- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
55-MSR系列路由器策略路由与NQA联动典型配置举例
本章节下载: 55-MSR系列路由器策略路由与NQA联动典型配置举例 (146.64 KB)
MSR系列路由器策略路由与NQA联动典型配置举例
|
Copyright © 2014 杭州华三通信技术有限公司 版权所有,保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部, 并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。 |
|
目 录
本文主要介绍策略路由与NQA联动典型配置。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解策略路由和NQA特性。
如图1所示,RouterA到达RouterC的路由下一跳为RouterB,在RouterB上通过策略路由、Track与NQA联动,对到达Router C的链路有效性进行实时判断。
图1 策略路由与NQA联动配置组网图
· 为实现全网互通,配置路由协议;
· 为监控策略路由,建立NQA测试组;
· 为使能NQA,Track与NQA测试组关联。
本举例是在Release 2317版本上进行配置和验证的。
策略路由可以在配置报文的发送接口、缺省发送接口、下一跳、缺省下一跳时与Track项关联,通过Track项的状态来动态地决定策略的可用性。当应用动作增加Track关联后,如果事件发生时Track项状态为positive,则该配置项有效,可以指导转发;事件发生时,Track项状态为negative,则该配置项无效,转发时忽略该配置项。
# 配置以太网口的IP地址
<RouterA>system-view
[RouterA]interface GigabitEthernet 0/1
[RouterA-GigabitEthernet0/1]ip address 200.1.1.1 255.255.255.0
[RouterA-GigabitEthernet0/1]quit
# 创建RIP动态路由
[RouterA]rip 1
[RouterA-rip-1]version 2
[RouterA-rip-1]network 200.1.1.0
# 定义访问控制列表
<RouterB>system-view
[RouterB]acl number 3009
[RouterB-acl-adv-3009]rule 0 permit ip source 200.1.1.0 0.0.0.255
[RouterB-acl-adv-3009]quit
# 创建虚接口VT87,并配置其IP地址
[RouterB]interface Virtual-Template 87
[RouterB-Virtual-Template87]ip address 1.1.1.1 255.255.255.0
[RouterB-Virtual-Template87]quit
# 配置串口S8/7,使其MP捆绑到虚接口VT87上
[RouterB]interface Serial 8/7
[RouterB-Serial8/7]ppp mp Virtual-Template 87
[RouterB-Serial8/7]quit
# 定义1号节点,使匹配ACL 3009的任何IP报文被发往接口VT87,并配置与track1的联动配置
[RouterB]policy-based-route test permit node 1
[RouterB-pbr-test-1]if-match acl 3009
[RouterB-pbr-test-1]apply output-interface Virtual-Template87 track 1
[RouterB-pbr-test-1]quit
# 创建ICMP类型的NQA测试组(管理员为admin,操作标签为 1)并配置相关可选测试参数
[RouterB]nqa entry admin 1
[RouterB-nqa-admin-1]type icmp-echo
[RouterB-nqa-admin-1-icmp-echo]destination ip 1.1.1.2
[RouterB-nqa-admin-1-icmp-echo]frequency 5000
[RouterB-nqa-admin-1-icmp-echo]source ip 1.1.1.1
# 配置Reaction监测项1(失败1次触发联动)
[RouterB-nqa-admin-1-icmp-echo]reaction 1 checked-element probe-fail threshold-type consecutive 1 action-type trigger-only
[RouterB-nqa-admin-1-icmp-echo]quit
# 配置以太口GigabitEthernet0/1的IP地址,在GigabitEthernet0/1接口上应用策略路由test
[RouterB]interface GigabitEthernet 0/1
[RouterB-GigabitEthernet0/1]ip address 200.1.1.2 255.255.255.0
[RouterB-GigabitEthernet0/1]ip policy-based-route test
[RouterB-GigabitEthernet0/1]quit
# 配置Track项1,关联NQA测试组(管理员为admin,操作标签为 1)的Reaction监测项1
[RouterB]track 1 nqa entry admin 1 reaction 1
# 创建RIP动态路由
[RouterB]rip 1
[RouterB-rip-1]version 2
[RouterB-rip-1]network 200.1.1.0
[RouterB-rip-1]network 1.1.1.0
# 创建虚接口VT87,并配置其IP地址
<RouterC>system-view
[RouterC]interface Virtual-Template 87
[RouterC-Virtual-Template87]ip address 1.1.1.2 255.255.255.0
[RouterC-Virtual-Template87]quit
# 配置串口S8/7,使其MP捆绑到虚接口VT87上
[RouterC]interface Serial 8/7
[RouterC-Serial8/7]ppp mp Virtual-Template 87
[RouterC-Serial8/7]quit
# 创建RIP动态路由
[RouterC]rip 1
[RouterC-rip-1]version 2
[RouterC-rip-1]network 1.1.1.0
(1) 启动ICMP测试操作
[RouterB]nqa schedule admin 1 start-time now lifetime forever
(2) 在RouterB显示ICMP NQA测试成功的结果,NQA将探测结果通知给TRACK模块,则对应Track项的状态为positive,就表示策略路由指定的出接口有效,可以指导转发
[RouterB]display nqa result admin 1
NQA entry(admin admin, tag 1) test results:
Destination IP address: 1.1.1.2
Send operation times: 1 Receive response times: 1
Min/Max/Average round trip time: 38/38/38
Square-Sum of round trip time: 1444
Last succeeded probe time: 2011-09-28 15:11:57.1
Extend results:
Packet lost in test: 0%
Failures due to timeout: 0
Failures due to disconnect: 0
Failures due to no connection: 0
Failures due to sequence error: 0
Failures due to internal error: 0
Failures due to other errors: 0
[RouterB]display track 1
Track ID: 1
Status: Positive
Duration: 0 days 0 hours 4 minutes 50 seconds
Notification delay: Positive 0, Negative 0 (in seconds)
Reference object:
NQA entry: admin 1
Reaction: 1
(3) 在RouterA发5个ping包到1.1.1.2,查看RouterB的策略路由的统计信息,统计成功转发了5个数据包
<RouterB>dispaly ip policy-based-route statistics interface GigabitEthernet 0/1
Interface GigabitEthernet0/1 policy based routing statistics information:
policy-based-route: test
permit node 1
apply output-interface Virtual-Template87 track 1
Denied: 0,
Forwarded: 5
Total denied: 0, forwarded: 5
(4) 断开RouterB与RouterC之间的连接线缆,在RouterB显示ICMP NQA测试不成功的结果,NQA将探测结果通知给TRACK模块,则对应Track项的状态为Negative,就表示策略路由指定的出接口无效,转发时忽略该配置项
<RouterB>display nqa result admin 1
NQA entry(admin admin, tag 1) test results:
Destination IP address: 1.1.1.2
Send operation times: 1 Receive response times: 0
Min/Max/Average round trip time: 0/0/0
Square-Sum of round trip time: 0
Last succeeded probe time: 0-00-00 00:00:00.0
Extend results:
Packet lost in test: 100%
Failures due to timeout: 1
Failures due to disconnect: 0
Failures due to no connection: 0
Failures due to sequence error: 0
Failures due to internal error: 0
Failures due to other errors: 0
<RouterB>dis track 1
Track ID: 1
Status: Negative
Duration: 0 days 0 hours 4 minutes 50 seconds
Notification delay: Positive 0, Negative 0 (in seconds)
Reference object:
NQA entry: admin 1
Reaction: 1
(5) 在RouterA发5个ping包到1.1.1.2,查看RouterB的策略路由的统计信息,统计显示忽略了这5个数据包,这些数据包无法通过此策略路由进行转发,需按正常转发流程处理。
<RouterB>dispaly ip policy-based-route statistics interface GigabitEthernet 0/1
Interface GigabitEthernet0/1 policy based routing statistics information:
policy-based-route: test
permit node 1
apply output-interface Virtual-Template87 track 1
Denied: 5,
Forwarded: 0
Total denied: 5, forwarded: 0
· Router A
#
sysname RouterA
#
interface GigabitEthernet0/1
port link-mode route
ip address 200.1.1.1 255.255.255.0
#
rip 1
version 2
network 200.1.1.0
#
· Router B
#
sysname RouterB
#
acl number 3009
rule 0 permit ip source 200.1.1.0 0.0.0.255
#
interface Serial8/7
link-protocol ppp
ppp mp Virtual-Template 87
#
interface Virtual-Template87
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 200.1.1.2 255.255.255.0
ip policy-based-route test
#
rip 1
version 2
network 200.1.1.0
network 1.0.0.0
#
nqa entry admin 1
type icmp-echo
destination ip 1.1.1.2
frequency 5000
reaction 1 checked-element probe-fail threshold-type consecutive 1 action-type trigger-only
source ip 1.1.1.1
#
policy-based-route test permit node 1
if-match acl 3009
apply output-interface Virtual-Template87 track 1
#
track 1 nqa entry admin 1 reaction 1
#
nqa agent max-concurrent 81
nqa schedule admin 1 start-time now lifetime forever
#
· Router C
#
sysname RouterC
#
interface Serial8/7
link-protocol ppp
ppp mp Virtual-Template 87
#
interface Virtual-Template87
ip address 1.1.1.2 255.255.255.0
#
rip 1
version 2
network 1.0.0.0
#
· H3C MSR 系列路由器 命令参考(V5)-R2311
· H3C MSR 系列路由器 配置指导(V5)-R2311
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
