Policy-based Routing(PBR)综合实验
版权声明:原创作品,谢绝转载!否则将追究法律责任。 |
 拓扑说明
R1,R2通过局域网交换机连接,R2,R3通过FRAME-RELAY交换机连接。R1,R2,R3上启用OSPF协议,其中R1的所有接口和R2的F0/0,F1/0,L0属于AREA 1 R2的S2/0和R3的S2/0属于AREA 0,R3的L0 ,L1属于AREA 3 实验描述 在R2上配置PBR,是从R3的L0端口过来的包大小在0~200BYTES的ICMP包的IP PRECEDENCE被设置为2,next hop为10.0.0.1。从R3的L1过来的UDP包的IP PRECEDENCE被设置为4,netx hop为10.0.1.1 R1
conf t int l 0 ip ad 1.1.1.1 255.255.255.0 int f 0/0 ip ad 10.0.0.1 255.255.255.0 no shut int f 1/0 ip ad 10.0.1.1 255.255.255.0 no shut router ospf 1 router-id 1.1.1.1 net 1.1.1.1 0.0.0.0 a 1 net 10.0.0.1 0.0.0.0 a 1 net 10.0.1.1 0.0.0.0 a 1 end R2
conf t int l 0 ip ad 2.2.2.2 255.255.255.0 int f 0/0 ip ad 10.0.0.2 255.255.255.0 no shut int f 1/0 ip ad 10.0.1.2 255.255.255.0 no shut int s2/0 ip ad 10.0.2.2 255.255.255.0 encap f no arp f no frame inver frame map ip 10.0.2.3 203 b no shut exit router ospf 1 router-id 2.2.2.2 nei 10.0.2.3 net 2.2.2.2 0.0.0.0 a 1 net 10.0.0.2 0.0.0.0 a 1 net 10.0.1.2 0.0.0.0 a 1 net 10.0.2.2 0.0.0.0 a 0 exit access-list 100 permit icmp 3.3.3.0 0.0.0.255 1.1.1.0 0.0.0.255 access-list 101 permit udp 3.3.30.0 0.0.0.255 1.1.1.0 0.0.0.255 route-map PBR permit 10 match ip address 100 match length 0 200 set ip percedence 2 set ip next-hop 10.0.0.1 exit route-map PBR permit 20 match ip address 101 set ip precedence 4 set ip next-hop 10.0.1.1 exit int s2/0 ip policy route-map PBR end R3
conf t int l 0 ip ad 3.3.3.3 255.255.255.0 int l 1 ip ad 3.3.30.3 255.255.255.0 int s2/0 ip ad 10.0.2.3 255.255.255.0 encap f no arp f no frame inver frame map ip 10.0.2.2 302 b no shut exit router ospf 1 nei 10.0.2.2 net 10.0.2.3 0.0.0.0 a 0 net 3.3.3.3 0.0.0.0 a 3 net 3.3.30.3 0.0.0.0 a 3 end 校验
在R2启用debug ip policy 在R3上做扩展的PING和traceroute 当发送的包为100BYTES时: R3#ping
Protocol [ip]: Target IP address: 1.1.1.1 Repeat count [5]: 10 Datagram size [100]: 默认为100BYTES Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 3.3.3.3 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 10, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: Packet sent with a source address of 3.3.3.3 !!!!!!!!!! Success rate is 100 percent (10/10), round-trip min/avg/max = 12/41/116 ms R2#debug ip policy
*Mar 22 12:39:58.047: IP: s=3.3.3.3 (Serial2/0), d=1.1.1.1, len 100, FIB policy match *Mar 22 12:39:58.047: IP: s=3.3.3.3 (Serial2/0), d=1.1.1.1, g=10.0.0.1, len 100, FIB policy routed 当发送包为300BYTES时
R3#ping
Protocol [ip]: Target IP address: 1.1.1.1 Repeat count [5]: 10 Datagram size [100]: 300 Timeout in seconds [2]: Extended commands [n]: y Source address or interface: 3.3.3.3 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 10, 300-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: Packet sent with a source address of 3.3.3.3 !!!!!!!!!! Success rate is 100 percent (10/10), round-trip min/avg/max = 16/56/140 ms R2#
*Mar 22 12:41:07.775: IP: s=3.3.3.3 (Serial2/0), d=1.1.1.1, len 300, FIB policy rejected(no match) - normal forwarding R3#traceroute Protocol [ip]: Target IP address: 1.1.1.1 Source address: 3.3.30.3 Numeric display [n]: Timeout in seconds [3]: Probe count [3]: Minimum Time to Live [1]: Maximum Time to Live [30]: Port Number [33434]: Loose, Strict, Record, Timestamp, Verbose[none]: Type escape sequence to abort. Tracing the route to 1.1.1.1 1 10.0.2.2 88 msec 104 msec 24 msec
2 10.0.1.1 68 msec * 84 msec R2#
*Mar 22 12:42:20.795: IP: s=3.3.30.3 (Serial2/0), d=1.1.1.1, len 28, FIB policy match *Mar 22 12:42:20.795: IP: s=3.3.30.3 (Serial2/0), d=1.1.1.1, g=10.0.1.1, len 28, FIB policy routed R2#sh ip access-list Extended IP access list 100 10 permit icmp 3.3.3.0 0.0.0.255 1.1.1.0 0.0.0.255 (40 matches) Extended IP access list 101 10 permit udp 3.3.30.0 0.0.0.255 1.1.1.0 0.0.0.255 (6 matches) 本文出自 “穿过地狱去看海” 博客,谢绝转载! 本文出自 51CTO.COM技术博客 |
cj231210
博客统计信息
热门文章
最新评论
友情链接
