Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-S12500_Policy-Based_Routing_Configuration_Examples | 91.53 KB |
Introduction
This document provides policy-based routing (PBR) configuration examples.
PBR is a routing mechanism based on user-defined policies. PBR enables you to use a policy based on the source address, destination address, IP precedence, protocol type and other fields to route packets flexibly.
Prerequisites
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of H3C PBR.
Example: Configuring PBR
Network requirements
As shown in Figure 1, all packets received on GigabitEthernet 5/0/47 are forwarded based on the routing table to the next hop 10.4.1.2 by default.
Configure the device to meet the following requirements:
· Packets received on GigabitEthernet 5/0/47 with source IP address 10.1.1.1 are forwarded to the next hop 10.3.1.2. If the next hop is not reachable, packets are forwarded through the routing table.
· Packets received on GigabitEthernet 5/0/47 with source IP address 10.2.1.1 are forwarded to the primary next hop 10.5.1.2 or backup next hop 10.3.1.2. If neither the primary nor the backup next hop is reachable, packets are forwarded through the routing table.
Software version used
This configuration example was created and verified on S12500-CMW520-R1825P01.
Configuration restrictions and guidelines
When you configure PBR, follow these restrictions and guidelines:
· When you configure the action of redirecting traffic to a next hop, do not specify an IPv6 address in an IPv4 ACL rule, or specify an IPv4 address in an IPv6 ACL rule.
· PBR takes precedence over destination-based routing.
Configuration procedures
1. Configure IP addresses for interfaces, as shown in Figure 1. (Details not shown.)
2. Configure PBR:
# Create ACL 3005 to match packets with source address 10.1.1.1.
<DEVICE> system-view
[DEVICE] acl number 3005
[DEVICE-acl-adv-3005] rule 0 permit ip source 10.1.1.1 0
[DEVICE-acl-adv-3005] quit
# Create ACL 3006 to match packets with source address 10.2.1.1.
[DEVICE] acl number 3006
[DEVICE-acl-adv-3006] rule 0 permit ip source 10.2.1.1 0
[DEVICE-acl-adv-3006] quit
# Configure Node 0 for policy pbr1 to redirect traffic matching ACL 3005 to the next hop 10.3.1.2.
[DEVICE] policy-based-route pbr1 permit node 0
[DEVICE-pbr-pbr1-0] if-match acl 3005
[DEVICE-pbr-pbr1-0] apply ip-address next-hop 10.3.1.2
[DEVICE-pbr-pbr1-0] quit
# Configure Node 1 for policy pbr1 to redirect traffic matching ACL 3006 to the primary next hop 10.5.1.2 or backup next hop 10.3.1.2. If neither the primary nor the backup next hop is reachable, packets are forwarded through the routing table.
[DEVICE] policy-based-route pbr1 permit node 1
[DEVICE-pbr-pbr1-1] if-match acl 3006
[DEVICE-pbr-pbr1-1] apply ip-address next-hop 10.5.1.2 10.3.1.2
[DEVICE-pbr-pbr1-1] quit
# Apply policy pbr1 to the inbound interface VLAN-interface 2.
[DEVICE] interface vlan-interface 2
[DEVICE-Vlan-interface2] ip policy-based-route pbr1
[DEVICE-Vlan-interface2] quit
Verifying the configuration
# Verify packet forwarding on the device:
· If both 10.3.1.2 and 10.5.1.2 are reachable, packets are forwarded in the following way:
¡ Packets with source IP address 10.1.1.1 are redirected to the next hop 10.3.1.2.
¡ Packets with source IP address 10.2.1.1 are redirected to the next hop 10.5.1.2.
· If 10.3.1.2 is reachable but 10.5.1.2 is not reachable, packets are forwarded in the following way:
¡ Packets with source IP address 10.1.1.1 are redirected to the next hop 10.3.1.2.
¡ Packets with source IP address 10.2.1.1 are redirected to the next hop 10.3.1.2.
· If 10.5.1.2 is reachable but 10.3.1.2 is not reachable, packets are forwarded in the following way:
¡ Packets with source IP address 10.1.1.1 are forwarded through the routing table to the next hop 10.4.1.2.
¡ Packets with source IP address 10.2.1.1 are redirected to the next hop 10.5.1.2.
· If neither 10.3.1.2 nor 10.5.1.2 is reachable, packets are forwarded in the following way:
¡ Packets with source IP address 10.1.1.1 are forwarded through the routing table to the next hop 10.4.1.2.
¡ Packets with source IP address 10.2.1.1 are forwarded through the routing table to the next hop 10.4.1.2.
Configuration files
[DEVICE] display current-configuration
#
vlan 1
#
vlan 2 to 8
#
policy-based-route pbr1 permit node 0
if-match acl 3005
apply ip-address next-hop 10.3.1.2
policy-based-route pbr1 permit node 1
if-match acl 3006
apply ip-address next-hop 10.3.1.2
apply ip-address next-hop 10.5.1.2
#
interface Vlan-interface2
ip address 10.1.2.1 255.255.255.0
ip policy-based-route pbr1
#
interface Vlan-interface3
ip address 10.3.1.1 255.255.255.0
#
interface Vlan-interface4
ip address 10.4.1.1 255.255.255.0
#
interface Vlan-interface5
ip address 10.5.1.1 255.255.255.0
#
interface GigabitEthernet5/0/3
port link-mode bridge
port access vlan 3
#
interface GigabitEthernet5/0/4
port link-mode bridge
port access vlan 4
#
interface GigabitEthernet5/0/47
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet5/0/48
port link-mode bridge
port access vlan 5
#
Related documentation
· H3C S12500 Routing Switch Series Layer 3—IP Routing Configuration Guide
· H3C S12500 Routing Switch Series Layer 3—IP Routing Command Reference
