实验10 使用PBR实现策略路由

实验任务一、用route-policy 控制引入路由
1.建立物理连接

2.RTA和RTB上配置ospf单区域
配置RTA
[RTA-ospf-1-area-0.0.0.0]network 192.168.0.0 0.0.0.255
[RTA-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.3
[RTA-ospf-1-area-0.0.0.0]network 192.168.1.4 0.0.0.3
配置RTB
[RTB-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.3
[RTB-ospf-1-area-0.0.0.0]network 192.168.1.4 0.0.0.3
[RTB-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
查看RTA的路由表
[RTA]display ip routing-table

Destinations : 22 Routes : 22

Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.0/24 Direct 0 0 192.168.0.1 GE0/0
192.168.0.0/32 Direct 0 0 192.168.0.1 GE0/0
192.168.0.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.0.255/32 Direct 0 0 192.168.0.1 GE0/0
192.168.1.0/30 Direct 0 0 192.168.1.1 GE0/1
192.168.1.0/32 Direct 0 0 192.168.1.1 GE0/1
192.168.1.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.3/32 Direct 0 0 192.168.1.1 GE0/1
192.168.1.4/30 Direct 0 0 192.168.1.5 Ser1/0
192.168.1.4/32 Direct 0 0 192.168.1.5 Ser1/0
192.168.1.5/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.6/32 Direct 0 0 192.168.1.6 Ser1/0
192.168.1.7/32 Direct 0 0 192.168.1.5 Ser1/0
192.168.2.0/24 O_INTRA 10 2 192.168.1.2 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
查看RTA的ospf路由表
[RTA]display ospf routing

     OSPF Process 1 with Router ID 1.1.1.1
              Routing Table

            Topology base (MTID 0)

Routing for network
Destination Cost Type NextHop AdvRouter Area
192.168.0.0/24 1 Stub 0.0.0.0 1.1.1.1 0.0.0.0
192.168.1.0/30 1 Transit 0.0.0.0 2.2.2.2 0.0.0.0
192.168.1.4/30 1562 Stub 0.0.0.0 1.1.1.1 0.0.0.0
192.168.2.0/24 2 Stub 192.168.1.2 2.2.2.2 0.0.0.0

Total nets: 4
Intra area: 4 Inter area: 0 ASE: 0 NSSA: 0

//GE0/1接口带宽大于S1/0带宽，所以在路由表中，到路由192.168.2.0/24的出接口是GE0/1

3.配置基于源地址的PBR
[RTA-acl-ipv4-basic-2000]rule 0 permit source 192.168.0.2 0
[RTA]policy-based-route abc permit node 10
[RTA-pbr-abc-10]if-match acl 2000
[RTA-pbr-abc-10]apply output-interface Serial 1/0
//在数据包的入接口配置PBR
[RTA-GigabitEthernet0/0]ip policy-based-route abc
在PCA上ping192.168.2.0 –t
[RTA]display ip policy-based-route interface GigabitEthernet 0/0
Policy based routing information for interface GigabitEthernet0/0:
Policy name: abc
node 10 permit:
if-match acl 2000
apply output-interface Serial1/0
Matched: 1
Total matched: 1
//奇怪的是，匹配是匹配了，但是数量没有随之增长
//配置策略路由
4．配置基于报文大小的PBR
[RTA] policy-based-route abc node 5
[RTA-pbr-abc-5]if-match packet-length 100 1500
[RTA-pbr-abc-5]apply next-hop 192.168.1.2
//打开调试
terminal debugging
debugging ip policy-based-route

//在PCA上ping 120字节的包
ping -s 120 192.168.2.2
[RTA]*May 16 14:03:28:491 2018 RTA PBR4/7/PBR Forward Info: Policy: abc, Node: 5, match succeeded.

*May 16 14:03:28:491 2018 RTA PBR4/7/PBR Forward Info: apply next-hop 192.168.1.2.

*May 16 14:03:28:695 2018 RTA PBR4/7/PBR Forward Info: Policy: abc, Node: 5, match succeeded.

*May 16 14:03:28:695 2018 RTA PBR4/7/PBR Forward Info: apply next-hop 192.168.1.2.

*May 16 14:03:28:899 2018 RTA PBR4/7/PBR Forward Info: Policy: abc, Node: 5, match succeeded.

*May 16 14:03:28:899 2018 RTA PBR4/7/PBR Forward Info: apply next-hop 192.168.1.2.

*May 16 14:03:29:103 2018 RTA PBR4/7/PBR Forward Info: Policy: abc, Node: 5, match succeeded.

*May 16 14:03:29:103 2018 RTA PBR4/7/PBR Forward Info: apply next-hop 192.168.1.2.

*May 16 14:03:29:306 2018 RTA PBR4/7/PBR Forward Info: Policy: abc, Node: 5, match succeeded.

*May 16 14:03:29:306 2018 RTA PBR4/7/PBR Forward Info: apply next-hop 192.168.1.2.

注：reset ip policy-based-route statistics 可以清楚PBR的统计信息。