PBR (based on IP address) example
Network requirements
As shown in Figure 13-1 , the Layer Convergence layer Switch do forwarding device, the access layer device LSW do the gateway, the routing between the convergence layer and access layer LSW Switch up. Convergence layer Switch connected through two links to the two core router, a low-speed link, the gateway as 10.1.20.1/24; Furthermore a high-speed link, the gateway as 10.1.30.1/24.
Hopes to the core layer on the aggregation layer device Switch message, the source IP address of packets 192.168.100.0/24 high-speed transmission link, and the source IP address of the packets by low speed 192.168.101.0/24 link transmission.
Configuration Roadmap
- Create a VLAN and configure each interface, and outside the company network interconnection devices.
- Configuring ACL rules to match the source IP address of packets 192.168.100.0/24 and 192.168.101.0/24.
- A traffic classifier to match the preceding ACL rules, so that the device can distinguish between packets.
- Configure traffic, to meet the different rules of the packets are redirected to 10.1.20.1/24 and 10.1.30.1/24.
- Traffic policy, bind the traffic classifier and behavior, and to an interface in the inbound direction GE0 / 0/3 of the policy-based routing.
Steps
- Create a VLAN and configure each interface
# In the creation VLAN100 and VLAN200 on the Switch.
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 100 200
# Configure interface Switch the GE0 / 0 /. 1, the GE0 / 0/2 and interface type GE0 / 0/3 is Trunk, the added and VLAN100 and VLAN200.
[Switch] interface gigabitethernet 0/0/1 [Switch-GigabitEthernet0/0/1] port link-type trunk [Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet0/0/1] quit [Switch] interface gigabitethernet 0/0/2 [Switch-GigabitEthernet0/0/2] port link-type trunk [Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet0/0/2] quit [Switch] interface gigabitethernet 0/0/3 [Switch-GigabitEthernet0/0/3] port link-type trunk [Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200 [Switch-GigabitEthernet0/0/3] quit
# Create VLANIF100 and VLANIF200, and configure virtual interface IP address.
[Switch] interface vlanif 100 [Switch-Vlanif100] ip address 10.1.20.2 24 [Switch-Vlanif100] quit [Switch] interface vlanif 200 [Switch-Vlanif200] ip address 10.1.30.2 24 [Switch-Vlanif200] quit
- ACL rules
# In Create Switch coding for advanced ACL 3001,3002, the rules were allowed source IP addresses and packets 192.168.101.0/24 192.168.100.0/24 through.
[Switch] acl 3001 [Switch-acl-adv-3001] rule permit ip source 192.168.100.0 0.0.0.255 [Switch-acl-adv-3001] quit [Switch] acl 3002 [Switch-acl-adv-3002] rule permit ip source 192.168.101.0 0.0.0.255 [Switch-acl-adv-3002] quit
- Traffic Classifier
In the Create traffic classifier c1 on the Switch, c2, matching rules are ACL 3001 and ACL 3002.
[Switch] traffic classifier c1 operator or [Switch-classifier-c1] if-match acl 3001 [Switch-classifier-c1] quit [Switch] traffic classifier c2 operator or [Switch-classifier-c2] if-match acl 3002 [Switch-classifier-c2] quit
- Configure traffic
# In Create a traffic behavior b1, b2 on the Switch, and specify redirected to 10.1.20.1/24 and 10.1.30.1/24 of action.
[Switch] traffic behavior b1 [Switch-behavior-b1] redirect ip-nexthop 10.1.20.1 [Switch-behavior-b1] quit [Switch] traffic behavior b2 [Switch-behavior-b2] redirect ip-nexthop 10.1.30.1 [Switch-behavior-b2] quit
- A traffic policy and apply it to an interface
# In Create a traffic policy p1 on the Switch, traffic classifiers to traffic behaviors for binding.
[Switch] traffic policy p1 [Switch-trafficpolicy-p1] classifier c1 behavior b1 [Switch-trafficpolicy-p1] classifier c2 behavior b2 [Switch-trafficpolicy-p1] quit
The traffic policy p1 # interfaces to the inbound direction GE0 / 0/3 in.
[Switch] interface gigabitethernet 0/0/3 [Switch-GigabitEthernet0/0/3] traffic-policy p1 inbound [Switch-GigabitEthernet0/0/3] return
- Verify the configuration.
# Check the configuration of ACL rules.
<Switch> display acl 3001 Advanced ACL 3001, 1 rule Acl's step is 5 rule 5 permit ip source 192.168.100.0 0.0.0.255 (match-counter 0)
<Switch> display acl 3002 Advanced ACL 3002, 1 rule Acl's step is 5 rule 5 permit ip source 192.168.101.0 0.0.0.255 (match-counter 0)
# Check the configuration of traffic classification.
<Switch> display traffic classifier user-defined User Defined Classifier Information: Classifier: c2 Operator: OR Rule(s) :if-match acl 3002 Classifier: c1 Operator: OR Rule(s) : if-match acl 3001 Total classifier number is 2
# View the configuration of the traffic policy.
<Switch> display traffic policy user-defined p1 User Defined Traffic Policy Information: Policy: p1 Classifier: c1 Operator: OR Behavior: b1 Redirect: no forced Redirect ip-nexthop 10.1.20.1 Classifier: c2 Operator: OR Behavior: b2 Redirect: no forced Redirect ip-nexthop 10.1.30.1
Profiles
-
Switch profile
# sysname Switch # vlan batch 100 200 # acl number 3001 rule 5 permit ip source 192.168.100.0 0.0.0.255 acl number 3002 rule 5 permit ip source 192.168.101.0 0.0.0.255 # traffic classifier c1 operator or if-match acl 3001 traffic classifier c2 operator or if-match acl 3002 # traffic behavior b1 redirect ip-nexthop 10.1.20.1 traffic behavior b2 redirect ip-nexthop 10.1.30.1 # traffic policy p1 match-order config classifier c1 behavior b1 classifier c2 behavior b2 # interface Vlanif100 ip address 10.1.20.2 255.255.255.0 # interface Vlanif200 ip address 10.1.30.2 255.255.255.0 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 100 200 # interface GigabitEthernet0/0/2 port link-type trunk port trunk allow-pass vlan 100 200 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 100 200 traffic-policy p1 inbound # return
Excerpt from the official bloggers summary