Huawei equipment routing strategy principle and experiment

Others 2021-01-24 01:36:34 views: null

Overview:

The routing strategy can be configured and used when the routing protocol advertises, receives, and imports routes, and can also be used to filter routes and change routing attributes.

The calling relationship between the tools of the routing strategy:
Insert picture description here

  1. Condition tool: used to "grab" the required route.
  2. Policy tool: used to perform certain actions on the "fetched" routes, such as allowing, denying, and modifying attribute values.
    Wait.
  3. Calling tool: used to apply routing strategy to a specific routing protocol to make it effective.

The filter-policy and peer in the calling tool also have the function of the strategy tool, so these two things can directly call the condition tool. All other calling tools must indirectly call the condition tools through route-policy.

It should be noted that the peer cannot directly call ACL and community filter, but can call all other condition tools.

The structure of the routing strategy:

Insert picture description here
Route-Policy consists of four parts: node number, matching mode, if-match clause (conditional sentence) and apply clause (execution sentence).

1. Node number
A Route-Policy can be composed of multiple nodes. When routing matches Route-Policy, the following two rules are followed:

  1. Order matching: During the matching process, the system checks each entry in the order of the node number from small to large. Therefore, when specifying the node number, pay attention to the expected matching sequence.
  2. Unique match: There is an "or" relationship between the node numbers of Route-Policy. As long as one node is matched, it is considered to pass the filter and no other nodes are matched.

2.
Matching mode There are two matching modes for nodes: permit and deny.

  1. permit specifies that the matching mode of the node is permit. When the routing item passes the filtering of the node, the apply clause of the node will be executed and the next node will not be entered; if the routing item does not pass the filtering of the node, it will enter the next node to continue matching.
  2. deny specifies that the matching mode of the node is deny. At this time, the apply clause will not be executed. When the routing item satisfies all the if-match clauses of the node, it will be refused to pass the node and will not enter the next node; if the routing item does not satisfy the if-match clause of the node, it will enter the next node to continue matching.

Note:
Usually a Route-Policy in permit mode without if-match clause and apply clause is set after multiple deny nodes to allow all other routes to pass.

3. If-match clauses (conditional sentences)
if-match clauses are used to define some matching conditions. Each node of Route-Policy can contain multiple if-match clauses or not contain if-match clauses. If a permit node is not configured with any if-match clauses, the node matches all routes.

Fourth, apply clause (execution statement) The
apply clause is used to specify actions. When the route passes the Route-Policy filter, the system sets some attributes of the route information according to the action specified by the apply clause. Each node of the Route-Policy can contain multiple apply clauses or not contain apply clauses. If you only need to filter the route without setting the attributes of the route, do not use the apply clause.

Routing policy matching result:

work flow chart:
Insert picture description here

For a route, after using Route-Policy, is the final result allowed or denied? This final result has a very large impact on the business, and may directly affect the connection or failure of a certain business. This involves the issue of Route-Policy matching rules.

The filtering results of each node of Route-Policy should integrate the following two points:

  1. The matching mode (permit or deny) of the node node of the Route-Policy.
  2. Matching conditions (permit or deny) contained in if-match clauses (such as the quoted address prefix list or access control list).
    For each node, the permutation and combination of the above two points will appear in the 4 situations shown in Table 1.

The filtering results of each node of Route-Policy should integrate the following two points:

  1. The matching mode (permit or deny) of the node node of the Route-Policy.
  2. Matching conditions (permit or deny) contained in if-match clauses (such as the quoted address prefix list or access control list).
    For each node node, the permutation and combination of the above two points will appear in the following 4 situations:

Insert picture description here
Among the above four combinations, the first two are easier to understand and more commonly used. The latter two are relatively difficult to understand. In fact, when the Rule is deny, no matter what the mode is, it will not be allowed to pass through this node when it is matched, and continue to match.

Here we take the third case as an example to illustrate. Assuming that the matching condition contained in the if-match clause is deny, the matching condition permit corresponding to the node node is configured as follows:
acl number 2001
rule 5 deny source 172.16.16.0 0 //Reject 172.16.16.0

acl number 2002
rule 5 permit source 172.16.16.0 0 //Allow 172.16.16.0

route-policy RP permit node 10 //At this node, the route 172.16.16.0 was rejected, continue on
if-match acl 2001

route-policy RP permit node 20 //On this node, the route 172.16.16.0 is allowed
if-match acl 2002

In this case, a key point is that the route of node 10, 172.16.16.0 is rejected and will continue to be matched at the same time. Perhaps the next node will be allowed to pass? Sure enough, continue to go down, and 172.16.16.0 was allowed again when it reached the node 20, so the final matching result of the Route-Policy is to allow the route 172.16.16.0.

Note:
Huawei equipment defaults that all unmatched routes will be rejected through Route-Policy. If more than one node is defined in the Route-Policy, it should be ensured that at least one of the nodes has a matching mode of permit. Because Route-Policy is used for routing information filtering:

  1. If a certain routing information does not pass through any node, it is considered that the routing information does not pass the Route-Policy.
  2. If all the nodes of the Route-Policy are in deny mode, no routing information can pass through the Route-Policy.

experiment:

Insert picture description here
User requirements:
As shown in the figure, a campus network is mainly divided into a production network segment and an office network segment. When the terminal
connected under LSW3 accesses the following network segment, the traffic model is as follows: 10.10.1.0/24-----The production network segment, LSW1 is given priority, and LSW2 is used as the backup link.
10.10.2.0/24-----office network segment, first go out of LSW2, LSW1 as the backup link.
10.10.3.0/24 ----- other network segments, just go there, just load sharing.
This traffic model can ensure the separation of traffic between the production network and the office network, facilitating maintenance and fault location. At the same time, this traffic model is conducive to the balanced distribution of traffic to the two links, and at the same time as a backup link for each other, which is conducive to network stability.

Configuration process:
1. Establish OSPF neighbor relationship between LSW1, LSW2, and LSW3.
2. Configure static routes to the above network segments on LSW1 and LSW2, and import OSPF to advertise them to LSW3.
3. Configure routing strategies on LW1 and LSW2 and adjust the traffic model to meet the needs of users' planning.

Only the key configuration related to the routing strategy is given here:
LSW1 key configuration:

acl number 2000
rule 5 permit source 10.10.1.0 0 //Used to match production network segment routes

acl number 2001
rule 5 permit source 10.10.2.0 0 //Used to match office network segment routing

route-policy RP permit node 10
if-match acl 2000
apply cost 10 //Set the cost of the production network segment route to 10

route-policy RP permit node 20
if-match acl 2001
apply cost 20 //Set the cost of the office network segment route to 20

route-policy RP permit node 30 //Routes in the remaining network segments are allowed to enter without any processing

ip route-static 10.10.1.0 255.255.255.0 192.168.14.2
ip route-static 10.10.2.0 255.255.255.0 192.168.14.2
ip route-static 10.10.3.0 255.255.255.0 192.168.14.2

Key configuration of LSW2:

acl number 2000
rule 5 permit source 10.10.1.0 0 //Used to match production network segment routes

acl number 2001
rule 5 permit source 10.10.2.0 0 //Used to match office network segment routing

route-policy RP permit node 10
if-match acl 2000
apply cost 20 //Set the cost of the production network segment route to 20

route-policy RP permit node 20
if-match acl 2001
apply cost 10 //Set the cost of the office network segment route to 10

route-policy RP permit node 30 //Routes in the remaining network segments are allowed to enter without any processing

ip route-static 10.10.1.0 255.255.255.0 192.168.25.2
ip route-static 10.10.2.0 255.255.255.0 192.168.25.2
ip route-static 10.10.3.0 255.255.255.0 192.168.25.2

Result verification
After completing the above configuration, you can check the IP routing table on LSW3 to confirm whether the traffic model is correct.

display ip routing-table 

Route Flags: R - relay, D - download to fib

Routing Tables: Public
     Destinations : 9        Routes : 10      

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

  10.10.1.0/24  O_ASE   150  10          D   192.168.13.1    Vlanif13
  10.10.2.0/24  O_ASE   150  10          D   192.168.23.1    Vlanif23
  10.10.3.0/24  O_ASE   150  1           D   192.168.23.1    Vlanif23
                O_ASE   150  1           D   192.168.13.1    Vlanif13
  127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
  127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
  192.168.13.0/24  Direct  0    0           D   192.168.13.2    Vlanif13
  192.168.13.2/32  Direct  0    0           D   127.0.0.1       Vlanif13
  192.168.23.0/24  Direct  0    0           D   192.168.23.2    Vlanif23
  192.168.23.2/32  Direct  0    0           D   127.0.0.1       Vlanif23

From the routing table of LSW3, it can be seen that the traffic to the production network segment 10.10.1.0/24 preferentially goes to LSW1, the traffic to the office network segment 10.10.2.0/24 prefers to go to LSW2, and the traffic to other network segments is in LSW1 and LSW2. Load sharing is performed on the two links. The flow model meets expectations.

Detection command
Use the display route-policy [route-policy-name] command to view the detailed configuration information of the routing policy.

Sorting out the source of information: "Switches in Jianghu"

Guess you like

Origin blog.csdn.net/tushanpeipei/article/details/112905966
Recommended
Ranking
element
The difference and advantages of video interview and traditional interview
Title【2002】
【Python pypinyin】--2019-08-06 16:16:55
docker pull image error: ‘invalid checksum digest format‘
ubuntu system: Install python on ubuntu22.04 and set system environment variables
October self-examination is the end and the beginning
Reptile error occurs gbk
The realization of the string function
--- CSS --- beautify the front page elements
Daily
More
2024-08-31(0)
2024-08-30(0)
2024-08-29(0)
2024-08-28(0)
2024-08-27(0)
2024-08-26(0)
2024-08-25(0)
2024-08-24(0)
2024-08-23(0)
2024-08-22(0)

Code World

© 2018 codetd.com