DynagenでCCIEを目指す
20100516 PBR(Policy-based routing) 基本設定
最終更新:
it_certification
-
view
目的
- PBR(Policy-based routing)の基本的な設定を確認します。
構成
- 設定概要
- OSPFによってルーティングします。
- R1 f0/0とLoopback Adapterを接続します。
- Loopback Adapterの設定方法はトップページ/手順書 ネットワーク系/Loopbackインターフェースとの接続を確認して下さい。
- 構成図
- netファイル
model = 3620
[localhost]
[[3620]]
image = C:\Program Files\Dynamips\images\c3620-j1s3-mz.123-18.bin
ram = 128
[[ROUTER R1]]
f0/0 = NIO_gen_eth:\Device\NPF_{EEC4A317-FFD6-4B4A-9787-64BB3651D3B0}
f1/0 = LAN 1
[[ROUTER R2]]
f1/0 = LAN 1
f0/0 = R3 f0/0
[[ROUTER R3]]
f1/0 = LAN 1
- 初期設定 R1
! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ! ! ! ip cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet0/0 ip address 192.168.0.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip http server ip classless ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
- 初期設定 R2
! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ! ! ! ip cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface FastEthernet0/0 ip address 192.168.2.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/0 ip address 192.168.1.2 255.255.255.0 duplex auto speed auto ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip http server ip classless ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
- 初期設定 R3
! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ! ! ! ip cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface FastEthernet0/0 ip address 192.168.2.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/0 ip address 192.168.1.3 255.255.255.0 duplex auto speed auto ! router ospf 1 log-adjacency-changes network 0.0.0.0 255.255.255.255 area 0 ! ip http server ip classless ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
検証1 事前準備
- costの設定
本検証では経路をPBRによって制御する事を目的とします。経路を観察しやすくするため、ロードバランスされないようcostを設定します。
R2(config)#interface FastEthernet 0/0 R2(config-if)#ip ospf cost 40 R2(config-if)#exit R2(config)#interface FastEthernet 1/0 R2(config-if)#ip ospf cost 50 R3(config)#interface FastEthernet 0/0 R3(config-if)#ip ospf cost 90 R3(config-if)#exit R3(config)#interface FastEthernet 1/0 R3(config-if)#ip ospf cost 100
- ルーティングテーブルの確認
ルーティングテーブルを見て、ロードバランスされない事を確認します。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 192.168.1.2, 00:00:41, FastEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 192.168.1.3, 00:00:41, FastEthernet1/0
C 192.168.0.0/24 is directly connected, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet1/0
O 192.168.2.0/24 [110/41] via 192.168.1.2, 00:00:41, FastEthernet1/0
R1#
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/51] via 192.168.1.1, 00:01:07, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/41] via 192.168.2.3, 00:01:07, FastEthernet0/0
O 192.168.0.0/24 [110/51] via 192.168.1.1, 00:01:07, FastEthernet1/0
C 192.168.1.0/24 is directly connected, FastEthernet1/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0
R2#
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/101] via 192.168.1.1, 00:01:30, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/91] via 192.168.2.2, 00:01:30, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
O 192.168.0.0/24 [110/101] via 192.168.1.1, 00:01:30, FastEthernet1/0
C 192.168.1.0/24 is directly connected, FastEthernet1/0
C 192.168.2.0/24 is directly connected, FastEthernet0/0
R3#
検証2 next-hopの制御
- 事前確認
ローカルPCからR3 Loopback 0(3.3.3.3)への経路を確認します。現状では、R1, R3を経路する事が分かります。
C:\Documents and Settings\tmp>tracert 3.3.3.3 Tracing route to 3.3.3.3 over a maximum of 30 hops 1 39 ms 15 ms 46 ms 192.168.0.1 2 62 ms 98 ms 89 ms 3.3.3.3 Trace complete. C:\Documents and Settings\tmp>
- PBRの設定
ローカルPCからR3への経路をR1, R2, R3となるよう変更します。
R1(config)#access-list 1 permit 192.168.0.254 R1(config)#route-map DOG permit 10 R1(config-route-map)#match ip address 1 R1(config-route-map)#set ip next-hop 192.168.1.2 R1(config-route-map)#exit R1(config)#interface FastEthernet 0/0 R1(config-if)#ip policy route-map DOG
- 経路の確認
経路がR1, R2, R3と変わった事が確認できます。
C:\Documents and Settings\tmp>tracert 3.3.3.3 Tracing route to 3.3.3.3 over a maximum of 30 hops 1 21 ms 39 ms 14 ms 192.168.0.1 2 126 ms 1514 ms 218 ms 192.168.1.2 3 172 ms 187 ms 218 ms 3.3.3.3 Trace complete. C:\Documents and Settings\tmp>
検証3 ルータ発のパケット
- ルータ発のパケットの制御設定
通常、PBRはI/Fから受信したパケットに対して適用されます。ルータ発のパケットに対してpolicyを適用するには、ip local policyというコマンドを以下のように使います。
R1(config)#access-list 2 permit any R1(config)#route-map CAT permit 10 R1(config-route-map)#matc R1(config-route-map)#match ip address 2 R1(config-route-map)#set ip next-hop 192.168.1.2 R1(config-route-map)#exit R1(config)#ip local policy route-map CAT
- 経路の確認
R1発のパケットの経路が変わった事をカウンタにより確認します。
R1#ping 3.3.3.3 repeat 500
Type escape sequence to abort.
Sending 500, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!
Success rate is 100 percent (500/500), round-trip min/avg/max = 32/69/140 ms
R1#
R2#show interfaces summary
*: interface is up
IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count
Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
------------------------------------------------------------------------
* FastEthernet0/0 0 0 0 0 0 0 8000 8 0
* FastEthernet1/0 0 0 0 0 8000 8 0 0 0
* Loopback0 0 0 0 0 0 0 0 0 0
NOTE:No separate counters are maintained for subinterfaces
Hence Details of subinterface are not shown
R2#
検証4 next-hopの監視
- 障害時の挙動
R2 f1/0がdownすると、ローカルPCから3.3.3.3へのpingが通らなくなってしまいます。
R2(config)#interface FastEthernet 1/0
R2(config-if)#shutdown
C:\Documents and Settings\tmp>ping 3.3.3.3
Pinging 3.3.3.3 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 3.3.3.3:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Documents and Settings\tmp>
- next-hopの監視設定
next-hopがdownした場合、PBRではなく通常のルーティングをするよう設定します
(この機能が有効なのはCDPが有効な場合のみです)
(この機能が有効なのはCDPが有効な場合のみです)
R1(config)#route-map DOG permit 10 R1(config-route-map)#set ip next-hop verify-availability R1(config-route-map)# R1(config-route-map)# R1(config-route-map)#do show run | b ^route-map route-map DOG permit 10 match ip address 1 set ip next-hop 192.168.1.2 set ip next-hop verify-availability ! ! !
- 疎通確認
ローカルPCからR3 Loopback 0(3.3.3.3)への疎通が可能になって事を確認します。
C:\Documents and Settings\tmp>ping 3.3.3.3
Pinging 3.3.3.3 with 32 bytes of data:
Reply from 3.3.3.3: bytes=32 time=162ms TTL=254
Reply from 3.3.3.3: bytes=32 time=187ms TTL=254
Reply from 3.3.3.3: bytes=32 time=109ms TTL=254
Reply from 3.3.3.3: bytes=32 time=687ms TTL=254
Ping statistics for 3.3.3.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 109ms, Maximum = 687ms, Average = 286ms
C:\Documents and Settings\tmp>
- デバッグの確認
以下デバッグを有効にしてpingを送信します。next-hopがdownしているので、policyがrejectされた事が確認できます。
R1#debug ip policy Policy routing debugging is on R1# *Mar 1 01:04:41.675: IP: s=192.168.0.254 (FastEthernet0/0), d=3.3.3.3, len 60, FIB policy match *Mar 1 01:04:41.675: IP: s=192.168.0.254 (FastEthernet0/0), d=3.3.3.3, len 60, FIB policy rejected - normal forwarding *Mar 1 01:04:42.631: IP: s=192.168.0.254 (FastEthernet0/0), d=3.3.3.3, len 60, FIB policy match *Mar 1 01:04:42.631: IP: s=192.168.0.254 (FastEthernet0/0), d=3.3.3.3, len 60, FIB policy rejected - normal forwarding *Mar 1 01:04:43.631: IP: s=192.168.0.254 (FastEthernet0/0), d=3.3.3.3, len 60, FIB policy match *Mar 1 01:04:43.631: IP: s=192.168.0.254 (FastEthernet0/0), d=3.3.3.3, len 60, FIB policy rejected - normal forwarding *Mar 1 01:04:44.647: IP: s=192.168.0.254 (FastEthernet0/0), d=3.3.3.3, len 60, FIB policy match *Mar 1 01:04:44.647: IP: s=192.168.0.254 (FastEthernet0/0), d=3.3.3.3, len 60, FIB policy rejected - normal forwarding R1#
- 補足
以下のような書き方も可能です。192.168.1.2がdownしている時は、192.168.1.3へ転送するという意味です。192.168.1.3への転送できない場合は、通常のルーティングを行います。
route-map DOG permit 10 match ip address 1 set ip next-hop 192.168.1.2 192.168.1.3 set ip next-hop verify-availability
添付ファイル
