这里是普通文章模块栏目内容页
华为策略路由,实现双线选路上网
思韵闪耀
2021-10-30 14:55:13
0

策略路由PBR(Policy-Based Routing)是一种依据用户制定的策略进行路由选择的机制。常用语多个公网出口环境,可以用于提高网络的安全性能和负载分担。

配置策略路由思路

  1. 配置ACL
  2. 创建流分类
  3. 创建流行为
  4. 创建流策略
  5. 接口应用流策略

拓扑图

华为策略路由,实现双线选路上网_第1张图片

组网需求:

某企业互联网出口有电信和联通两个运营商(ISP),组网如图;

要求PC1走电信出口上网

        PC2走联通出口上网

首先配置连通性:

PC1配置:

华为策略路由,实现双线选路上网_第2张图片

PC2配置:

华为策略路由,实现双线选路上网_第3张图片

SW配置:

sys
Enter system view, return user view with Ctrl+Z.
[Huawei]vlan batch 10 20 
[Huawei]int gi 0/0/2 
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 10
[Huawei-GigabitEthernet0/0/2]int gi 0/0/3
[Huawei-GigabitEthernet0/0/3]port link-type access
[Huawei-GigabitEthernet0/0/3]port default vlan 20
[Huawei-GigabitEthernet0/0/3]int gi 0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 20

路由器GW配置:

由于ENSP里面不支持undo switch,所以vlan间路由没有采取三层交换,而是单臂路由,现实中可以配置三层交换

***************配置单臂路由*********************

sys
[Huawei]int gi0/0/2.1
[Huawei-GigabitEthernet0/0/2.1]dot1q termination vid 10
[Huawei-GigabitEthernet0/0/2.1]ip addr 192.168.1.254 24
[Huawei-GigabitEthernet0/0/2.1]arp broadcast enable
[Huawei-GigabitEthernet0/0/2.1]int gi 0/0/2.2
[Huawei-GigabitEthernet0/0/2.2]dot1q termination vid 20
[Huawei-GigabitEthernet0/0/2.2]ip addr 192.168.2.254 24
[Huawei-GigabitEthernet0/0/2.2]arp broadcast enable


*****************配置广域网接口*********************

[Huawei]int gi 0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 10.1.1.2 24

[Huawei]int gi 0/0/1

[Huawei-GigabitEthernet0/0/0]ip addr 20.1.1.2 24

****************配置NAT(Eazy IP)*******************

[Huawei]acl 2001
[Huawei-acl-basic-2001]rule permit source 192.168.1.0 0.0.0.255
[Huawei-acl-basic-2001]acl 2002
[Huawei-acl-basic-2002]rule permit source 192.168.2.0 0.0.0.255
[Huawei-acl-basic-2002]q
[Huawei]int gi 0/0/0
[Huawei-GigabitEthernet0/0/0]nat outbound 2001
[Huawei-GigabitEthernet0/0/0]int gi 0/0/1
[Huawei-GigabitEthernet0/0/1]nat outbound 2002
[Huawei-GigabitEthernet0/0/1]q

 

模拟电信ISP操作:

sys
[Huawei]int gi 0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 100.1.1.1 24
[Huawei-GigabitEthernet0/0/0]int gi 0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 10.1.1.1 24
[Huawei-GigabitEthernet0/0/1]q
[Huawei]ospf 1 router-id 1.1.1.1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255 
[Huawei-ospf-1-area-0.0.0.0]import-route direct type 1               //发布直连路由
[Huawei-ospf-1]q

 

模拟联通ISP操作:

 

sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int gi0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 200.1.1.1 24
[Huawei-GigabitEthernet0/0/0]int gi0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 20.1.1.1 24
[Huawei-GigabitEthernet0/0/1]q
[Huawei]ospf 1 router-id 2.2.2.2
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 200.1.1.0 0.0.0.255
 [Huawei-ospf-1-area-0.0.0.0]import-route direct type 1

 

模拟Internet操作:

sys
Enter system view, return user view with Ctrl+Z.
[Huawei]int gi 0/0/0
[Huawei-GigabitEthernet0/0/0]ip addr 100.1.1.2 24
[Huawei-GigabitEthernet0/0/0]int gi 0/0/1
[Huawei-GigabitEthernet0/0/1]ip addr 200.1.1.2 24
[Huawei-GigabitEthernet0/0/1]int lo0
[Huawei-LoopBack0]ip addr 114.114.114.114 24
[Huawei-LoopBack0]ospf 1 router-id 3.3.3.3
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 200.1.1.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]import-route direct type 1
[Huawei-ospf-1]q

联通性配置完成!!!

现在可以发现不管是PC1还是PC2都可以正常上internet(错误:由于出口路由器与ISP1、ISP2之间没有路由,所以不通)

测试:

华为策略路由,实现双线选路上网_第4张图片

 

 

策略路由配置:

实现,PC1通过ISP电信上Internet

           PC2通过ISP联通上Internet     

[Huawei]acl 3001                               //vlan10
[Huawei-acl-adv-3001]rule permit ip source 192.168.1.0 0.0.0.255
[Huawei-acl-adv-3001]acl 3002                                 //vlan 20
[Huawei-acl-adv-3002]rule permit ip source 192.168.2.0 0.0.0.255
[Huawei-acl-adv-3002]
[Huawei-acl-adv-3002]acl 3003                 //两个子网地址段允许访问其网关
[Huawei-acl-adv-3003]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.1.254 0
[Huawei-acl-adv-3003]rule permit ip source 192.168.2.0 0.0.0.255 destination 192.168.2.254 0
[Huawei-acl-adv-3003]q

配置流匹配

[Huawei]traffic classifier c1
[Huawei-classifier-c1]if-match acl 3001
[Huawei]traffic classifier c2
[Huawei-classifier-c2]if-match acl 3002
[Huawei-classifier-c2]q
[Huawei]traffic classifier c3
[Huawei-classifier-c3]if-match acl 3003
[Huawei-classifier-c3]q

配置流行为

[Huawei]traffic behavior b1
[Huawei-behavior-b1]redirect ip-nexthop  10.1.1.1
[Huawei-behavior-b1]traffic behavior b2
[Huawei-behavior-b2]redirect ip-nexthop 20.1.1.1
[Huawei-behavior-b2]traffic behavior b3
[Huawei-behavior-b3]permit

配置流策略

[Huawei-behavior-b3]traffic policy p1
[Huawei-trafficpolicy-p1]classifier c3 behavior b3
[Huawei-trafficpolicy-p1]classifier c1 behavior b1
[Huawei-trafficpolicy-p1]classifier c2 behavior b2
[Huawei-trafficpolicy-p1]q

配置流应用(端口应用)

[Huawei]int gi0/0/2.1
[Huawei-GigabitEthernet0/0/2.1]traffic-policy p1 inbound
[Huawei-GigabitEthernet0/0/2.1]int gi0/0/2.2
[Huawei-GigabitEthernet0/0/2.2]traffic-policy p1 inbound
[Huawei-GigabitEthernet0/0/2.2]q

 

测试:

PC1访问internet路径:

华为策略路由,实现双线选路上网_第5张图片

PC2访问internet路径:

华为策略路由,实现双线选路上网_第6张图片

上一篇:华为NE系列路由多运营商选路(源进源出)配置

下一篇:traffic policy

栏目索引
相关内容
一生受益-思韵闪耀-专业IT技术社区 - 爱编程,爱源码,爱技术,一生受益。
Powered by 一生受益-思韵闪耀 2009-2024 ©思韵闪耀 豫ICP备13002912号-2 粤公网安备44011202000167