前言
之前,我们简单聊了一下“策略路由”应该怎么配置。今天我们聊一个和它的名字很像的 “路由策略”!
策略路由属于数据层面不会影响路由表,但路由策略属于控制层面会影响路由表!这是最核心的区别。它最重要的应用就是在引入路由的时候加上它!
文章目录
1. 网络拓扑图
现有拓扑图如上,左侧的两个接口使用 RIPv2 协议同步路由表,右侧两个接口则使用 OSPF。现在,我们通过中间的 AR2 来引入路由表,在引入路由表时,我们可以通过路由策略来控制究竟引入哪些路由条目。
整体上,我们依旧先配置IP地址,然后配置各自的路由协议。最后我们通过AR2的配置演示路由策略的妙用。
2. 配置IP地址
2.1. 配置AR1
<Huawei>system-view
[Huawei]sysname AR1
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip address 12.1.1.1 30
May 15 2025 16:39:18-08:00 AR1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[AR1-GigabitEthernet0/0/0]quit
[AR1]interface LoopBack 0
[AR1-LoopBack0]ip address 10.1.1.1 24
[AR1-LoopBack0]q
[AR1]interface LoopBack 1
[AR1-LoopBack1]ip address 10.1.2.1 24
[AR1-LoopBack1]q
[AR1]interface LoopBack 2
[AR1-LoopBack2]ip address 10.1.3.1 24
2.2. 配置AR2
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR2
[AR2]interface GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0]ip address 12.1.1.2 30
May 15 2025 16:41:42-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[AR2-GigabitEthernet0/0/0]q
[AR2]interface GigabitEthernet 0/0/1
[AR2-GigabitEthernet0/0/1]ip address 23.1.1.1 30
May 15 2025 16:42:01-08:00 AR2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
on the interface GigabitEthernet0/0/1 has entered the UP state.
2.3. 配置AR3
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR3
[AR3]interface GigabitEthernet 0/0/0
[AR3-GigabitEthernet0/0/0]ip address 23.1.1.2 30
May 15 2025 16:43:10-08:00 AR3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
[AR3-GigabitEthernet0/0/0]q
[AR3]interface LoopBack 0
[AR3-LoopBack0]ip address 10.3.1.1 24
[AR3-LoopBack0]q
[AR3]interface LoopBack 1
[AR3-LoopBack1]ip address 10.3.2.1 24
[AR3-LoopBack1]q
[AR3]interface LoopBack 2
[AR3-LoopBack2]ip address 10.3.3.1 24
3. 配置RIPv2
现在我们在左边两个路由器上配置RIPv2协议,由于这个协议已经不推荐使用了,我们就没有单独写文章来阐述RIPv2的配置。
[AR1]rip 1
[AR1-rip-1]version 2
[AR1-rip-1]network 12.0.0.0
[AR1-rip-1]network 10.0.0.0
[AR2]rip 1
[AR2-rip-1]version 2
[AR2-rip-1]network 12.0.0.0
如此一来,我们就可以在 AR2 上看到 AR1 的环回口的地址了:
[AR2]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 RIP 100 1 D 12.1.1.1 GigabitEthernet
0/0/0
10.1.2.0/24 RIP 100 1 D 12.1.1.1 GigabitEthernet
0/0/0
10.1.3.0/24 RIP 100 1 D 12.1.1.1 GigabitEthernet
0/0/0
12.1.1.0/30 Direct 0 0 D 12.1.1.2 GigabitEthernet
0/0/0
12.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
12.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
23.1.1.0/30 Direct 0 0 D 23.1.1.1 GigabitEthernet
0/0/1
23.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
23.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4. 配置OSPF
现在,我们开始配置右侧的两个路由器,让它们都加入OSPF协议。
[AR2]ospf 1
[AR2-ospf-1]are
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.3
<AR3>system-view
[AR3]ospf 1
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0
等待日志打印出:
[AR3-ospf-1-area-0.0.0.0]
May 15 2025 16:52:28-08:00 AR3 %%01OSPF/4/NBR_CHANGE_E(l)[5]:Neighbor changes ev
ent: neighbor status changed. (ProcessId=256, NeighborAddress=1.1.1.23, Neighbor
Event=LoadingDone, NeighborPreviousState=Loading, NeighborCurrentState=Full)
就可以查看路由表了,我们可以看到,此时AR2上已经有了AR3的环回口IP地址:
[AR2-ospf-1-area-0.0.0.0]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 RIP 100 1 D 12.1.1.1 GigabitEthernet
0/0/0
10.1.2.0/24 RIP 100 1 D 12.1.1.1 GigabitEthernet
0/0/0
10.1.3.0/24 RIP 100 1 D 12.1.1.1 GigabitEthernet
0/0/0
10.3.1.1/32 OSPF 10 1 D 23.1.1.2 GigabitEthernet
0/0/1
10.3.2.1/32 OSPF 10 1 D 23.1.1.2 GigabitEthernet
0/0/1
10.3.3.1/32 OSPF 10 1 D 23.1.1.2 GigabitEthernet
0/0/1
12.1.1.0/30 Direct 0 0 D 12.1.1.2 GigabitEthernet
0/0/0
12.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
12.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
23.1.1.0/30 Direct 0 0 D 23.1.1.1 GigabitEthernet
0/0/1
23.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
23.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
5. OSPF导入RIPv2路由信息
此时存在一个问题,那就是仅有 AR2 知道所有的路由地址,而 AR1 与 AR3 并不知晓全部的路由地址,这就会影响 AR1 和 AR3之间的通讯。
在将RIPv2的路由导入OSPF之前,我们配置一个策略路由,因为我们仅对AR1的前两个环回口地址感兴趣,故我们写下:
[AR2]acl 2000
[AR2-acl-basic-2000]rule 10 permit source 10.1.1.0 0.0.0.255
[AR2-acl-basic-2000]rule permit source 10.1.2.0 0.0.0.255
[AR2-acl-basic-2000]q
[AR2]route-policy 1 permit node 10
Info: New Sequence of this List.
[AR2-route-policy]if-match acl 2000
[AR2-route-policy]q
[AR2]ospf 1
[AR2-ospf-1]import-route rip 1 route-policy 1
此时我们在 AR3 上查看路由表就可以看到 AR2 同步过来的路由信息:
<AR3>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 18 Routes : 18
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 O_ASE 150 1 D 23.1.1.1 GigabitEthernet
0/0/0
10.1.2.0/24 O_ASE 150 1 D 23.1.1.1 GigabitEthernet
0/0/0
10.3.1.0/24 Direct 0 0 D 10.3.1.1 LoopBack0
10.3.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.3.1.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.3.2.0/24 Direct 0 0 D 10.3.2.1 LoopBack1
10.3.2.1/32 Direct 0 0 D 127.0.0.1 LoopBack1
10.3.2.255/32 Direct 0 0 D 127.0.0.1 LoopBack1
10.3.3.0/24 Direct 0 0 D 10.3.3.1 LoopBack2
10.3.3.1/32 Direct 0 0 D 127.0.0.1 LoopBack2
10.3.3.255/32 Direct 0 0 D 127.0.0.1 LoopBack2
23.1.1.0/30 Direct 0 0 D 23.1.1.2 GigabitEthernet
0/0/0
23.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
23.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
6. RIPv2导入OSPF路由信息
下面我们将OSPF的信息导入RIPv2,但是我们仅对AR3的后两个环回口IP地址感兴趣,我们就可以这样配置:
[AR2]acl 2001
[AR2-acl-basic-2001]rule 10 permit source 10.3.2.0 0.0.0.255
[AR2-acl-basic-2001]rule permit source 10.3.3.0 0.0.0.255
[AR2-acl-basic-2001]q
[AR2]route-policy rp2 permit node 10
Info: New Sequence of this List.
[AR2-route-policy]if-match acl 2001
[AR2-route-policy]q
[AR2]rip 1
[AR2-rip-1]version 2
[AR2-rip-1]import-route ospf route-policy rp2
此时,我们可以在AR1上看到AR3的路由信息了:
<AR1>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 18 Routes : 18
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 LoopBack0
10.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.1.2.0/24 Direct 0 0 D 10.1.2.1 LoopBack1
10.1.2.1/32 Direct 0 0 D 127.0.0.1 LoopBack1
10.1.2.255/32 Direct 0 0 D 127.0.0.1 LoopBack1
10.1.3.0/24 Direct 0 0 D 10.1.3.1 LoopBack2
10.1.3.1/32 Direct 0 0 D 127.0.0.1 LoopBack2
10.1.3.255/32 Direct 0 0 D 127.0.0.1 LoopBack2
10.3.2.1/32 RIP 100 1 D 12.1.1.2 GigabitEthernet
0/0/0
10.3.3.1/32 RIP 100 1 D 12.1.1.2 GigabitEthernet
0/0/0
12.1.1.0/30 Direct 0 0 D 12.1.1.1 GigabitEthernet
0/0/0
12.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
12.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
后记
文中有任何错误、遗漏,烦请各位老铁在评论区指出,共同学习进步。
修改记录
| 更新日期 | 修改内容 |
|---|---|
| 2025年5月15日 | 完成初稿 |