华为PBR配置

2023-12-13 19:51:47
  1. 项目拓扑与项目需求

项目需求:某企业网络拥有三个出口,分别使用AR1、AR2、AR3链接运营商网络。其中AR1为万兆出口,而AR2、AR3为千兆出口。现在需要实现以下需求:

  • 希望vlan10的流量能够强制通过AR1作为业务的出口,vlan20 在AR1上使用负载分担的模式同时使用三个出口访问公网。

配置步骤

步骤1:IP地址的规划与配置

AR1

G0/0/0

10.0.14.1 /24

G0/0/1

10.0.15.1 /24

AR2

G0/0/0

10.0.24.1 /24

G0/0/1

10.0.25.1 /24

AR3

G0/0/0

10.0.34.1 /24

G0/0/1

10.0.35.1 /24

AR4

G0/0/0

10.0.14.4 /24

G0/0/1

10.0.24.4 /24

G0/0/2

10.0.34.4 /24

Loopback 0

4.4.4.4 /32

AR5

G0/0/0

10.0.15.5 /24

G0/0/1

10.0.25.5 /24

G0/0/2

10.0.35.5 /24

E0/0/1

10.0.100.5 /24

LSW1

Vlanif 1

10.0.100.10 /24

Vlanif 10

10.0.10.254 /24

Vlanif 20

10.0.20.254 /24

交换机LSW1的配置

[LSW1]vlan batch 10 20

[LSW1]interface g0/0/1

[LSW1-GigabitEthernet0/0/1]port link-type access

[LSW1-GigabitEthernet0/0/1]port default vlan 10

[LSW1-GigabitEthernet0/0/1]interface g0/0/2

[LSW1-GigabitEthernet0/0/2]port link-type access

[LSW1-GigabitEthernet0/0/2]port default vlan 20

[LSW1-GigabitEthernet0/0/2]quit

[LSW1]interface Vlanif 1

[LSW1-Vlanif1]ip address 10.0.100.10 24

[LSW1-Vlanif1]quit

[LSW1]interface Vlanif 10

[LSW1-Vlanif10]ip address 10.0.10.254 24

[LSW1-Vlanif10]quit

[LSW1]interface Vlanif 20

[LSW1-Vlanif20]ip address 10.0.20.254 24

[LSW1-Vlanif20]quit

OSPF的配置

AR1:

[AR1]ospf

[AR1-ospf-1]area 0

[AR1-ospf-1-area-0.0.0.0]network 10.0.15.0 0.0.0.255

AR2:

[AR2]ospf

[AR2-ospf-1]area 0

[AR2-ospf-1-area-0.0.0.0]network 10.0.25.0 0.0.0.255

?????????????

AR3:

[AR3]ospf

[AR3-ospf-1]area 0

[AR3-ospf-1-area-0.0.0.0]network 10.0.35.0 0.0.0.255

AR5:

[AR5]ospf

[AR5-ospf-1]area 0

[AR5-ospf-1-area-0.0.0.0]network 10.0.100.0 0.0.0.255

[AR5-ospf-1-area-0.0.0.0]network 10.0.15.0 0.0.0.255

[AR5-ospf-1-area-0.0.0.0]network 10.0.25.0 0.0.0.255

[AR5-ospf-1-area-0.0.0.0]network 10.0.35.0 0.0.0.255

在AR5上查看OSPF邻居表可以发现已经成功的建立了邻居

[AR5]display ospf peer brief



???????? OSPF Process 1 with Router ID 10.0.100.5

????????????????? Peer Statistic Information

?----------------------------------------------------------------------------

?Area Id????????? Interface??????????????????????? Neighbor id????? State???

?0.0.0.0????????? GigabitEthernet0/0/0???????????? 10.0.14.1??????? FuLL???????

?0.0.0.0????????? GigabitEthernet0/0/1???????????? 10.0.24.2??????? FuLL???????

?0.0.0.0????????? GigabitEthernet0/0/2???????????? 10.0.34.3??????? FuLL???????

?----------------------------------------------------------------------------

??????

LSW1的配置:

[LSW1]ospf

[LSW1-ospf-1]area? 0

[LSW1-ospf-1-area-0.0.0.0]network 10.0.10.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0]network 10.0.20.0 0.0.0.255

[LSW1-ospf-1-area-0.0.0.0] network 10.0.100.0 0.0.0.255

缺省路由的配置

AR1:

[AR1]ip route-static 0.0.0.0 0 10.0.14.4

[AR1]ospf

[AR1-ospf-1]default-route-advertise? //下发缺省路由

AR2:

[AR2]ip route-static 0.0.0.0 0 10.0.24.4

[AR2]ospf

[AR2-ospf-1]default-route-advertise

AR3:

[AR3]ip route-static 0.0.0.0 0 10.0.34.4

[AR3]ospf

[AR3-ospf-1]default-route-advertise

在AR5上查询路由表

[AR5]display ip routing-table

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Routing Tables: Public

???????? Destinations : 13?????? Routes : 15??????



Destination/Mask??? Proto?? Pre? Cost????? Flags NextHop???????? Interface



??????? 0.0.0.0/0?? O_ASE?? 150? 1?????????? D?? 10.0.15.1?????? GigabitEthernet0/0/0

??????????????????? O_ASE?? 150? 1?????????? D?? 10.0.25.2?????? GigabitEthernet0/0/1

??????????????????? O_ASE?? 150? 1?????????? D?? 10.0.35.3?????? GigabitEthernet0/0/2

????? 10.0.10.0/24? OSPF??? 10?? 2?????????? D?? 10.0.100.10???? Ethernet0/0/0

????? 10.0.15.0/24? Direct? 0??? 0?????????? D?? 10.0.15.5?????? GigabitEthernet0/0/0

????? 10.0.15.5/32? Direct? 0??? 0?????????? D?? 127.0.0.1?????? GigabitEthernet0/0/0

????? 10.0.20.0/24? OSPF??? 10?? 2?????????? D?? 10.0.100.10???? Ethernet0/0/0

????? 10.0.25.0/24? Direct? 0??? 0?????????? D?? 10.0.25.5?????? GigabitEthernet0/0/1

????? 10.0.25.5/32? Direct? 0??? 0?????????? D?? 127.0.0.1?????? GigabitEthernet0/0/1

????? 10.0.35.0/24? Direct? 0??? 0?????????? D?? 10.0.35.5?????? GigabitEthernet0/0/2

????? 10.0.35.5/32? Direct? 0??? 0?????????? D?? 127.0.0.1?????? GigabitEthernet0/0/2

???? 10.0.100.0/24? Direct? 0??? 0?????????? D?? 10.0.100.5????? Ethernet0/0/0

???? 10.0.100.5/32? Direct? 0??? 0?????????? D?? 127.0.0.1?????? Ethernet0/0/0

????? 127.0.0.0/8?? Direct? 0??? 0?????????? D?? 127.0.0.1?????? InLoopBack0

????? 127.0.0.1/32? Direct? 0??? 0?????????? D?? 127.0.0.1?????? InLoopBack0

可以发现AR5上有3条缺省路由

步骤2:NAT的配置

AR1

[AR1]acl 2000

[AR1-acl-basic-2000]rule permit source any

[AR1-acl-basic-2000]quit

[AR1]interface g0/0/0

[AR1-GigabitEthernet0/0/0]nat outbound 2000

[AR1-GigabitEthernet0/0/0]quit

AR2

[AR2]acl 2000

[AR2-acl-basic-2000]rule permit source any

[AR2-acl-basic-2000]quit

[AR2]interface g0/0/0

[AR2-GigabitEthernet0/0/0]nat outbound 2000

[AR2-GigabitEthernet0/0/0]quit

AR3

[AR3]acl 2000

[AR3-acl-basic-2000]rule permit source any

[AR3-acl-basic-2000]quit

[AR3]interface g0/0/0

[AR3-GigabitEthernet0/0/0]nat outbound 2000

[AR3-GigabitEthernet0/0/0]quit

测试网络联通性

现在终端设备已经可以访问外网

步骤3:部署策略路由

AR5

[AR5]acl 3000

[AR5-acl-adv-3000]rule permit ip source 10.0.10.0 0.0.0.255 destination any

[AR5-acl-adv-3000]quit

[AR5]policy-based-route 1 permit node 10

[AR5-policy-based-route-1-10]if-match acl 3000

[AR5-policy-based-route-1-10]apply ip-address next-hop 10.0.15.1

[AR5-policy-based-route-1-10]quit

[AR5]interface e0/0/0

[AR5-Ethernet0/0/0]ip policy-based-route 1

测试策略路由

在AR5上将g0/0/0口开销改大

[AR5]interface g0/0/0

[AR5-GigabitEthernet0/0/0]ospf cost 100

虽然路由表的下一跳不是G0/0/0口,但是流量会按照PBR的配置结果去转发。

在pc1上ping 4.4.4.4 并在AR5的g0/0/0口抓包

可以发现报文都是从AR5的g0/0/0口发送到4.4.4.4 。

关于网络工程师的核心知识学习,已经给大家做了详细整理,包含视频,实验,思维导图,笔记等,可私我领取:

文章来源:https://blog.csdn.net/2301_76769137/article/details/134971290
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。