.1.3.0 0.0.0.255
[R2-acl-basic-2000]q

2.配置路由策略
[R2]route-policy fromR1 permit ?
  node  Node of the route policy
[R2]route-policy fromR1 permit node ?
  INTEGER<0-65535>  Index of the node
[R2]route-policy fromR1 permit node 10 
Info: New Sequence of this List.
[R2-route-policy]if-match acl 2000
[R2-route-policy]q

3.通过R3中的OSPF来引入网段,
import-route rip 1  增加后面的路由策略进行限制,指定特定的网段被引入:route-policy fromR1 

[R2]ospf 1
[R2-ospf-1]import-route rip 1 ?
  cost          Set cost
  route-policy  Route policy
  tag           Specify route tag
  type          Metric type of the imported external routes
  <cr>          Please press ENTER to execute command 
[R2-ospf-1]import-route rip 1 route-policy ?
  STRING<1-40>  Name of the route policy
  fromR1        Name of the route policy
[R2-ospf-1]import-route rip 1 route-policy fromR1 
[R2-ospf-1]q

复制代码
在R3中查看路由表,指定的路由信息已经被引入:
如:10.1.2.0/24  O_ASE   150  1  

<R3>dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 18       Routes : 18       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.2.0/24  O_ASE   150  1           D   23.1.1.1        GigabitEthernet0/0/0
       10.1.3.0/24  O_ASE   150  1           D   23.1.1.1        GigabitEthernet0/0/0
       23.1.1.0/30  Direct  0    0           D   23.1.1.2        GigabitEthernet0/0/0
       23.1.1.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       23.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       30.1.1.0/24  Direct  0    0           D   30.1.1.1        LoopBack0
       30.1.1.1/32  Direct  0    0           D   127.0.0.1       LoopBack0
     30.1.1.255/32  Direct  0    0           D   127.0.0.1       LoopBack0
       30.1.2.0/24  Direct  0    0           D   30.1.2.1        LoopBack1
       30.1.2.1/32  Direct  0    0           D   127.0.0.1       LoopBack1
     30.1.2.255/32  Direct  0    0           D   127.0.0.1       LoopBack1
       30.1.3.0/24  Direct  0    0           D   30.1.3.1        LoopBack2
       30.1.3.1/32  Direct  0    0           D   127.0.0.1       LoopBack2
     30.1.3.255/32  Direct  0    0           D   127.0.0.1       LoopBack2
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

在R2中配置,实现指定的网段,被引用到R1中
[R2]acl 2001
[R2-acl-basic-2001]rule 20 permit source 30.1.2.0 0.0.0.255
[R2-acl-basic-2001]rule 30 permit source 30.1.3.0 0.0.0.255
[R2-acl-basic-2001]q

[R2]route-policy ?
  STRING<1-40>  Name of the route policy
  fromR1        Name of the route policy
  fromR3        Name of the route policy
[R2]route-policy fromR3 permit ?
  node  Node of the route policy
[R2]route-policy fromR3 permit node 20
[R2-route-policy]if-match acl 2001
[R2-route-policy]apply cost 10
[R2-route-policy]q

[R2]rip 1
[R2-rip-1]import-route ospf 1 route-policy ?
  STRING<1-40>  Name of the route policy
  fromR1        Name of the route policy
  fromR3        Name of the route policy
[R2-rip-1]import-route ospf 1 route-policy fromR3
[R2-rip-1]q

在R1中查看路由表,指定的路由信息已经被引入:
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 18       Routes : 18       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/24  Direct  0    0           D   10.1.1.1        LoopBack0
       10.1.1.1/32  Direct  0    0           D   127.0.0.1       LoopBack0
     10.1.1.255/32  Direct  0    0           D   127.0.0.1       LoopBack0
       10.1.2.0/24  Direct  0    0           D   10.1.2.1        LoopBack1
       10.1.2.1/32  Direct  0    0           D   127.0.0.1       LoopBack1
     10.1.2.255/32  Direct  0    0           D   127.0.0.1       LoopBack1
       10.1.3.0/24  Direct  0    0           D   10.1.3.1        LoopBack2
       10.1.3.1/32  Direct  0    0           D   127.0.0.1       LoopBack2
     10.1.3.255/32  Direct  0    0           D   127.0.0.1       LoopBack2
       12.1.1.0/30  Direct  0    0           D   12.1.1.1        GigabitEthernet0/0/0
       12.1.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       12.1.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
       30.1.2.1/32  RIP     100  1           D   12.1.1.2        GigabitEthernet0/0/0
       30.1.3.1/32  RIP     100  1           D   12.1.1.2        GigabitEthernet0/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
相关推荐
小马哥编程5 小时前
如何在路由器上配置DHCP服务器?
服务器·网络·智能路由器
爱隐身的官人5 小时前
新后端漏洞(上)- Spring Cloud Gateway Actuator API SpEL表达式注入命令执行(CVE-2022-22947)
网络·安全·web安全·spel表达式注入命令执行
星马梦缘6 小时前
计算机网络7 第七章 网络安全
网络·计算机网络·安全·web安全·非对称加密·对称加密
2401_888423096 小时前
51单片机-串口通信
网络·嵌入式硬件·51单片机
ggaofeng6 小时前
k8s网络原理
网络·容器·kubernetes
wangjialelele6 小时前
Linux匿名管道和命名管道以及共享内存
linux·运维·网络
qinyia6 小时前
解锁服务器网络配置新姿势:Wisdom SSH 助力之旅
服务器·网络·ssh
我登哥MVP7 小时前
Java 网络编程学习笔记
java·网络·学习
名誉寒冰7 小时前
TCP, 三次握手, 四次挥手, 滑动窗口, 快速重传, 拥塞控制, 半连接队列, RST, SYN, ACK
网络·tcp/ip·php