Exemple de configuration du routage fondé sur la stratégie à l'aide des commandes set ip default next-hop et set ip next-hop
Contenu
Introduction
Ce document fournit un exemple de configuration pour le Policy Based Routing (PBR) utilisant les commandes « set ip default next-hop » et « set ip next-hop ».
La commande de set ip default next-hop vérifie l'existence de l'adresse IP de destination dans la table de routage, et…
-
si l'adresse IP de destination existe, la commande ne fait pas artère de stratégie le paquet, mais en avant le paquet basé sur la table de routage.
-
si l'adresse IP de destination n'existe pas, la stratégie de commande conduit le paquet en l'envoyant au prochain saut spécifié.
La commande de set ip next-hop vérifie l'existence du prochain saut spécifié, et…
-
si le prochain saut existe dans la table de routage, alors la stratégie de commande conduit le paquet au prochain saut.
-
si le prochain saut n'existe pas dans la table de routage, la commande emploie la table de routage normale pour expédier le paquet.
Conditions préalables
Conditions requises
Aucune spécification déterminée n'est requise pour ce document.
Composants utilisés
Ce document n'est pas limité au logiciel et aux versions de matériel spécifiques ; cependant, le logiciel utilisé doit prendre en charge le routage basé par stratégie. Utilisez le navigateur de caractéristique pour déterminer quels matériel et logiciel est pris en charge pour cette configuration.
Conventions
Pour plus d'informations sur les conventions utilisées dans ce document, reportez-vous aux Conventions relatives aux conseils techniques Cisco.
Configurez
Cette section vous fournit des informations pour configurer les fonctionnalités décrites dans ce document.
Remarque: Pour obtenir des informations supplémentaires sur les commandes utilisées dans ce document, utilisez l'Outil de recherche de commande (clients enregistrés seulement).
Diagramme du réseau
Ce document utilise la configuration réseau suivante :
Étude de cas 1 : Routage de stratégie utilisant la commande de set ip default next-hop avec le protocole de routage dynamique
Cette section utilise ces configurations :
| R1 |
|---|
R1# show running-config Building configuration... . ! interface Ethernet0/0 ip address 100.100.100.1 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.1 255.255.255.0 ! interface Serial2/0 ip address 20.20.20.1 255.255.255.0 ! router ospf 1 !--- OSPF is not configured on Serial1/0. log-adjacency-changes network 20.20.20.0 0.0.0.255 area 0 network 100.100.100.0 0.0.0.255 area 0 ! ip classless no ip http server ! access-list 100 permit ip host 100.100.100.3 host 200.200.200.4 ! route-map blah permit 10 match ip address 100 set ip default next-hop 10.10.10.2 . . ! end |
| R2 |
|---|
R2# show running-config Building configuration... . ! ! interface Ethernet0/0 ip address 200.200.200.2 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.2 255.255.255.0 fair-queue ! interface Serial2/0 ip address 20.20.20.2 255.255.255.0 ! router ospf 1 !--- OSPF is not configured on Serial1/0. log-adjacency-changes network 20.20.20.0 0.0.0.255 area 0 network 200.200.200.0 0.0.0.255 area 0 ! ip classless no ip http server ! access-list 100 permit ip host 200.200.200.4 host 100.100.100.3 ! route-map blah permit 10 match ip address 100 set ip default next-hop 10.10.10.1 ! end |
Vérifiez l'étude de cas 1
Quand l'artère de destination existe dans la table de routage, l'expédition normal est utilisé — ne font pas l'artère de stratégie le paquet.
R1# show ip route 200.200.200.4
Routing entry for 200.200.200.0/24
Known via "ospf 1", distance 110, metric 74, type intra area
Last update from 20.20.20.2 on Serial2/0, 00:11:48 ago
Routing Descriptor Blocks:
* 20.20.20.2, from 30.30.30.3, 00:11:48 ago, via Serial2/0
Route metric is 74, traffic share count is 1
R1# debug ip policy
Policy routing debugging is on
*Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match
*Dec 4 12:50:57.363: IP: route map blah, item 10, permit
*Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding
*Dec 4 12:50:57.431: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match
*Dec 4 12:50:57.431: IP: route map blah, item 10, permit
*Dec 4 12:50:57.431: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding
*Dec 4 12:50:57.491: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match
*Dec 4 12:50:57.491: IP: route map blah, item 10, permit
*Dec 4 12:50:57.491: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding
R2# show ip route 100.100.100.3
Routing entry for 100.100.100.0/24
Known via "ospf 1", distance 110, metric 74, type intra area
Last update from 20.20.20.1 on Serial2/0, 00:11:42 ago
Routing Descriptor Blocks:
* 20.20.20.1, from 100.100.100.1, 00:11:42 ago, via Serial2/0
Route metric is 74, traffic share count is 1
R2# debug ip policy
Policy routing debugging is on
*Dec 4 12:50:57.779: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match
*Dec 4 12:50:57.779: IP: route map blah, item 10, permit
*Dec 4 12:50:57.779: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial2/0), len 100, policy rejected -- normal forwarding
*Dec 4 12:50:57.839: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match
*Dec 4 12:50:57.839: IP: route map blah, item 10, permit
*Dec 4 12:50:57.839: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial2/0), len 100, policy rejected -- normal forwarding
*Dec 4 12:50:57.911: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match
*Dec 4 12:50:57.911: IP: route map blah, item 10, permit
*Dec 4 12:50:57.911: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial2/0), len 100, policy rejected -- normal forwarding
Quand l'interface série 2/0 descend et l'adresse de destination disparaît de la table de routage, le paquet est stratégie conduit.
R1# show ip route 200.200.200.0 % Network not in table R1# *Dec 5 13:26:27.567: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:26:27.567: IP: route map blah, item 10, permit *Dec 5 13:26:27.567: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:26:27.567: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:26:27.655: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:26:27.655: IP: route map blah, item 10, permit *Dec 5 13:26:27.655: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:26:27.655: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:26:27.727: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:26:27.727: IP: route map blah, item 10, permit *Dec 5 13:26:27.727: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:26:27.727: IP: Ethernet0/0 to Serial1/0 10.10.10.2
Étude de cas 2 : Routage de stratégie utilisant la commande de set ip next-hop avec le protocole de routage dynamique
Cette section utilise ces configurations :
| R1 |
|---|
R1# show running-config Building configuration... . ! interface Ethernet0/0 ip address 100.100.100.1 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.1 255.255.255.0 ! interface Serial2/0 ip address 20.20.20.1 255.255.255.0 ! router ospf 1 !--- OSPF is not configured on Serial1/0. log-adjacency-changes network 20.20.20.0 0.0.0.255 area 0 network 100.100.100.0 0.0.0.255 area 0 ! ip classless no ip http server ! access-list 100 permit ip host 100.100.100.3 host 200.200.200.4 ! route-map blah permit 10 match ip address 100 set ip next-hop 10.10.10.2 . . ! end |
| R2 |
|---|
R2# show running-config Building configuration... . ! ! interface Ethernet0/0 ip address 200.200.200.2 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.2 255.255.255.0 fair-queue ! interface Serial2/0 ip address 20.20.20.2 255.255.255.0 ! router ospf 1 !--- OSPF is not configured on Serial1/0. log-adjacency-changes network 20.20.20.0 0.0.0.255 area 0 network 200.200.200.0 0.0.0.255 area 0 ! ip classless no ip http server ! ! ! access-list 100 permit ip host 200.200.200.4 host 100.100.100.3 ! route-map blah permit 10 match ip address 100 set ip next-hop 10.10.10.1 ! end |
Vérifiez l'étude de cas 2
Vérifiez l'existence du prochain saut, 10.10.10.2, dans la table de routage. Si l'artère de destination existe dans la table de routage, le paquet est stratégie conduit si le prochain saut est accessible.
R1# show ip route 200.200.200.4
Routing entry for 200.200.200.0/24
Known via "ospf 1", distance 110, metric 74, type intra area
Last update from 20.20.20.2 on Serial2/0, 00:11:48 ago
Routing Descriptor Blocks:
* 20.20.20.2, from 30.30.30.3, 00:11:48 ago, via Serial2/0
Route metric is 74, traffic share count is 1
R1# debug ip policy
Policy routing debugging is on
*Dec 4 12:53:38.271: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match
*Dec 4 12:53:38.271: IP: route map blah, item 10, permit
*Dec 4 12:53:38.271: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0), len 100, policy routed
*Dec 4 12:53:38.271: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 4 12:53:38.355: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match
*Dec 4 12:53:38.355: IP: route map blah, item 10, permit
*Dec 4 12:53:38.355: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0), len 100, policy routed
*Dec 4 12:53:38.355: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 4 12:53:38.483: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match
*Dec 4 12:53:38.483: IP: route map blah, item 10, permit
R2# sh ip route 100.100.100.3
Routing entry for 100.100.100.0/24
Known via "ospf 1", distance 110, metric 74, type intra area
Last update from 20.20.20.1 on Serial2/0, 00:11:42 ago
Routing Descriptor Blocks:
* 20.20.20.1, from 100.100.100.1, 00:11:42 ago, via Serial2/0
Route metric is 74, traffic share count is 1
R2# debug ip policy
Policy routing debugging is on
*Dec 4 12:53:38.691: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match
*Dec 4 12:53:38.691: IP: route map blah, item 10, permit
*Dec 4 12:53:38.691: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1/0), len 100, policy routed
*Dec 4 12:53:38.691: IP: Ethernet0/0 to Serial1/0 10.10.10.1
*Dec 4 12:53:38.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match
*Dec 4 12:53:38.799: IP: route map blah, item 10, permit
*Dec 4 12:53:38.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1/0), len 100, policy routed
*Dec 4 12:53:38.799: IP: Ethernet0/0 to Serial1/0 10.10.10.1
*Dec 4 12:53:38.899: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match
*Dec 4 12:53:38.899: IP: route map blah, item 10, permit
Quand l'adresse IP de destination disparaît du routage, le paquet est stratégie conduit.
*Dec 5 13:33:23.607: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:33:23.607: IP: route map blah, item 10, permit *Dec 5 13:33:23.607: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:33:23.607: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:33:23.707: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:33:23.707: IP: route map blah, item 10, permit *Dec 5 13:33:23.707: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:33:23.707: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:33:23.847: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:33:23.847: IP: route map blah, item 10, permit
Quand l'interface de l'interface série 1/0 descend, nous desserrons le prochain saut, 10.10.10.1 de la table de routage et le paquet suit la table de routage normale.
*Dec 5 13:40:38.887: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:40:38.887: IP: route map blah, item 10, permit *Dec 5 13:40:38.887: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 5 13:40:39.047: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:40:39.047: IP: route map blah, item 10, permit *Dec 5 13:40:39.047: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 5 13:40:39.115: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:40:39.115: IP: route map blah, item 10, permit *Dec 5 13:40:39.115: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding
Étude de cas 3 : Routage de stratégie utilisant le set ip default next-hop avec un default route
Cette section utilise ces configurations :
| R1 |
|---|
R1 R1# show running-config Building configuration... . ! interface Ethernet0/0 ip address 100.100.100.1 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.1 255.255.255.0 ! interface Serial2/0 ip address 20.20.20.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 20.20.20.2 ! ip classless no ip http server ! access-list 100 permit ip host 100.100.100.3 host 200.200.200.4 ! route-map blah permit 10 match ip address 100 set ip default next-hop 10.10.10.2 . . ! end |
| R2 |
|---|
R2# show running-config Building configuration... . ! ! interface Ethernet0/0 ip address 200.200.200.2 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.2 255.255.255.0 fair-queue ! interface Serial2/0 ip address 20.20.20.2 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 20.20.20.1 ! ip classless no ip http server ! ! ! access-list 100 permit ip host 200.200.200.4 host 100.100.100.3 ! route-map blah permit 10 match ip address 100 set ip default next-hop 10.10.10.1 ! end |
Vérifiez l'étude de cas 3
Quand la seule artère à la destination est le default route — il n'y a aucune artère spécifique pour ce destination in le conte de routage — le paquet est stratégie a conduit.
R1# show ip route 200.200.200.4 % Network not in table R1# show ip route 0.0.0.0 Routing entry for 0.0.0.0/0, supernet Known via "static", distance 1, metric 0, candidate default path Routing Descriptor Blocks: * 20.20.20.2 Route metric is 0, traffic share count is 1 R1# *Dec 4 12:58:55.191: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:58:55.191: IP: route map blah, item 10, permit *Dec 4 12:58:55.191: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.191: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 4 12:58:55.291: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:58:55.291: IP: route map blah, item 10, permit *Dec 4 12:58:55.291: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.291: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 4 12:58:55.391: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:58:55.391: IP: route map blah, item 10, permit *Dec 4 12:58:55.391: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.391: IP: Ethernet0/0 to Serial1/0 10.10.10.2 R2# show ip route 100.100.100.3 % Network not in table R2# show ip route 0.0.0.0 Routing entry for 0.0.0.0/0, supernet Known via "static", distance 1, metric 0, candidate default path Routing Descriptor Blocks: * 20.20.20.1 Route metric is 0, traffic share count is 1 R2# *Dec 4 12:58:20.819: %SYS-5-CONFIG_I: Configured from console by console *Dec 4 12:58:55.611: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:58:55.611: IP: route map blah, item 10, permit *Dec 4 12:58:55.611: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.611: IP: Ethernet0/0 to Serial1/0 10.10.10.1 *Dec 4 12:58:55.739: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:58:55.739: IP: route map blah, item 10, permit *Dec 4 12:58:55.739: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.739: IP: Ethernet0/0 to Serial1/0 10.10.10.1 *Dec 4 12:58:55.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:58:55.799: IP: route map blah, item 10, permit *Dec 4 12:58:55.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.799: IP: Ethernet0/0 to Serial1/0 10.10.10.1
Quand le default route n'existe pas parce que l'interface série 2/0 est descendue, le paquet est stratégie conduit.
R1# show ip route 0.0.0.0 % Network not in table R1# *Dec 5 13:02:31.283: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:02:31.283: IP: route map blah, item 10, permit *Dec 5 13:02:31.283: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:02:31.283: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:02:31.375: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:02:31.375: IP: route map blah, item 10, permit *Dec 5 13:02:31.375: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:02:31.375: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:02:31.435: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:02:31.435: IP: route map blah, item 10, permit *Dec 5 13:02:31.435: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:02:31.435: IP: Ethernet0/0 to Serial1/0 10.10.10.2
Dans la situation où Serial2/0 est haut et l'interface série 1/0 descend, nous desserrons le prochain saut et le paquet suit l'expédition normal (table de routage) - stratégie rejetée.
R1# debug ip policy Policy routing debugging is on R1# *Dec 5 12:46:49.543: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 12:46:49.543: IP: route map blah, item 10, permit *Dec 5 12:46:49.543: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0),len 100, policy rejected -- normal forwarding *Dec 5 12:46:49.623: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 12:46:49.623: IP: route map blah, item 10, permit *Dec 5 12:46:49.623: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0),len 100, policy rejected -- normal forwarding *Dec 5 12:46:49.691: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 12:46:49.691: IP: route map blah, item 10, permit *Dec 5 12:46:49.691: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0),len 100, policy rejected -- normal forwarding
Dépannez
Il n'existe actuellement aucune information de dépannage spécifique pour cette configuration.
Informations connexes
CommentairesLaissez-nous vous aider
- Ouvrir un dossier d’assistance
- (Un contrat de service de Cisco est requis)