Article Directory
Routing Policy (Routing Policy ) is a set of methods used to filter routing information and attribute settings. Through the control of routing, it can affect data traffic forwarding operations. In fact, routing strategy is not a single technology or protocol, but a technical topic or methodology, which contains a variety of tools and methods.
The application of routing strategies is very extensive and very important. We mainly implement the following requirements by deploying routing strategies.
(1) The network device performs route filtering when it announces or receives route updates.
(2) When the network equipment performs route redistribution, it associates with the routing strategy and only introduces specific routes into the target routing protocol.
(3) Different routing attributes are set for different routes (for example, the metric value of the route, the priority of the route or the label of the route, etc.).
1.Route-Policy
Route-Policy (Routing-Policy ) is an important tool in the topic of routing strategy technology. It can complete routing strategy deployment tasks well in various occasions and is very powerful. It can be used to perform routing filtering. It can also be used to modify routing attributes.
2. Basic concepts of Route-Policy
Route-Policy is a very important routing policy tool. As shown in the figure, you can think of it as a list of one or more nodes (Node) . Each node can be a set of conditional statements and execution statements. , These nodes are arranged in ascending order of number.
In each node, users can define conditional statements and execute statements, which is a bit like I-Then (if-then) combination in programming language .
When the Route-Policy is executed, the device starts route matching from the node with the lowest number. In this example, first look at node 1. The device matches the conditional statement in the node. If the matched object meets all the conditions, then Execute the execution statement in this node, and will not continue to the next node for matching.
If any of the conditions in node 1 is not met, then go to the next node, that is, to node 2 to match the conditional statement. If the matched object meets all the conditions, the execution statement in the node is executed. If satisfied, continue to the next node for matching, and so on.
3. Basic configuration
3.1 Create a Route-Policy node
route-policy route-policy-name { permit | deny } node node
Permit : Specify the matching mode of the node as permitted .
If the result of route matching satisfies all the if-match statements of the node, the route is considered to be allowed to pass, the apply statement of the node will be executed, and the next node will not enter; if there is an if-match in the node If the sentence is not satisfied, then enter the next node to continue matching.
Deny : The matching mode of the specified node is deny .
If the matching mode of the node is deny, the apply statement of the node will not be executed. If the result of route matching is to satisfy all the if-match statements of the node, then the matching process of Route-Policy ends immediately and will not enter the next node, and the route that meets the conditions of the node is regarded as rejected. If there is an if-match statement under this node that is not satisfied, then go to the next node to continue matching.
Take the command route-policy hcnp permit node 10 as an example. If Route-Policy hcnp does not exist on the device, then after executing this command, the device will create a Route-Policy named hcnp and at the same time create a node in the Route-Policy. The matching mode of the node is permit, and the number is 10.
3.2 (Optional) Configure if-match statements
In the node view of Route-Policy, use the if-match command to define matching conditions. The matched objects are some attributes of routing information, such as the destination network address or mask length of the route, metric value, tag or next hop IP Address etc. The following are some commonly used if-match commands.
匹配ACL:
if-match acl { acl-number | acl-name }
Match IP prefix list:
if-match ip-prefix ip-prefix-name
The metric of the matching route:
if-match metric metric
Outbound interface of matching route:
if-match interface interface-type interface-number
Matching route tag:
if-match tag tag
A node can contain multiple if-match statements, and the relationship between these if-match statements is "and" , which means that all if-match statements must be satisfied at the same time, and the matched object is regarded as matching the node.
But with the exception of if -match route-type and if-match interface , these commands have an "or" relationship between their respective if-match statements .
3.3 (optional) configure apply statement
In the node view of Route-Policy, use the apply command to specify the actions to be performed. These actions are mainly to modify some attributes of the matched route, such as modifying the metric value, priority value, and marking of the route. The following are some commonly used apply commands.
Set the routing metric:
apply cost [+ | -] cost
Set route metric type:
Set IS-IS metric type: apply cost-type {external | internal}
Set OSPF metric type: apply cost-type {type-1 | type-2}
Set the next hop address of the route:
apply ip-address next-hop {ipv4-address | peer-address}
Set the priority of the route:
apply preference preference
Set the tag of the route:
apply tag tag
A node may not contain any apply statement. At this time, the node is only used to perform route filtering, not to set the attributes of the route.
4.Filter-Policy
A tool for route filtering, Filter-Policy (filter-policy ), can be regarded as a route filter.
It should be emphasized that Filter-Policy can only filter routing information, but cannot filter LSA. Filter-Policy can be applied in common dynamic routing protocols such as RIP, OSPF, IS-IS and BGP.
5. IP prefix list
From the name point of view, the IP prefix list is a list-like tool. The object it matches is the IP address prefix, which is the routing entry.
A routing entry is jointly identified by the destination network address (also called IP prefix) and mask length (also called prefix length).
When using ACL to filter out the route of interest from a batch of routes, it is impossible to specify the length of the destination network mask of the matched object, but the IP prefix list can do it. In addition to specifying the destination network address of the matched object, You can also specify the length of the destination netmask, so as to achieve precise routing matching.
The figure shows an example of a simple IP prefix list. The IP prefix list can contain one or more statements, and each statement is identified by a decimal number (Index).
In this example, there is only one statement in the IP prefix list named abcd, and the sequence number of this statement is 10. As mentioned earlier, you can create multiple statements for an IP prefix list, and each statement uses a different sequence number. All the sentences are arranged in order from smallest to largest, which is very similar to ACL.
In this example, the IP address (172.16.0.0) and the mask length (16) are specified in the statement of the IP prefix list, so that the statement exactly matches the route 172.16.0.0/16, IP prefix In addition to accurately matching a route, the list can also match a set of regular routes.
The figure shows another example of the IP prefix list. The two keywords and parameters of greater-equal (greater than or equal to) and less-equal (less than or equal to) are added to the example to specify the range of the mask length.
This command requires the first 16 bits of the destination network address of the route to be the same as the first 16 bits of 172.16.0.0. In addition, the destination netmask length of the route must be greater than or equal to 24 and less than or equal to 32. Only routes that meet the above conditions will be matched by this sentence.
If only the greater-equa l keyword is specified in a statement (and the less-equal keyword is not specified ), the mask length range is greater than or equal to the value specified by the greater-equal keyword, and less than or equal to 32. If only the less-equal keyword is specified (and the greater-equal keyword is not specified), the mask length range is greater than or equal to the mask length specified in the command, and less than or equal to the less-equal keyword specified value.