çç¥è·¯ç±æ¯ä¸ç§ä¾æ®ç¨æ·å¶å®ççç¥è¿è¡è·¯ç±éæ©çæºå¶ï¼ä¸å纯ä¾ç
§IPæ¥æçç®çå°åæ¥æ¾è·¯ç±è¡¨è¿è¡è½¬åä¸åï¼å¯åºç¨äºå®å
¨ãè´è½½åæ
çç®çã
çç¥è·¯ç±æ¯æåºäºaclå
è¿æ»¤ãå°åé¿åº¦çä¿¡æ¯ï¼çµæ´»å°æå®è·¯ç±ãèaclæ¥æè¿æ»¤åå¯ä»¥æ ¹æ®æ¥æçæºipãç®çipãåè®®ã端å£å·ãä¼å
级ãtosãæ¶é´æ®µãvpnçåç§ä¸°å¯çä¿¡æ¯å°æ¥æåç±»ï¼ç¶åæ§å¶å°è¿äºæ¥ææç
§ä¸åçè·¯ç±è½¬ååºå»ã
çç¥è·¯ç±æ¢å¯ä»¥åºç¨äºè¢«è½¬åçæ¥æï¼åå¯ä»¥åºç¨äºè·¯ç±å¨æ¬å°äº§ççæ¥æãåè
称为æ¥å£çç¥è·¯ç±ï¼åè
称为æ¬å°çç¥è·¯ç±ã
æ¥å£çç¥è·¯ç±åªå¯¹è½¬åçæ¥æèµ·ä½ç¨ï¼å¯¹æ¬å°äº§ççæ¥æï¼æ¯å¦æ¬å°çpingæ¥æï¼ä¸èµ·ä½ç¨ãèæ¬å°çç¥è·¯ç±åªå¯¹æ¬å°äº§ççæ¥æèµ·ä½ç¨ï¼å¯¹è½¬åçæ¥æä¸èµ·ä½ç¨ã
æ¥å£çç¥è·¯ç±é
ç½®å¨æ¥å£è§å¾ä¸ã
æ¬å°äº§ççæ¥æççç¥è·¯ç±é
ç½®å¨ç³»ç»è§å¾ä¸ã
注æï¼ç»æçç¥è·¯ç±åªæ¯æ转åçæ¥æï¼ä¸å¯¹è·¯ç±å¨æ¬æºäº§ççæ¥æè¿è¡çç¥è·¯ç±ã è·¯ç±çç¥çä½ç¨
è¿æ»¤è·¯ç±ä¿¡æ¯çæ段
åå¸è·¯ç±ä¿¡æ¯æ¶åªåéé¨åä¿¡æ¯
æ¥æ¶è·¯ç±ä¿¡æ¯æ¶åªæ¥æ¶é¨åä¿¡æ¯
è¿è¡è·¯ç±å¼å
¥æ¶å¼å
¥æ»¡è¶³ç¹å®æ¡ä»¶çä¿¡æ¯æ¯æçå¼è·¯ç±
设置路ç±åè®®å¼å
¥çè·¯ç±å±æ§
è·¯ç±çç¥ï¼routing policyï¼
设å®å¹é
æ¡ä»¶ï¼å±æ§å¹é
åè¿è¡è®¾ç½®ï¼ç±if-matchåapplyåå¥ç»æ
访é®å表ï¼access-listï¼
ç¨äºå¹é
è·¯ç±ä¿¡æ¯çç®çç½æ®µå°åæä¸ä¸è·³å°åï¼è¿æ»¤ä¸ç¬¦åæ¡ä»¶çè·¯ç±ä¿¡æ¯
åç¼å表ï¼prefix-listï¼
å¹é
对象为路ç±ä¿¡æ¯çç®çå°åæç´æ¥ä½ç¨äºè·¯ç±å¨å¯¹è±¡ï¼gatewayï¼
èªæ²»ç³»ç»è·¯å¾ä¿¡æ¯è®¿é®å表ï¼aspath-listï¼
ä»
ç¨äºBGPåè®®ï¼å¹é
BGPè·¯ç±ä¿¡æ¯çèªæ²»ç³»ç»è·¯å¾å
å¢ä½å±æ§å表ï¼community-listï¼
ä»
ç¨äºBGPåè®®ï¼å¹é
BGPè·¯ç±ä¿¡æ¯çèªæ²»ç³»ç»å¢ä½å
çç¥è·¯ç±ä¸è·¯ç±çç¥æ¯ä¸¤ä¸ªä¸åçæ¦å¿µï¼åºç¨é¢åä¸åã
çç¥è·¯ç±ä¸»è¦æ¯æ§å¶æ¥æç转åï¼å³å¯ä»¥ä¸æç
§è·¯ç±è¡¨è¿è¡æ¥æç转åï¼å 为ä¸è¬æ¥æç转åè¦éè¿æ¥æ¾è½¬å表ï¼èé
ä¸çç¥è·¯ç±åå°±ä¸ç¨ç®¡è½¬å表äºï¼å¯ä»¥éå¿æ欲å°æ¥æä»è½¬ååºå»äºï¼ã
è·¯ç±çç¥ä¸»è¦æ§å¶è·¯ç±ä¿¡æ¯çå¼å
¥ï¼æ§å¶åªäºè·¯ç±ä¿¡æ¯å¼å°è·¯ç±åè®®ä¸ï¼åªäºè·¯ç±ä¸å¼å
¥ï¼ä¸»è¦æ¯é对æç§è·¯ç±åè®®ï¼æ¯å¦å
许å
¶å®è·¯ç±ä¿¡æ¯å¼è¿æ¥ï¼ãåå¸ï¼æ§å¶åªäºåå¸åºå»ï¼åªäºä¸åå¸åºå»ï¼éè¿åä¸ç§è·¯ç±åè®®åå¸åºå»ï¼ãæ¥æ¶ï¼æ§å¶åªäºæ¥æ¶ï¼åªäºä¸¢å¼ï¼ãè·¯ç±çç¥ï¼æ¯ç¨è·¯ç±æ¥è¿è¡æäºè·¯ç±çç¥è®¾ç½®ã
çç¥è·¯ç±ï¼æ¯è®¾ç½®é对路ç±ççç¥ï¼ä¸»è¦éè¿å
¶ä»è½¯ä»¶å¯¹è·¯ç±çéå¶ã
两è
çåºå«å°±å¨äºè°æ¯ä¸»å¯¼ï¼è·¯ç±çç¥æ¯ä»¥è·¯ç±ä¸ºä¸»æ¥å建ççç¥ï¼èçç¥è·¯ç±æ¯éè¿è½¯ä»¶å¯¹è·¯ç±ç设置ã è·¯ç±çç¥ï¼å½±åè·¯ç±è¡¨ççæ
çç¥è·¯ç±ï¼å½±åå
ç转åï¼ä¼å
级é«äºè·¯ç±è¡¨
æææ¯ï¼ä¸ä¸ªå
è¦è½¬åï¼å
å¹é
çç¥è·¯ç±è½¬åï¼å
¶æ¬¡å¹é
è·¯ç±è¡¨è½¬åroute mapåACLå¾ç±»ä¼¼,å®å¯ä»¥ç¨äºè·¯ç±çååå¸åçç¥è·¯ç±,è¿ç»å¸¸ä½¿ç¨å¨BGPä¸.çç¥è·¯ç±(policy route)å®é
ä¸æ¯å¤æçéæè·¯ç±,éæè·¯ç±æ¯åºäºæ°æ®å
çç®æ å°å并转åå°æå®çä¸ä¸è·³è·¯ç±å¨,çç¥è·¯ç±è¿å©ç¨åæ©å±IP ACLé¾æ¥,è¿æ ·å°±å¯ä»¥æä¾æ´å¤åè½çè¿æ»¤ååç±»
route mapçä¸äºå½ä»¤:
ä¸ è·¯ç±éåå¸ç¸å
³
matchå½ä»¤å¯ä»¥åè·¯ç±çååå¸ç»å使ç¨:
1.match interface {type number} [â¦type number]:å¹é
æå®çä¸ä¸è·³è·¯ç±å¨çæ¥å£çè·¯ç±
2.match ip address {ACL number|name} [â¦ACL number|name]:å¹é
ACLææå®çç®æ IPå°åçè·¯ç±
3.match ip next-hop {ACL number|name} [â¦ACL number|name]:å¹é
ACLææå®çä¸ä¸è·³è·¯ç±å¨å°åçè·¯ç±
4.match ip route-source {ACL number|name} [â¦ACL number|name]:å¹é
ACLææå®çè·¯ç±å¨æ宣åçè·¯ç±
5.match metric {metric-value}:å¹é
æå®metric大å°çè·¯ç±
6.match route-type {internal|external[type-1|type-2]|level-1|level-2}:å¹é
æå®çOSPF,EIGRPæIS-ISçè·¯ç±ç±»åçè·¯ç±
7.match tag {tag-value} [â¦tag-value]:å¹é
带ææ ç¾(tag)çè·¯ç±
setå½ä»¤ä¹å¯ä»¥åè·¯ç±çååå¸ä¸èµ·ä½¿ç¨:
1.set level {level-1|level-2|level-1-2|stub-area|backbone}:设置IS-ISçLevel,æOSPFçåºå,å¹é
æåçè·¯ç±å°è¢«ååå¸å°è¯¥åºå
2.set metric {metric-value|bandwidth delay RELY load MTU}:为å¹é
æåçè·¯ç±è®¾ç½®metric大å°
3.set metric-type {internal|external|type-1|type-2}:为å¹é
æåçè·¯ç±è®¾ç½®metricçç±»å,该路ç±å°è¢«ååå¸å°OSPFæIS-IS 1
4.set next-hop {next-hop}:为å¹é
æåçè·¯ç±æå®ä¸ä¸è·³å°å
5.set tag {tag-value}:为å¹é
æåçè·¯ç±è®¾ç½®æ ç¾
äº çç¥è·¯ç±ç¸å
³
matchå½ä»¤è¿å¯ä»¥åçç¥è·¯ç±ä¸èµ·ä½¿ç¨:
1.match ip address {ACL number|name} [â¦ACL number|name]:å¹é
ACLææå®çæ°æ®å
çç¹å¾çè·¯ç±
2.match length {min} {max}:å¹é
å±3çæ°æ®å
çé¿åº¦
setå½ä»¤ä¹å¯ä»¥åçç¥è·¯ç±ä¸èµ·ä½¿ç¨:
1.set default interface {type number} [â¦type number]:å½ä¸åå¨æåç®æ ç½ç»çæ¾å¼è·¯ç±(explicit route)çæ¶å,为å¹é
æåçæ°æ®å
设置åºå£æ¥å£
2.set interface {type number} [â¦type number]:å½åå¨æåç®æ ç½ç»çæ¾å¼è·¯ç±çæ¶å,为å¹é
æåçæ°æ®å
设置åºå£æ¥å£
3.set ip default next-hop {ip-address} [â¦ip-address]:å½ä¸åå¨æåç®æ ç½ç»çæ¾å¼è·¯ç±çæ¶å,为å¹é
æåçæ°æ®å
设置ä¸ä¸è·³è·¯ç±å¨å°å
4.set ip precedence {precedence}:为å¹é
æåçIPæ°æ®å
设置æå¡ç±»å(Type of Service,ToS)çä¼å
级
5.set ip tos {tos}:为å¹é
æåçæ°æ®å
设置æå¡ç±»åçå段çTOSä½
Configuring Route Maps
route mapæ¯éè¿ååæ¥æ è¯ç,æ¯ä¸ªroute mapé½å
å«è®¸å¯ææç»æä½ä»¥åä¸ä¸ªåºåå·,åºåå·å¨æ²¡æç»åºçæ
åµä¸é»è®¤æ¯10,并ä¸route mapå
许æå¤ä¸ªéè¿°,å¦ä¸:
Linus(config)#route-map Hagar 20
Linus(config-route-map)#match ip address 111
Linus(config-route-map)#set metric 50
Linus(config-route-map)#route-map Hagar 15
Linus(config-route-map)#match ip address 112
Linus(config-route-map)#set metric 80
尽管å
è¾å
¥çæ¯20,åè¾å
¥çæ¯15,IOSå°æ15æ¾å¨20ä¹å.
è¿å¯ä»¥å
许å é¤ä¸ªå«éè¿°,
å¦ä¸: Linus(config)#no route-map Hagar 15 å¨å é¤çæ¶åè¦ç¹å«å°å¿,åå¦ä½ è¾å
¥äºno route-map Hegarè没ææå®åºåå·,é£ä¹æ´ä¸ªroute mapå°è¢«å é¤.并ä¸å¦æå¨æ·»å matchåsetè¯å¥çæ¶å没ææå®åºåå·çè¯,é£ä¹å®ä»¬ä»
ä»
ä¼ä¿®æ¹éè¿°10.å¨å¹é
çæ¶å,ä»ä¸å°ä¸,å¦æå¹é
æå,å°ä¸åååé¢çéè¿°è¿è¡å¹é
,æå®æä½å°è¢«æ§è¡
å
³äºæç»æä½,æ¯ä¾èµäºroute mapæ¯ä½¿ç¨åè·¯ç±çååå¸ä¸è¿æ¯çç¥è·¯ç±ä¸,
å¦ææ¯å¨çç¥è·¯ç±ä¸å¹é
失败(æç»),é£ä¹æ°æ®å
å°ææ£å¸¸æ¹å¼è½¬å;
å¦ææ¯ç¨äºè·¯ç±ååå¸,并ä¸å¹é
失败(æç»),é£ä¹è·¯ç±å°ä¸ä¼è¢«ååå¸ å¦ææ°æ®å
没ææ¾å°ä»»ä½å¹é
,åACLä¸æ ·,route mapæ«å°¾ä¹æ个é»è®¤çéå«æç»ææçæä½,å¦ææ¯å¨çç¥è·¯ç±ä¸å¹é
失败(æç»),é£ä¹æ°æ®å
å°ææ£å¸¸æ¹å¼è½¬å;å¦ææ¯ç¨äºè·¯ç±ååå¸,并ä¸å¹é
失败(æç»),é£ä¹è·¯ç±å°ä¸ä¼è¢«ååå¸ å¦æroute mapçéè¿°ä¸æ²¡æmatchè¯å¥,é£ä¹é»è®¤çæä½æ¯å¹é
ææçæ°æ®å
åè·¯ç±;
æ¯ä¸ªroute mapçéè¿°å¯è½æå¤ä¸ªmatchåsetè¯å¥,å¦ä¸:
! route-map Garfield permit 10
match ip route-source 15
match interface Serial0
set metric-type type-1
set next-hop 10.1.2.3 !
å¨è¿é,为äºæ§è¡setè¯å¥,æ¯ä¸ªmatchè¯å¥ä¸é½å¿
é¡»è¿è¡å¹é
.
åºäºçç¥çè·¯ç±
åºäºçç¥çè·¯ç±ææ¯æ¦è¿°ï¼
åºäºçç¥çè·¯ç±ä¸ºç½ç»ç®¡çè
æä¾äºæ¯ä¼ ç»è·¯ç±å议对æ¥æç转åååå¨æ´å¼ºçæ§å¶è½åï¼ä¼ ç»ä¸ï¼è·¯ç±å¨ç¨ä»è·¯ç±å议派çåºæ¥çè·¯ç±è¡¨ï¼æ ¹æ®ç®çå°åè¿è¡æ¥æç转åã
åºäºçç¥çè·¯ç±æ¯ä¼ ç»è·¯ç±å¼ºï¼ä½¿ç¨æ´çµæ´»ï¼å®ä½¿ç½ç»ç®¡çè
ä¸è½å¤æ ¹æ®ç®çå°åèä¸è½å¤æ ¹æ®ï¼æ¥æ大å°ï¼åºç¨æIPæºå°åæ¥éæ©è½¬åè·¯å¾ãçç¥å¯ä»¥å®ä¹ä¸ºéè¿å¤è·¯ç±å¨çè´è½½å¹³è¡¡ææ ¹æ®æ»æµéå¨å线ä¸è¿è¡è½¬åçæå¡è´¨éï¼QOSï¼ãçç¥è·¯ç±ä½¿ç½ç»ç®¡çè
è½æ ¹æ®å®æä¾çæºå®ä¸ä¸ªæ¥æéåçå
·ä½è·¯å¾ãèå¨å½ä»é«æ§è½çç½ç»ä¸ï¼è¿ç§éæ©çèªç±æ§æ¯å¾éè¦çã
çç¥è·¯ç±æä¾äºè¿æ ·ä¸ç§æºå¶ï¼æ ¹æ®ç½ç»ç®¡çè
å¶å®çæ åæ¥è¿è¡æ¥æç转åãçç¥è·¯ç±ç¨MATCHåSETè¯å¥å®ç°è·¯å¾çéæ©ã
çç¥è·¯ç±æ¯è®¾ç½®å¨æ¥æ¶æ¥ææ¥å£èä¸æ¯åéæ¥å£ã
åºäºæºå°åççç¥è·¯ç±
é
ç½®æ¦è¿°ï¼
è·¯ç±å¨Aå°192.1.1.1æ¥çæææ°æ®ä»æ¥å£S0ååºï¼èå°ä»192.1.1.2æ¥çæææ°æ®ä»æ¥å£S1ååºã
è·¯ç±å¨Aå®ä¹å 个äºçº§æ¥å£ä½ä¸ºæµè¯ç¹ãè·¯ç±å¨AåBé
ç½®RIP.å¨AçETHERNETæ¥å£ä¸åºç¨IPçç¥è·¯ç±å¾LAB1,为ä»192.168.1.1æ¥çæ°æ®è®¾ç½®ä¸ä¸è·³æ¥å£ä¸ºS0ï¼ä¸ºä»192..1.1.2æ¥çæ°ä½è®¾ç½®ä¸ä¸è·³æ¥å£ä¸ºS1ï¼ææå
¶ä»çæ¥æå°ç¨åºäºç®çå°åçè·¯ç±ã
è·¯ç±å¨é
ç½®ï¼
ROUTE A:
Version 11.2
No service udp-small-servers
No service tcp-small-servers
Hostname routerA
Interface ethernet0
Ip address 192.1.1.1 255.255.255.0 secondary
Ip address 192.1.1.2 255.255.255.0 secondary
Ip address 192.1.1.3 255.255.255.0 secondary
Ip address 192.1.1.10 255.255.255.0
Ip policy route-map lab1
//çç¥è·¯ç±åºç¨äºE0å£
interface serial0
ip addr 150.1.1.1 255.255.255.0
interface serial1
ip addr 151.1.1.1 255.255.255.0
router rip
network 192.1.1.0
network 150.1.0.0
network 151.1.0.0
ip local policy route-map lab1
//使路ç±å¨çç¥è·¯ç±æ¬å°äº§çæ¥æ
no ip classless
access-list 1 permit 192.1.1.1
access-list 2 permit 192.1.1.2
route-map lab1 permit 10
//å®ä¹çç¥è·¯ç±å¾å称ï¼LAB1ï¼10为åºå·ï¼ç¨æ¥æ æ被å¹é
çè·¯ç±é¡ºåºã
Match ip address 1
//å¹é
å°å为访é®å表1
Set interface serial0
//å¹é
ä¸ä¸è·³ä¸ºS0
Route-map lab1 permit 20
Match ip address 2
Set interface serial1
Line con0
Line aux0
Line vty 0 4
Login
End
è·¯ç±å¨B为æ åé
ç½®ç¥ã
ç¸å
³è°è¯å½ä»¤ï¼
show ip policy
show router-map
debug ip policy
注:PBR以åæ¯CISCOç¨æ¥ä¸¢å¼æ¥æçä¸ä¸ªä¸»è¦æ段ãæ¯å¦ï¼è®¾ç½®set interface null 0ï¼æCISCO说æ³è¿æ ·ä¼æ¯ACLçdenyè¦èçä¸äºå¼éãè¿éææéï¼
interface null 0
no ip unreachableã//å å
¥è¿ä¸ªå½ä»¤
è¿æ ·é¿å
å 为丢å¼å¤§éçæ¥æè导è´å¾å¤ICMPçä¸å¯è¾¾æ¶æ¯è¿åã
ä¸å±è®¾å¤å¨è½¬åæ°æ®å
æ¶ä¸è¬é½åºäºæ°æ®å
çç®çå°åï¼ç®çç½ç»è¿è¡è½¬åï¼ï¼é£ä¹çç¥è·¯ç±æä»ä¹ç¹ç¹å¢ï¼
1ãå¯ä»¥ä¸ä»
ä»
ä¾æ®ç®çå°å转åæ°æ®å
ï¼å®å¯ä»¥åºäºæºå°åãæ°æ®åºç¨ãæ°æ®å
é¿åº¦çãè¿æ ·è½¬åæ°æ®å
æ´çµæ´»ã
2ã为QoSæå¡ã使ç¨route-mapåçç¥è·¯ç±å¯ä»¥æ ¹æ®æ°æ®å
çç¹å¾ä¿®æ¹å
¶ç¸å
³QoS项ï¼è¿è¡ä¸ºQoSæå¡ã
3ãè´è½½å¹³è¡¡ã使ç¨çç¥è·¯ç±å¯ä»¥è®¾ç½®æ°æ®å
çè¡ä¸ºï¼æ¯å¦ä¸ä¸è·³ãä¸ä¸æ¥å£çï¼è¿æ ·å¨åå¨å¤æ¡é¾è·¯çæ
åµä¸ï¼å¯ä»¥æ ¹æ®æ°æ®å
çåºç¨ä¸åè使ç¨ä¸åçé¾è·¯ï¼è¿èæä¾é«æçè´è½½å¹³è¡¡è½åã
ç ç¥è·¯ç±å½±åçåªæ¯æ¬å°çè¡ä¸ºï¼æ以å¯è½ä¼å¼èµ·âä¸å¯¹ç§°è·¯ç±âå½¢å¼çæµéãæ¯å¦ä¸ä¸ªåä½æ两æ¡ä¸è¡é¾è·¯Aä¸Bï¼è¯¥åä½æ³æææHTTPæµéåæ
å°A é¾è·¯ï¼FTPæµéåæ
å°Bé¾è·¯ï¼è¿æ¯æ²¡æé®é¢çï¼ä½å¨å
¶ä¸è¡è®¾å¤ä¸ï¼æ æ³ä¿è¯ä¸è¡çHTTPæµéåæ
å°Aé¾è·¯ï¼FTPæµéåæ
å°Bé¾è·¯ã
çç¥è·¯ç±ä¸è¬é对çæ¯æ¥å£å
¥(in)æ¹åçæ°æ®å
ï¼ä½ä¹å¯å¨å¯ç¨ç¸å
³é
ç½®çæ
åµä¸å¯¹æ¬å°æååºçæ°æ®å
ä¹è¿è¡çç¥è·¯ç±ã
æ¬æå°±çç¥è·¯ç±ç以ä¸å个æ¹é¢åç¸å
³è®²è§£ï¼
1ãå¯ç¨çç¥è·¯ç±
2ãå¯ç¨Fast-Switched PBR
3ãå¯ç¨Local PBR
4ãå¯ç¨CEF-Switched PBR
å¯ç¨çç¥è·¯ç±ï¼
å¼å§é
ç½®route-mapã使ç¨route-map map-tag [permit | deny] [sequence-number]è¿å
¥route-mapçé
置模å¼ã
使 ç¨matchè¯å¥å®ä¹æå
´è¶£çæµéï¼å¦æä¸å®ä¹åæå
¨é¨æµéãmatch length min maxãand/orãmatch ip address {access-list-number | name}[...access-list-number | name]
使ç¨setå½ä»¤è®¾ç½®æ°æ®å
è¡ä¸ºã
set ip precedence [number | name]
set ip next-hop ip-address [... ip-address]
set interface interface-type interface-number [... type number]
set ip default next-hop ip-address [... ip-address]
set default interface interface-type interface-number [... type ...number]
è¿ éè¦æ³¨æset ip next-hopä¸set ip default next-hopãset interfaceä¸set default interfaceè¿ä¸¤å¯¹è¯å¥çåºå«ï¼ä¸å«defaultçè¯å¥ï¼æ¯ä¸æ¥è¯¢è·¯ç±è¡¨å°±è½¬åæ°æ®å
å°ä¸ä¸è·³IPææ¥å£ï¼èå«ædefaultçè¯å¥æ¯å
æ¥è¯¢è·¯ ç±è¡¨ï¼å¨æ¾ä¸å°ç²¾ç¡®å¹é
çè·¯ç±æ¡ç®æ¶ï¼æ转åæ°æ®å
å°defaultè¯å¥æå®çä¸ä¸è·³IPææ¥å£ã
è¿å
¥æ³åºç¨çç¥è·¯ç±çæ¥å£ãinterface xxx
åºç¨æå®ä¹ççç¥ã注æå¿
é¡»å¨å®ä¹å¥½ç¸å
³çroute-mapåæè½å¨æ¥å£ä¸ä½¿ç¨è¯¥route-map,å¨æ¥å£å¯ç¨route-mapçç¥çå½ä»¤ä¸ºï¼
ip policy route-map map-tag
å¯ç¨Fast-Switched PBR
å¨Cisco IOS Release 12.0ä¹åï¼çç¥è·¯ç±åªè½éè¿âè¿ç¨è½¬åâæ¥è½¬åæ°æ®å
ï¼è¿æ ·æ°æ®å
ç转åæçæ¯é常ä½çï¼å¨ä¸åçå¹³å°ä¸ï¼åºæ¬å¨æ¯ç§1000å°10,000个æ°æ® å
ãéçç¼å转åææ¯çåºç°ï¼Ciscoå®ç°äºFast-Switched PBRï¼å¤§å¤§æåäºæ°æ®å
ç转åé度ãå¯ç¨æ¹æ³å³å¨æ¥å£ä¸ä½¿ç¨ip route-cache policyå½ä»¤ã
注æï¼Fast-switched PBRæ¯æææçmatchè¯å¥å大å¤æ°çsetè¯å¥ï¼ä½å
¶æä¸é¢ç两个éå¶ï¼
ä¸æ¯æset ip default next-hop ä¸ set default interfaceå½ä»¤ã
å¦ æå¨route-cacheä¸ä¸åå¨setä¸æå®çæ¥å£ç¸å
³ç项ï¼é£ä¹ä»
å¨point-to-pointæ¶set interfaceå½ä»¤æè½å¤Fast-switched PBRãèä¸ï¼å¨è¿è¡âè¿ç¨è½¬åâæ¶ï¼ç³»ç»è¿ä¼å
æ¥è¯¢è·¯ç±æ¡ç®æ¥ç该interfaceæ¯ä¸æ¯ä¸ä¸ªåççè·¯å¾ãèå¨fast switchingæ¶ï¼ç³»ç»ä¸ä¼å¯¹æ¤è¿è¡æ£æ¥ã
å¯ç¨Local PBR
é»è®¤æ
åµä¸ï¼è·¯ç±å¨èªèº«æ产ççæ°æ®å
ä¸ä¼è¢«çç¥è·¯ç±ï¼å¦ææ³å¯¹è·¯ç±å¨èªèº«äº§ççæ°æ®å
ä¹è¿è¡çç¥è·¯ç±ï¼é£ä¹éè¦å¨å
¨å±æ¨¡å¼ä¸ä½¿ç¨å¦ä¸å½ä»¤æ¥å¯ç¨ï¼
ip local policy route-map map-tag
å¯ç¨CEF-Switched PBR
å¨æ¯æCEFçå¹³å°ä¸ï¼ç³»ç»å¯ä»¥ä½¿ç¨CEF-Switched PBRæ¥æé«PBRç转åé度ï¼å
¶è½¬åé度æ¯Fast-Switched PBRæ´å¿«ï¼åªè¦ä½ å¨å¯ç¨PBRçè·¯ç±å¨ä¸å¯ç¨äºCEFï¼é£ä¹CEF-Switched PBRä¼èªå¨å¯ç¨ã
注ï¼ip route-cache policyä»
ä»
éç¨äºFast-Switched PBRï¼å¨CEF-Switched PBRä¸å¹¶ä¸éè¦ï¼å¦æä½ å¨å¯ç¨äºCEFçè·¯ç±å¨ä¸ä½¿ç¨PBRæ¶ï¼è¿ä¸ªå½ä»¤æ²¡æä»»ä½ä½ç¨ï¼ç³»ç»ä¼å¿½ç¥æ¤å½ä»¤çåå¨ã
PBRé
ç½®æ¡ä¾ï¼
æ¡ä¾1ï¼
è·¯ç±å¨éè¿ä¸¤æ¡ä¸åçé¾è·¯è¿æ¥è³ä¸¤ISPï¼å¯¹äºä»async 1æ¥å£è¿å
¥çæµéï¼å¨æ²¡æâ精确路ç±âå¹é
çæ
åµä¸ï¼ææºå°å为1.1.1.1çæ°æ®å
使ç¨çç¥è·¯ç±è½¬åè³6.6.6.6, æºå°å为2.2.2.2çæ°æ®å
转åè³7.7.7.7ï¼å
¶å®æ°æ®å
¨é¨ä¸¢å¼ã
é
ç½®å¦ä¸ï¼
access-list 1 permit ip 1.1.1.1
access-list 2 permit ip 2.2.2.2
!
interface async 1
ip policy route-map equal-access
!
route-map equal-access permit 10
match ip address 1
set ip default next-hop 6.6.6.6
route-map equal-access permit 20
match ip address 2
set ip default next-hop 7.7.7.7
route-map equal-access permit 30
set default interface null0
æ¡ä¾2
å¨ è·¯ç±å¨é对ä¸åæµéï¼ä¿®æ¹å
¶precedence bitï¼å¹¶è®¾ç½®ä¸ä¸è·³å°åã对äº1.1.1.1产ççæµéï¼è®¾ç½®precedence bit为priorityï¼å¹¶è®¾ç½®å
¶ä¸ä¸è·³è½¬åå°å为3.3.3.3ï¼å¯¹äº2.2.2.2产ççæµéï¼è®¾ç½®precedence bit为criticalï¼å¹¶è®¾ç½®å
¶ä¸ä¸è·³è½¬åå°å为3.3.3.5ã
é
ç½®å¦ä¸ï¼
access-list 1 permit ip 1.1.1.1
access-list 2 permit ip 2.2.2.2
!
interface ethernet 1
ip policy route-map Texas
!
route-map Texas permit 10
match ip address 1
set ip precedence priority
set ip next-hop 3.3.3.3
!
route-map Texas permit 20
match ip address 2
set ip precedence critical
set ip next-hop 3.3.3.5
温馨提示:答案为网友推荐,仅供参考