Vous êtes sur la page 1sur 7

Operation Manual IP Unicast Policy Routing (IP Services Volume)

Table of Contents

Table of Contents
Chapter 1 IP Unicast Policy Routing Configuration .................................................................. 1-1 1.1 Introduction to IP Unicast Policy Routing .......................................................................... 1-1 1.1.1 Policy Routing ......................................................................................................... 1-1 1.1.2 Policy Routing and Track ........................................................................................ 1-1 1.2 Configuring IP Unicast Policy Routing ............................................................................... 1-2 1.2.1 Defining a Policy...................................................................................................... 1-2 1.2.2 Enabling Local Policy Routing................................................................................. 1-4 1.2.3 Enabling Interface Policy Routing ........................................................................... 1-4 1.3 Displaying and Maintaining IP Unicast Policy Routing Configuration................................ 1-4 1.4 IP Unicast Policy Routing Configuration Examples ........................................................... 1-5 1.4.1 Configuring Policy Routing Based on Packet Size ................................................. 1-5

Operation Manual IP Unicast Policy Routing (IP Services Volume)

Chapter 1 IP Unicast Policy Routing Configuration

Chapter 1 IP Unicast Policy Routing Configuration


When configuring IP unicast policy routing, go to these sections for information you are interested in: Introduction to IP Unicast Policy Routing Configuring IP Unicast Policy Routing Displaying and Maintaining IP Unicast Policy Routing Configuration IP Unicast Policy Routing Configuration Examples

1.1 Introduction to IP Unicast Policy Routing


1.1.1 Policy Routing
Policy routing, also known as policy based routing (PBR) is a routing mechanism based on user-defined policies. Different from the traditional destination-based routing mechanism, policy routing enables you to use policies (based on the source address, address length, and other criteria) to route packets flexibly. Policy routing involves local policy routing and interface policy routing. Local policy routing applies to locally generated packets only. Interface policy routing applies to packets arriving at the interface. In general, policy routing takes precedence over destination-based routing. That is, policy routing is applied to the packets matching the specified policy, and other packets are forwarded through destination-based routing. However, if policy routing has a default next hop configured, destination-based routing takes precedence over policy routing.

1.1.2 Policy Routing and Track


Associated with a Track object, IP unicast policy routing can sense topology changes faster. The status of a Track object can be Positive, Negative, or Invalid. The policy routing configuration takes effect only when the status of the associated Track object is Positive. For details about Track configuration information, refer to the track command in Track Commands of the System Volume.

1-1

Operation Manual IP Unicast Policy Routing (IP Services Volume)

Chapter 1 IP Unicast Policy Routing Configuration

1.2 Configuring IP Unicast Policy Routing


1.2.1 Defining a Policy
A policy can consist of multiple nodes identified by node numbers. The smaller the node number is, the higher the priority of the node is. A policy node, which consists of if-match clauses and apply clauses, is used to route IP packets. An if-match clause specifies a match criterion on a node while an apply clause specifies an action to be taken on packets. There is an AND relationship between if-match clauses on a node. That is, a packet must satisfy all the if match clauses of the node before the action specified by the apply clause is taken. Currently, two types of if-match clause are available: if-match packet-length and if-match acl. You can specify only one if-match clause of each type in a policy node. There are three types of apply clause: apply ip-precedence, apply ip-address next-hop, and apply ip-address default next-hop. You can specify only one apply clause of each type in a policy node. The priorities of the apply clauses are in the following descending order: apply ip-precedence: If configured, this clause will always be executed. apply ip-address next-hop: apply ip-address default next-hop: This clause takes effect only when no next hop is defined for packets, or the defined next hop is invalid and the destination address does not match any route in the routing table. There is an OR relationship between the nodes of a policy. That is, if a packet matches a node, it passes the policy. When configuring policy nodes, you need to specify the match mode as permit or deny: permit: Specifies the match mode of a policy node as permit. If a packet satisfies all the if-match clauses on the policy node, the apply clause is executed. If not, the packet will go to the next policy node. deny: Specifies the match mode of a policy node as deny. When a packet satisfies all the if-match clauses on the policy node, the packet will be rejected and will not go to the next policy node. A packet satisfying the match criteria on a node will not go to other nodes. If the packet does not satisfy the match criteria of any node of the policy, the packet cannot pass the policy and will be forwarded through the routing table. You can define two next hops at most for a policy node. In this way, packets are forwarded in turn through the two next hops to achieve load sharing.

1-2

Operation Manual IP Unicast Policy Routing (IP Services Volume)

Chapter 1 IP Unicast Policy Routing Configuration

You can associate policy routing with a Track object when configuring a next hop, or default next hop, so as to determine the availability of the next hop dynamically. After you configure a Track object association in an apply clause, when an event occurs: If the status of the Track object is Positive, the apply clause can forward packets. If the status of the Track object is Negative or Invalid, the apply clause cannot forward packets. Follow these steps to define a policy: To do Enter system view Create a policy or policy node and enter policy node view Define a packet length match criterion Define an ACL match criterion Set an IP precedence type/value Use the command system-view policy-based-route policy-name [ deny | permit ] node node-number if-match packet-length min-len max-len if-match acl acl-number apply ip-precedence { type | value} apply ip-address next-hop ip-address [ track track-entry-number ] [ ip-address [ track track-entry-number ] ] apply ip-address default next-hop ip-address [ track track-entry-number ] [ ip-address [ track track-entry-number ] ] Remarks

Required

Optional Optional Optional Optional Two next hops at most can be specified. These two next hops are simultaneously active to achieve load sharing. Optional Two default next hops at most can be specified. These two next hops are simultaneously active to achieve load sharing.

Set next hops

Set default next hops

Note: You can use the apply ip-address next-hop command to configure two next hops. After that, you can specify a new next hop to overwrite the earlier configured next hop. If you want to modify the two next hops, you can directly specify two next hops using the apply ip-address next-hop command.

1-3

Operation Manual IP Unicast Policy Routing (IP Services Volume)

Chapter 1 IP Unicast Policy Routing Configuration

1.2.2 Enabling Local Policy Routing


Policy routing involves local policy routing and interface policy routing. In most cases, interface policy routing is used. Local policy routing is used to route packets generated by the local device. You can enable interface policy routing and local policy routing respectively. Only one policy can be referenced when local policy routing is enabled. Follow these steps to enable the local policy routing: To do Enter system view Enable local policy routing based on a policy Use the command system-view ip local policy-based-route policy-name Required Disabled by default. Remarks

1.2.3 Enabling Interface Policy Routing


Interface policy routing is applied to packets arriving on an interface. Only one policy can be referenced when policy routing is enabled on an interface. Follow these steps to enable interface policy routing: To do Enter system view Enter interface view Enable interface policy routing based on a policy Use the command system-view interface interface-type interface-number ip policy-based-route policy-name Required Disabled by default. Remarks

1.3 Displaying and Maintaining IP Unicast Policy Routing Configuration


To do Display information about local policy routing and interface policy routing Display the configuration information of policy routing Use the command display ip policy-based-route display ip policy-based-route setup { interface interface-type interface-number | local | policy-name } Remarks Available in any view

1-4

Operation Manual IP Unicast Policy Routing (IP Services Volume)

Chapter 1 IP Unicast Policy Routing Configuration

To do Display the statistics of policy routing Display the information of policy routing based on a specified policy Clear the statistics of policy routing based on a specified policy

Use the command display ip policy-based-route statistics { interface interface-type interface-number | local } display policy-based-route [ policy-name ] reset policy-based-route statistics [ policy-name ]

Remarks

Available in user view

1.4 IP Unicast Policy Routing Configuration Examples


1.4.1 Configuring Policy Routing Based on Packet Size
I. Network requirements
Policy routing based on policy lab1 is enabled on GigabitEthernet 0/2 of SecPath A. Packets with a size of 64 to 100 bytes are forwarded to 150.1.1.2/24, while packets with a size of 101 to 1,000 bytes are forwarded to 151.1.1.2/24. All other packets are forwarded through the routing table.

II. Network diagram

Figure 1-1 Network diagram for policy routing based on packet size

III. Configuration procedure


Configuration on SecPath A. # Configure RIP.
<SecPathA > system-view [SecPathA] rip [SecPathA-rip-1] network 192.1.1.0 [SecPathA-rip-1] network 150.1.0.0 [SecPathA-rip-1] network 151.1.0.0

1-5

Operation Manual IP Unicast Policy Routing (IP Services Volume)


[SecPathA-rip-1] quit

Chapter 1 IP Unicast Policy Routing Configuration

# Apply the policy lab1 to GigabitEthernet 0/2.


[SecPathA] interface gigabitethernet 0/2 [SecPathA-GigabitEthernet0/2] ip address 192.1.1.1 255.255.255.0 [SecPathA-GigabitEthernet0/2] ip policy-based-route lab1 [SecPathA-GigabitEthernet0/2] quit

# Forward IP packets with a size of 64 to 100 bytes to the next hop 150.1.1.2 and those with a size of 101 to 1,000 bytes to the next hop 151.1.1.2.
[SecPathA] interface gigabitethernet 0/0 [SecPathA-GigabitEthernet0/0] ip address 150.1.1.1 255.255.255.0 [SecPathA-GigabitEthernet0/0] quit [SecPathA] interface gigabitethernet 0/1 [SecPathA-GigabitEthernet0/1] ip address 151.1.1.1 255.255.255.0 [SecPathA- GigabitEthernet0/1] quit [SecPathA] policy-based-route lab1 permit node 10 [SecPathA-pbr-lab1-10] if-match packet-length 64 100 [SecPathA-pbr-lab1-10] apply ip-address next-hop 150.1.1.2 [SecPathA-pbr-lab1-10] quit [SecPathA] policy-based-route lab1 permit node 20 [SecPathA-pbr-lab1-20] if-match packet-length 101 1000 [SecPathA-pbr-lab1-20] apply ip-address next-hop 151.1.1.2

Configuration on SecPath B # Configure RIP.


<SecPathB> system-view [SecPathB] rip [SecPathB-rip-1] network 150.1.0.0 [SecPathB-rip-1] network 151.1.0.0 [SecPathB] interface gigabitethernet 0/0 [SecPathB-GigabitEthernet0/0] ip address 150.1.1.2 255.255.255.0 [SecPathB-GigabitEthernet0/0] quit [SecPathB] interface gigabitethernet 0/1 [SecPathB-GigabitEthernet0/1] ip address 151.1.1.2 255.255.255.0 [SecPathB-GigabitEthernet0/1] quit

1-6