理论:
上篇的《策略路由,实现双线上网》https://blog.csdn.net/WannaHaha/article/details/106859778
现在进一步记录策略路由的流应用
配置策略路由可以将到达接口的三层报文重定向到指定的下一跳地址
通过配置重定向,设备将符合流分类规则的报文重定向到指定的下一跳地址。包含重定向动作的流策略只能在全局、接口或VLAN的入方向上应用。
配置策略路由前任务
在配置策略路由前,需要配置相关接口的ip地址和路由协议,保证路由互通。
操作步骤
1、配置acl
2、配置流分类
[Huawei]traffic classifier c1
[Huawei-classifier-c1]if-match acl 3001
3、配置流行为
[Huawei]traffic behavior b1
[Huawei-behavior-b1]redirect ip-nexthop x.x.x.x
当存在多个下一跳时,设备按照主备方式对报文进行重定向转发。一个流行为中最多可以配置4个下一跳,设备根据下一跳的配置顺序确定主备链路,先配置的下一跳IP地址优先级较高。配置的第一个下一跳IP地址作为主用链路,其他链路作为备用链路。当主用链路Down之后,则主动选取优先级高的下一跳作为新的主链路;当原主用链路恢复正常以后,流量再回切至原主用链路。
4、配置流策略
[Huawei-behavior-b3]traffic policy p1
[Huawei-trafficpolicy-p1]classifier c1 behavior b1
5、应用流策略
1、在接口上应用流策略
a、sys 系统视图
b、int gi0/0/x 进入接口视图
c、traffic-policy policy-name inbound 在接口入方向上个应用策略路由
2、在vlan上应用流策略
a、sys 系统视图
b、vlan vlan-id 进入接口视图
c、traffic-policy policy-name inbound 在vlan上应用流策略
3、在全局应用流策略
a、sys 系统视图
b、traffic-policy policy-name global inbound 在全局上应用策略路由
实验
说明:
如图
R4模拟Internet
R2、R3分别模拟运营商电信(telecom)、联通ISP(unicom)
R1为出口路由器
LSW1为三层交换1
LSW3、LSW4为二层交换、
PC1、PC2属于vlan 108 (vlanif108:10.180.108.0/24);PC3、PC4属于vlan 109(vlanif 109:10.180.109.0/24)
LSW2为三层交换2
LSW5、LSW6为二层交换
PC5、PC6属于vlan 110 (vlanif110:10.180.110.0/24);PC7、PC8属于vlan 111(vlanif 111:10.180.109.0/24)
项目目标:
需要一个稳定安全的网络环境来保证公司员工的Internet访问需求,研发和测试需求。
1、PC1~PC8之间可以互访;
2、PC1~PC8均可以访问Internet,
PC1、PC3、PC5、PC7正常情况下通过R2(telecom)访问R4(internet),当R1-R2-R4之间链路出现故障时自动切换到R1-R3-R4访问Internet;
PC2、PC4、PC6、PC8正常情况下通过R3(unicom)访问R4(internet),当R1-R3-R4之间链路出现故障时自动切换到R1-R2-R4访问Internet;
3、PC1~PC8均可以访问企业总部;
组网思路:
R4(internet)、R3(unicom)、R2(telecom)、R1(出口路由)模拟企业出口运营商网络及Internet,它们之间运行ospf,区域area 1,实现连通性;
R1上配置NAT(Easy-IP)、配置PBR(策略路由)实现分流及出口网冗余、配置GRE over IPsec实现与R5互通的VPN、配置与LSW1、LSW4之间的ospf实现IGP自动更新路由信息;
LSW1、LSW4通过vlanif 300与R1连接,ge0/0/2和ge0/0/3接口配置trunk口,与二层交换连接,允许vlan108、vlan109、vlan110、vlan111通过;
配置vlanif 108-109 vlanif 110-111,充当接入PC的网关;
配置dhcp,并IP/MAC绑定,实现固定的设备获取固定的IP;
LSW2、LSW3、LSW5、LSW6代表接入层交换机,分别属于vlan108、vlan109、vlan110、vlan111
配置可参考下文连通性配置,
具体配置参考上篇文章:https://blog.csdn.net/WannaHaha/article/details/107511731
连通性配置
AR4:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int gi 0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 100.1.1.1 24
Jul 27 2020 14:15:02-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[0]:The line protocol
IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[Huawei-GigabitEthernet0/0/0]q
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int gi 0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 200.1.1.1 24
[Huawei-GigabitEthernet0/0/1]int lo0
[Huawei-LoopBack0]ip addr 114.114.114.114 32
[Huawei-LoopBack0]
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]ospf 1 router-id 4.4.4.
^
Error: Wrong parameter found at '^' position.
[Huawei]ospf 1 router-id 4.4.4.4
[Huawei-ospf-1]area 1
[Huawei-ospf-1-area-0.0.0.1]network 100.1.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.1]network 200.1.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.1]network 114.114.114.114 0.0.0.0
[Huawei-ospf-1-area-0.0.0.1]q
[Huawei-ospf-1]
[Huawei-ospf-1]q
[Huawei]dis ospf routing
OSPF Process 1 with Router ID 4.4.4.4
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
100.1.1.0/24 1 Transit 100.1.1.1 4.4.4.4 0.0.0.1
114.114.114.114/32 0 Stub 114.114.114.114 4.4.4.4 0.0.0.1
200.1.1.0/24 1 Transit 200.1.1.1 4.4.4.4 0.0.0.1
10.1.1.0/24 2 Transit 100.1.1.2 2.2.2.2 0.0.0.1
20.1.1.0/24 2 Transit 200.1.1.2 3.3.3.3 0.0.0.1
Total Nets: 5
Intra Area: 5 Inter Area: 0 ASE: 0 NSSA: 0
AR2:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int gi 0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 100.1.1.2 24
Jul 27 2020 14:16:48-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[0]:The line protocol
IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[Huawei-GigabitEthernet0/0/1]q
[Huawei]un in en
Info: Information center is disabled.
[Huawei]int gi 0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.1.1.2 24
[Huawei-GigabitEthernet0/0/0]q
[Huawei]sysname telecom
[telecom]
<telecom>sys
Enter system view, return user view with Ctrl+Z.
[telecom]ospf 1 router-id 2.2.2.2
[telecom-ospf-1]area 1
[telecom-ospf-1-area-0.0.0.1]network 100.1.1.0 0.0.0.255
[telecom-ospf-1-area-0.0.0.1]network 10.1.1.0 0.0.0.255
[telecom-ospf-1-area-0.0.0.1]
<telecom>
AR3:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int gi 0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 200.1.1.2 24
Jul 27 2020 14:17:56-08:00 Huawei %%01IFNET/4/LINK_STATE(l)[0]:The line protocol
IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[Huawei-GigabitEthernet0/0/1]
[Huawei-GigabitEthernet0/0/1]q
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysname unicom
[unicom]int gi 0/0/0
[unicom-GigabitEthernet0/0/0]ip addr 20.1.1.2 24
[unicom-GigabitEthernet0/0/0]
<unicom>sys
Enter system view, return user view with Ctrl+Z.
[unicom]ospf 1 router-id 3.3.3.3
[unicom-ospf-1]area 1
[unicom-ospf-1-area-0.0.0.1]network 200.1.1.0 0.0.0.255
[unicom-ospf-1-area-0.0.0.1]network 20.1.1.0 0.0.0.255
[unicom-ospf-1-area-0.0.0.1]
<unicom>
AR1:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname outrouter
[outrouter]un in en
Info: Information center is disabled.
[outrouter]int gi 0/0/2
[outrouter-GigabitEthernet0/0/2]ip addr 10.1.1.1 24
[outrouter-GigabitEthernet0/0/2]int gi 4/0/0
[outrouter-GigabitEthernet4/0/0]ip addr 20.1.1.1 24
[outrouter-GigabitEthernet4/0/0]
[outrouter-GigabitEthernet4/0/0]q
[outrouter]ospf 1 router-id 1.1.1.1
[outrouter-ospf-1]area 1
[outrouter-ospf-1-area-0.0.0.1]network 10.1.1.0 0.0.0.255
[outrouter-ospf-1-area-0.0.0.1]network 20.1.1.0 0.0.0.255
[outrouter-ospf-1-area-0.0.0.1]q
[outrouter-ospf-1]q
[outrouter]dis ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.1 interface 10.1.1.1(GigabitEthernet0/0/2)'s neighbors
Router ID: 2.2.2.2 Address: 10.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 10.1.1.2 BDR: 10.1.1.1 MTU: 0
Dead timer due in 39 sec
Retrans timer interval: 5
Neighbor is up for 00:00:13
Authentication Sequence: [ 0 ]
Neighbors
Area 0.0.0.1 interface 20.1.1.1(GigabitEthernet4/0/0)'s neighbors
Router ID: 3.3.3.3 Address: 20.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 20.1.1.2 BDR: None MTU: 0
Dead timer due in 32 sec
Retrans timer interval: 5
Neighbor is up for 00:00:05
Authentication Sequence: [ 0 ]
[outrouter]dis ospf routing
OSPF Process 1 with Router ID 1.1.1.1
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
10.1.1.0/24 1 Transit 10.1.1.1 1.1.1.1 0.0.0.1
20.1.1.0/24 1 Transit 20.1.1.1 1.1.1.1 0.0.0.1
100.1.1.0/24 2 Transit 10.1.1.2 4.4.4.4 0.0.0.1
114.114.114.114/32 2 Stub 10.1.1.2 4.4.4.4 0.0.0.1
114.114.114.114/32 2 Stub 20.1.1.2 4.4.4.4 0.0.0.1
200.1.1.0/24 2 Transit 20.1.1.2 4.4.4.4 0.0.0.1
Total Nets: 6
Intra Area: 6 Inter Area: 0 ASE: 0 NSSA: 0
[outrouter]
[outrouter]
[outrouter]ping 114.114.114.114
PING 114.114.114.114: 56 data bytes, press CTRL_C to break
Reply from 114.114.114.114: bytes=56 Sequence=1 ttl=254 time=120 ms
Reply from 114.114.114.114: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 114.114.114.114: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 114.114.114.114: bytes=56 Sequence=4 ttl=254 time=20 ms
Reply from 114.114.114.114: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 114.114.114.114 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/46/120 ms
[outrouter]tracert 114.114.114.114
traceroute to 114.114.114.114(114.114.114.
114), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.1.2 60 ms 10 ms 20 ms
2 200.1.1.1 50 ms 10 ms 20 ms
[outrouter]tracert 114.114.114.114
traceroute to 114.114.114.114(114.114.114.
114), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.1.2 30 ms 20 ms 20 ms
2 200.1.1.1 20 ms 20 ms 20 ms
[outrouter]tracert 114.114.114.114
traceroute to 114.114.114.114(114.114.114.
114), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.1.2 40 ms 20 ms 20 ms
2 200.1.1.1 30 ms 20 ms 20 ms
[outrouter]
[outrouter]tracert 114.114.114.114
traceroute to 114.114.114.114(114.114.114.
114), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.1.2 40 ms 10 ms 30 ms
2 200.1.1.1 30 ms 30 ms 30 ms
[outrouter]int gi 0/0/0
[outrouter-GigabitEthernet0/0/0]ip addr 192.168.200.1 29
[outrouter-GigabitEthernet0/0/0]int gi 0/0/1
[outrouter-GigabitEthernet0/0/1]ip addr 192.168.200.5 29
Error: The specified address conflicts with another address.
[outrouter-GigabitEthernet0/0/1]ip addr 192.168.200.5 30
Error: The specified address conflicts with another address.
[outrouter-GigabitEthernet0/0/1]
[outrouter-GigabitEthernet0/0/1]ip addr 192.168.200.11 29
[outrouter-GigabitEthernet0/0/1]
[outrouter-GigabitEthernet0/0/1]
[outrouter-GigabitEthernet0/0/1]q
[outrouter]ospf 1 router-id 1.1.1.1
[outrouter-ospf-1]area 0
[outrouter-ospf-1-area-0.0.0.0]network 192.168.200.1 0.0.0.7
[outrouter-ospf-1-area-0.0.0.0]network 192.168.200.9 0.0.0.7
[outrouter-ospf-1-area-0.0.0.0]
<outrouter>
LSW1:
The device is running!
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysname L3 sw1
[L3 sw1]int gi 0/0/1
[L3 sw1-GigabitEthernet0/0/1]ip addr 192.168.200.2
^
Error: Unrecognized command found at '^' position.
[L3 sw1-GigabitEthernet0/0/1]q
[L3 sw1]vlan batch 108 109 300
Info: This operation may take a few seconds. Please wait for a moment...done.
[L3 sw1]int vlanif 300
[L3 sw1-Vlanif300]ip addr 192.168.200.2 29
[L3 sw1-Vlanif300]q
[L3 sw1]int gi 0/0/1
[L3 sw1-GigabitEthernet0/0/1]port link-type access
[L3 sw1-GigabitEthernet0/0/1]port default vlan 300
[L3 sw1-GigabitEthernet0/0/1]q
[L3 sw1]ospf 1 router-id 5.5.5.5
[L3 sw1-ospf-1]area 0
[L3 sw1-ospf-1-area-0.0.0.0]network 192.168.200.1 0.0.0.7
[L3 sw1-ospf-1-area-0.0.0.0]q
[L3 sw1-ospf-1]q
[L3 sw1]int vlanif 108
[L3 sw1-Vlanif108]ip addr 10.180.108.1 24
[L3 sw1-Vlanif108]int vlanif 109
[L3 sw1-Vlanif109]ip addr 10.180.109.1 24
[L3 sw1-Vlanif109]int gi 0/0/2
[L3 sw1-GigabitEthernet0/0/2]port link-type trunk
[L3 sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan 108
[L3 sw1-GigabitEthernet0/0/2]int gi 0/0/3
[L3 sw1-GigabitEthernet0/0/3]port link-type trunk
[L3 sw1-GigabitEthernet0/0/3]port trunk allow-pass vlan 109
[L3 sw1-GigabitEthernet0/0/3]q
[L3 sw1]ospf
[L3 sw1-ospf-1]area 0
[L3 sw1-ospf-1-area-0.0.0.0]network 10.180.108.1 0.0.0.0
[L3 sw1-ospf-1-area-0.0.0.0]network 10.180.109.1 0.0.0.0
[L3 sw1-ospf-1-area-0.0.0.0]
LSW2:
The device is running!
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname L3 sw2
[L3 sw2]un i
Jul 27 2020 14:33:36-08:00 L3 sw2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 4, th
e change loop count is 0, and the maximum number of records is 4095.n
^
Error:Ambiguous command found at '^' position.
[L3 sw2]un in en
Info: Information center is disabled.
[L3 sw2]vlan batch
^
Error:Incomplete command found at '^' position.
[L3 sw2]vlan batch 110 111 300
Info: This operation may take a few seconds. Please wait for a moment...done.
[L3 sw2]int vlanif 300
[L3 sw2-Vlanif300]ip addr 192.168.200.12 29
[L3 sw2-Vlanif300]q
[L3 sw2]int gi 0/0/1
[L3 sw2-GigabitEthernet0/0/1]port link-type access
[L3 sw2-GigabitEthernet0/0/1]port default vlan 300
[L3 sw2-GigabitEthernet0/0/1]q
[L3 sw2]ospf 1 router-id 6.6.6.6
[L3 sw2-ospf-1]network 192.168.200.9 0.0.0.7
^
Error: Unrecognized command found at '^' position.
[L3 sw2-ospf-1]area 0
[L3 sw2-ospf-1-area-0.0.0.0]network 192.168.200.9 0.0.0.7
[L3 sw2-ospf-1-area-0.0.0.0]q
[L3 sw2-ospf-1]q
[L3 sw2]int gi 0/0/2
[L3 sw2-GigabitEthernet0/0/2]port link-type trunk
[L3 sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan 110
[L3 sw2-GigabitEthernet0/0/2]int gi 0/0/3
[L3 sw2-GigabitEthernet0/0/3]port link-type trunk
[L3 sw2-GigabitEthernet0/0/3]port trunk allow-pass vlan 111
[L3 sw2-GigabitEthernet0/0/3]q
[L3 sw2]ospf
[L3 sw2-ospf-1]area 1
[L3 sw2-ospf-1-area-0.0.0.1]q
[L3 sw2-ospf-1]area 0
[L3 sw2-ospf-1-area-0.0.0.0]network 10.180.110.1 0.0.0.0
[L3 sw2-ospf-1-area-0.0.0.0]network 10.180.111.1 0.0.0.0
[L3 sw2-ospf-1-area-0.0.0.0]
<L3 sw2>
<L3 sw2>sys
Enter system view, return user view with Ctrl+Z.
[L3 sw2]vlan 110
[L3 sw2-vlan110]int vlanif 110
[L3 sw2-Vlanif110]ip addr 10.180.110.1 25
[L3 sw2-Vlanif110]vlan 111
[L3 sw2-vlan111]int vlanif 111
[L3 sw2-Vlanif111]ip addr 10.180.111.1 24
[L3 sw2-Vlanif111]int vlanif 110
[L3 sw2-Vlanif110]ip addr 10.180.110.1 24
[L3 sw2-Vlanif110]
[L3 sw2-Vlanif110]
[L3 sw2-Vlanif110]
[L3 sw2-Vlanif110]
LSW3:
The device is running!
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname L2 sw1
[L2 sw1]un in en
Info: Information center is disabled.
[L2 sw1]int gi 0/0/1
[L2 sw1-GigabitEthernet0/0/1]port link-type trunk
[L2 sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan 108
[L2 sw1-GigabitEthernet0/0/1]int gi 0/0/2
[L2 sw1-GigabitEthernet0/0/2]port link-type access
[L2 sw1-GigabitEthernet0/0/2]port default vlan 108
Error: The VLAN does not exist.
[L2 sw1-GigabitEthernet0/0/2]q
[L2 sw1]vlan batch 108
Info: This operation may take a few seconds. Please wait for a moment...done.
[L2 sw1]int gi 0/0/2
[L2 sw1-GigabitEthernet0/0/2]port default vlan 108
[L2 sw1-GigabitEthernet0/0/2]int gi 0/0/3
[L2 sw1-GigabitEthernet0/0/3]port link-type access
[L2 sw1-GigabitEthernet0/0/3]port default vlan 108
[L2 sw1-GigabitEthernet0/0/3]
LSW4:
The device is running!
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname L2 sw2
[L2 sw2]
Jul 27 2020 14:51:32-08:00 L2 sw2 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5
.25.191.3.1 configurations have been changed. The current change number is 4, th
e change loop count is 0, and the maximum number of records is 4095.
[L2 sw2]un in en
Info: Information center is disabled.
[L2 sw2]vlan 109
[L2 sw2-vlan109]q
[L2 sw2]int gi 0/0/1
[L2 sw2-GigabitEthernet0/0/1]port link-type trunk
[L2 sw2-GigabitEthernet0/0/1]port trunk allow-pass vlan 109
[L2 sw2-GigabitEthernet0/0/1]int gi 0/0/2
[L2 sw2-GigabitEthernet0/0/2]port link-type access
[L2 sw2-GigabitEthernet0/0/2]port default vlan 109
[L2 sw2-GigabitEthernet0/0/2]int gi 0/0/3
[L2 sw2-GigabitEthernet0/0/3]port link-type access
[L2 sw2-GigabitEthernet0/0/3]port default vlan 109
[L2 sw2-GigabitEthernet0/0/3]
LSW5:
The device is running!
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysname L2 sw3
[L2 sw3]vlan 110
[L2 sw3-vlan110]Q
[L2 sw3]int gi 0/0/1
[L2 sw3-GigabitEthernet0/0/1]port link-type trunk
[L2 sw3-GigabitEthernet0/0/1]port trunk allow-pass vlan 110
[L2 sw3-GigabitEthernet0/0/1]int gi 0/0/2
[L2 sw3-GigabitEthernet0/0/2]port link-type access
[L2 sw3-GigabitEthernet0/0/2]port default vlan 110
[L2 sw3-GigabitEthernet0/0/2]int gi 0/0/3
[L2 sw3-GigabitEthernet0/0/3]port link-type access
[L2 sw3-GigabitEthernet0/0/3]port default vlan 110
[L2 sw3-GigabitEthernet0/0/3]
<L2 sw3>
LSW6:
<Huawei>
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysname L2 sw4
[L2 sw4]vlan 111
[L2 sw4-vlan111]q
[L2 sw4]int gi 0/0/1
[L2 sw4-GigabitEthernet0/0/1]port link-type trunk
[L2 sw4-GigabitEthernet0/0/1]port trunk allow-pass vlan 111
[L2 sw4-GigabitEthernet0/0/1]int gi 0/0/2
[L2 sw4-GigabitEthernet0/0/2]port link-type access
[L2 sw4-GigabitEthernet0/0/2]port default vlan 111
[L2 sw4-GigabitEthernet0/0/2]int gi 0/0/3
[L2 sw4-GigabitEthernet0/0/3]port link-type access
[L2 sw4-GigabitEthernet0/0/3]port default vlan 111
[L2 sw4-GigabitEthernet0/0/3]
PC1:
连通性配置完成:
现在只考虑策略路由的应用,实现
PC1、PC3、PC5、PC7正常情况下通过R2(telecom)访问R4(internet),当R1-R2-R4之间链路出现故障时自动切换到R1-R3-R4访问Internet;
PC2、PC4、PC6、PC8正常情况下通过R3(unicom)访问R4(internet),当R1-R3-R4之间链路出现故障时自动切换到R1-R2-R4访问Internet;
配置策略路由:
出口路由配置:
****************配置acl*******************
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]acl 3100 *********去往telecom
[Huawei-acl-adv-3100]q
[Huawei]acl 3101 *********去往unicom
[Huawei-acl-adv-3101]q
****************配置流分类*******************
[Huawei]traffic classifier 3100
[Huawei-classifier-3100]if-match acl 3100
[Huawei-classifier-3100]q
[Huawei]traffic classifier 3101
[Huawei-classifier-3101]if-match acl 3101
[Huawei-classifier-3101]q
****************配置流行为*******************
[Huawei]traffic behavior 3100
[Huawei-behavior-3100]redirect ip-nexthop 10.1.1.2
[Huawei-behavior-3100]traffic behavior 3101
[Huawei-behavior-3101]redirect ip-nexthop 20.1.1.2
****************配置流策略*******************
[Huawei-behavior-3101]traffic policy p
[Huawei-trafficpolicy-3100]classifier 3100 behavior 3100
[Huawei-trafficpolicy-3100]classifier 3101 behavior 3101
[Huawei-trafficpolicy-3100]q
****************分配流*******************
[Huawei]acl 3100
[Huawei-acl-adv-3100]rule permit ip source 10.180.108.10 0
[Huawei-acl-adv-3100]rule permit ip source 10.180.109.10 0
[Huawei-acl-adv-3100]rule permit ip source 10.180.110.10 0
[Huawei-acl-adv-3100]rule permit ip source 10.180.111.10 0
[Huawei-acl-adv-3100]acl 3101
[Huawei-acl-adv-3101]rule permit ip source 10.180.111.20 0
[Huawei-acl-adv-3101]rule permit ip source 10.180.110.20 0
[Huawei-acl-adv-3101]rule permit ip source 10.180.109.20 0
[Huawei-acl-adv-3101]rule permit ip source 10.180.108.20 0
****************全局应用流策略*******************需要在三层交换配置
<L3 sw1>sys
Enter system view, return user view with Ctrl+Z.
[L3 sw1]acl 3100
[L3 sw1-acl-adv-3100]q
[L3 sw1]acl 3101
[L3 sw1-acl-adv-3101]q
[L3 sw1]traffic classifier 3100
[L3 sw1-classifier-3100]if-match acl 3100
[L3 sw1-classifier-3100]q
[L3 sw1]traffic classifier 3101
[L3 sw1-classifier-3101]if-match acl 3101
[L3 sw1-classifier-3101]q
[L3 sw1]traffic behavior 3100
[L3 sw1-behavior-3100]redirect ip-nexthop 10.1.1.1
[L3 sw1-behavior-3100]traffic behavior 3101
[L3 sw1-behavior-3101]redirect ip-nexthop 20.1.1.1
[L3 sw1-behavior-3101]q
[L3 sw1]traffic policy test
[L3 sw1-trafficpolicy-test]classifier 3100 behavior 3100
[L3 sw1-trafficpolicy-test]classifier 3101 behavior 3101
[L3 sw1-trafficpolicy-test]q
[L3 sw1]acl 3100
[L3 sw1-acl-adv-3100]rule permit ip source 10.180.108.10 0
[L3 sw1-acl-adv-3100]rule permit ip source 10.180.109.10 0
[L3 sw1-acl-adv-3100]acl 3101
[L3 sw1-acl-adv-3101]rule permit ip source 10.180.109.20 0
[L3 sw1-acl-adv-3101]rule permit ip source 10.180.108.20 0
[L3 sw1-acl-adv-3101]q
[L3 sw1]traffic-policy test global inbound
****************vlan应用流策略*******************三层交换上配置
因为vlan应用流策略应该在三层交换上配置策略路由,我们在LSW1上配置测试下:
[L3 sw1]undo traffic-policy test global inbound
[L3 sw1]vlan 108
[L3 sw1-vlan108]traffic test inbound
[L3 sw1-vlan108]vlan 109
[L3 sw1-vlan109]traffic test inbound
[L3 sw1-vlan109]
****************接口上应用流策略*******************出口路由上配置
[Huawei]int gi0/0/0
[Huawei-GigabitEthernet0/0/0]traffic-policy p inbound
[Huawei-GigabitEthernet0/0/0]int gi 0/0/1
[Huawei-GigabitEthernet0/0/1]traffic-policy p inbound
[Huawei-GigabitEthernet0/0/1]q
注意:一个端口下面只能应用一个策略路由
