-
PBR的应用
- 项目拓扑与项目需求
项目需求:某企业网络拥有三个出口,分别使用AR1、AR2、AR3链接运营商网络。其中AR1为万兆出口,而AR2、AR3为千兆出口。现在需要实现以下需求:
- 希望vlan10的流量能够强制通过AR1作为业务的出口,vlan20 在AR1上使用负载分担的模式同时使用三个出口访问公网。
- 配置步骤
- IP地址的规划与配置
AR1
G0/0/0
10.0.14.1 /24
G0/0/1
10.0.15.1 /24
AR2
G0/0/0
10.0.24.1 /24
G0/0/1
10.0.25.1 /24
AR3
G0/0/0
10.0.34.1 /24
G0/0/1
10.0.35.1 /24
AR4
G0/0/0
10.0.14.4 /24
G0/0/1
10.0.24.4 /24
G0/0/2
10.0.34.4 /24
Loopback 0
4.4.4.4 /32
AR5
G0/0/0
10.0.15.5 /24
G0/0/1
10.0.25.5 /24
G0/0/2
10.0.35.5 /24
E0/0/1
10.0.100.5 /24
LSW1
Vlanif 1
10.0.100.10 /24
Vlanif 10
10.0.10.254 /24
Vlanif 20
10.0.20.254 /24
-
- 交换机LSW1的配置
[LSW1]vlan batch 10 20
[LSW1]interface g0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type access
[LSW1-GigabitEthernet0/0/1]port default vlan 10
[LSW1-GigabitEthernet0/0/1]interface g0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/2]port default vlan 20
[LSW1-GigabitEthernet0/0/2]quit
[LSW1]interface Vlanif 1
[LSW1-Vlanif1]ip address 10.0.100.10 24
[LSW1-Vlanif1]quit
[LSW1]interface Vlanif 10
[LSW1-Vlanif10]ip address 10.0.10.254 24
[LSW1-Vlanif10]quit
[LSW1]interface Vlanif 20
[LSW1-Vlanif20]ip address 10.0.20.254 24
[LSW1-Vlanif20]quit
-
- OSPF的配置
AR1
[AR1]ospf
[AR1-ospf-1]area 0
[AR1-ospf-1-area-0.0.0.0]network 10.0.15.0 0.0.0.255
AR2
[AR2]ospf
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]network 10.0.25.0 0.0.0.255
AR3
[AR3]ospf
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]network 10.0.35.0 0.0.0.255
AR5
[AR5]ospf
[AR5-ospf-1]area 0
[AR5-ospf-1-area-0.0.0.0]network 10.0.100.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]network 10.0.15.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]network 10.0.25.0 0.0.0.255
[AR5-ospf-1-area-0.0.0.0]network 10.0.35.0 0.0.0.255
在AR5上查看OSPF邻居表可以发现已经成功的建立了邻居
[AR5]display ospf peer brief
OSPF Process 1 with Router ID 10.0.100.5
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 10.0.14.1 FuLL
0.0.0.0 GigabitEthernet0/0/1 10.0.24.2 FuLL
0.0.0.0 GigabitEthernet0/0/2 10.0.34.3 FuLL
----------------------------------------------------------------------------
[AR5]
LSW1的配置
[LSW1]ospf
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network 10.0.10.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0]network 10.0.20.0 0.0.0.255
[LSW1-ospf-1-area-0.0.0.0] network 10.0.100.0 0.0.0.255
-
- 缺省路由的配置
AR1
[AR1]ip route-static 0.0.0.0 0 10.0.14.4
[AR1]ospf
[AR1-ospf-1]default-route-advertise //下发缺省路由
AR2
[AR2]ip route-static 0.0.0.0 0 10.0.24.4
[AR2]ospf
[AR2-ospf-1]default-route-advertise
AR3
[AR3]ip route-static 0.0.0.0 0 10.0.34.4
[AR3]ospf
[AR3-ospf-1]default-route-advertise
-
- 在AR5上查询路由表
[AR5]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 1 D 10.0.15.1 GigabitEthernet0/0/0
O_ASE 150 1 D 10.0.25.2 GigabitEthernet0/0/1
O_ASE 150 1 D 10.0.35.3 GigabitEthernet0/0/2
10.0.10.0/24 OSPF 10 2 D 10.0.100.10 Ethernet0/0/0
10.0.15.0/24 Direct 0 0 D 10.0.15.5 GigabitEthernet0/0/0
10.0.15.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.20.0/24 OSPF 10 2 D 10.0.100.10 Ethernet0/0/0
10.0.25.0/24 Direct 0 0 D 10.0.25.5 GigabitEthernet0/0/1
10.0.25.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.35.0/24 Direct 0 0 D 10.0.35.5 GigabitEthernet0/0/2
10.0.35.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.0.100.0/24 Direct 0 0 D 10.0.100.5 Ethernet0/0/0
10.0.100.5/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
可以发现AR5上有3条缺省路由
-
- NAT的配置
AR1
[AR1]acl 2000
[AR1-acl-basic-2000]rule permit source any
[AR1-acl-basic-2000]quit
[AR1]interface g0/0/0
[AR1-GigabitEthernet0/0/0]nat outbound 2000
[AR1-GigabitEthernet0/0/0]quit
AR2
[AR2]acl 2000
[AR2-acl-basic-2000]rule permit source any
[AR2-acl-basic-2000]quit
[AR2]interface g0/0/0
[AR2-GigabitEthernet0/0/0]nat outbound 2000
[AR2-GigabitEthernet0/0/0]quit
AR3
[AR3]acl 2000
[AR3-acl-basic-2000]rule permit source any
[AR3-acl-basic-2000]quit
[AR3]interface g0/0/0
[AR3-GigabitEthernet0/0/0]nat outbound 2000
[AR3-GigabitEthernet0/0/0]quit
-
- 测试网络联通性
现在终端设备已经可以访问外网
-
- 部署策略路由
AR5
[AR5]acl 3000
[AR5-acl-adv-3000]rule permit ip source 10.0.10.0 0.0.0.255 destination any
[AR5-acl-adv-3000]quit
[AR5]policy-based-route 1 permit node 10
[AR5-policy-based-route-1-10]if-match acl 3000
[AR5-policy-based-route-1-10]apply ip-address next-hop 10.0.15.1
[AR5-policy-based-route-1-10]quit
[AR5]interface e0/0/0
[AR5-Ethernet0/0/0]ip policy-based-route 1
-
- 测试策略路由
在AR5上将g0/0/0口开销改大
[AR5]interface g0/0/0
[AR5-GigabitEthernet0/0/0]ospf cost 100
虽然路由表的下一跳不是G0/0/0口,但是流量会按照PBR的配置结果去转发。
在pc1上ping 4.4.4.4 并在AR5的g0/0/0口抓包
可以发现报文都是从AR5的g0/0/0口发送到4.4.4.4 。
- 项目拓扑与项目需求
-
相关阅读:
代码随想录训练营Day53| 1143.最长公共子序列 1035.不相交的线 53. 最大子序和 动态规划
app小程序手机端Python爬虫实战05-weditor的安装和初始化
STM32单片机酒精检测防酒驾系统酒精报警器
OpenAI接口Completion和ChatCompletion的区别与使用方法
MATLAB APP纯小白入门 两数相加
😊SpringBoot 整合 Elasticsearch (超详细).md
晨控CK-FR08读卡器与汇川PLC连接EtherCAT通讯手册
OKHttp请求上传文件
支持控件drag和click
【批量获取文件名及批量文件重命名】
- 原文地址:https://blog.csdn.net/2301_76769137/article/details/133387831