Prerequisite summary:
Whether it is routing strategy or policy routing, the purpose is to achieve the effect of controlling the reachability of network traffic or adjusting the path of network traffic.
1. Routing strategy. (Route-Policy) The
routing policy is to control the reachability of data traffic by modifying routing entries in the routing table. That is to filter the accepted and advertised routes. This method is called a routing strategy.
| Routing policy function | Related effects |
|---|---|
| Control the advertisement of routes | You can filter the routing information to be advertised by routing policies, and only admit routing information that meets the conditions. |
| Controlling the reception of routes | The routing information to be received can be filtered through routing policies, and only routing information that meets the conditions is allowed to be received. This can control the number of routing entries and improve the routing efficiency of the network. |
| Control the introduction of routing | Only routing information that satisfies the conditions can be introduced through the routing strategy, and certain attributes of the imported routing information can be controlled to meet the routing attribute requirements of this routing protocol. |
| Set routing properties | Modify the attributes of routes filtered by routing policies to meet your needs. |
- For the implementation of routing strategies, the routing information features must first be extracted, and filtering can be used to filter the data. Of course, the filtering attributes can be various attributes, such as source and destination addresses, etc., and then the data is distributed according to these attributes. Afterwards, it is applied to the advertisement, acceptance and introduction of routes.
-Routing information feature extraction tools:
① Access Control List (Access Control List): a set of ordered rules composed of permit or deny statements, which realizes the classification of packets by matching the information of the packets.
ACL classification:
basic ACL: mainly based on source address, fragmentation mark and time period information to classify and define the data packet, the number range is 2000-2999.
Advanced ACL: Based on information such as source address, destination address, source port number, destination port number, protocol type, priority, time period, etc., data packets can be classified in a more detailed manner, with a number range of 3000-3999.
Layer 2 ACL: It mainly classifies and defines data packets based on source MAC address, destination MAC address, and packet type. The number range is 4000-4999.
User-defined ACL: It mainly processes data packets according to user-defined rules, and the number range is 5000-5999.
An ACL can consist of multiple "deny | permit" statements, each of which describes a rule. After receiving data traffic, the device will match ACL rules one by one to see if they match. If it does not match, continue to match the next one. Once a matching rule is found, the action defined in the rule will be executed, and it will not continue to match with subsequent rules; if no matching rule is found, the device will directly forward the packet.
It should be noted that there may be repetition or contradiction in these rules defined in the ACL. The matching order of the rules determines the priority of the rules. ACL sets the priority of the rules to deal with the duplication or contradiction between the rules.
②: The address prefix list is IP-Prefix List. You can use the address prefix list to filter the routes matching the defined prefix filter list according to the defined matching pattern to meet the needs of users.
Prefix list composition and matching rules: The
prefix filter list consists of IP addresses and masks. The IP address can be a network segment address or a host address, and the mask length can be configured from 0 to 32.
Each IP-Prefix in the IP-Prefix List has a serial number index, and the matching will be performed according to the serial number from small to large when matching.
If the index of IP-Prefix is not configured, the corresponding index is increased by a step of 10 on the basis of the index of the IP-Prefix of the same name configured last time. If the name and index of the configured IP-Prefix are the same as those of an already configured IP-Prefix List, but only the matching content is different, the IP-Prefix List will overwrite the original IP-Prefix List.
When all prefix filter lists are not matched, by default, the last default matching mode is deny. When the referenced prefix filter list does not exist, the default matching mode is permit.
Prefix mask length range: The
prefix filter list can be matched exactly or within a certain mask length range, and the keyword prefix-equal and less-equal can be configured to specify the prefix mask length range to be matched. If the keyword greater-equal or less-equal is not configured, the prefix filter list will match exactly, that is, only match the IP address route whose mask length is the same as the prefix filter list mask length; if only the keyword greater-equal is configured , The length of the mask to be matched ranges from the value specified by greater-equal to 32 bits; if only the keyword less-equal is matched, the length of the mask to be matched ranges from the specified mask to the keyword less -equal specified value.
③: AS-PATH-filter (filter by regular expression)
-Routing policy tool: ①Route-Policy tool:
Route-Policy is a very powerful routing policy tool, it can be used flexibly with other tools such as ACL, IP-Prefix List, As-Path-Filter Each node has a corresponding permit mode or deny mode. If it is in permit mode, when the routing item meets all if-match clauses of the node, it is allowed to pass the node's filtering and execute the node's apply clause, and no longer enter the next node; if the routing item does not Satisfy all if-match clauses of this node, it will enter the next node to continue filtering. If it is in deny mode, when the routing entry satisfies all if-match clauses of the node, it is rejected by the node's filtering. At this time, the apply clause will not be executed and the next node will not be entered; otherwise, it will enter The next node continues to filter.
②Filter-Policy tool:
Filter-Policy can filter received or advertised routes, and can be applied to ISIS, OSPF, BGP and other protocols. The Filter-Policy tool in each protocol can filter the routes received, advertised, and imported by referencing ACLs or address prefix lists.
For the distance vector protocol and the link state protocol, the operation process of the Filter-Policy tool is different: the
distance vector protocol generates routes based on the routing table, so the filter affects the routes received from neighbors and the routes advertised to neighbors.
The link state routing protocol is based on the link state database to generate routes, and the routing information is hidden in the link state LSA, but the Filter-Policy cannot filter the LSAs published and received, so the Filter-Policy does not affect the link state The integrity of the advertisement or link state database and the protocol routing table only affect the local routing table, and only the routes that pass the filtering are added to the routing table, and the routes that do not pass the filtering are not added to the routing table.
Different protocols use the filter-policy export command to affect the range of routes to be advertised:
for distance vector protocols, the imported routing information and the routing information discovered by this protocol will be filtered.
For link state protocols, only the imported routing information is filtered.
Second, policy routing. (Traffic-Policy)
Policy routing is forwarded by the user-defined policy, andPolicy routing is better than routing table forwarding. This method is called policy routing. It can be seen that the routing strategy is based on the routing table for traffic forwarding, and the strategy routing is based on the strategy for traffic forwarding, that is, according to a certain strategy for packet forwarding, so policy routing is a more flexible routing mechanism than destination routing . When a router forwards a data packet, it first filters the packet according to the configured rules. If the match is successful, the packet is forwarded according to a certain forwarding strategy. This rule can be based on standards and extended access control lists, or it can be based on the length of the message; the forwarding strategy is to control the message to be forwarded according to the specified strategy routing table, or modify the IP priority field of the message. Therefore, policy routing is an effective enhancement to the traditional IP routing mechanism.
-
Route selection parameters for policy routing: source and destination IP addresses, protocol fields, and even TCP and UDP source and destination ports for multiple combinations of route selection, which is more flexible
-
When policy routing forwards data packets, it is not simply based on the destination IP address, but a comprehensive consideration of multiple factors, such as source and destination port number, IP address and other parameters for traffic engineering formulation, which can meet the needs of different services along different links. Demand is allocated based on traffic.
-
Advantages of policy routing:
① Different users can assign different links (for example, there are multiple ISPs)
② Set the IPP or TOS field to achieve QoS
③ Realize load balancing
Process
flow of policy routing ① Flow mode The
first packet checks the routing and forwarding table. If there is a route, the route entry is placed in the cache with the index of source, dest, tos, inbound interface, etc. In the future, the same flow can directly check the cache
For low-end routers, all operations are handled by CPU + memory.
For high-end devices, generally handled by NP and Asic chips
②Packet-by-packet mode
Each packet is forwarded after a table lookup
PBR is divided into:
- Local policy routing: Implement policy routing for the packets sent by this device, such as ICMP, BGP and other protocol packets delivered by this machine.
- When users need to realize that packets of different source addresses or packets of different lengths are sent in different ways, you can configure local policy routing.
- Commonly used Policy-Based-Route tools to achieve.
- Interface policy routing: It takes effect on the packets forwarded by the device, but not the packets delivered by the device.
- When users need to forward certain packets received through a specific next-hop address, they need to configure interface policy routing. Packets that match the redirection rules are forwarded through a specific next-hop exit, and packets that do not match the redirection rules are forwarded directly according to the routing table. Interface policy routing is mostly used for load sharing and security monitoring.
- Commonly used Traffic-Policy tools to achieve.
- Intelligent policy routing: Select the best link for business data flow based on link quality information.
When users need to choose different quality links for different services, they can configure intelligent policy routing.
The difference between routing strategy and policy routing:
