- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
55-MSR係列路由器策略路由與NQA聯動典型配置舉例
本章節下載: 55-MSR係列路由器策略路由與NQA聯動典型配置舉例 (146.64 KB)
MSR係列路由器策略路由與NQA聯動典型配置舉例
|
Copyright © 2014 杭州華三通信技術有限公司 版權所有,保留一切權利。 非經本公司書麵許可,任何單位和個人不得擅自摘抄、複製本文檔內容的部分或全部, 並不得以任何形式傳播。本文檔中的信息可能變動,恕不另行通知。 |
|
目 錄
本文主要介紹策略路由與NQA聯動典型配置。
本文檔不嚴格與具體軟、硬件版本對應,如果使用過程中與產品實際情況有差異,請參考相關產品手冊,或以設備實際情況為準。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解策略路由和NQA特性。
如圖1所示,RouterA到達RouterC的路由下一跳為RouterB,在RouterB上通過策略路由、Track與NQA聯動,對到達Router C的鏈路有效性進行實時判斷。
圖1 策略路由與NQA聯動配置組網圖
· 為實現全網互通,配置路由協議;
· 為監控策略路由,建立NQA測試組;
· 為使能NQA,Track與NQA測試組關聯。
本舉例是在Release 2317版本上進行配置和驗證的。
策略路由可以在配置報文的發送接口、缺省發送接口、下一跳、缺省下一跳時與Track項關聯,通過Track項的狀態來動態地決定策略的可用性。當應用動作增加Track關聯後,如果事件發生時Track項狀態為positive,則該配置項有效,可以指導轉發;事件發生時,Track項狀態為negative,則該配置項無效,轉發時忽略該配置項。
# 配置以太網口的IP地址
<RouterA>system-view
[RouterA]interface GigabitEthernet 0/1
[RouterA-GigabitEthernet0/1]ip address 200.1.1.1 255.255.255.0
[RouterA-GigabitEthernet0/1]quit
# 創建RIP動態路由
[RouterA]rip 1
[RouterA-rip-1]version 2
[RouterA-rip-1]network 200.1.1.0
# 定義訪問控製列表
<RouterB>system-view
[RouterB]acl number 3009
[RouterB-acl-adv-3009]rule 0 permit ip source 200.1.1.0 0.0.0.255
[RouterB-acl-adv-3009]quit
# 創建虛接口VT87,並配置其IP地址
[RouterB]interface Virtual-Template 87
[RouterB-Virtual-Template87]ip address 1.1.1.1 255.255.255.0
[RouterB-Virtual-Template87]quit
# 配置串口S8/7,使其MP捆綁到虛接口VT87上
[RouterB]interface Serial 8/7
[RouterB-Serial8/7]ppp mp Virtual-Template 87
[RouterB-Serial8/7]quit
# 定義1號節點,使匹配ACL 3009的任何IP報文被發往接口VT87,並配置與track1的聯動配置
[RouterB]policy-based-route test permit node 1
[RouterB-pbr-test-1]if-match acl 3009
[RouterB-pbr-test-1]apply output-interface Virtual-Template87 track 1
[RouterB-pbr-test-1]quit
# 創建ICMP類型的NQA測試組(管理員為admin,操作標簽為 1)並配置相關可選測試參數
[RouterB]nqa entry admin 1
[RouterB-nqa-admin-1]type icmp-echo
[RouterB-nqa-admin-1-icmp-echo]destination ip 1.1.1.2
[RouterB-nqa-admin-1-icmp-echo]frequency 5000
[RouterB-nqa-admin-1-icmp-echo]source ip 1.1.1.1
# 配置Reaction監測項1(失敗1次觸發聯動)
[RouterB-nqa-admin-1-icmp-echo]reaction 1 checked-element probe-fail threshold-type consecutive 1 action-type trigger-only
[RouterB-nqa-admin-1-icmp-echo]quit
# 配置以太口GigabitEthernet0/1的IP地址,在GigabitEthernet0/1接口上應用策略路由test
[RouterB]interface GigabitEthernet 0/1
[RouterB-GigabitEthernet0/1]ip address 200.1.1.2 255.255.255.0
[RouterB-GigabitEthernet0/1]ip policy-based-route test
[RouterB-GigabitEthernet0/1]quit
# 配置Track項1,關聯NQA測試組(管理員為admin,操作標簽為 1)的Reaction監測項1
[RouterB]track 1 nqa entry admin 1 reaction 1
# 創建RIP動態路由
[RouterB]rip 1
[RouterB-rip-1]version 2
[RouterB-rip-1]network 200.1.1.0
[RouterB-rip-1]network 1.1.1.0
# 創建虛接口VT87,並配置其IP地址
<RouterC>system-view
[RouterC]interface Virtual-Template 87
[RouterC-Virtual-Template87]ip address 1.1.1.2 255.255.255.0
[RouterC-Virtual-Template87]quit
# 配置串口S8/7,使其MP捆綁到虛接口VT87上
[RouterC]interface Serial 8/7
[RouterC-Serial8/7]ppp mp Virtual-Template 87
[RouterC-Serial8/7]quit
# 創建RIP動態路由
[RouterC]rip 1
[RouterC-rip-1]version 2
[RouterC-rip-1]network 1.1.1.0
(1) 啟動ICMP測試操作
[RouterB]nqa schedule admin 1 start-time now lifetime forever
(2) 在RouterB顯示ICMP NQA測試成功的結果,NQA將探測結果通知給TRACK模塊,則對應Track項的狀態為positive,就表示策略路由指定的出接口有效,可以指導轉發
[RouterB]display nqa result admin 1
NQA entry(admin admin, tag 1) test results:
Destination IP address: 1.1.1.2
Send operation times: 1 Receive response times: 1
Min/Max/Average round trip time: 38/38/38
Square-Sum of round trip time: 1444
Last succeeded probe time: 2011-09-28 15:11:57.1
Extend results:
Packet lost in test: 0%
Failures due to timeout: 0
Failures due to disconnect: 0
Failures due to no connection: 0
Failures due to sequence error: 0
Failures due to internal error: 0
Failures due to other errors: 0
[RouterB]display track 1
Track ID: 1
Status: Positive
Duration: 0 days 0 hours 4 minutes 50 seconds
Notification delay: Positive 0, Negative 0 (in seconds)
Reference object:
NQA entry: admin 1
Reaction: 1
(3) 在RouterA發5個ping包到1.1.1.2,查看RouterB的策略路由的統計信息,統計成功轉發了5個數據包
<RouterB>dispaly ip policy-based-route statistics interface GigabitEthernet 0/1
Interface GigabitEthernet0/1 policy based routing statistics information:
policy-based-route: test
permit node 1
apply output-interface Virtual-Template87 track 1
Denied: 0,
Forwarded: 5
Total denied: 0, forwarded: 5
(4) 斷開RouterB與RouterC之間的連接線纜,在RouterB顯示ICMP NQA測試不成功的結果,NQA將探測結果通知給TRACK模塊,則對應Track項的狀態為Negative,就表示策略路由指定的出接口無效,轉發時忽略該配置項
<RouterB>display nqa result admin 1
NQA entry(admin admin, tag 1) test results:
Destination IP address: 1.1.1.2
Send operation times: 1 Receive response times: 0
Min/Max/Average round trip time: 0/0/0
Square-Sum of round trip time: 0
Last succeeded probe time: 0-00-00 00:00:00.0
Extend results:
Packet lost in test: 100%
Failures due to timeout: 1
Failures due to disconnect: 0
Failures due to no connection: 0
Failures due to sequence error: 0
Failures due to internal error: 0
Failures due to other errors: 0
<RouterB>dis track 1
Track ID: 1
Status: Negative
Duration: 0 days 0 hours 4 minutes 50 seconds
Notification delay: Positive 0, Negative 0 (in seconds)
Reference object:
NQA entry: admin 1
Reaction: 1
(5) 在RouterA發5個ping包到1.1.1.2,查看RouterB的策略路由的統計信息,統計顯示忽略了這5個數據包,這些數據包無法通過此策略路由進行轉發,需按正常轉發流程處理。
<RouterB>dispaly ip policy-based-route statistics interface GigabitEthernet 0/1
Interface GigabitEthernet0/1 policy based routing statistics information:
policy-based-route: test
permit node 1
apply output-interface Virtual-Template87 track 1
Denied: 5,
Forwarded: 0
Total denied: 5, forwarded: 0
· Router A
#
sysname RouterA
#
interface GigabitEthernet0/1
port link-mode route
ip address 200.1.1.1 255.255.255.0
#
rip 1
version 2
network 200.1.1.0
#
· Router B
#
sysname RouterB
#
acl number 3009
rule 0 permit ip source 200.1.1.0 0.0.0.255
#
interface Serial8/7
link-protocol ppp
ppp mp Virtual-Template 87
#
interface Virtual-Template87
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 200.1.1.2 255.255.255.0
ip policy-based-route test
#
rip 1
version 2
network 200.1.1.0
network 1.0.0.0
#
nqa entry admin 1
type icmp-echo
destination ip 1.1.1.2
frequency 5000
reaction 1 checked-element probe-fail threshold-type consecutive 1 action-type trigger-only
source ip 1.1.1.1
#
policy-based-route test permit node 1
if-match acl 3009
apply output-interface Virtual-Template87 track 1
#
track 1 nqa entry admin 1 reaction 1
#
nqa agent max-concurrent 81
nqa schedule admin 1 start-time now lifetime forever
#
· Router C
#
sysname RouterC
#
interface Serial8/7
link-protocol ppp
ppp mp Virtual-Template 87
#
interface Virtual-Template87
ip address 1.1.1.2 255.255.255.0
#
rip 1
version 2
network 1.0.0.0
#
· H3C MSR 係列路由器 命令參考(V5)-R2311
· H3C MSR 係列路由器 配置指導(V5)-R2311
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
