Welcome to our Online Store!

Routing policy application - The first routing strategy-2

2018-02-05 14:24:27

On the macro, some basic knowledge about routing strategy is introduced. Are you still feeling a little bad? Is not also feel what the routing strategy of force? Never mind, then we come to a realization of the routing filter through the routing strategy for example, as a master hand's first small display. This example involves ACL, ip-prefix, route-policy, filter-policy etc., we will be in the back of a few topics in detail, you will first look exactly what routing strategy on the line, do not study too much, so as not to zouhuorumo!

4.jpg

As shown in Figure 3, the network running OSPF, SwitchA received from the Internet routing network, and provides a Internet routing for OSPF networks, OSPF network now users want to receive only 172.16.16.0/24, 172.16.17.0/24 and 172.16.18.0/24 of the three external routing, the other way is not received by the external.

The above user requirements can be implemented in a variety of ways, and then we give two more common implementations for you to refer to.

In the following experiments, we configure the black hole routing in SwitchA as test routing, and introduce static path into OSPF to simulate routing from Internet network. The key configuration on SwitchA is as follows:

#

ospf 1

 import-route static

 area 0.0.0.0

  network 192.168.1.0 0.0.0.255

#

ip route-static 172.16.16.0 255.255.255.0 NULL0

ip route-static 172.16.17.0 255.255.255.0 NULL0

ip route-static 172.16.18.0 255.255.255.0 NULL0

ip route-static 172.16.19.0 255.255.255.0 NULL0

ip route-static 172.16.20.0 255.255.255.0 NULL0

#

3.1 implementation of routing filtering through ACL+route-policy

1, define a ACL 2000 to match the routing that needs to be released.

[SwitchA] acl 2000

[SwitchA-acl-basic-2000] rule 5 permit source 172.16.16.0 0

[SwitchA-acl-basic-2000] rule 10 permit source 172.16.17.0 0

[SwitchA-acl-basic-2000] rule 15 permit source 172.16.18.0 0

[SwitchA-acl-basic-2000] quit

2, create a route-policy named RP, and configure a node numbered 10, and call ACL2000.

[SwitchA] route-policy RP permit node 10

[SwitchA -route-policy] if-match acl 2000

3, call this route-policy when OSPF introduces static routing

[SwitchA] ospf 1

[SwitchA-ospf-1] import-route static route-policy RP

[SwitchA-ospf-1] quit

Because route-policy acquiescence in the default deny node, 172.16.19.0 and 172.16.20.0 routing is not introduced into OSPF because it does not satisfy the if-match statement.

After configuring the above routing policy, the routing table of SwitchB is as follows:

[SwitchB]display  ip routing-table 

Route Flags: R - relay, D - download to fib

-----------------------------------------------------------------------------

Routing Tables: Public

         Destinations : 7        Routes : 7       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8    Direct  0    0           D   127.0.0.1       InLoopBack0

      127.0.0.1/32   Direct  0    0           D   127.0.0.1       InLoopBack0

    172.16.16.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.17.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.18.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    192.168.1.0/24  Direct  0    0           D   192.168.1.2     Vlanif10

192.168.1.2/32      Direct  0    0           D   127.0.0.1       Vlanif10

It can be seen that after configuring the routing policy on SwitchA, there are only three external routes, 172.16.16.0/24, 172.16.17.0/24 and 172.16.18.0/24, in the IP routing table of SwitchB, and the other external routes are not.

Routing filtering through ip-prefix+filter-policy

1, define an address prefix list to match the routing that needs to be released.

[SwitchA] ip ip-prefix huawei index 10 permit 172.16.16.0 24

[SwitchA] ip ip-prefix huawei index 20 permit 172.16.17.0 24

[SwitchA] ip ip-prefix huawei index 30 permit 172.16.18.0 24

2, in the OSPF view of SwitchA, the distributed routing is filtered through filter-policy.

[SwitchA] ospf 1

[SwitchA -ospf-1] filter-policy ip-prefix huawei export

[SwitchA-ospf-1] quit

Because the ip-prefix default implied deny nodes, so the 172.16.19.0 and 172.16.20.0 routing because it is not within the allowable range of ip-prefix to SwitchB, so when the release of routing in SwitchA, only released in the range of ip-prefix within the routing, all other routing are not released.

After configuring the above configuration, the routing table for SwitchB is as follows:

[SwitchB] display  ip routing-table 

Route Flags: R - relay, D - download to fib

-----------------------------------------------------------------------------

Routing Tables: Public

         Destinations : 7        Routes : 7       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0

      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0

    172.16.16.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.17.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    172.16.18.0/24  O_ASE   150  1           D   192.168.1.1     Vlanif10

    192.168.1.0/24  Direct  0    0           D   192.168.1.2     Vlanif10

    192.168.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif10

It can be seen that after configuring the routing filter-policy on SwitchA, there are only three external routes, 172.16.16.0/24, 172.16.17.0/24 and 172.16.18.0/24, in the IP routing table of SwitchB, and the other external routes are not.

From the experimental results, the tools and methods used in the two methods are different, but the results are the same. I believe you have seen that the routing strategy does not directly equate to the route-policy, right? In fact, the routing strategy is a series of means to control the route, using the routing strategy may be different combinations of ACL, route-policy, ip-prefix, filter-policy and other tools, the above examples only are the combination of two kinds of common. In the following topics, we will further analyze the ways of using various tools. We believe that when you master all these tools, you will be able to use your routing strategy freely and arbitrarily.

Address: Room110,No.389 Jinwan Road,Shanghai,China

Email: daisy.dai@ccitel.com
service time: 7x24 hour

CCIT ICT PRODUCTS