Route-Policy characteristic

if-match Clause

No, if-match Clause represents matching all .

if-match If the clause condition is not true, it means skipping the node .

Route-Policy Matching rules

stay Route-Policy Matching tool called in （ACL、p-prefix） Medium permit Means “ Grab 、 hit ”; and deny Means “ Ignore 、 skip ”.

Route-Policy Medium Matching mode permit Means “ Allowed to pass through ”; and deny Means “ Refuse to pass ”.

Illustrate with examples

hypothesis Route-Policy There are 2 Routes .

The rule of the matching tool called by the first node is ： The first 1 strip permit、 The first 2 strip deny.

When the first node matching pattern is permit when ： It's going to be good for 1 Strip mining take release , And implement apply Clause . The first 2 Leave the following nodes to handle , Because the first 1 Article has been “ Grab ”, It will not be used by the following nodes again “ Grab ”. If the matching tool in the following node permit No 2 strip , The treatment method is the same as that in article 1 strip .

When the first node matching pattern is deny when ： It's going to be good for 1 Article take No access Treatment mode . The first 2 Leave the following nodes to handle , Because the first 1 Article has been “ Grab ”, It will not be used by the following nodes again “ Grab ”. If the matching tool in the following node permit No 2 strip , Will take release , And implement apply Clause .

notes 1：Route-Policy The matching pattern of is deny Will not execute apply Clause .

notes 2： By observing the experimental results , If the author is right , Matching tool ip-prefix Of index and Strategy tools Route-Policy Of node And Matching tool ACL Of rule The same includes a hidden rule that rejects all passes at the end .

Policy routing （Policy-Based Routing）

PBR（Policy-Based Routing, Policy routing ）：PBR So that the network equipment can not only be based on the purpose of message IP Address for data forwarding , more It can forward data based on other elements , for example Source IP Address 、 Source MAC Address 、 Purpose MAC Address 、 Source port number 、 Destination port number 、VLAN-ID wait .

Users can also use ACL Match a specific message , And then for the ACL Conduct PBR Deploy .

If the device is deployed PBR, Then the matched message takes precedence according to PBR Forward according to the policy of , namely PBR The priority of the policy is higher than that of the traditional routing table .

PBR structure

PBR And Route-Policy similar , It consists of multiple nodes , Each node consists of Matching condition （ Conditional statements ） and Executive action （ Execute statement ） form .

Each node can contain multiple conditional statements .

The relationship between multiple conditional statements in the node is “ And ”, That is, only when all conditional statements are matched can the actions in this node be executed .

The relationship between nodes is “ or ”,PBR Execute from small to large according to the node number , Matching the current node will not continue to match downward .

Policy routing （PBR） Different from routing policy

PBR The classification of

Interface PBR

Interface PBR It only works on forwarded messages , Invalid for locally originated messages .

Interface PBR Call under the interface , Take effect on the incoming direction message of the interface . By default , The device forwards the message according to the next hop of the routing table , If the interface is configured PBR, Then the equipment will follow the interface PBR Forward the specified next hop .

Local PBR

Local PBR Effective for local originating traffic , Such as ： Locally originated ICMP message .

Local PBR stay The system view call .

Relevant command

establish PBR

[R1]policy-based-route 10 permit node 10

Set matching criteria （ matching ACL）

[R1-policy-based-route-10-10]if-match acl 2000

Set matching criteria （ Sample text of matching message byte length ）

[R1-policy-based-route-10-10]if-match packet-length 0 100

Set matching action （ Specify the next jump ）

[R1-policy-based-route-10-10]apply ip-address next-hop 10.1.1.3

Set matching action （ Specify the interface , Routing priority is higher than the specified next hop ）

[R1-policy-based-route-10-10]apply output-interface GigabitEthernet 0/0/1

Call to global （ Local ）PBR

[R1]ip local policy-based-route 10

Call to the interface PBR

[R1-GigabitEthernet0/0/0]ip policy-based-route 10

MQC

MQC（Modular QoS Command-Line Interface, modularization QoS Command line ） Refer to By dividing the data flow with some common characteristics into one class , And provide the same services for the same kind of data flow , You can also provide different services for different types of data streams .

MQC There are three elements ： Stream classification （traffic classifier）、 Popular as （traffic behavior） and Flow strategy （traffic policy）.

Stream classification ： Configure flow classification , For matching data streams of interest . Can be based on VLAN Tag、DSCP、ACL Rules etc. .

Popular as ： Redirect the message of interest . You can set the next hop of redirection IP Address or interface .

Flow strategy ： Classify streams and popularity as bindings , Execute the actions defined in the corresponding pop for the classified message . A flow strategy can bind multiple flow categories and popular as .

Application flow strategy ：1. Apply the flow policy in the direction of the interface . 2. To belong to the VLAN And match the regular incoming direction messages in the flow classification to implement policy control .3. Apply the flow policy on the global or board .

MQC The popular is to support redirection messages , So you can use MQC Realization IP Unicast policy routing .

Relevant command

Create a match （ Stream classification ） The rules ACL 3000, Allow purpose IP The address is 3.3.3.3 The flow of data

[R1]acl 3000

[R1-acl-adv-3000]rule 5 permit ip destination 3.3.3.3 0

Create a stream classification 10（ The relationship between rules is or ）, Set matching （ Stream classification ） The rules ACL 3000

[R1]traffic classifier 10 operator or

[R1-classifier-10]if-match acl 3000

Create a popular 10, Set the behavior to specify the next hop

[R1]traffic behavior 10

[R1-behavior-10]redirect ip-nexthop 10.1.2.2

Create a flow policy 11, And bind the stream classification 10 And popular for 10

[R1]traffic policy 11

[R1-trafficpolicy-11]classifier 10 behavior 10

Apply the flow strategy in the incoming direction of the interface 11

[R1-GigabitEthernet0/0/0]traffic-policy 11 inbound 

PBR MQC Configuration example

R2 To configure MQC

 Create a match （ Stream classification ） The rules ACL 3000, Match purpose IP The address is 1.1.1.1 and 10.1.1.1 The flow of data 

[R2]acl 3000 
[R2-acl-adv-3000]rule 5 permit ip destination 1.1.1.1 0
[R2-acl-adv-3000]rule 10 permit ip destination 10.1.1.1 0

 Create a stream classification 10（ The relationship between rules is or ）, Set matching （ Stream classification ） The rules ACL 3000

[R2]traffic classifier 10 operator or 
[R2-classifier-10]if-match acl 3000

 Create a popular 10, Set the behavior to specify the next hop 

[R2]traffic behavior 10 
[R2-behavior-10]redirect ip-nexthop 10.1.4.4

 Create a match （ Stream classification ） The rules ACL 3001, Match purpose IP The address is 3.3.3.3 and 10.1.3.3 The flow of data 

[R2]acl 3001
[R2-acl-adv-3001]rule 5 permit ip destination 3.3.3.3 0
[R2-acl-adv-3001]rule 10 permit ip destination 10.1.3.3 0

 Create a stream classification 20（ The relationship between rules is or ）, Set matching （ Stream classification ） The rules ACL 3001

[R2]traffic classifier 20 operator or 
[R2-classifier-10]if-match acl 3001

 Create a popular 20, Set the behavior to specify the next hop 

[R2]traffic behavior 20 
[R2-behavior-10]redirect ip-nexthop 10.1.2.4

 Create a flow policy 11, And bind the stream classification 10 And popular for 10, Binding flow classification 20 And popular for 20

[R2]traffic policy 11 
[R2-trafficpolicy-11]classifier 10 behavior 10
[R2-trafficpolicy-11]classifier 20 behavior 20

 Apply the flow strategy in the incoming direction of the interface 11

[R2-GigabitEthernet0/0/0]traffic-policy 11 inbound 
[R2-GigabitEthernet0/0/1]traffic-policy 11 inbound

R4  To configure PBR

 Configure matching rules ACL 3000, matching R1 Of ip

[R4]acl 3000
[R4-acl-adv-3000]rule 5 permit ip destination 1.1.1.1 0
[R4-acl-adv-3000]rule 10 permit ip destination 10.1.1.1 0

 establish PBR10  node 10

[R4]policy-based-route 10 permit node 10

 Set matching criteria （ matching ACL 3000）

[R4-policy-based-route-10-10]if-match acl 3000

 Set matching action （ Specify the interface g0/0/0）

[R4-policy-based-route-10-10]apply output-interface GigabitEthernet 0/0/0

 Configure matching rules ACL 3001, matching R3 Of ip

[R4]acl 3001
[R4-acl-adv-3001]rule 5 permit ip destination 3.3.3.3 0
[R4-acl-adv-3001]rule 10 permit ip destination 10.1.3.3 0

 establish PBR10  node 20

[R4]policy-based-route 10 permit node 20

 Set matching criteria （ matching ACL 3001）

[R4-policy-based-route-10-20]if-match acl 3001

 Set matching action （ Specify the interface g0/0/1）

[R4-policy-based-route-10-20]apply output-interface GigabitEthernet 0/0/1

 Call to global （ Local ）PBR
[R4]ip local policy-based-route 10