H3C Policy Routing
1. Experiment principle:
Use Policy Routing on RT2 and direct to different next hops based on different source addresses.
2. Experiment topology:
3. Experiment Configuration:
RT1: [RT1] int lo 0 [RT1-LoopBack0] ip add 10.1.0.1 24 [RT1-LoopBack0] int lo 1 [RT1-LoopBack1] ip add 10.2.0.1 24 [RT1-LoopBack1] int g0/0/0 [RT1-GigabitEthernet0/0/0] ip add 10.3.0.1 24 [RT1-GigabitEthernet0/0/0] qu [RT1] ip route 0.0.0.0 0.0.0.0 10.3.0.2 //////////////////////// //// // RT2: [RT2] int g0/0/0 [RT2-GigabitEthernet0/0/0] ip add 10.3.0.2 24 [RT2-GigabitEthernet0/0/0] int g0/0/1 [RT2-GigabitEthernet0/0/1] ip add 10.4.0.1 24 [RT2-GigabitEthernet0/0/1] int g0/0/2 [RT2-GigabitEthernet0/0/2] ip add limit 5.0.1 24 [RT2-GigabitEthernet0/0/2] qu [RT2] acl num 2001 // here the access control linked list is used to match the ip Address [RT2-acl-basic-2001] rule 0 permit source 10.1.0.0 0.0.255 [RT2-acl-basic-2001] acl num 2002 [RT2-acl-basic-2002] rule 0 per s 10.2.0.0 0.0.0.255 [RT2-acl-basic-2002] qu [RT2] policy-based-route isp permit node 1 // policy Routing is defined here [RT2-pbr-isp-1] if-match acl 2001 // here apply the access control linked list [RT2-pbr-isp-1] apply ip-address next-hop 10.4.0.2 [RT2-pbr-isp-1] qu [RT2] policy-based-route isp node 2 [RT2-pbr-isp-2] if-match acl 2002 [RT2-pbr-isp-2] apply ip-address next-hop 10.5.0.2 [RT2-pbr-isp-2] qu [RT2] int g0/0/0 [RT2-GigabitEthernet0/0/0] ip policy-based -route isp // apply the policy to the interface [RT2] ip route 0.0.0.0 0.0.0.0 10.3.0.1 ////////////////////// /// // RT3: [RT3] int g0/0/0 [RT3-GigabitEthernet0/0/0] ip add 10.4.0.2 24 [RT3-GigabitEthernet0/0/0] int lo 0 [RT3-LoopBack0] ip add 10.6.0.1 24 [RT3] ip route 0.0.0.0 0.0.0.0 10.4.0.1/ //////////////////////////////////////// /// // RT4: [RT4] int g0/0/0 [RT4-GigabitEthernet0/0/0] ip ad 10.5.0.2 24 [RT4-GigabitEthernet0/0/0] int lo 0 [RT4-LoopBack0] ip add 10.7.0.1 24 [RT4-LoopBack0] qu [RT4] ip route 0.0.0.0 0.0.0.0 10.5.0.1
4. Experiment results:
RT1: [RT1] ping-a 10.1.0.1 10.6.0.1 // here we need to use the extended ping command PING 10.6.0.1: 56 data bytes, press CTRL_C to break Reply from 10.6.0.1: bytes = 56 Sequence = 1 ttl = 254 time = 1 MS Reply from 10.6.0.1: bytes = 56 Sequence = 2 ttl = 254 time = 26 MS Reply from 10.6.0.1: bytes = 56 Sequence = 3 ttl = 254 time = 16 MS Reply from 10.6.0.1: bytes = 56 Sequence = 4 ttl = 254 time = 1 MS Request time out [RT1] ping-a 10.1.0.1 10.7.0.1 PING 10.7.0.1: 56 data bytes, press CTRL_C to break Request time out [RT1] ping-a 10.2.0.1 10.6.0.1 PING 10.6.0.1: 56 data bytes, press CTRL_C to break Request time out [RT1] ping-a 10.2.0.1 10.7.0.1 PING 10.7.0.1: 56 data bytes, press CTRL_C to break Request time out Reply from 10.7.0.1: bytes = 56 Sequence = 2 ttl = 254 time = 5 MS Reply from 10.7.0.1: bytes = 56 Sequence = 3 ttl = 254 time = 4 MS Reply from 10.7.0.1: bytes = 56 Sequence = 4 ttl = 254 time = 5 MS Reply from 10.7.0.1: bytes = 56 Sequence = 5 ttl = 254 time = 1 MS