Настройка local PBR
Рассмотрим пример настройки local PBR (policy based routing) на маршрутизаторах Huawei. Local PBR позволяет определять через какой интерфейс или на какой адрес отправлять трафик генерируемый самим маршрутизатором, в зависимости от адреса отправителя или размера пакета (рисунок 1).
Рисунок 1. Пример топологии
Зададимся следующими условиями:
1. ICMP пакеты размером 50-1200 байт должны быть отправлены на адрес 192.168.1.2.
2. ICMP пакеты размером 1201-1500 байт должны быть отправлены через интерфейс GE0/0/1.
Перейдем к базовой настройке, выглядит она следующим образом:
AR1
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.0.0.1 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ip route-static 2.2.2.2 255.255.255.255 10.0.0.2
ip route-static 2.2.2.2 255.255.255.255 192.168.1.2
AR2
interface GigabitEthernet0/0/0
ip address 192.168.1.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 10.0.0.2 255.255.255.0
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ip route-static 1.1.1.1 255.255.255.255 10.0.0.1
ip route-static 1.1.1.1 255.255.255.255 192.168.1.1
Далее переходим к настройке PBR на маршрутизаторе AR1:
policy-based-route p1 permit node 1
if-match packet-length 50 1200
apply ip-address next-hop 192.168.1.2
policy-based-route p1 permit node 2
if-match packet-length 1201 1500
apply output-interface GigabitEthernet0/0/1
Применяем PBR политику на маршрутизаторе AR1:
ip local policy-based-route p1
Теперь с маршрутизатора AR1 пропингуем Loopback 0 интерфейс на AR2, зададим размер пакета равным 100 байт:
[AR1] ping -c 30 -s 100 2.2.2.2
--- 2.2.2.2 ping statistics ---
30 packet(s) transmitted
30 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/25/90 ms
Проверим статистику трафика на обоих интерфейсах маршрутизатора AR1:
[AR1] display interface GigabitEthernet 0/0/0
GigabitEthernet0/0/0 current state : UP
Line protocol current state : UP
Last line protocol up time : 2019-05-15 11:47 UTC-08:00
Description:HUAWEI, AR Series, GigabitEthernet0/0/0 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 192.168.1.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc7d-61a2
Last physical up time : 2019-05-15 11:47 UTC-08:00
Last physical down time : 2019-05-15 11:47 UTC-08:00
Current system time: 2019-05-15 11:47-08:00
Port Mode: FORCE COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 112 bits/sec, 0 packets/sec
Last 300 seconds output rate 112 bits/sec, 0 packets/sec
Input peak rate 2496 bits/sec,Record time: 2019-05-15 11:47
Output peak rate 2496 bits/sec,Record time: 2019-05-15 11:47
Input: 30 packets, 4260 bytes
Unicast: 30, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 30 packets, 4260 bytes
Unicast: 30, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%
[AR1] display interface GigabitEthernet 0/0/1
GigabitEthernet0/0/1 current state : UP
Line protocol current state : UP
Last line protocol up time : 2019-05-15 11:47 UTC-08:00
Description:HUAWEI, AR Series, GigabitEthernet0/0/1 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.0.0.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc7d-61a3
Last physical up time : 2019-05-15 11:47 UTC-08:00
Last physical down time : 2019-05-15 11:47 UTC-08:00
Current system time: 2019-05-15 11:47-08:00
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 0 bits/sec, 0 packets/sec
Last 300 seconds output rate 0 bits/sec, 0 packets/sec
Input peak rate 96 bits/sec,Record time: 2019-05-15 11:47
Output peak rate 96 bits/sec,Record time: 2019-05-15 11:47
Input: 0 packets, 0 bytes
Unicast: 0, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 0 packets, 0 bytes
Unicast: 0, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%
Повторим тоже самое, только с пакетами размером 1400 байт:
[AR1] ping -c 30 -s 1400 2.2.2.2
--- 2.2.2.2 ping statistics ---
30 packet(s) transmitted
30 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/22/90 ms
[AR1] display interface GigabitEthernet 0/0/1
GigabitEthernet0/0/1 current state : UP
Line protocol current state : UP
Last line protocol up time : 2019-05-15 11:47 UTC-08:00
Description:HUAWEI, AR Series, GigabitEthernet0/0/1 Interface
Route Port,The Maximum Transmit Unit is 1500
Internet Address is 10.0.0.1/24
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc7d-61a3
Last physical up time : 2019-05-15 11:47 UTC-08:00
Last physical down time : 2019-05-15 11:47 UTC-08:00
Current system time: 2019-05-15 11:47-08:00
Port Mode: COMMON COPPER
Speed : 1000, Loopback: NONE
Duplex: FULL, Negotiation: ENABLE
Mdi : AUTO
Last 300 seconds input rate 1152 bits/sec, 0 packets/sec
Last 300 seconds output rate 1152 bits/sec, 0 packets/sec
Input peak rate 23072 bits/sec,Record time: 2019-05-15 11:47
Output peak rate 23072 bits/sec,Record time: 2019-05-15 11:47
Input: 30 packets, 43260 bytes
Unicast: 30, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 30 packets, 43260 bytes
Unicast: 30, Multicast: 0
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
Input bandwidth utilization threshold : 100.00%
Output bandwidth utilization threshold: 100.00%
Input bandwidth utilization : 0%
Output bandwidth utilization : 0%
Как видим, политики работают. Адрес назначения или исходящий интерфейс выбираются в зависимости от размера пакета. Остальной трафик будет отправляться по стандартным правилам маршрутизации.
