Example for Configuring Interface PBR

CLI-based Configuration Guide - IP Unicast Routing

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R009

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Example for Configuring Interface PBR

Networking Requirements

As shown in Figure 12-8, two departments VLAN 10 and VLAN 20 connect to GE1/0/0 and GE2/0/0 of RouterA. HOSTA at 192.168.1.2/24 and HOSTB at 192.168.1.3/24 belong to one department and are located on network segment 192.168.1.0/24. HOSTC at 192.168.2.2/24 and HOSTD at 192.168.2.3/24 belong to another department and are located on network segment 192.168.2.0/24.

RouterA can connect to the Internet through the link RouterA->RouterB->RouterD or RouterA->RouterC->RouterD. The requirements are as follows:

Packets from the two departments reach the Internet through the two links when the two links are running properly.
When a link is faulty, packets from the two departments are forwarded on the other link. This prevents service interruption for a long time.
When the link fault is rectified, packets reach the Internet through the two links.

Figure 12-8 Networking diagram of configuring interface PBR

Device	Interface	IP Address
RouterA	GE1/0/0	192.168.1.1/24
	GE2/0/0	192.168.2.1/24
	GE3/0/0	192.168.3.1/24
	GE4/0/0	192.168.4.1/24
RouterB	GE1/0/0	192.168.3.2/24
RouterB	GE2/0/0	192.168.5.2/24
RouterC	GE1/0/0	192.168.4.2/24
RouterC	GE2/0/0	192.168.6.2/24
RouterD	GE1/0/0	192.168.5.1/24
	GE2/0/0	192.168.6.1/24
	GE3/0/0	192.168.7.1/24

Configuration Roadmap

Association between redirection and an NQA test instance is used to implement PBR. The configuration roadmap is as follows:

Configure IP addresses and routing protocols for interfaces so that users can access the Internet through RouterA.
Configure an NQA test instance to detect whether the links RouterA->RouterB->RouterD and RouterA->RouterC->RouterD are running properly.
Configure association between NQA and static routes so that traffic can be switched to the other link when one link is faulty.
Configure traffic classifiers and configure matching rules based on the source IP address of packets.
Configure traffic behaviors in which redirection is associated with an NQA test instance. When the NQA test instance detects that the link RouterA->RouterB->RouterD is running properly, packets matching the traffic classifier are redirected to 192.168.3.2/24. When the NQA test instance detects that the link RouterA->RouterC->RouterD is running properly, packets matching the traffic classifier are redirected to 192.168.4.2/24.
Configure traffic policies, bind the traffic classifier and traffic behavior to the traffic policies, and apply the traffic policies to an interface to implement interface PBR.

Procedure

Configure devices to communicate with each other.

# Configure IP addresses for all interfaces of the Router. This example describes the configuration on RouterA. Configurations of other device are similar to that of RouterA. For details, see corresponding configuration files.

<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ip address 192.168.1.1 24
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] ip address 192.168.2.1 24
[RouterA-GigabitEthernet2/0/0] quit
[RouterA] interface gigabitethernet 3/0/0
[RouterA-GigabitEthernet3/0/0] ip address 192.168.3.1 24
[RouterA-GigabitEthernet3/0/0] quit
[RouterA] interface gigabitethernet 4/0/0
[RouterA-GigabitEthernet4/0/0] ip address 192.168.4.1 24
[RouterA-GigabitEthernet4/0/0] quit

Configure SwitchA and SwitchB so that they can communicate with RouterA.

# Configure static routes.

[RouterA] ip route-static 192.168.7.0 255.255.255.0 192.168.3.2
[RouterA] ip route-static 192.168.7.0 255.255.255.0 192.168.4.2
[RouterA] ip route-static 192.168.5.0 255.255.255.0 192.168.3.2
[RouterA] ip route-static 192.168.6.0 255.255.255.0 192.168.4.2
[RouterB] ip route-static 192.168.7.0 255.255.255.0 192.168.5.1
[RouterB] ip route-static 192.168.1.0 255.255.255.0 192.168.3.1
[RouterB] ip route-static 192.168.2.0 255.255.255.0 192.168.3.1
[RouterC] ip route-static 192.168.7.0 255.255.255.0 192.168.6.1
[RouterC] ip route-static 192.168.1.0 255.255.255.0 192.168.4.1
[RouterC] ip route-static 192.168.2.0 255.255.255.0 192.168.4.1
[RouterD] ip route-static 192.168.1.0 255.255.255.0 192.168.5.2
[RouterD] ip route-static 192.168.1.0 255.255.255.0 192.168.6.2
[RouterD] ip route-static 192.168.2.0 255.255.255.0 192.168.6.2
[RouterD] ip route-static 192.168.2.0 255.255.255.0 192.168.5.2
[RouterD] ip route-static 192.168.3.0 255.255.255.0 192.168.5.2
[RouterD] ip route-static 192.168.4.0 255.255.255.0 192.168.6.2

Configure NQA test instances.

# Configure an NQA test instance on RouterA.

[RouterA] nqa test-instance admin vlan10
[RouterA-nqa-admin-vlan10] test-type icmp
[RouterA-nqa-admin-vlan10] destination-address ipv4 192.168.5.1
[RouterA-nqa-admin-vlan10] frequency 10
[RouterA-nqa-admin-vlan10] probe-count 2
[RouterA-nqa-admin-vlan10] start now
[RouterA-nqa-admin-vlan10] quit
[RouterA] nqa test-instance admin vlan20
[RouterA-nqa-admin-vlan20] test-type icmp
[RouterA-nqa-admin-vlan20] destination-address ipv4 192.168.6.1
[RouterA-nqa-admin-vlan20] frequency 10
[RouterA-nqa-admin-vlan20] probe-count 2
[RouterA-nqa-admin-vlan20] start now
[RouterA-nqa-admin-vlan20] quit

# Configure an NQA test instance on RouterD.

[RouterD] nqa test-instance admin vlan10
[RouterD-nqa-admin-vlan10] test-type icmp
[RouterD-nqa-admin-vlan10] destination-address ipv4 192.168.3.1
[RouterD-nqa-admin-vlan10] frequency 10
[RouterD-nqa-admin-vlan10] probe-count 2
[RouterD-nqa-admin-vlan10] start now
[RouterD-nqa-admin-vlan10] quit
[RouterD] nqa test-instance admin vlan20
[RouterD-nqa-admin-vlan20] test-type icmp
[RouterD-nqa-admin-vlan20] destination-address ipv4 192.168.4.1
[RouterD-nqa-admin-vlan20] frequency 10
[RouterD-nqa-admin-vlan20] probe-count 2
[RouterD-nqa-admin-vlan20] start now
[RouterD-nqa-admin-vlan20] quit

Configure association between NQA and static routes.

# Configure association between NQA and static routes on RouterA.

[RouterA] ip route-static 192.168.7.0 255.255.255.0 192.168.3.2 track nqa admin vlan10
[RouterA] ip route-static 192.168.7.0 255.255.255.0 192.168.4.2 track nqa admin vlan20
[RouterA] quit

# Configure association between NQA and static routes on RouterD.

[RouterD] ip route-static 192.168.1.0 255.255.255.0 192.168.5.2 track nqa admin vlan10
[RouterD] ip route-static 192.168.1.0 255.255.255.0 192.168.6.2 track nqa admin vlan20
[RouterD] ip route-static 192.168.2.0 255.255.255.0 192.168.5.2 track nqa admin vlan10
[RouterD] ip route-static 192.168.2.0 255.255.255.0 192.168.6.2 track nqa admin vlan20
[RouterD] quit

Configure traffic classifiers.

# Create traffic classifiers vlan10 and vlan20 on RouterA to match packets with source IP addresses on network segments 192.168.1.0/24 and 192.168.2.0/24.

[RouterA] acl number 2000
[RouterA-acl-basic-2000] rule 10 permit source 192.168.1.0 0.0.0.255
[RouterA-acl-basic-2000] quit
[RouterA] acl number 2001
[RouterA-acl-basic-2001] rule 20 permit source 192.168.2.0 0.0.0.255
[RouterA-acl-basic-2001] quit
[RouterA] traffic classifier vlan10
[RouterA-classifier-vlan10] if-match acl 2000
[RouterA-classifier-vlan10] quit
[RouterA] traffic classifier vlan20
[RouterA-classifier-vlan20] if-match acl 2001
[RouterA-classifier-vlan20] quit

# Create traffic classifiers vlan10 and vlan20 on RouterD to match packets with destination IP addresses on network segments 192.168.1.0/24 and 192.168.2.0/24.

[RouterD] acl number 3000
[RouterD-acl-adv-3000] rule 10 permit ip destination 192.168.1.0 0.0.0.255
[RouterD-acl-adv-3000] quit
[RouterD] acl number 3001
[RouterD-acl-adv-3001] rule 20 permit ip destination 192.168.2.0 0.0.0.255
[RouterD-acl-adv-3001] quit
[RouterD] traffic classifier vlan10
[RouterD-classifier-vlan10] if-match acl 3000
[RouterD-classifier-vlan10] quit
[RouterD] traffic classifier vlan20
[RouterD-classifier-vlan20] if-match acl 3001
[RouterD-classifier-vlan20] quit

Configure traffic behaviors.
# Create traffic behavior vlan10 on RouterA and associate the NQA test instance admin vlan10 with redirection to the next hop 192.168.3.2/24. When the NQA test instance detects that the link is running properly, redirection takes effect. When the NQA test instance detects a link fault, packets are forwarded along the original path.
```
[RouterA] traffic behavior vlan10
[RouterA-behavior-vlan10] redirect ip-nexthop 192.168.3.2 track nqa admin vlan10
[RouterA-behavior-vlan10] quit
```
# Create traffic behavior vlan20 on RouterA and associate the NQA test instance admin vlan20 with redirection to the next hop 192.168.4.2/24. When the NQA test instance detects that the link is running properly, redirection takes effect. When the NQA test instance detects a link fault, packets are forwarded along the original path.
```
[RouterA] traffic behavior vlan20
[RouterA-behavior-vlan20] redirect ip-nexthop 192.168.4.2 track nqa admin vlan20
[RouterA-behavior-vlan20] quit
```
# Create traffic behavior vlan10 on RouterD and associate the NQA test instance admin vlan10 with redirection to the next hop 192.168.5.2/24. When the NQA test instance detects that the link is running properly, redirection takes effect. When the NQA test instance detects a link fault, packets are forwarded along the original path.
```
[RouterD] traffic behavior vlan10
[RouterD-behavior-vlan10] redirect ip-nexthop 192.168.5.2 track nqa admin vlan10
[RouterD-behavior-vlan10] quit
```
# Create traffic behavior vlan20 on RouterD and associate the NQA test instance admin vlan20 with redirection to the next hop 192.168.6.2/24. When the NQA test instance detects that the link is running properly, redirection takes effect. When the NQA test instance detects a link fault, packets are forwarded along the original path.
```
[RouterD] traffic behavior vlan20
[RouterD-behavior-vlan20] redirect ip-nexthop 192.168.6.2 track nqa admin vlan20
[RouterD-behavior-vlan20] quit
```

Configure traffic policies and apply the traffic policies.

# Create traffic policies vlan10 and vlan20 on RouterA and bind the traffic classifier and the traffic behavior to the traffic policy.

[RouterA] traffic policy vlan10
[RouterA-trafficpolicy-vlan10] classifier vlan10 behavior vlan10
[RouterA-trafficpolicy-vlan10] quit
[RouterA] traffic policy vlan20
[RouterA-trafficpolicy-vlan20] classifier vlan20 behavior vlan20
[RouterA-trafficpolicy-vlan20] quit

# Apply the traffic policy vlan10 to GE1/0/0 in the inbound direction and the traffic policy vlan20 to GE2/0/0 in the inbound direction.

[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] traffic-policy vlan10 inbound
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] traffic-policy vlan20 inbound
[RouterA-GigabitEthernet2/0/0] quit

# Create traffic policy vlan10 on RouterD and bind the traffic classifier and the traffic behavior to the traffic policy.

[RouterD] traffic policy vlan10
[RouterD-trafficpolicy-vlan10] classifier vlan10 behavior vlan10
[RouterD-trafficpolicy-vlan10] classifier vlan20 behavior vlan20
[RouterD-trafficpolicy-vlan10] quit

# Apply the traffic policy vlan10 to GE3/0/0 in the inbound direction.

[RouterD] interface gigabitethernet 3/0/0
[RouterD-GigabitEthernet3/0/0] traffic-policy vlan10 inbound
[RouterD-GigabitEthernet3/0/0] quit

Verify the configurations.

# View the interface configuration on RouterA.

[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] display this
#                                                                               
interface GigabitEthernet1/0/0         
 ip address 192.168.1.1 255.255.255.0                                           
 traffic-policy vlan10 inbound                                                  
#                                                                               
return                                                                          
[RouterA-GigabitEthernet1/0/0] quit
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] display this
#                                                                               
interface GigabitEthernet2/0/0         
 ip address 192.168.2.1 255.255.255.0                                           
 traffic-policy vlan20 inbound                                                  
#                                                                               
return

# View the traffic policy configuration.

[RouterA-GigabitEthernet2/0/0] quit
[RouterA] display traffic policy user-defined
  User Defined Traffic Policy Information:                                      
  Policy: vlan10                                                                
   Classifier: vlan10                                                           
    Operator: OR                                                                
     Behavior: vlan10                                                           
      Redirect:                                                                 
        Redirect ip-nexthop 192.168.3.2 track nqa admin vlan10                  
                                                                                
  Policy: vlan20                                                                
   Classifier: vlan20                                                           
    Operator: OR                                                                
     Behavior: vlan20                                                           
      Redirect:                                                                 
        Redirect ip-nexthop 192.168.4.2 track nqa admin vlan20

Configuration Files

Configuration file of RouterA

#
 sysname RouterA
#                                                                               
acl number 2000                                                                                                                     
 rule 10 permit source 192.168.1.0 0.0.0.255                                                                                                
acl number 2001                                                                                                                     
 rule 20 permit source 192.168.2.0 0.0.0.255  
#                                                                               
traffic classifier vlan10 operator or                                           
 if-match acl 2000
traffic classifier vlan20 operator or                                           
 if-match acl 2001
#                                                                               
traffic behavior vlan10                                                         
 redirect ip-nexthop 192.168.3.2 track nqa admin vlan10                         
traffic behavior vlan20                                                         
 redirect ip-nexthop 192.168.4.2 track nqa admin vlan20                         
#                                                                               
traffic policy vlan10                                                           
 classifier vlan10 behavior vlan10                                              
traffic policy vlan20                                                           
 classifier vlan20 behavior vlan20                                              
#                                                                               
interface GigabitEthernet1/0/0
 ip address 192.168.1.1 255.255.255.0                                           
 traffic-policy vlan10 inbound                                                  
#                                                                               
interface GigabitEthernet2/0/0
 ip address 192.168.2.1 255.255.255.0                                           
 traffic-policy vlan20 inbound                                                  
#
interface GigabitEthernet3/0/0
 ip address 192.168.3.1 255.255.255.0                                           
#                                                                               
interface GigabitEthernet4/0/0
 ip address 192.168.4.1 255.255.255.0                                           
#
ip route-static 192.168.5.0 255.255.255.0 192.168.3.2                           
ip route-static 192.168.6.0 255.255.255.0 192.168.4.2                           
ip route-static 192.168.7.0 255.255.255.0 192.168.3.2 track nqa admin vlan10    
ip route-static 192.168.7.0 255.255.255.0 192.168.4.2 track nqa admin vlan20    
#                                                                               
nqa test-instance admin vlan10                                                  
 test-type icmp                                                                 
 destination-address ipv4 192.168.5.1                                           
 frequency 10 
 probe-count 2
 start now
nqa test-instance admin vlan20                                                  
 test-type icmp                                                                 
 destination-address ipv4 192.168.6.1                                           
 frequency 10 
 probe-count 2
 start now
#                                                                               
return

Configuration file of RouterB

#
 sysname RouterB
#                                                                               
interface GigabitEthernet1/0/0
 ip address 192.168.3.2 255.255.255.0    
interface GigabitEthernet2/0/0
 ip address 192.168.5.2 255.255.255.0    
# 
ip route-static 192.168.1.0 255.255.255.0 192.168.3.1    
ip route-static 192.168.2.0 255.255.255.0 192.168.3.1
ip route-static 192.168.7.0 255.255.255.0 192.168.5.1    
# 
return

Configuration file of RouterC

#
 sysname RouterC
#                                                                               
interface GigabitEthernet1/0/0
 ip address 192.168.4.2 255.255.255.0    
interface GigabitEthernet2/0/0
 ip address 192.168.6.2 255.255.255.0    
# 
ip route-static 192.168.1.0 255.255.255.0 192.168.4.1    
ip route-static 192.168.2.0 255.255.255.0 192.168.4.1
ip route-static 192.168.7.0 255.255.255.0 192.168.6.1    
# 
return

Configuration file of RouterD

#
 sysname RouterD
#
acl number 3000
 rule 10 permit ip destination 192.168.1.0 0.0.0.255
acl number 3001
 rule 20 permit ip destination 192.168.2.0 0.0.0.255
#
traffic classifier vlan10 operator or
 if-match acl 3000
traffic classifier vlan20 operator or
 if-match acl 3001
#
traffic behavior vlan10
 redirect ip-nexthop 192.168.5.2 track nqa admin vlan10
traffic behavior vlan20
 redirect ip-nexthop 192.168.6.2 track nqa admin vlan20
#
traffic policy vlan10
 classifier vlan10 behavior vlan10
 classifier vlan20 behavior vlan20
#                                                                               
interface GigabitEthernet1/0/0
 ip address 192.168.5.1 255.255.255.0    
interface GigabitEthernet2/0/0
 ip address 192.168.6.1 255.255.255.0    
interface GigabitEthernet3/0/0
 ip address 192.168.7.1 255.255.255.0    
 traffic-policy vlan10 inbound
# 
ip route-static 192.168.1.0 255.255.255.0 192.168.5.2 track nqa admin vlan10
ip route-static 192.168.1.0 255.255.255.0 192.168.6.2 track nqa admin vlan20
ip route-static 192.168.2.0 255.255.255.0 192.168.5.2 track nqa admin vlan10
ip route-static 192.168.2.0 255.255.255.0 192.168.6.2 track nqa admin vlan20
ip route-static 192.168.3.0 255.255.255.0 192.168.5.2                           
ip route-static 192.168.4.0 255.255.255.0 192.168.6.2 
#   
nqa test-instance admin vlan10                                                  
 test-type icmp                                                                 
 destination-address ipv4 192.168.3.1                                           
 frequency 10 
 probe-count 2
 start now
nqa test-instance admin vlan20                                                  
 test-type icmp                                                                 
 destination-address ipv4 192.168.4.1                                           
 frequency 10 
 probe-count 2
 start now                          
#                                                                               
return

Translation

简体中文

Download

Updated: 2020-09-08

Document ID: EDOC1000174069

Downloads: 416

Average rating:

This Document Applies to these Products

Reminder

Enterprise

Consumer

Corporate

Carrier

Africa

Latin America

Middle East

Asia Pacific

North America

Europe

Networking Requirements

Configuration Roadmap

Procedure

Configuration Files

Related Version

Related Documents

About Huawei

How to Buy

Partner

Resources

Others

Enterpise App