{"id":934,"date":"2012-08-07T22:25:00","date_gmt":"2012-08-07T14:25:00","guid":{"rendered":"http:\/\/note.systw.net\/note\/?p=934"},"modified":"2023-11-07T22:29:32","modified_gmt":"2023-11-07T14:29:32","slug":"cisco-policy-based-routing","status":"publish","type":"post","link":"https:\/\/systw.net\/note\/archives\/934","title":{"rendered":"Cisco Policy-Based Routing"},"content":{"rendered":"\n

PBR(policy-based route,\u539f\u5247\u578b\u8def\u7531)<\/strong>
\u53ef\u6839\u64da\u6307\u5b9a\u7684\u689d\u4ef6\u6539\u8b8a\u8def\u7531\u76ee\u5730<\/p>\n\n\n\n

PBR\u7528\u6cd5\u5982\u4e0b
1
\u5728\u4ecb\u9762\u4e0a\u5957\u7528route-map
(config-if)# ip [local] policy route-map < map-name><\/strong>
[local] \u8b93router\u672c\u8eab\u5efa\u7acb\u7684\u5c01\u5305\u4e5f\u4f7f\u7528PBR,\u9810\u8a2d\u4e0d\u4f7f\u7528
2
\u8a2d\u5b9aroute-map\u7684\u52d5\u4f5c
(config)# route-map < map-name> permit
(config-router-map)# match ip address < acl>
(config-router-map)# set < set-action><\/strong>
< set-action>\u4e3b\u8981\u53ef\u8a2d\u5b9a\u7684\u6709\u4ee5\u4e0b
\u3000set [default] ip next-hop [recursive] < ip1 [ip2 [ip…]]> \u5230\u76f4\u9023\u7db2\u8def\u7684ip1\u4f4d\u5740,\u82e5\u6c92\u6709\u5247\u5230ip2,…
\u3000\u3000recursive:\u8868\u793a\u5230\u975e\u76f4\u9023\u7db2\u8def\u7684IP   
\u3000set [default] interface < int1 [int2 [int…]]> \u5230\u76f4\u9023\u7db2\u8def\u7684\u4ecb\u97621,\u82e5\u6c92\u6709\u5247\u5230\u4ecb\u97622,…
\u3000\u3000\u6709default:\u5148\u4ee5\u4e00\u822cIP\u8def\u7531\u7a0b\u5e8f,\u8def\u5f91\u5931\u6557\u6642\u624d\u4f7f\u7528PBR
\u3000\u3000\u7121default:\u5148\u4f7f\u7528PBR,\u8def\u5f91\u5931\u6557\u624d\u4f7f\u7528\u4e00\u822cIP\u8def\u7531\u7a0b\u5e8f
\u3000set ip precedence < value>
\u3000set ip tos < value>
3
\u8a2d\u5b9a\u7b26\u5408route-map\u7684\u53c3\u6578
(config)#access-list < acl-option><\/strong>
ps:
route-map\u9810\u8a2d\u6700\u5f8c\u70badeny,\u7b26\u5408deny\u7684\u5c01\u5305\u6703\u9032\u5165\u4e00\u822c\u7684ip\u8def\u7531\u7a0b\u5e8f
ex:
\u7576\u5c01\u5305\u662f\u5f9e10.1.1.2\u9032\u5165fa0\/0\u523010.1.3.0\/24\u6642,\u5c31\u5c07\u5c01\u5305\u7684next-hop\u6539\u70ba10.1.10.4
(config)# interface Fa0\/0
(config-if)# ip address 10.1.1.5 255.255.255.0
(config-if)# ip policy route-map mapname
!
(config)# route-map mapname permit
(config-route-map)# match ip address 102
(config-route-map)# set ip next-hop 10.1.10.4
!
(config)# access-list 102 permit ip host 10.1.1.2 10.1.3.0 0.0.0.255<\/p>\n\n\n\n

… <\/p>\n\n\n\n

# show ip policy<\/strong>
Interface Route map
Fa0\/0 map1<\/p>\n\n\n\n

# show route-map<\/strong>
route-map map1, permit, sequence 10
Match clauses:
ip address (access-lists): 102
Set clauses:
ip next-hop 10.1.10.4
Policy routing matches: 12 packets, 720 bytes
ps:
PBR\u7684policy routing match\u6578\u91cf\u4e00\u76f4\u6c92\u589e\u52a0\u6642,\u53ef\u5148\u6aa2\u67e5ACL\u7684log <\/p>\n\n\n\n

# debug ip policy<\/strong>
*Sep 13 17:47:31.685: IP: s=10.1.1.2 (FastEthernet0\/0), d=10.1.3.90, len 28, policy match
*Sep 13 17:47:31.685: IP: route map mapname, item 10, permit
*Sep 13 17:47:31.685: IP: s=10.1.1.2 (FastEthernet0\/0), d=10.1.3.90 (Serial0\/0\/1),len 28, policy routed
*Sep 13 17:47:31.685: IP: FastEthernet0\/0 to Serial0\/0\/1 10.1.10.4<\/p>\n\n\n\n

…………………………<\/p>\n\n\n\n

\u8a2d\u5b9a\u8def\u5f91\u8ffd\u8e64ip sla\u904b\u4f5c\u5143<\/strong>
\u7576ip sla\u904b\u4f5c\u5143\u50b3\u56de\u72c0\u614b\u70baok,\u4f7ftracking object\u70baup\u6642,\u8a72\u8def\u5f91\u624d\u6703\u904b\u4f5c
1\u5efa\u7acb\u8ffd\u8e64\u7269\u4ef6
(config)# track < track-id> ip sla < sla-id> [state|reachability]<\/strong>
2\u8a2d\u5b9a\u8def\u5f91\u4f7f\u7528\u8e64\u7269\u4ef6
\u975c\u614b\u8def\u5f91\u8a2d\u5b9a\u65b9\u5f0f
(config)# ip route < dst mask> < int|next-hop> track < track-id><\/strong>
PBR\u8a2d\u5b9a\u65b9\u5f0f
(config)# route-map < map-name> permit
(config-route-map)# match ip address < acl>
(config-route-map)# set ip next-hop verify-availability < dst> 1 track < track-id><\/strong><\/p>\n\n\n\n

\u5ef6\u9072\u8a2d\u5b9a
(config)# delay < down < sec>|up < sec>><\/strong>
\u5b9a\u7fa9sla\u72c0\u614b\u8b8a\u52d5\u4e4b\u5f8c\u591a\u4e45\u6642\u9593\uff0c\u624d\u8b93tracking object\u6539\u8b8a\u5176\u72c0\u614b,\u4ee5\u9632\u6b62route flapping<\/p>\n\n\n\n

ex:
\u8a2d\u5b9a\u975c\u614b\u8def\u5f9110.1.234.0\/24\u8ffd\u8e64\u7269\u4ef62\u72c0\u614b,\u800c\u7269\u4ef62\u4ee5ip sla 11\u7d71\u8a08\u7d50\u679c\u6c7a\u5b9aup\u6216down
(config)# track 2 ip sla 11 state
(config-track)# delay up 90 down 90
(config)# ip route 10.1.200.0 255.255.255.0 s0\/0\/1 track 2
ex:
\u7576\u5c01\u5305\u662f\u5f9e10.1.1.2\u9032\u5165fa0\/0\u523010.1.3.0\/24\u6642,\u5c31\u5c07\u5c01\u5305\u7684next-hop\u6539\u70ba10.1.10.4
\u540c\u6642\u4f7f\u7528\u7269\u4ef6\u8ffd\u8e642
(config)# interface Fa0\/0
(config-if)# ip address 10.1.1.5 255.255.255.0
(config-if)# ip policy route-map map-name
!
(config)# route-map map-name permit
(config-route-map)# match ip address 102
(config-route-map)# set ip next-hop verify-availability 10.1.10.4 1 track 2
!
(config)# access-list 102 permit ip host 10.1.1.2 10.1.3.0 0.0.0.255<\/p>\n\n\n\n

# show track<\/strong>
Track 2
\u3000IP SLA 11 state\u3000\u3000\u3000\u3000\u3000\u3000\u3000\/\/\u7269\u4ef62\u4ee5ip sla 11\u7d71\u8a08\u7d50\u679c\u6c7a\u5b9aup\u6216down
\u3000State is Up\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\/\/tracking object\u76ee\u524d\u72c0\u614b\u70baup
\u3000\u30001 change, last change 01:24:14
\u3000Delay up 90 secs, down 90 secs \/\/\u5ef6\u9072\u8a2d\u5b9a90\u79d2
\u3000Latest operation return code: OK \/\/sla\u6700\u5f8c\u50b3\u56de\u7684\u72c0\u614b\u70baok
\u3000Latest RTT (millisecs) 7
\u3000Tracked by:
\u3000\u3000STATIC-IP-ROUTING 0 \/\/\u88ab\u975c\u614b\u8def\u5f91\u8ffd\u8e64
Track 3
\u3000IP SLA 12 state \/\/\u7269\u4ef63\u4ee5ip sla 12\u7d71\u8a08\u7d50\u679c\u6c7a\u5b9aup\u6216down
\u3000\u3000State is Down \/\/\u76ee\u524d\u72c0\u614b\u70badown
\u3000\u3000\u30002 changes, last change 00:00:15
\u3000\u3000Delay up 90 secs, down 90 secs
\u3000\u3000Latest operation return code: No connection \/\/\u6700\u5f8c\u72c0\u614b\u70bano connectioin
\u3000\u3000Tracked by:
\u3000\u3000\u3000ROUTE-MAP 0 \/\/\u88abPBR\u8ffd\u8e64
ps:
\u7269\u4ef6\u5f9eup\u5230down\u6642\u6703\u7522\u751f\u4ee5\u4e0b\u8a0a\u606f
*Sep 13 22:51:33.322: %TRACKING-5-STATE: 3 ip sla 12 state Up->Down<\/p>\n","protected":false},"excerpt":{"rendered":"

PBR(policy-based route,\u539f\u5247\u578b\u8def\u7531)\u53ef …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[33],"tags":[],"class_list":["post-934","post","type-post","status-publish","format-standard","hentry","category-cisco-layer3"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/934","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/comments?post=934"}],"version-history":[{"count":0,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/posts\/934\/revisions"}],"wp:attachment":[{"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/media?parent=934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/categories?post=934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/systw.net\/note\/wp-json\/wp\/v2\/tags?post=934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}