Hi there, Community!

This post is about routing policy, as part of the Huawei S Series Switches Routing Policy section on the Community. Please see more details as you read below.

1      Routing Policy

Routing policies are widely used in carrier IP networks and enterprise networks. Routing policy planning is also an important part of network planning. To help you understand and use routing policies, this document introduces routing policies.

1.1  Overview

1.1.1            What Is Routing Policy?

When discussing routing policy, you may ask what the routing policy is.

Many people consider a routing policy as a route-policy, while some may say that a filter-policy is also a routing policy. These opinions are less accurate. Routing policy is neither a specific technology nor a specific feature.

Routing policy is a policy that controls routes using a series tools or methods. This type of policy will affect route generation, advertisement, and selection and so affect the packet forwarding path. These tools include ACL, route-policy, ip-prefix, and filter-policy, and these methods include filtering routes and setting attributes for routes.

1.1.2            Invoking Between Tools Used in Routing Policy

When using routing policy, you may have multiple choices in determining the tools, for example, ACL, route-policy, ip-prefix, and filter-policy. Many of you may be unclear about the invoking between these tools. The following figure illustrates the relationship between these tools.

Invoking between tools in routing policy

In Figure 1-1, all the tools used in routing policy are classified into the following types:

l   Condition tool: captures required routes.

l   Policy tool: performs an action on the captured routes, for example, permit, deny, and modify attributes.

l   Invoking tool: applies a routing policy to a specific routing protocol to make the routing policy to take effect.

Among invoking tools, filter-policy and peer have policy tools and can directly invoke condition tools. Other invoking tools must use route-policy to invoke condition tools.

The invoking tool, peer, can invoke all condition tools except ACL.

1.1.3            What Are the Functions of Routing Policy?

On an IP network, routing policy is mainly used to filter routing information and modify route attributes. Table 1-1 describes its functions.

Functions of routing policy

If you are still uncertain about the functions of routing policy, let us focus on the following example.

Using routing policy to filter routing information

Using routing policy to filter routing information

In Figure 1-2, SwitchA is dual-homed to SwitchB and SwitchC and will receive routes from both SwitchB and SwitchC. If SwitchA wants to receive only routes from SwitchB but not routes from SwitchC, configure routing policy on SwitchA to permit only the routes received from SwitchB and deny the routes received from SwitchC.

Using routing policy to modify route attributes

Using routing policy to modify route attributes

In Figure 1-3, SwitchA is also dual-homed to SwitchB and SwitchC. Because SwitchB has better link stability and higher bandwidth than SwitchC, the links of SwitchB and SwitchC need to function as the primary and backup links respectively. When the primary link fails, traffic is automatically switched to the backup link. To meet this requirement, you can use routing policy to set a lower route cost on SwitchB and set a higher route cost on SwitchC. Subsequently, traffic is automatically transmitted over the primary link of SwitchB, and the link of SwitchC functions as the backup link for route backup.

1.2  Routing Policy and Policy-Based Routing

1.2.1            Differences Between Routing Policy and Policy-Based Routing

The following section compares routing policy and policy-based routing (PBR).

Routing policy

Routing policies apply to routing information. Routing policies are used to filter routes and set route attributes. You can change route attributes (including reachability) to change a route over which network traffic is transmitted.

PBR

PBR applies to data packets and transmits data packets based on policies instead of the routes in the existing routing table.

This indicates that PBR is used before a routing table lookup. If a packet matches PBR, no routing table lookup is performed for this packet, and this packet is forwarded based on PBR.

1.2.2            Comparisons Between Routing Policy and Policy-Based Routing

Table 1-2 compares routing policy and PBR.

Comparisons between routing policy and policy-based routing

1.3  Applications of Routing Policy

The following example describes how to implement routing policy using ACL, IP prefix list, route-policy, and filter-policy.

Filtering routes using routing policy

In Figure 1-4, on the network running OSPF, SwitchA receives routes from the Internet and provides Internet routes to the OSPF network. It is required that the OSPF network receive only three external routes 172.16.16.0/24, 172.16.17.0/24, and 172.16.18.0/24.

This requirement can be met using multiple methods. The following provides two common methods for your reference.

In the following experiment, blackhole routes are configured on SwitchA as test routes, and static routes are imported into OSPF to simulate the receiving of routes from the Internet. Critical configuration of SwitchA is as follows:

#

ospf 1

 import-route static

 area 0.0.0.0

  network 192.168.1.0 0.0.0.255

#

ip route-static 172.16.16.0 255.255.255.0 NULL0

ip route-static 172.16.17.0 255.255.255.0 NULL0

ip route-static 172.16.18.0 255.255.255.0 NULL0

ip route-static 172.16.19.0 255.255.255.0 NULL0

ip route-static 172.16.20.0 255.255.255.0 NULL0

#

1.3.1    Filtering Routes Using ACL and Route-Policy

Define an ACL 2000 to match the allowed routes.

[SwitchA] acl 2000

[SwitchA-acl-basic-2000] rule 5 permit source 172.16.16.0 0

[SwitchA-acl-basic-2000] rule 10 permit source 172.16.17.0 0

[SwitchA-acl-basic-2000] rule 15 permit source 172.16.18.0 0

[SwitchA-acl-basic-2000] quit

Create a route-policy named RP and configure a node numbered 10 to invoke ACL 2000.

[SwitchA] route-policy RP permit node 10

[SwitchA -route-policy] if-match acl 2000

Invoke this route-policy when static routes are imported into OSPF.

[SwitchA] ospf 1

[SwitchA-ospf-1] import-route static route-policy RP

[SwitchA-ospf-1] quit

A route-policy contains the deny node by default. Therefore, routes 172.16.19.0 and 172.16.20.0 are not imported into OSPF because they do not meet the if-match clause.

After the preceding routing policy is configured, the IP routing table of SwitchB is as follows:

[SwitchB]display  ip routing-table 

Route Flags: R - relay, D - download to fib

-----------------------------------------------------------------------------

Routing Tables: Public

         Destinations : 7        Routes : 7       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8    Direct  0    0           D   127.0.0.1       InLoopBack0

      127.0.0.1/32   Direct  0    0           D   127.0.0.1       InLoopBack0

    172.16.16.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.17.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.18.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    192.168.1.0/24  Direct  0    0           D   192.168.1.2     Vlanif10

192.168.1.2/32      Direct  0    0           D   127.0.0.1       Vlanif10

The preceding command output shows that after a routing policy is configured on SwitchA, the IP routing table of SwitchB contains only three external routes 172.16.16.0/24, 172.16.17.0/24, and 172.16.18.0/24.

1.3.2  Filtering Routes Using IP Prefix List and Filter-Policy

Define an IP prefix list to match the allowed routes.

[SwitchA] ip ip-prefix huawei index 10 permit 172.16.16.0 24

[SwitchA] ip ip-prefix huawei index 20 permit 172.16.17.0 24

[SwitchA] ip ip-prefix huawei index 30 permit 172.16.18.0 24

Filter the advertised routes using a filter-policy in the OSPF view of SwitchA.

[SwitchA] ospf 1

[SwitchA-ospf-1] filter-policy ip-prefix huawei export

[SwitchA-ospf-1] quit

An IP prefix list contains the deny node by default. Therefore, SwitchA does not advertise the routes 172.16.19.0 and 172.16.20.0 to SwitchB because these routes are out of the range specified by the IP prefix list. SwitchA advertises only the routes within the range specified by the IP prefix list.

After the preceding configuration is complete, the IP routing table of SwitchB is as follows:

[SwitchB] display  ip routing-table 

Route Flags: R - relay, D - download to fib

-----------------------------------------------------------------------------

Routing Tables: Public

         Destinations : 7        Routes : 7       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0

      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0

    172.16.16.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.17.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.18.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    192.168.1.0/24  Direct  0    0           D   192.168.1.2     Vlanif10

    192.168.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif10

The preceding command output shows that after a filter-policy is configured on SwitchA, the IP routing table of SwitchB contains only three external routes 172.16.16.0/24, 172.16.17.0/24, and 172.16.18.0/24.

The results of the two route filtering methods are the same. Routing policy is a series of means of controlling routes and may be different combinations of tools including ACL, route-policy, ip-prefix, and filter-policy. The preceding two methods are two common combinations of these tools. The following section will continue to describe these tools.

For more details, click the following hyperlink: