Carrier A (Interface A) 10.0.0.1-----
Carrier B (Interface B) 184.108.40.206-----NE40E-----Enterprise network 220.127.116.11/16
Carrier C (Interface C) 18.104.22.168-----
At the egress of the enterprise network, the NE40E has three outbound interfaces connecting to carriers A, B, and C respectively. The link between the NE40E and interface A is of the best quality and highest cost. In addition, the network of carrier A is deployed with a large number of resource sharing servers. If users access the servers, they are charged by traffic volume. Moreover, users can access the network resources of carrier B and carrier C through the network of carrier A. In the other hand, the quality of the leased links of carrier B and carrier C is not guaranteed but the cost is comparatively low because the links are yearly charged.
Considering the preceding conditions, we bring forward the following requirements:
If the network is in a good condition, only traffic to the network of carrier A is sent from interface A. The server of the enterprise is placed on the network of carrier A, which is reliable and provides link protection. Other traffic is mainly sent from interface B and interface C. If the link to interface B or interface C is faulty, traffic is automatically switched to the link to interface A. If the links to interface B and interface C are faulty at the same time, traffic accessing the networks of carriers A, B, and C is sent from interface A, which ensures that services are not interrupted.
Configure PBR on the NE40E:
Rule permit ip source 22.214.171.124/16 des //Indicates a specific network segment of carrier A
Rule permit ip source 126.96.36.199/16 des //Indicates a specific network segment of carrier B
Rule permit ip source 188.8.131.52/16 des any
traffic classifier YYS_A_OUT operator or
if-match acl 3000
traffic classifier YYS_B_OUT operator or
if-match acl 3001
traffic classifier YYS_C_OUT operator or
if-match acl 3002
traffic behavior YYS_A_OUT //The key point is that no traffic behavior is defined.
traffic behavior YYS_B_OUT
ip next-hop 184.108.40.206
traffic behavior YYS_C_OUT
ip nexthop 220.127.116.11
traffic policy celue
classifier YYS_A_OUT behavior YYS_A_OUT //Traffic that matches this policy is forwarded through OSPF by searching the routing table
classifier YYS_B_OUT behavior YYS_B_OUT
classifier YYS_C_OUT behavior YYS_C_OUT
Apply PBR to the interface on the NE40E that connects to the enterprise network. Normally, most traffic travels through interface C according to PBR. If interface B or interface C goes Down, traffic whose next hop is the faulty interface travels through interface A according to the default route.
To meet the preceding requirements, you need to use forward PBR flexibly.
The NE40E is configured with OSPF, and the device of carrier A delivers a default route to guide outgoing traffic of the enterprise network, and ensures that traffic travels through interface A when both interface B and interface C are faulty. After PBR is configured, the next hop of traffic accessing the server on the network of carrier A is 10.0.0.1; the next hop of traffic accessing a specific network segment of carrier B is 18.104.22.168; other traffic travels through interface C at 22.214.171.124. Normally, all services are transmitted on the basis of PBR. After interface B or interface C is faulty, the policy with the next hop being the faulty interface becomes invalid. Traffic that should be sent on the faulty interface travels through interface A according to the default route. As the network of carrier A is stable and provides the backup link for the links to interface B and interface C, services are not interrupted.
Note that if PBR is configured with traffic classifiers and without traffic behaviors, matching traffic is directly forwarded according to routes.
By using PBR flexibly, you can adjust the volume of traffic on links as required on the network where multiple outbound interfaces are available, thus realizing link protection and improving network stability.