华为PBR配置
2023-12-13 19:51:47
- 项目拓扑与项目需求
项目需求:某企业网络拥有三个出口,分别使用AR1、AR2、AR3链接运营商网络。其中AR1为万兆出口,而AR2、AR3为千兆出口。现在需要实现以下需求:
- 希望vlan10的流量能够强制通过AR1作为业务的出口,vlan20 在AR1上使用负载分担的模式同时使用三个出口访问公网。
配置步骤
步骤1:IP地址的规划与配置
| AR1 | G0/0/0 | 10.0.14.1 /24 |
| G0/0/1 | 10.0.15.1 /24 | |
| AR2 | G0/0/0 | 10.0.24.1 /24 |
| G0/0/1 | 10.0.25.1 /24 | |
| AR3 | G0/0/0 | 10.0.34.1 /24 |
| G0/0/1 | 10.0.35.1 /24 | |
| AR4 | G0/0/0 | 10.0.14.4 /24 |
| G0/0/1 | 10.0.24.4 /24 | |
| G0/0/2 | 10.0.34.4 /24 | |
| Loopback 0 | 4.4.4.4 /32 | |
| AR5 | G0/0/0 | 10.0.15.5 /24 |
| G0/0/1 | 10.0.25.5 /24 | |
| G0/0/2 | 10.0.35.5 /24 | |
| E0/0/1 | 10.0.100.5 /24 | |
| LSW1 | Vlanif 1 | 10.0.100.10 /24 |
| Vlanif 10 | 10.0.10.254 /24 | |
| Vlanif 20 | 10.0.20.254 /24 |
交换机LSW1的配置
[LSW1]vlan batch 10 20
[LSW1]interface g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 10
[LSW1-GigabitEthernet0/0/1]interface g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/2]port default vlan 20
[LSW1-GigabitEthernet0/0/2]quit
[LSW1]interface Vlanif 1
[LSW1-Vlanif1]ip address 10.0.100.10 24
[LSW1-Vlanif1]quit
[LSW1]interface Vlanif 10
[LSW1-Vlanif10]ip address 10.0.10.254 24
[LSW1-Vlanif10]quit
[LSW1]interface Vlanif 20
[LSW1-Vlanif20]ip address 10.0.20.254 24
[LSW1-Vlanif20]quitOSPF的配置
AR1:
[AR1]ospf
[AR1-ospf-1]area 0
[AR1-ospf-1-area-0.0.0.0]network 10.0.15.0 0.0.0.255AR2:
[AR2]ospf
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]network 10.0.25.0 0.0.0.255?????????????
AR3:
[AR3]ospf
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]network 10.0.35.0 0.0.0.255AR5:
[AR5]ospf
[AR5-ospf-1]area 0
[AR5-ospf-1-area-0.0.0.0]network 10.0.100.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]network 10.0.15.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]network 10.0.25.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]network 10.0.35.0 0.0.0.255在AR5上查看OSPF邻居表可以发现已经成功的建立了邻居
[AR5]display ospf peer brief
???????? OSPF Process 1 with Router ID 10.0.100.5
????????????????? Peer Statistic Information
?----------------------------------------------------------------------------
?Area Id????????? Interface??????????????????????? Neighbor id????? State???
?0.0.0.0????????? GigabitEthernet0/0/0???????????? 10.0.14.1??????? FuLL???????
?0.0.0.0????????? GigabitEthernet0/0/1???????????? 10.0.24.2??????? FuLL???????
?0.0.0.0????????? GigabitEthernet0/0/2???????????? 10.0.34.3??????? FuLL???????
?----------------------------------------------------------------------------
??????
LSW1的配置:
[LSW1]ospf
[LSW1-ospf-1]area? 0
[LSW1-ospf-1-area-0.0.0.0]network 10.0.10.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 10.0.20.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0] network 10.0.100.0 0.0.0.255缺省路由的配置
AR1:
[AR1]ip route-static 0.0.0.0 0 10.0.14.4
[AR1]ospf
[AR1-ospf-1]default-route-advertise? //下发缺省路由AR2:
[AR2]ip route-static 0.0.0.0 0 10.0.24.4
[AR2]ospf
[AR2-ospf-1]default-route-advertiseAR3:
[AR3]ip route-static 0.0.0.0 0 10.0.34.4
[AR3]ospf
[AR3-ospf-1]default-route-advertise在AR5上查询路由表
[AR5]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
???????? Destinations : 13?????? Routes : 15??????
Destination/Mask??? Proto?? Pre? Cost????? Flags NextHop???????? Interface
??????? 0.0.0.0/0?? O_ASE?? 150? 1?????????? D?? 10.0.15.1?????? GigabitEthernet0/0/0
??????????????????? O_ASE?? 150? 1?????????? D?? 10.0.25.2?????? GigabitEthernet0/0/1
??????????????????? O_ASE?? 150? 1?????????? D?? 10.0.35.3?????? GigabitEthernet0/0/2
????? 10.0.10.0/24? OSPF??? 10?? 2?????????? D?? 10.0.100.10???? Ethernet0/0/0
????? 10.0.15.0/24? Direct? 0??? 0?????????? D?? 10.0.15.5?????? GigabitEthernet0/0/0
????? 10.0.15.5/32? Direct? 0??? 0?????????? D?? 127.0.0.1?????? GigabitEthernet0/0/0
????? 10.0.20.0/24? OSPF??? 10?? 2?????????? D?? 10.0.100.10???? Ethernet0/0/0
????? 10.0.25.0/24? Direct? 0??? 0?????????? D?? 10.0.25.5?????? GigabitEthernet0/0/1
????? 10.0.25.5/32? Direct? 0??? 0?????????? D?? 127.0.0.1?????? GigabitEthernet0/0/1
????? 10.0.35.0/24? Direct? 0??? 0?????????? D?? 10.0.35.5?????? GigabitEthernet0/0/2
????? 10.0.35.5/32? Direct? 0??? 0?????????? D?? 127.0.0.1?????? GigabitEthernet0/0/2
???? 10.0.100.0/24? Direct? 0??? 0?????????? D?? 10.0.100.5????? Ethernet0/0/0
???? 10.0.100.5/32? Direct? 0??? 0?????????? D?? 127.0.0.1?????? Ethernet0/0/0
????? 127.0.0.0/8?? Direct? 0??? 0?????????? D?? 127.0.0.1?????? InLoopBack0
????? 127.0.0.1/32? Direct? 0??? 0?????????? D?? 127.0.0.1?????? InLoopBack0可以发现AR5上有3条缺省路由
步骤2:NAT的配置
AR1
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source any
[AR1-acl-basic-2000]quit
[AR1]interface g0/0/0
[AR1-GigabitEthernet0/0/0]nat outbound 2000
[AR1-GigabitEthernet0/0/0]quitAR2
[AR2]acl 2000
[AR2-acl-basic-2000]rule permit source any
[AR2-acl-basic-2000]quit
[AR2]interface g0/0/0
[AR2-GigabitEthernet0/0/0]nat outbound 2000
[AR2-GigabitEthernet0/0/0]quitAR3
[AR3]acl 2000
[AR3-acl-basic-2000]rule permit source any
[AR3-acl-basic-2000]quit
[AR3]interface g0/0/0
[AR3-GigabitEthernet0/0/0]nat outbound 2000
[AR3-GigabitEthernet0/0/0]quit测试网络联通性
现在终端设备已经可以访问外网
步骤3:部署策略路由
AR5
[AR5]acl 3000
[AR5-acl-adv-3000]rule permit ip source 10.0.10.0 0.0.0.255 destination any
[AR5-acl-adv-3000]quit
[AR5]policy-based-route 1 permit node 10
[AR5-policy-based-route-1-10]if-match acl 3000
[AR5-policy-based-route-1-10]apply ip-address next-hop 10.0.15.1
[AR5-policy-based-route-1-10]quit
[AR5]interface e0/0/0
[AR5-Ethernet0/0/0]ip policy-based-route 1测试策略路由
在AR5上将g0/0/0口开销改大
[AR5]interface g0/0/0
[AR5-GigabitEthernet0/0/0]ospf cost 100虽然路由表的下一跳不是G0/0/0口,但是流量会按照PBR的配置结果去转发。
在pc1上ping 4.4.4.4 并在AR5的g0/0/0口抓包
可以发现报文都是从AR5的g0/0/0口发送到4.4.4.4 。
关于网络工程师的核心知识学习,已经给大家做了详细整理,包含视频,实验,思维导图,笔记等,可私我领取:
文章来源:https://blog.csdn.net/2301_76769137/article/details/134971290
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!