一、本地策略路由
要求:
长度为64~1400字节的报文走g0/0/0链路
长度为1401~1500字节的报文走g0/0/1链路
1.启动设备
2.配置IP地址
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip add 150.1.1.1 24
[AR1-GigabitEthernet0/0/0]int g0/0/1
[AR1-GigabitEthernet0/0/1]ip add 151.1.1.1 24
[AR1-GigabitEthernet0/0/1]int lo 0
[AR1-LoopBack0]ip add 10.1.1.1 24
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip add 150.1.1.2 24
[AR2-GigabitEthernet0/0/0]int g0/0/1
[AR2-GigabitEthernet0/0/1]ip add 151.1.1.2 24
[AR2-GigabitEthernet0/0/1]int lo 0
[AR2-LoopBack0]ip add 10.1.2.1 24
3.配置路由条目
[AR1]ip route-static 10.1.2.0 24 150.1.1.2
[AR1]ip route-static 10.1.2.0 24 151.1.1.2
[AR2]ip route-static 10.1.1.0 24 150.1.1.1
[AR2]ip route-static 10.1.1.0 24 151.1.1.1
4.在AR1上创建名为lab1的本地策略路由,用策略点10和策略点20分别配置两种报文长度匹配规则,并分别指定对应策略点的动作,即指定对应的下一跳地址
[AR1]policy-based-route lab1 permit node 10
[AR1-policy-based-route-lab1-10]if-match packet-length 64 1400
[AR1-policy-based-route-lab1-10]apply ip-address next-hop 150.1.1.2
[AR1-policy-based-route-lab1-10]q
[AR1]policy-based-route lab1 permit node 20
[AR1-policy-based-route-lab1-20]if-match packet-length 1401 1500
[AR1-policy-based-route-lab1-20]apply ip-address next-hop 151.1.1.2
[AR1-policy-based-route-lab1-20]q
5.在AR1上应用以上本地策略路由lab1
[AR1]ip local policy-based-route lab1
验证:
清空AR2上两个接口的报文数统计信息
<AR2>reset counters int g0/0/0
<AR2>reset counters int g0/0/1
在AR1上pingAR2的loopback0,并将报文数据字段长度设为80字节
查看AR2接口统计信息
<AR2 >display int g0/0/0
在AR1上pingAR2的loopback0,并将报文数据字段长度设为1450字节
查看AR2接口统计信息
<AR2>display int g0/0/1
可以看到在指定字节范围走不同的链路
二、接口策略路由
要求:
1.启动设备
2.配置IP地址
3.配置静态路由
[AR1]ip route-static 192.168.7.0 24 192.168.3.2
[AR1]ip route-static 192.168.7.0 24 192.168.4.2
[AR1]ip route-static 192.168.5.0 24 192.168.3.2
[AR1]ip route-static 192.168.6.0 24 192.168.4.2
[AR2]ip route-static 192.168.7.0 24 192.168.5.1
[AR2]ip route-static 192.168.1.0 24 192.168.3.1
[AR2]ip route-static 192.168.2.0 24 192.168.3.1
[AR3]ip route-static 192.168.7.0 24 192.168.6.1
[AR3]ip route-static 192.168.1.0 24 192.168.4.1
[AR3]ip route-static 192.168.2.0 24 192.168.4.1
[AR4]ip route-static 192.168.1.0 24 192.168.5.2
[AR4]ip route-static 192.168.1.0 24 192.168.6.2
[AR4]ip route-static 192.168.2.0 24 192.168.5.2
[AR4]ip route-static 192.168.2.0 24 192.168.6.2
[AR4]ip route-static 192.168.3.0 24 192.168.5.2
[AR4]ip route-static 192.168.4.0 24 192.168.6.2
4.在AR1和AR4的两条链路之间分别配置NQA测试例
[AR1]nqa test-instance admin vlan10 ——创建一个NQA测试实例,并创建管理者账户为admin,实例名称为vlan10
[AR1-nqa-admin-vlan10]test-type icmp ——配置NQA测试例的测试类型为IMCP
[AR1-nqa-admin-vlan10]destination-address ipv4 192.168.5.1 ——指定测试实例的目的地址
[AR1-nqa-admin-vlan10]frequency 10 ——指定连续两次探测间的时间间隔为10秒
[AR1-nqa-admin-vlan10]probe-count 2 ——指定一次探测进行的测试次数
[AR1-nqa-admin-vlan10]start now ——指定立即启动执行当前测试例
[AR1-nqa-admin-vlan10]q
[AR1]nqa test-instance admin vlan20
[AR1-nqa-admin-vlan20]test-type icmp
[AR1-nqa-admin-vlan20]destination-address ipv4 192.168.6.1
[AR1-nqa-admin-vlan20]frequency 10
[AR1-nqa-admin-vlan20]probe-count 2
[AR1-nqa-admin-vlan20]start now
[AR1-nqa-admin-vlan20]q
[AR4]nqa test-instance admin vlan10
[AR4-nqa-admin-vlan10]test-type icmp
[AR4-nqa-admin-vlan10]destination-address ipv4 192.168.3.1
[AR4-nqa-admin-vlan10]frequency 10
[AR4-nqa-admin-vlan10]probe-count 2
[AR4-nqa-admin-vlan10]start now
[AR4-nqa-admin-vlan10]q
[AR4]nqa test-instance admin vlan20
[AR4-nqa-admin-vlan20]test-type icmp
[AR4-nqa-admin-vlan20]destination-address ipv4 192.168.4.1
[AR4-nqa-admin-vlan20]frequency 10
[AR4-nqa-admin-vlan20]probe-count 2
[AR4-nqa-admin-vlan20]start now
[AR4-nqa-admin-vlan20]q
5.配置静态路由与NQA联动
[AR1]ip route-static 192.168.7.0 24 192.168.3.2 track nqa admin vlan10 ——配置AR1经由AR2到达AR4G0/0/2接口的NQA与静态路由联动
[AR1]ip route-static 192.168.7.0 24 192.168.4.2 track nqa admin vlan20 ——配置AR1经由AR3到达AR4G0/0/2接口的NQA与静态路由联动
[AR4]ip route-static 192.168.1.0 24 192.168.5.2 track nqa admin vlan10 ——配置AR4经由AR2到达AR1G0/0/0接口的NQA与静态路由联动
[AR4]ip route-static 192.168.1.0 24 192.168.6.2 track nqa admin vlan20 ——配置AR4经由AR3到达AR1G0/0/0接口的NQA与静态路由联动
[AR4]ip route-static 192.168.2.0 24 192.168.5.2 track nqa admin vlan10 ——配置AR4经由AR2到达AR1G0/0/1接口的NQA与静态路由联动
[AR4]ip route-static 192.168.2.0 24 192.168.6.2 track nqa admin vlan20 ——配置AR4经由AR3到达AR1G0/0/1接口的NQA与静态路由联动
6.配置流分类
[AR1]acl number 2000
[AR1-acl-basic-2000]rule 10 permit source 192.168.1.0 0.0.0.255
[AR1-acl-basic-2000]q
[AR1]acl number 2001
[AR1-acl-basic-2001]rule 20 permit source 192.168.2.0 0.0.0.255
[AR1-acl-basic-2001]q
[AR1]traffic classifier vlan10
[AR1-classifier-vlan10]if-match acl 2000
[AR1-classifier-vlan10]q
[AR1]traffic classifier vlan20
[AR1-classifier-vlan20]if-match acl 2001
[AR1-classifier-vlan20]q
7.配置流重定向行为
[AR1]traffic behavior vlan10
[AR1-behavior-vlan10]redirect ip-nexthop 192.168.3.2 track nqa admin vlan10
[AR1-behavior-vlan10]q
[AR1]traffic behavior vlan20
[AR1-behavior-vlan20]redirect ip-nexthop 192.168.4.2 track nqa admin vlan20
[AR1-behavior-vlan20]q
[AR4]traffic behavior vlan10
[AR4-behavior-vlan10]redirect ip-nexthop 192.168.5.2 track nqa admin vlan10
[AR4-behavior-vlan10]q
[AR4]traffic behavior vlan20
[AR4-behavior-vlan20]redirect ip-nexthop 192.168.6.2 track nqa admin vlan20
[AR4-behavior-vlan20]q
8.配置流策略并应用到接口
[AR1]traffic policy vlan10
[AR1-trafficpolicy-vlan10]classifier vlan10 behavior vlan10
[AR1-trafficpolicy-vlan10]q
[AR1]traffic policy vlan20
[AR1-trafficpolicy-vlan20]classifier vlan20 behavior vlan20
[AR1-trafficpolicy-vlan20]q
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]traffic-policy vlan10 inbound
[AR1-GigabitEthernet0/0/0]q
[AR1]int g0/0/1
[AR1-GigabitEthernet0/0/1]traffic-policy vlan20 inbound
[AR1-GigabitEthernet0/0/1]q
[AR4]traffic policy vlan10
[AR4-trafficpolicy-vlan10]classifier vlan10 behavior vlan10
[AR4-trafficpolicy-vlan10]classifier vlan20 behavior vlan20
[AR4-trafficpolicy-vlan10]q
[AR4]int g0/0/2
[AR4-GigabitEthernet0/0/2]traffic-policy vlan10 inbound
[AR4-GigabitEthernet0/0/2]q
验证:
使用display traffic policy user-defined在AR1上查看流策略配置信息
使用tracert在PC1和PC2追踪流量走的哪条线路
PC1:
PC2:
断开AR1的G0/0/2接口
使用tracert在PC1追踪流量走的哪条线路
可以看到流量会根据设定线路进行传输,实现了分流
当链路发生故障后,NQA实时监测,将流量切换到正常链路进行传输
