【Huawei S Series Switches Routing Policy】1 Routing Policy

Created Mar 22, 2017 11:04:24Latest reply Apr 07, 2018 23:08:09 2612 2 1 0

1      Routing Policy

Routing policies are widely used in carrier IP networks and enterprise networks. Routing policy planning is also an important part of network planning. To help you understand and use routing policies, this document introduces routing policies.

1.1  Overview

1.1.1            What Is Routing Policy?

When discussing routing policy, you may ask what the routing policy is.

Many people consider a routing policy as a route-policy, while some may say that a filter-policy is also a routing policy. These opinions are less accurate. Routing policy is neither a specific technology nor a specific feature.

Routing policy is a policy that controls routes using a series tools or methods. This type of policy will affect route generation, advertisement, and selection and so affect the packet forwarding path. These tools include ACL, route-policy, ip-prefix, and filter-policy, and these methods include filtering routes and setting attributes for routes.

1.1.2            Invoking Between Tools Used in Routing Policy

When using routing policy, you may have multiple choices in determining the tools, for example, ACL, route-policy, ip-prefix, and filter-policy. Many of you may be unclear about the invoking between these tools. The following figure illustrates the relationship between these tools.

Invoking between tools in routing policy

20170322110617221001.png

 

In Figure 1-1, all the tools used in routing policy are classified into the following types:

l   Condition tool: captures required routes.

l   Policy tool: performs an action on the captured routes, for example, permit, deny, and modify attributes.

l   Invoking tool: applies a routing policy to a specific routing protocol to make the routing policy to take effect.

Among invoking tools, filter-policy and peer have policy tools and can directly invoke condition tools. Other invoking tools must use route-policy to invoke condition tools.

note

The invoking tool, peer, can invoke all condition tools except ACL.

1.1.3            What Are the Functions of Routing Policy?

On an IP network, routing policy is mainly used to filter routing information and modify route attributes. Table 1-1 describes its functions.

Functions of routing policy

Function

Execution Process

Result

Filter routing information

If a route meets a specific condition, it is accepted.

If a route meets a specific condition, it is advertised.

If a route meets a specific condition, it is imported.

This route is processed as required.

Modify route attributes.

If a route meets a specific condition, a certain attribute of this route is modified to XXX.

A certain attribute of this route is modified to XXX.

 

If you are still uncertain about the functions of routing policy, let us focus on the following example.

Using routing policy to filter routing information

Using routing policy to filter routing information

20170322110618757003.png

 

In Figure 1-2, SwitchA is dual-homed to SwitchB and SwitchC and will receive routes from both SwitchB and SwitchC. If SwitchA wants to receive only routes from SwitchB but not routes from SwitchC, configure routing policy on SwitchA to permit only the routes received from SwitchB and deny the routes received from SwitchC.

Using routing policy to modify route attributes

Using routing policy to modify route attributes

20170322110619329004.png

 

In Figure 1-3, SwitchA is also dual-homed to SwitchB and SwitchC. Because SwitchB has better link stability and higher bandwidth than SwitchC, the links of SwitchB and SwitchC need to function as the primary and backup links respectively. When the primary link fails, traffic is automatically switched to the backup link. To meet this requirement, you can use routing policy to set a lower route cost on SwitchB and set a higher route cost on SwitchC. Subsequently, traffic is automatically transmitted over the primary link of SwitchB, and the link of SwitchC functions as the backup link for route backup.

1.2  Routing Policy and Policy-Based Routing

1.2.1            Differences Between Routing Policy and Policy-Based Routing

The following section compares routing policy and policy-based routing (PBR).

Routing policy

Routing policies apply to routing information. Routing policies are used to filter routes and set route attributes. You can change route attributes (including reachability) to change a route over which network traffic is transmitted.

PBR

PBR applies to data packets and transmits data packets based on policies instead of the routes in the existing routing table.

This indicates that PBR is used before a routing table lookup. If a packet matches PBR, no routing table lookup is performed for this packet, and this packet is forwarded based on PBR.

1.2.2            Comparisons Between Routing Policy and Policy-Based Routing

Table 1-2compares routing policy and PBR.

Comparisons between routing policy and policy-based routing

Difference

Routing Policy

PBR

Object

    Routing information

    Data packets

Implementation plane

    Control plane

    Filter routes and set route attributes.

    Forwarding plane

    Ensure that packets are forwarded according to the specified path.

Whether the forwarding process is changed

    The forwarding process will not be changed.

    The packet forwarding process will be changed.

Filtering mechanism

    ACL

    IP prefix list

    Route attributes

    Route types

    ……

    ACL, traffic classifier, traffic behavior, and traffic policy

Application

    Static routes

    Direct routes

    RIP/RIPng routes

    OSPF/OSPFv3 routes

    IS-IS routes

    BGP/BGP4+ routes

    Globally, VLAN, and interface

 

1.3  Applications of Routing Policy

The following example describes how to implement routing policy using ACL, IP prefix list, route-policy, and filter-policy.

Filtering routes using routing policy

通过路由策略实现路由过滤.png

 

In Figure 1-4, on the network running OSPF, SwitchA receives routes from the Internet and provides Internet routes to the OSPF network. It is required that the OSPF network receive only three external routes 172.16.16.0/24, 172.16.17.0/24, and 172.16.18.0/24.

This requirement can be met using multiple methods. The following provides two common methods for your reference.

In the following experiment, blackhole routes are configured on SwitchA as test routes, and static routes are imported into OSPF to simulate the receiving of routes from the Internet. Critical configuration of SwitchA is as follows:

#

ospf 1

 import-route static

 area 0.0.0.0

  network 192.168.1.0 0.0.0.255

#

ip route-static 172.16.16.0 255.255.255.0 NULL0

ip route-static 172.16.17.0 255.255.255.0 NULL0

ip route-static 172.16.18.0 255.255.255.0 NULL0

ip route-static 172.16.19.0 255.255.255.0 NULL0

ip route-static 172.16.20.0 255.255.255.0 NULL0

#

1.3.1            Filtering Routes Using ACL and Route-Policy

Define an ACL 2000 to match the allowed routes.

[SwitchA] acl 2000

[SwitchA-acl-basic-2000] rule 5 permit source 172.16.16.0 0

[SwitchA-acl-basic-2000] rule 10 permit source 172.16.17.0 0

[SwitchA-acl-basic-2000] rule 15 permit source 172.16.18.0 0

[SwitchA-acl-basic-2000] quit

Create a route-policy named RP and configure a node numbered 10 to invoke ACL 2000.

[SwitchA] route-policy RP permit node 10

[SwitchA -route-policy] if-match acl 2000

Invoke this route-policy when static routes are imported into OSPF.

[SwitchA] ospf 1

[SwitchA-ospf-1] import-route static route-policy RP

[SwitchA-ospf-1] quit

A route-policy contains the deny node by default. Therefore, the routes 172.16.19.0 and 172.16.20.0 are not imported into OSPF because they do not meet the if-match clause.

After the preceding routing policy is configured, the IP routing table of SwitchB is as follows:

[SwitchB]display  ip routing-table 

Route Flags: R - relay, D - download to fib

-----------------------------------------------------------------------------

Routing Tables: Public

         Destinations : 7        Routes : 7       

 

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

 

      127.0.0.0/8    Direct  0    0           D   127.0.0.1       InLoopBack0

      127.0.0.1/32   Direct  0    0           D   127.0.0.1       InLoopBack0

    172.16.16.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.17.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.18.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    192.168.1.0/24  Direct  0    0           D   192.168.1.2     Vlanif10

192.168.1.2/32      Direct  0    0           D   127.0.0.1       Vlanif10

The preceding command output shows that after a routing policy is configured on SwitchA, the IP routing table of SwitchB contains only three external routes 172.16.16.0/24, 172.16.17.0/24, and 172.16.18.0/24.

1.3.2            Filtering Routes Using IP Prefix List and Filter-Policy

Define an IP prefix list to match the allowed routes.

[SwitchA] ip ip-prefix huawei index 10 permit 172.16.16.0 24

[SwitchA] ip ip-prefix huawei index 20 permit 172.16.17.0 24

[SwitchA] ip ip-prefix huawei index 30 permit 172.16.18.0 24

Filter the advertised routes using a filter-policy in the OSPF view of SwitchA.

[SwitchA] ospf 1

[SwitchA-ospf-1] filter-policy ip-prefix huawei export

[SwitchA-ospf-1] quit

An IP prefix list contains the deny node by default. Therefore, SwitchA does not advertise the routes 172.16.19.0 and 172.16.20.0 to SwitchB because these routes are out of the range specified by the IP prefix list. SwitchA advertises only the routes within the range specified by the IP prefix list.

After the preceding configuration is complete, the IP routing table of SwitchB is as follows:

[SwitchB] display  ip routing-table 

Route Flags: R - relay, D - download to fib

-----------------------------------------------------------------------------

Routing Tables: Public

         Destinations : 7        Routes : 7       

 

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

 

      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0

      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0

    172.16.16.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.17.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.18.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    192.168.1.0/24  Direct  0    0           D   192.168.1.2     Vlanif10

    192.168.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif10

The preceding command output shows that after a filter-policy is configured on SwitchA, the IP routing table of SwitchB contains only three external routes 172.16.16.0/24, 172.16.17.0/24, and 172.16.18.0/24.

The results of the two route filtering methods are the same. Routing policy is a series of means of controlling routes and may be different combinations of tools including ACL, route-policy, ip-prefix, and filter-policy. The preceding two methods are two common combinations of these tools. The following section will continue to describe these tools.

 

For more details, click the following hyperlink:

1 Routing Policy

Describes various tools used in routing policy and invoking between these tools.

2 Route-Policy

Describes the components, matching rules, and applications of route-policy.

3 IP Prefix List

Describes how to use an IP prefix list and differences between it and ACL.

4 Filter-Policy

Describes filter-policy principles and applications.

5 BGP Routing Policy (1)

Describes applications of IP prefix list, filter-policy, and route-policy in BGP.

6 BGP Routing Policy (2)

Describes applications of AS_Path filter and Community attribute in BGP.

Collection of Chapters 1 Through 6 (Click Here to Download the PDF Document)

Provides the collection of the preceding chapters.

 

 

This post was last edited by 交换机在江湖 at 2017-3-22 11:37.
  • x
  • convention:

user_2790689  Expert   Created Mar 22, 2017 13:39:05 Helpful(0) Helpful(0)

thank you
  • x
  • convention:

wissal     Created Apr 07, 2018 23:08:09 Helpful(0) Helpful(0)

useful document, thanks
  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top