In terms of network equipment maintenance, many maintenance documents now refer to the terms "routing policy" and "Policy Routing, however, many maintenance technicians do not have a thorough understanding of these two terms and cannot grasp the relationship and difference between them accurately. This article briefly analyzes the concepts between the two and introduces some examples. I hope you can get a deeper understanding from the examples.
I. Routing Policy
A routing policy is a route publishing and receiving policy. In fact, selecting a routing protocol is also a routing policy, because the same network structure, different routing protocols may generate different route tables because of different implementation mechanisms, different overhead calculation rules, and different priority definitions. These are the most basic. Generally, what we call a routing policy is that, based on the normal routing protocol, we change the result of Route generation, release, and selection based on a rule, by changing certain parameters, or by setting a certain control mode. Note that the result (that is, the route table) is changed ), the rules are not changed, but are applied.
The following are some examples.
Example of changing the parameters: for example, a router and B router have a dual-Link (Ab1 and AB2 respectively) with the same bandwidth and run the OSPF routing protocol, but the stability of the two links is different, the company wants to set up Ab1 as the main circuit. When the main circuit (Ab1) fails, the standby circuit (Ab2) is used. If the default setting is adopted, the two circuits are Server Load balancer, in this case, you can set the cost (overhead) values of the Ab1 and AB2 circuits respectively, and change the cost value of the Ab1 circuit to a smaller value or set the cost value of the ab2 circuit to a greater value, OSPF will generate two routes with different overhead. The smaller the cost (overhead), the lower the route cost. Therefore, the higher the priority, the router will use the Ab1 circuit first. You can also set the bandwidth of the two circuits to be different without changing the cost value. The bandwidth of Ab1 is larger than that of AB2, which is based on the OSPF route generation and discovery rules, the cost of Ab1 (cost) is lower than that of AB2, And the router also takes the Ab1 circuit first.
An example of changing the control mode is to use a routing filter policy to perform some operations on a route that complies with a certain rule. For example, deny is the most common operation) and allow (Permit). Second, adjust the parameters of these routes based on the allowed conditions, such as the cost value. Generally, the used policies include ACL (Acess Control List Access Control List), IP-prefix, as-path, and route-policy. Most of the routing policies are used in combination with the BGP protocol. They are routing receiving and notification principles.
For example, if AS1 does not publish the 19.1.1.1/32 CIDR block to As2, you can set the ACL list and set it on RTB (for example, a router in China ):
[RTB] ACL number 1 match-order auto
[RTB-acl-basic-1] Rule deny source 19.1.1.1 0
[RTB-acl-basic-1] Rule permit source any
[RTB] BGP 1
[RTB-BGP] peer 2.2.2.2 as-number 2
[RTB-BGP] import-route OSPF
[RTB-BGP] peer 2.2.2.2 filter-Policy 1 Export
If B publishes this route to C, but C does not want to accept this route, C can set:
[RTC] ACL number 1 match-order auto
[RTC-acl-basic-1] Rule deny source 19.1.1.1 0
[RTC-acl-basic-1] Rule permit source any
[RTC] BGP 2
[RTC-BGP] peer 2.2.2.1 as-Number 1
[RTC-BGP] peer 2.2.2.1 filter-Policy 1 Import
Here is an example of IP-Prefix:
For example, if RTB does not publish a route entry 19.1.1.0/24 to RTC, you can set
[RTB] IP-Prefix test index 10 deny 19.1.1.0 24
[RTB] IP-Prefix test index 20 permit any
[RTB] BGP 1
[RTB-BGP] peer 2.2.2.2 as-number 2
[RTB-BGP] import-route OSPF
[RTB-BGP] import-route direct
[RTB-BGP] peer 2.2.2.2 IP-Prefix test Export
IP-prefix is precisely matched. To implement fuzzy match, you can use the following parameters: less-equal or greater-equal, for example, if the IP address-Prefix test index 10 deny 19.1.1.0 24 less-equal 31 indicates that all entries from 19.1.1.0/24, 19.1.1.0/25, 19.1.1.0/26 to 19.1.1.0/31 match, otherwise, this indicates that only the route 19.1.1.0/24 for the target network is matched, and 19.1.1.0/25 does not meet this condition. For more information, see the command manual.
The preceding sections describe the operation and prohibition of routes. The following describes more flexible routing policy settings: If-match and apply match in route-policy, in this example, you can not only allow or disable certain routes, but also set their attributes for allowed routes.
RTB and RTC run the ibgp protocol, while RTA, RTB, and RTC run the ebgp protocol. Router_id is sorted in ascending order by A, B, C, and D. Under normal circumstances, the communication between RTA and RTD will select RTB for transit, and the communication between RTD and RTA will also select RTB. By default, all parameters are the same, BGP selects a path with a smaller router_id. Now we want to make the communication between RTD and RTA go through RTB, while the communication between RTA and RTD goes through RTC, that is, the RTB of the two routers is responsible for the egress communication between the vrouters in the autonomous region and the vrouters outside the region, while the RTC is dedicated for the communication between the vrouters outside the autonomous region and the vrouters in the region, we can use the as-path in route-policy to implement it, and do the following on RTB:
[RTB] route-policy test permit node 10
[RTB-route-Policy] apply as-path 300 400 // Add a false path to increase the as-Path
[RTB-BGP] use the policy when peer 1.1.1.1 route-policy test export // publishes route information to RTA
In this way, when B releases a BGP Route to A, it increases the as-path value of the route and selects a shorter as-path route based on the BGP Route Selection rules, in this way, when RTA communicates with RTD, the RTC route with the short as-path is preferred, while the RTD still chooses RTB when selecting the RTA route, because for RTD, the parameters that affect the routing have not changed. You can also change the med value. Here we use a routing policy for example.
This method is particularly flexible in setting multiple parameters in the apply statement, in addition to as-path, as well as IP Next Hop (set next hop), local-preference (local exit priority), Cost (overhead), origin (origin, from IGP, EGP or incomplete), tag (TAG ).
Ii. Policy Routing
2.2.2.2/30
2.2.2.1/30
1.1.1.2/30
RTB
1.1.1.1/30
10.10.10.0/24
When a route table has been generated, a policy route is not forwarded according to the existing route table. Instead, a policy route is selected based on certain communication traffic.
PC2
PC1
Vswitch
RTA
There are two links for communication between RTA and RTB. The above circuit is active and the bandwidth is M. The circuit below is standby and the bandwidth is 10 m, at present, 10 m is basically idle, and most of the communication goes through the main use. pC1 (10.10.10.10/24) is a particularly important customer and the information sent by him must be transmitted immediately, based on this situation, we can separate the sending traffic using the following backup circuit method.
Rule-map intervlan permitpc1 IP 10.10.10.10 0.0.0.0 any
Flow-Action next2 redirect IP 2.2.2.2
Eacl ABC permitpc1 next2
Then, use the access-group eacl ABC command on the port directly connected to 10.10.0/24 to issue the application.
This is a typical application of policy routing. This application selects the forwarding path based on the source address. It can also run different circuits based on the protocol type (such as separating UDP and TCP) and applications (for example, some video applications require real-time transmission, you can use a single circuit to run the RSTP stream), the packet size, or their combination to set forwarding conditions. In fact, ACL rules are applied to data forwarding. The rules of Rule-map are the same as those of ACL. Here we will not give more examples. All the technical staff familiar with ACL know this.
Here, the flow-Action redirect is to set the next one. The flow-action can also perform QoS-related operations, such as queue matching for data packets using cos or car actions, perform operations according to the configured traffic model rules. For more information, see the command reference manual.
Iii. Connection and Difference
Contact:
Both parties select the path for packet forwarding, and change certain parameters or control methods according to certain rules to set different forwarding paths.
Differences:
A routing policy uses a policy to change the routing discovery result based on the rules that affect the route Publishing, receiving, or routing parameters. The route table content is eventually changed. It is used in route discovery.
Although there are currently the optimal routes, policy routes use different forwarding paths separately for some special hosts (or applications or protocols) that do not use the forwarding paths in the current route table. When the data packet is forwarded, it does not change any content in the routing table.
The priority of a policy route is higher than that of a route policy. When the router receives and forwards data packets, it first matches the rule of the policy route, the forwarding is based on the route policy. Otherwise, the forwarding is based on the forwarding path in the route table.
In summary, a routing policy is a routing discovery rule, and a policy route is a packet forwarding rule. In fact, "Policy Routing" is understood as "forwarding policy", which makes it easier to understand and distinguish. Because the forwarding is at the bottom layer and the routing is at the top layer, the forwarding priority is higher than the routing priority, which is understandable. In fact, there are two types and layers of tables in the vro, one is the routing-table, and the other is the forwarding table ). The forwarding table is mapped from the route table. A policy route directly acts on the forwarding table, and a routing policy acts on the route table.
Iv. Advantages and Disadvantages
The network communication rule is to have a route before forwarding. The routing policy only works when a route is detected. After the route table is generated and stable, if the network does not change, the route table usually does not change. At this time, without an application, the routing policy does not occupy resources. Policy Routing acts upon forwarding. After a router initially generates a route table, the basic workload is on packet forwarding. If there is no policy routing, the router only needs to analyze the destination address of each data packet, the next hop can be determined by matching the route table. However, if there is a policy route, the policy route is always in the application state. If the policy route is particularly complex, the router should judge the source address, protocol, and application of the data packet according to the rules, so that it will always occupy a large amount of resources. Therefore, unless you have to, try to use the routing policy as much as possible, instead of using policy routing. This should be taken into consideration during network optimization. If the policy routing is particularly complex, you can simply break down the network to eliminate the Policy Routing as much as possible. Otherwise, the router will be heavily burdened.