Pour les partenaires
Vous êtes déjà partenaire?
ConnexionAvez-vous un compte?
Ce document fournit un exemple de configuration pour le Policy Based Routing (PBR) utilisant les commandes « set ip default next-hop » et « set ip next-hop ».
La commande set ip default next-hop vérifie l'existence de l'adresse IP de destination dans la table de routage et...
si l’adresse IP de destination existe, la commande ne règle pas le routage du paquet, mais transfère le paquet en fonction de la table de routage.
si l’adresse IP de destination n’existe pas, la commande policy achemine le paquet en l’envoyant au prochain saut spécifié.
La commande set ip next-hop vérifie l'existence du saut suivant spécifié et...
si le saut suivant existe dans la table de routage, la commande policy achemine le paquet vers le saut suivant.
si le saut suivant n’existe pas dans la table de routage, la commande utilise la table de routage normale pour transférer le paquet.
Aucune spécification déterminée n'est requise pour ce document.
Ce document n'est pas limité à des versions de matériel et de logiciel spécifiques; cependant, le logiciel utilisé doit prendre en charge le routage basé sur des stratégies. Utilisez Feature Navigator pour déterminer le matériel et le logiciel pris en charge pour cette configuration.
Pour plus d'informations sur les conventions des documents, référez-vous aux Conventions utilisées pour les conseils techniques de Cisco.
Cette section vous fournit des informations pour configurer les fonctionnalités décrites dans ce document.
Remarque : Pour en savoir plus sur les commandes utilisées dans le présent document, utilisez l’outil de recherche de commandes (clients inscrits seulement).
Ce document utilise la configuration réseau suivante :
Cette section utilise ces configurations :
R1 |
---|
R1# show running-config Building configuration... . ! interface Ethernet0/0 ip address 100.100.100.1 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.1 255.255.255.0 ! interface Serial2/0 ip address 20.20.20.1 255.255.255.0 ! router ospf 1 !--- OSPF is not configured on Serial1/0. log-adjacency-changes network 20.20.20.0 0.0.0.255 area 0 network 100.100.100.0 0.0.0.255 area 0 ! ip classless no ip http server ! access-list 100 permit ip host 100.100.100.3 host 200.200.200.4 ! route-map blah permit 10 match ip address 100 set ip default next-hop 10.10.10.2 . . ! end |
R2 |
---|
R2# show running-config Building configuration... . ! ! interface Ethernet0/0 ip address 200.200.200.2 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.2 255.255.255.0 fair-queue ! interface Serial2/0 ip address 20.20.20.2 255.255.255.0 ! router ospf 1 !--- OSPF is not configured on Serial1/0. log-adjacency-changes network 20.20.20.0 0.0.0.255 area 0 network 200.200.200.0 0.0.0.255 area 0 ! ip classless no ip http server ! access-list 100 permit ip host 200.200.200.4 host 100.100.100.3 ! route-map blah permit 10 match ip address 100 set ip default next-hop 10.10.10.1 ! end |
Lorsque la route de destination existe dans la table de routage, le transfert normal est utilisé : ne configurez pas de stratégie pour le routage du paquet.
R1# show ip route 200.200.200.4 Routing entry for 200.200.200.0/24 Known via "ospf 1", distance 110, metric 74, type intra area Last update from 20.20.20.2 on Serial2/0, 00:11:48 ago Routing Descriptor Blocks: * 20.20.20.2, from 30.30.30.3, 00:11:48 ago, via Serial2/0 Route metric is 74, traffic share count is 1 R1# debug ip policy Policy routing debugging is on *Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:50:57.363: IP: route map blah, item 10, permit *Dec 4 12:50:57.363: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 4 12:50:57.431: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:50:57.431: IP: route map blah, item 10, permit *Dec 4 12:50:57.431: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 4 12:50:57.491: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:50:57.491: IP: route map blah, item 10, permit *Dec 4 12:50:57.491: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding R2# show ip route 100.100.100.3 Routing entry for 100.100.100.0/24 Known via "ospf 1", distance 110, metric 74, type intra area Last update from 20.20.20.1 on Serial2/0, 00:11:42 ago Routing Descriptor Blocks: * 20.20.20.1, from 100.100.100.1, 00:11:42 ago, via Serial2/0 Route metric is 74, traffic share count is 1 R2# debug ip policy Policy routing debugging is on *Dec 4 12:50:57.779: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:50:57.779: IP: route map blah, item 10, permit *Dec 4 12:50:57.779: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 4 12:50:57.839: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:50:57.839: IP: route map blah, item 10, permit *Dec 4 12:50:57.839: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 4 12:50:57.911: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:50:57.911: IP: route map blah, item 10, permit *Dec 4 12:50:57.911: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial2/0), len 100, policy rejected -- normal forwarding
Lorsque Serial 2/0 tombe en panne et que l’adresse de destination disparaît de la table de routage, le paquet est routé par la stratégie.
R1# show ip route 200.200.200.0 % Network not in table R1# *Dec 5 13:26:27.567: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:26:27.567: IP: route map blah, item 10, permit *Dec 5 13:26:27.567: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:26:27.567: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:26:27.655: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:26:27.655: IP: route map blah, item 10, permit *Dec 5 13:26:27.655: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:26:27.655: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:26:27.727: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:26:27.727: IP: route map blah, item 10, permit *Dec 5 13:26:27.727: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:26:27.727: IP: Ethernet0/0 to Serial1/0 10.10.10.2
Cette section utilise ces configurations :
R1 |
---|
R1# show running-config Building configuration... . ! interface Ethernet0/0 ip address 100.100.100.1 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.1 255.255.255.0 ! interface Serial2/0 ip address 20.20.20.1 255.255.255.0 ! router ospf 1 !--- OSPF is not configured on Serial1/0. log-adjacency-changes network 20.20.20.0 0.0.0.255 area 0 network 100.100.100.0 0.0.0.255 area 0 ! ip classless no ip http server ! access-list 100 permit ip host 100.100.100.3 host 200.200.200.4 ! route-map blah permit 10 match ip address 100 set ip next-hop 10.10.10.2 . . ! end |
R2 |
---|
R2# show running-config Building configuration... . ! ! interface Ethernet0/0 ip address 200.200.200.2 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.2 255.255.255.0 fair-queue ! interface Serial2/0 ip address 20.20.20.2 255.255.255.0 ! router ospf 1 !--- OSPF is not configured on Serial1/0. log-adjacency-changes network 20.20.20.0 0.0.0.255 area 0 network 200.200.200.0 0.0.0.255 area 0 ! ip classless no ip http server ! ! ! access-list 100 permit ip host 200.200.200.4 host 100.100.100.3 ! route-map blah permit 10 match ip address 100 set ip next-hop 10.10.10.1 ! end |
Vérifiez l’existence du tronçon suivant, 10.10.10.2, dans la table de routage. Si la route de destination existe dans la table de routage, le paquet est acheminé par la stratégie si le saut suivant est accessible.
R1# show ip route 200.200.200.4 Routing entry for 200.200.200.0/24 Known via "ospf 1", distance 110, metric 74, type intra area Last update from 20.20.20.2 on Serial2/0, 00:11:48 ago Routing Descriptor Blocks: * 20.20.20.2, from 30.30.30.3, 00:11:48 ago, via Serial2/0 Route metric is 74, traffic share count is 1 R1# debug ip policy Policy routing debugging is on *Dec 4 12:53:38.271: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:53:38.271: IP: route map blah, item 10, permit *Dec 4 12:53:38.271: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:53:38.271: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 4 12:53:38.355: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:53:38.355: IP: route map blah, item 10, permit *Dec 4 12:53:38.355: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:53:38.355: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 4 12:53:38.483: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:53:38.483: IP: route map blah, item 10, permit R2# sh ip route 100.100.100.3 Routing entry for 100.100.100.0/24 Known via "ospf 1", distance 110, metric 74, type intra area Last update from 20.20.20.1 on Serial2/0, 00:11:42 ago Routing Descriptor Blocks: * 20.20.20.1, from 100.100.100.1, 00:11:42 ago, via Serial2/0 Route metric is 74, traffic share count is 1 R2# debug ip policy Policy routing debugging is on *Dec 4 12:53:38.691: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:53:38.691: IP: route map blah, item 10, permit *Dec 4 12:53:38.691: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1/0), len 100, policy routed *Dec 4 12:53:38.691: IP: Ethernet0/0 to Serial1/0 10.10.10.1 *Dec 4 12:53:38.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:53:38.799: IP: route map blah, item 10, permit *Dec 4 12:53:38.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1/0), len 100, policy routed *Dec 4 12:53:38.799: IP: Ethernet0/0 to Serial1/0 10.10.10.1 *Dec 4 12:53:38.899: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:53:38.899: IP: route map blah, item 10, permit
Lorsque l’adresse IP de destination disparaît du routage, le paquet est acheminé par la stratégie.
*Dec 5 13:33:23.607: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:33:23.607: IP: route map blah, item 10, permit *Dec 5 13:33:23.607: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:33:23.607: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:33:23.707: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:33:23.707: IP: route map blah, item 10, permit *Dec 5 13:33:23.707: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:33:23.707: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:33:23.847: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:33:23.847: IP: route map blah, item 10, permit
Lorsque l’interface série 1/0 tombe en panne, nous perdons le tronçon suivant, 10.10.10.1, de la table de routage et le paquet suit la table de routage normale.
*Dec 5 13:40:38.887: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:40:38.887: IP: route map blah, item 10, permit *Dec 5 13:40:38.887: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 5 13:40:39.047: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:40:39.047: IP: route map blah, item 10, permit *Dec 5 13:40:39.047: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 5 13:40:39.115: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:40:39.115: IP: route map blah, item 10, permit *Dec 5 13:40:39.115: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding
Cette section utilise ces configurations :
R1 |
---|
R1 R1# show running-config Building configuration... . ! interface Ethernet0/0 ip address 100.100.100.1 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.1 255.255.255.0 ! interface Serial2/0 ip address 20.20.20.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 20.20.20.2 ! ip classless no ip http server ! access-list 100 permit ip host 100.100.100.3 host 200.200.200.4 ! route-map blah permit 10 match ip address 100 set ip default next-hop 10.10.10.2 . . ! end |
R2 |
---|
R2# show running-config Building configuration... . ! ! interface Ethernet0/0 ip address 200.200.200.2 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.2 255.255.255.0 fair-queue ! interface Serial2/0 ip address 20.20.20.2 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 20.20.20.1 ! ip classless no ip http server ! ! ! access-list 100 permit ip host 200.200.200.4 host 100.100.100.3 ! route-map blah permit 10 match ip address 100 set ip default next-hop 10.10.10.1 ! end |
Lorsque la seule route vers la destination est la route par défaut (il n’y a pas de route spécifique pour cette destination dans la table de routage), le paquet est routé par la stratégie.
R1# show ip route 200.200.200.4 % Network not in table R1# show ip route 0.0.0.0 Routing entry for 0.0.0.0/0, supernet Known via "static", distance 1, metric 0, candidate default path Routing Descriptor Blocks: * 20.20.20.2 Route metric is 0, traffic share count is 1 R1# *Dec 4 12:58:55.191: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:58:55.191: IP: route map blah, item 10, permit *Dec 4 12:58:55.191: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.191: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 4 12:58:55.291: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:58:55.291: IP: route map blah, item 10, permit *Dec 4 12:58:55.291: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.291: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 4 12:58:55.391: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 4 12:58:55.391: IP: route map blah, item 10, permit *Dec 4 12:58:55.391: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.391: IP: Ethernet0/0 to Serial1/0 10.10.10.2 R2# show ip route 100.100.100.3 % Network not in table R2# show ip route 0.0.0.0 Routing entry for 0.0.0.0/0, supernet Known via "static", distance 1, metric 0, candidate default path Routing Descriptor Blocks: * 20.20.20.1 Route metric is 0, traffic share count is 1 R2# *Dec 4 12:58:20.819: %SYS-5-CONFIG_I: Configured from console by console *Dec 4 12:58:55.611: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:58:55.611: IP: route map blah, item 10, permit *Dec 4 12:58:55.611: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.611: IP: Ethernet0/0 to Serial1/0 10.10.10.1 *Dec 4 12:58:55.739: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:58:55.739: IP: route map blah, item 10, permit *Dec 4 12:58:55.739: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.739: IP: Ethernet0/0 to Serial1/0 10.10.10.1 *Dec 4 12:58:55.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3, len 100, policy match *Dec 4 12:58:55.799: IP: route map blah, item 10, permit *Dec 4 12:58:55.799: IP: s=200.200.200.4 (Ethernet0/0), d=100.100.100.3 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.799: IP: Ethernet0/0 to Serial1/0 10.10.10.1
Lorsque la route par défaut n’existe pas en raison d’une panne de l’interface Serial 2/0, le paquet est routé par la stratégie.
R1# show ip route 0.0.0.0 % Network not in table R1# *Dec 5 13:02:31.283: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:02:31.283: IP: route map blah, item 10, permit *Dec 5 13:02:31.283: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:02:31.283: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:02:31.375: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:02:31.375: IP: route map blah, item 10, permit *Dec 5 13:02:31.375: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:02:31.375: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:02:31.435: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 13:02:31.435: IP: route map blah, item 10, permit *Dec 5 13:02:31.435: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:02:31.435: IP: Ethernet0/0 to Serial1/0 10.10.10.2
Dans la situation où Serial2/0 est activé et où Serial 1/0 est désactivé, nous perdons le saut suivant et le paquet suit le transfert normal (table de routage) - politique rejetée.
R1# debug ip policy Policy routing debugging is on R1# *Dec 5 12:46:49.543: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 12:46:49.543: IP: route map blah, item 10, permit *Dec 5 12:46:49.543: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0),len 100, policy rejected -- normal forwarding *Dec 5 12:46:49.623: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 12:46:49.623: IP: route map blah, item 10, permit *Dec 5 12:46:49.623: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0),len 100, policy rejected -- normal forwarding *Dec 5 12:46:49.691: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4, len 100, policy match *Dec 5 12:46:49.691: IP: route map blah, item 10, permit *Dec 5 12:46:49.691: IP: s=100.100.100.3 (Ethernet0/0), d=200.200.200.4 (Serial2/0),len 100, policy rejected -- normal forwarding
Il n'existe actuellement aucune information de dépannage spécifique pour cette configuration.
Révision | Date de publication | Commentaires |
---|---|---|
1.0 |
10-Aug-2005 |
Première publication |