IP : IP 版本 6 (IPv6)

基于策略的路由通过IPv6配置示例

2016 年 10 月 24 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 8 月 22 日) | 反馈


目录


简介

基于策略的路由为表示和实现转发提供一机制/根据策略的路由数据包定义由网络管理员。基于策略的路由应用到流入数据包并且使用路由映射定义策略。基于在路由映射定义的标准,数据包转发/路由对适当的下一跳。本文为基于策略的路由提供一配置示例通过IPv6。

先决条件

要求

本文档没有任何特定的要求。

注意: IPv6 PBR的参考的限制关于限制的更多信息。

使用的组件

本文档不限于特定的软件和硬件版本。

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

配置

在此配置情形中,基于策略的路由(PBR)在WAN路由器配置,并且策略路由在fa1/0接口应用。根据从网络的配置流量, 6001:66:66:66::6重定向到中间路由器。这通过基于策略的路由达到。此配置示例设置下一跳到2001:10:10:10::2。如果数据流源是6001:66:66:66::6,则流量重定向到然后到达互联网路由器的中间路由器。

注意: 有关本文档所用命令的详细信息,请使用命令查找工具仅限注册用户)。

网络图

本文档使用以下网络设置:

/image/gif/paws/112218/policy-based-routing-ipv6-configex-1.gif

配置

本文档使用以下配置:

WAN路由器配置
WAN_Router#
!
ipv6 unicast-routing
ipv6 cef
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed 100
 ipv6 address 1001:10:10:10::1/64
 ipv6 enable
 ipv6 eigrp 55
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed 100
 ipv6 address 2001:10:10:10::1/64
 ipv6 enable
 ipv6 eigrp 55
!
interface FastEthernet1/0
 no ip address
 speed 100
 full-duplex
 ipv6 address 3001:10:10:10::1/64
 ipv6 enable
 ipv6 eigrp 55
 ipv6 policy route-map ipv6
!
ipv6 router eigrp 55
 router-id 3.3.3.3
 no shutdown
!
route-map ipv6 permit 10
 match ipv6 address ALLOW_INTERNAL_NETWORK
 set ipv6 next-hop 2001:10:10:10::2
!
ipv6 access-list ALLOW_INTERNAL_NETWORK
 permit ipv6 6001:66:66:66::/64 any

!--- Creates IPv6 access-list ALLOW_INTERNAL_NETWORK 
!--- and permits any ipv6 address in the network 6001:66:66:66::/64

!

中间路由器配置
Intermediate_Router#
!
ip cef
!
ipv6 unicast-routing
ipv6 cef
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed 100
 ipv6 address 2001:10:10:10::2/64
 ipv6 enable
 ipv6 eigrp 55
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed 100
 ipv6 address 4001:10:10:10::2/64
 ipv6 enable
 ipv6 eigrp 55
!
ipv6 router eigrp 55
 router-id 2.2.2.2
 no shutdown
!

互联网路由器配置
Internet_Router#
!
ip cef
!
ipv6 unicast-routing
ipv6 cef
!
!
interface Loopback10
 no ip address
 ipv6 address 5001:55:55:55::5/64
 ipv6 enable
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed 100
 ipv6 address 1001:10:10:10::2/64
 ipv6 enable
 ipv6 eigrp 55
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed 100
 ipv6 address 4001:10:10:10::1/64
 ipv6 enable
 ipv6 eigrp 55
!

ipv6 route ::/64 Loopback10
ipv6 router eigrp 55
 router-id 1.1.1.1
 no shutdown
 redistribute connected
!

本地路由器配置
Local_Router#
!
ip cef
!
ipv6 unicast-routing
ipv6 cef
!
!
interface Loopback10
 no ip address
 ipv6 address 6001:66:66:66::6/64
 ipv6 enable
!
interface FastEthernet0/0
 no ip address
 speed 100
 full-duplex
 ipv6 address 3001:10:10:10::2/64
 ipv6 enable
!
!
ipv6 route ::/64 FastEthernet0/0

!--- Static route is configured in the local router.

!

验证

发出ping命令从Local_Router为了检查基于策略的路由:

Local_Router#ping ipv6 5001:55:55:55::5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5001:55:55:55::5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/40/76 ms

启用此debug命令在WAN_Router为了发现基于策略的路由是否作用适当地:

Wan_Router#
debug ipv6 policy

IPv6 policy-based routing debugging is on

Wan_Router#
*Mar  1 04:10:43.846: IPv6 PBR (CEF): FastEthernet1/0, 
      matched src 6001:66:66:66::6 dst 5001:55:55:55::5 protocol 17
*Mar  1 04:10:43.846: IPv6 PBR (CEF): FIB policy route via FastEthernet0/1
*Mar  1 04:10:46.826: IPv6 PBR (CEF): FastEthernet1/0, 
      matched src 6001:66:66:66::6 dst 5001:55:55:55::5 protocol 17
*Mar  1 04:10:46.826: IPv6 PBR (CEF): FIB policy route via FastEthernet0/1
*Mar  1 04:10:49.834: IPv6 PBR (CEF): FastEthernet1/0, 
      matched src 6001:66:66:66::6 dst 5001:55:55:55::5 protocol 17
*Mar  1 04:10:49.834: IPv6 PBR (CEF): FIB policy route via FastEthernet0/1
*Mar  1 04:10:52.838: IPv6 PBR (CEF): FastEthernet1/0, 
      matched src 6001:66:66:66::6 dst 5001:55:55:55::5 protocol 17
*Mar  1 04:10:52.838: IPv6 PBR (CEF): FIB policy route via FastEthernet0/1

故障排除

不正确的配置的示例

当此示例输出显示, IPv4和IPv6 PBR在接口不能共存:

route-map BGP-NLGP-MSP-I2RandE-ALLOW permit 10
 description For allowing BGP sessions and setting next hops
 match ipv6 address BGP-NLGP-MSP-I2RandE-IPV6-ALLOW		
!
route-map BGP-NLGP-MSP-I2RandE-ALLOW permit 20
 match ip address BGP-NLGP-MSP-I2RandE-IPV4-ALLOW	
!
route-map BGP-NLGP-MSP-I2RandE-ALLOW permit 30
 set ip next-hop 192.168.48.41
 set ipv6 next-hop 2620:32:0:1000::2
!

正确配置的示例

为了应用IPv4和IPv6,您在接口必须使用两个不同route-map IPv4和IPv6然后应用他们。此输出示例:提供一示例:

route-map IPv6 permit 10
 match ipv6 address BGP-NLGP-MSP-I2RandE-IPV6-ALLOW
 set ipv6 next-hop 2620:32:0:1000::2
route-map IPV4 permit 10
 match ip address BGP-NLGP-MSP-I2RandE-IPV4-ALLOW
 set ip next-hop 192.168.48.41
Router#show run interface e0/0
Building configuration...

Current configuration : 163 bytes
!
interface Ethernet0/0
 ip address 10.57.253.109 255.255.255.252
 ip policy route-map IPV4
 ipv6 address 2001:468:1900:70::1/64
 ipv6 policy route-map IPv6
end

相关信息


Document ID: 112218