Contents
Introduction
Este documento descreve como usar os comandos set ip default next-hop e set ip next-hop para configurar o roteamento baseado em políticas (PBR).
Prerequisites
Requirements
Não existem requisitos específicos para este documento.
Componentes Utilizados
As informações neste documento são baseadas em software que suporta roteamento baseado em política.
Você pode usar o Cisco Feature Navigator para determinar qual hardware e software é compatível com essa configuração.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. Se a rede estiver ativa, certifique-se de que você entenda o impacto potencial de qualquer comando.
Conventions
Para obter mais informações sobre convenções de documento, consulte as Convenções de dicas técnicas Cisco.
Informações de Apoio
Este documento fornece uma configuração de exemplo para o roteamento baseado em política (PBR) com os comandos set ip default next-hop e set ip next-hop .
O comando set ip default next-hop verifica a existência do endereço IP destino na tabela de roteamento e:
-
se o IP Address de destino existir, o comando não roteia o pacote com base na política, mas o encaminha baseado na tabela de roteamento.
-
se o endereço IP destino não existir, a política de comando roteia o pacote e o envia para o próximo salto especificado.
O comando set ip next-hop verifica a existência do próximo salto especificado e:
-
se o salto seguinte estiver na tabela de roteamento, a política de comando direcionará o pacote para o salto seguinte.
- se o próximo salto não existir na tabela de roteamento, o comando usará a tabela de roteamento normal para encaminhar o pacote.
Configurar
Esta seção fornece as informações para configurar os recursos descritos neste documento.
Diagrama de Rede
Este documento utiliza a seguinte configuração de rede:
Topologia PBR
Estudo de caso 1: Roteamento de política com o comando set ip default next-hop e o Dynamic Routing Protocol
Esta seção utiliza as seguintes configurações:
| R1 |
|---|
R1#show running-config Building configuration... ! ! interface Ethernet0/0 ip address 10.100.100.1 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.1 255.255.255.0 ! interface Serial2/0 ip address 10.20.20.1 255.255.255.0 ! router ospf 1 !--- OSPF is not configured on Serial1/0. log-adjacency-changes network 10.20.20.0 0.0.0.255 area 0 network 10.100.100.0 0.0.0.255 area 0 ! ip classless no ip http server ! access-list 100 permit ip host 10.100.100.3 host 10.200.200.4 ! route-map blah permit 10 match ip address 100 set ip default next-hop 10.10.10.2 ! end |
| R2 |
|---|
R2#show running-config Building configuration... ! ! interface Ethernet0/0 ip address 10.200.200.2 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.2 255.255.255.0 fair-queue ! interface Serial2/0 ip address 10.20.20.2 255.255.255.0 ! router ospf 1 !--- OSPF is not configured on Serial1/0. log-adjacency-changes network 10.20.20.0 0.0.0.255 area 0 network 10.200.200.0 0.0.0.255 area 0 ! ip classless no ip http server ! access-list 100 permit ip host 10.200.200.4 host 10.100.100.3 ! route-map blah permit 10 match ip address 100 set ip default next-hop 10.10.10.1 ! end |
Verificar os Casos Práticos 1
Com o uso do comando set ip default next-hop, quando a rota de destino existe na tabela de roteamento, o encaminhamento normal é usado — não roteie o pacote por política.
R1#show ip route 10.200.200.4 Routing entry for 10.200.200.0/24 Known via "ospf 1", distance 110, metric 74, type intra area Last update from 10.20.20.2 on Serial2/0, 00:11:48 ago Routing Descriptor Blocks: * 10.20.20.2, from 10.30.30.3, 00:11:48 ago, via Serial2/0 Route metric is 74, traffic share count is 1 R1#debug ip policy Policy routing debugging is on *Dec 4 12:50:57.363: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 4 12:50:57.363: IP: route map blah, item 10, permit *Dec 4 12:50:57.363: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 4 12:50:57.431: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 4 12:50:57.431: IP: route map blah, item 10, permit *Dec 4 12:50:57.431: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 4 12:50:57.491: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 4 12:50:57.491: IP: route map blah, item 10, permit *Dec 4 12:50:57.491: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding R2#show ip route 10.100.100.3 Routing entry for 10.100.100.0/24 Known via "ospf 1", distance 110, metric 74, type intra area Last update from 10.20.20.1 on Serial2/0, 00:11:42 ago Routing Descriptor Blocks: * 10.20.20.1, from 10.100.100.1, 00:11:42 ago, via Serial2/0 Route metric is 74, traffic share count is 1 R2#debug ip policy Policy routing debugging is on *Dec 4 12:50:57.779: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3, len 100, policy match *Dec 4 12:50:57.779: IP: route map blah, item 10, permit *Dec 4 12:50:57.779: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 4 12:50:57.839: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3, len 100, policy match *Dec 4 12:50:57.839: IP: route map blah, item 10, permit *Dec 4 12:50:57.839: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 4 12:50:57.911: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3, len 100, policy match *Dec 4 12:50:57.911: IP: route map blah, item 10, permit *Dec 4 12:50:57.911: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3 (Serial2/0), len 100, policy rejected -- normal forwarding
Quando o Serial 2/0 fica inativo e o endereço de destino desaparece da tabela de roteamento, o pacote é roteado por política.
R1#show ip route 10.200.200.0 % Network not in table R1# *Dec 5 13:26:27.567: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:26:27.567: IP: route map blah, item 10, permit *Dec 5 13:26:27.567: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:26:27.567: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:26:27.655: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:26:27.655: IP: route map blah, item 10, permit *Dec 5 13:26:27.655: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:26:27.655: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:26:27.727: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:26:27.727: IP: route map blah, item 10, permit *Dec 5 13:26:27.727: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:26:27.727: IP: Ethernet0/0 to Serial1/0 10.10.10.2
Estudo de caso 2: Roteamento de política com o comando set ip next-hop com Dynamic Routing Protocol
Esta seção utiliza as seguintes configurações:
| R1 |
|---|
R1#show running-config Building configuration... ! |
| R2 |
|---|
R2#show running-config Building configuration... ! |
Verificar os Casos Práticos 2
Com o uso do comando set ip next-hop, o roteador verifica a existência do salto seguinte 10.10.10.2, na tabela de roteamento. Se a rota de destino existir na tabela de roteamento, o pacote será roteado por política se o próximo salto for alcançável.
R1#show ip route 10.10.10.2Routing entry for 10.10.10.0/24 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via Serial1/0 Route metric is 0, traffic share count is 1
R1#show ip route 10.200.200.4
Routing entry for 10.200.200.0/24
Known via "ospf 1", distance 110, metric 74,
type intra area Last update from 10.20.20.2 on Serial2/0, 00:11:48 ago
Routing Descriptor Blocks: * 10.20.20.2, from 10.30.30.3, 00:11:48 ago,
via Serial2/0 Route metric is 74, traffic share count is 1
R1#debug ip policy Policy routing debugging is on
*Dec 4 12:53:38.271: IP: s=10.100.100.3 (Ethernet0/0), d=10.200.200.4, len 100, policy match
*Dec 4 12:53:38.271: IP: route map blah, item 10, permit
*Dec 4 12:53:38.271: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:53:38.271:
IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 4 12:53:38.355:
IP: s=10.100.100.3 (Ethernet0/0), d=10.200.200.4, len 100, policy match *Dec 4 12:53:38.355:
IP: route map blah, item 10, permit *Dec 4 12:53:38.355:
IP: s=10.100.100.3 (Ethernet0/0), d=10.200.200.4 (Serial1/0), len 100, policy routed
*Dec 4 12:53:38.355: IP: Ethernet0/0 to Serial1/0 10.10.10.2
*Dec 4 12:53:38.483: IP: s=10.100.100.3 (Ethernet0/0), d=10.200.200.4, len 100, policy match
*Dec 4 12:53:38.483: IP: route map blah, item 10, permit
R2#show ip route 10.100.100.3 Routing entry for 10.100.100.0/24 Known via "ospf 1",
distance 110, metric 74, type intra area Last update from 10.20.20.1 on Serial2/0,
00:11:42 ago Routing Descriptor Blocks: * 10.20.20.1, from 10.100.100.1, 00:11:42 ago,
via Serial2/0 Route metric is 74, traffic share count is 1 R2#debug ip policy
Policy routing debugging is on *Dec 4 12:53:38.691:
IP: s=10.200.200.4 (Ethernet0/0), d=10.100.100.3, len 100, policy match *Dec 4 12:53:38.691:
IP: route map blah, item 10, permit *Dec 4 12:53:38.691: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3 (Serial1/0), len 100, policy routed
*Dec 4 12:53:38.691: IP: Ethernet0/0 to Serial1/0 10.10.10.1 *Dec 4 12:53:38.799:
IP: s=10.200.200.4 (Ethernet0/0), d=10.100.100.3, len 100, policy match
*Dec 4 12:53:38.799: IP: route map blah, item 10, permit
*Dec 4 12:53:38.799: IP: s=10.200.200.4 (Ethernet0/0), d=10.100.100.3 (Serial1/0), len 100, policy routed
*Dec 4 12:53:38.799: IP: Ethernet0/0 to Serial1/0 10.10.10.1 *Dec 4 12:53:38.899:
IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3, len 100, policy match
*Dec 4 12:53:38.899: IP: route map blah, item 10, permit
Quando o endereço IP de destino desaparece do roteamento, o pacote é roteado por política.
*Dec 5 13:33:23.607: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:33:23.607: IP: route map blah, item 10, permit *Dec 5 13:33:23.607: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:33:23.607: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:33:23.707: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:33:23.707: IP: route map blah, item 10, permit *Dec 5 13:33:23.707: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:33:23.707: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:33:23.847: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:33:23.847: IP: route map blah, item 10, permit
Quando a interface serial 1/0 fica inativa, perdemos o salto seguinte 10.10.10.2 da tabela de roteamento e o pacote segue a tabela de roteamento normal.
*Dec 5 13:40:38.887: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:40:38.887: IP: route map blah, item 10, permit *Dec 5 13:40:38.887: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 5 13:40:39.047: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:40:39.047: IP: route map blah, item 10, permit *Dec 5 13:40:39.047: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding *Dec 5 13:40:39.115: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:40:39.115: IP: route map blah, item 10, permit *Dec 5 13:40:39.115: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial2/0), len 100, policy rejected -- normal forwarding
Estudo de caso 3: Roteamento de política com o próximo salto padrão do set ip com uma rota padrão
Esta seção utiliza as seguintes configurações:
| R1 |
|---|
R1#show running-config Building configuration... ! |
| R2 |
|---|
R2#show running-config Building configuration... ! ! interface Ethernet0/0 ip address 10.200.200.2 255.255.255.0 ip policy route-map blah ! interface Serial1/0 ip address 10.10.10.2 255.255.255.0 fair-queue ! interface Serial2/0 ip address 10.20.20.2 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 10.20.20.1 ! ip classless no ip http server ! ! ! access-list 100 permit ip host 10.200.200.4 host 10.100.100.3 ! route-map blah permit 10 match ip address 100 set ip default next-hop 10.10.10.1 ! end |
Verificar os Casos Práticos 3
Com o uso do comando set ip default next-hop, quando a única rota para o destino é a rota padrão—não há rota específica para esse destino na tabela de roteamento—o pacote é roteado por política.
R1#show ip route 10.200.200.4 % Network not in table R1# R1#show ip route 0.0.0.0 Routing entry for 0.0.0.0/0, supernet Known via "static", distance 1, metric 0, candidate default path Routing Descriptor Blocks: * 10.20.20.2 Route metric is 0, traffic share count is 1 R1# *Dec 4 12:58:55.191: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 4 12:58:55.191: IP: route map blah, item 10, permit *Dec 4 12:58:55.191: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.191: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 4 12:58:55.291: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 4 12:58:55.291: IP: route map blah, item 10, permit *Dec 4 12:58:55.291: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.291: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 4 12:58:55.391: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 4 12:58:55.391: IP: route map blah, item 10, permit *Dec 4 12:58:55.391: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.391: IP: Ethernet0/0 to Serial1/0 10.10.10.2 R2#show ip route 10.100.100.3 % Network not in table R2#show ip route 0.0.0.0 Routing entry for 0.0.0.0/0, supernet Known via "static", distance 1, metric 0, candidate default path Routing Descriptor Blocks: * 10.20.20.1 Route metric is 0, traffic share count is 1 R2# *Dec 4 12:58:20.819: %SYS-5-CONFIG_I: Configured from console by console *Dec 4 12:58:55.611: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3, len 100, policy match *Dec 4 12:58:55.611: IP: route map blah, item 10, permit *Dec 4 12:58:55.611: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.611: IP: Ethernet0/0 to Serial1/0 10.10.10.1 *Dec 4 12:58:55.739: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3, len 100, policy match *Dec 4 12:58:55.739: IP: route map blah, item 10, permit *Dec 4 12:58:55.739: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.739: IP: Ethernet0/0 to Serial1/0 10.10.10.1 *Dec 4 12:58:55.799: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3, len 100, policy match *Dec 4 12:58:55.799: IP: route map blah, item 10, permit *Dec 4 12:58:55.799: IP: s=10.200.200.4 (Ethernet0/0),
d=10.100.100.3 (Serial1/0), len 100, policy routed *Dec 4 12:58:55.799: IP: Ethernet0/0 to Serial1/0 10.10.10.1
Quando a rota padrão não existe porque 2/0 Serial foi desativada, o pacote é roteado por uma política.
R1#show ip route 0.0.0.0 % Network not in table R1# *Dec 5 13:02:31.283: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:02:31.283: IP: route map blah, item 10, permit *Dec 5 13:02:31.283: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:02:31.283: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:02:31.375: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:02:31.375: IP: route map blah, item 10, permit *Dec 5 13:02:31.375: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:02:31.375: IP: Ethernet0/0 to Serial1/0 10.10.10.2 *Dec 5 13:02:31.435: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 13:02:31.435: IP: route map blah, item 10, permit *Dec 5 13:02:31.435: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial1/0),len 100, policy routed *Dec 5 13:02:31.435: IP: Ethernet0/0 to Serial1/0 10.10.10.2
Na situação em que a Serial2/0 está ativa e a Serial 1/0 está inativa, perdemos o próximo salto e o pacote segue o encaminhamento normal (tabela de roteamento) - a política foi rejeitada.
R1#debug ip policy Policy routing debugging is on R1# *Dec 5 12:46:49.543: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 12:46:49.543: IP: route map blah, item 10, permit *Dec 5 12:46:49.543: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial2/0),len 100, policy rejected -- normal forwarding *Dec 5 12:46:49.623: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 12:46:49.623: IP: route map blah, item 10, permit *Dec 5 12:46:49.623: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial2/0),len 100, policy rejected -- normal forwarding *Dec 5 12:46:49.691: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4, len 100, policy match *Dec 5 12:46:49.691: IP: route map blah, item 10, permit *Dec 5 12:46:49.691: IP: s=10.100.100.3 (Ethernet0/0),
d=10.200.200.4 (Serial2/0),len 100, policy rejected -- normal forwarding