Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring NQA for PBR
Networking Requirements
As shown in Figure 11-3, each access switch is connected to N users. SwitchA functions as the forwarding device and connects to RouterA through two links, namely, a low-speed link with the gateway 10.1.20.1/24 and a high-speed link with the gateway 10.1.30.1/24. Network administrators want some packets forwarded over the low-speed link to RouterA to be transmitted over the high-speed link while requiring high link reliability. To meet this requirement, you can configure PBR on SwitchA to redirect packets from the previous forwarding path SwitchA→SwitchB→RouterB (RouterA) to a new path SwitchA→SwitchC→RouterC (RouterA) and bind an NQA test instance to PBR to detect the link status of the new path. If the NQA test instance finds that the link of the new path is working properly, packets can be forwarded normally. If the NQA test instance finds that the link of the new path is Down and the number of link detection times exceeds the specified value, the PBR configuration will automatically become ineffective, and packets will be forwarded along the previous forwarding path.
Network administrators want the packets that carry the source IP address 192.168.100.0/24 and are forwarded by SwitchA to be transmitted over the high-speed link and the other packets forwarded by SwitchA to be transmitted over the low-speed link.
Configuration Roadmap
The configuration roadmap is as follows:
- Create VLANs, configure interfaces, and enable OSPF on each switch to connect the users to the external network device (RouterA).
- Configure an ACL to match the packets with the source IP address 192.168.100.0/24.
- Configure a traffic classifier to match the ACL so that SwitchA can differentiate packets.
- Configure a traffic behavior to redirect the packets that match the ACL to 10.1.30.1/24.
- Configure a traffic policy, bind the traffic classifier and traffic behavior to it, and apply it to the inbound direction of 10GE1/0/3 on SwitchA to implement PBR.
Procedure
- Create VLANs, configure interfaces, and enable basic OSPF functions.
# Configure SwitchA.
# Create VLANs and add interfaces to respective VLANs on SwitchA.
<HUAWEI> system-view [~HUAWEI] sysname SwitchA [*HUAWEI] commit [~SwitchA] vlan batch 100 200 300 [*SwitchA] commit [~SwitchA] interface 10ge 1/0/1 [~SwitchA-10GE1/0/1] port link-type trunk [*SwitchA-10GE1/0/1] port trunk allow-pass vlan 100 [*SwitchA-10GE1/0/1] quit [*SwitchA] interface 10ge1/0/2 [*SwitchA-10GE1/0/2] port link-type trunk [*SwitchA-10GE1/0/2] port trunk allow-pass vlan 200 [*SwitchA-10GE1/0/2] quit [*SwitchA] interface 10ge 1/0/3 [*SwitchA-10GE1/0/3] port link-type trunk [*SwitchA-10GE1/0/3] port trunk allow-pass vlan 300 [*SwitchA-10GE1/0/3] quit [*SwitchA] commit
# Configure an IP address for each VLANIF interface on SwitchA.
[~SwitchA] interface vlanif 100 [*SwitchA-Vlanif100] ip address 172.16.1.2 24 [*SwitchA-Vlanif100] quit [*SwitchA] interface vlanif 200 [*SwitchA-Vlanif200] ip address 172.16.2.2 24 [*SwitchA-Vlanif200] quit [*SwitchA] interface vlanif 300 [*SwitchA-Vlanif300] ip address 172.16.3.2 24 [*SwitchA-Vlanif300] quit [*SwitchA] commit
# Enable OSPF on SwitchA.
[~SwitchA] router id 10.1.1.1 [*SwitchA] ospf 1 [*SwitchA-ospf-1] area 0 [*SwitchA-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255 [*SwitchA-ospf-1-area-0.0.0.0] network 172.16.2.0 0.0.0.255 [*SwitchA-ospf-1-area-0.0.0.0] network 172.16.3.0 0.0.0.255 [*SwitchA-ospf-1-area-0.0.0.0] quit [*SwitchA-ospf-1] quit [*SwitchA] commit
# Configure SwitchB. The configurations of SwitchC and SwitchD are similar to that of SwitchB, and are not provided here.
# Create VLANs and add interfaces to respective VLANs on SwitchB.
<HUAWEI> system-view [~HUAWEI] sysname SwitchB [*HUAWEI] commit [~SwitchB] vlan batch 100 [*SwitchB] quit [*SwitchB] interface 10ge 1/0/1 [*SwitchB-10GE1/0/1] port link-type trunk [*SwitchB-10GE1/0/1] port trunk allow-pass vlan 100 [*SwitchB-10GE1/0/1] quit [*SwitchB] interface vlanif 100 [*SwitchB-Vlanif100] ip address 172.16.1.1 24 [*SwitchB-Vlanif100] quit [*SwitchB] interface 10ge 1/0/2 [*SwitchB-10GE1/0/2] undo portswitch [*SwitchB-10GE1/0/2] ip address 10.1.20.2 24 [*SwitchB-10GE1/0/2] quit [*SwitchB] commit
# Enable OSPF on SwitchB.
[~SwitchB] router id 10.2.2.2 [*SwitchB] ospf 1 [*SwitchB-ospf-1] area 0 [*SwitchB-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255 [*SwitchB-ospf-1-area-0.0.0.0] network 10.1.20.0 0.0.0.255 [*SwitchB-ospf-1-area-0.0.0.0] quit [*SwitchB] commit
- Configure an NQA test instance.
# Enable the NQA client and create an ICMP NQA test instance on SwitchA.
[~SwitchA] nqa test-instance admin icmp [*SwitchA-nqa-admin-icmp] test-type icmp [*SwitchA-nqa-admin-icmp] destination-address ipv4 10.1.30.1 [*SwitchA-nqa-admin-icmp] frequency 10 [*SwitchA-nqa-admin-icmp] probe-count 2 [*SwitchA-nqa-admin-icmp] interval seconds 5 [*SwitchA-nqa-admin-icmp] timeout 4 [*SwitchA-nqa-admin-icmp] start now [*SwitchA-nqa-admin-icmp] quit [*SwitchA] commit
- Configure an ACL.
# Create an advanced ACL 3001 on SwitchA to allow packets with the source IP address 192.168.100.0/24 to pass through.
[~SwitchA] acl 3001 [*SwitchA-acl4-advance-3001] rule permit ip source 192.168.100.0 0.0.0.255 [*SwitchA-acl4-advance-3001] quit [*SwitchA] commit
- Configure a traffic classifier.
# Create a traffic classifier c1, and bind c1 to ACL 3001.
[~SwitchA] traffic classifier c1 [*SwitchA-classifier-c1] if-match acl 3001 [*SwitchA-classifier-c1] quit [*SwitchA] commit
- Configure a traffic behavior.
# Create a traffic behavior b1 on SwitchA to redirect packets to 10.1.30.1/24.
[~SwitchA] traffic behavior b1 [*SwitchA-behavior-b1] redirect remote 10.1.30.1 track nqa admin icmp reaction probe-failtimes 3 [*SwitchA-behavior-b1] quit [*Switch] commit
- Configure a traffic policy and apply the traffic policy to an interface.
# Create a traffic policy p1 on SwitchA, and bind the traffic classifier and traffic behavior to the traffic policy.
[~SwitchA] traffic policy p1 [*SwitchA-trafficpolicy-p1] classifier c1 behavior b1 [*SwitchA-trafficpolicy-p1] quit [*SwitchA] commit
# Apply the traffic policy p1 to the inbound direction on 10GE1/0/3.
[~SwitchA] interface 10ge 1/0/3 [*SwitchA-10GE1/0/3] traffic-policy p1 inbound [*SwitchA-10GE1/0/3] quit [*SwitchA] commit
- Verify the configuration.
# Check the configuration of NQA for PBR.
[~SwitchA] display current-configuration | include nqa redirect remote 10.1.30.1 track nqa admin icmp reaction probe-failtimes 3 nqa test-instance admin icmp
# Check the NQA test results.
[~SwitchA] display nqa results test-instance admin icmp NQA entry(admin, icmp): test flag is active, test type is ICMP 1 . Test 73 result The test is finished Send operation times: 2 Receive response times: 2 Completion: success RTD over thresholds number: 0 Attempts number: 1 Drop operation number: 0 Disconnect operation number: 0 Operation timeout number: 0 System busy operation number: 0 Connection fail number: 0 Operation sequence errors number: 0 RTT Status errors number: 0 Destination IP address: 10.1.30.1 Min/Max/Average completion time: 4/4/4 Sum/Square-Sum completion time: 8/32 Last response packet receiving time: 2015-09-10 08:58:07.8 Lost packet ratio: 0 % 2 . Test 74 result The test is finished Send operation times: 2 Receive response times: 2 Completion: success RTD over thresholds number: 0 Attempts number: 1 Drop operation number: 0 Disconnect operation number: 0 Operation timeout number: 0 System busy operation number: 0 Connection fail number: 0 Operation sequence errors number: 0 RTT Status errors number: 0 Destination IP address: 10.1.30.1 Min/Max/Average completion time: 4/4/4 Sum/Square-Sum completion time: 8/32 Last response packet receiving time: 2015-09-10 08:58:17.7 Lost packet ratio: 0 % 3 . Test 75 result The test is finished Send operation times: 2 Receive response times: 2 Completion: success RTD over thresholds number: 0 Attempts number: 1 Drop operation number: 0 Disconnect operation number: 0 Operation timeout number: 0 System busy operation number: 0 Connection fail number: 0 Operation sequence errors number: 0 RTT Status errors number: 0 Destination IP address: 10.1.30.1 Min/Max/Average completion time: 4/4/4 Sum/Square-Sum completion time: 8/32 Last response packet receiving time: 2015-09-10 08:58:27.7 Lost packet ratio: 0 % 4 . Test 76 result The test is finished Send operation times: 2 Receive response times: 2 Completion: success RTD over thresholds number: 0 Attempts number: 1 Drop operation number: 0 Disconnect operation number: 0 Operation timeout number: 0 System busy operation number: 0 Connection fail number: 0 Operation sequence errors number: 0 RTT Status errors number: 0 Destination IP address: 10.1.30.1 Min/Max/Average completion time: 4/4/4 Sum/Square-Sum completion time: 8/32 Last response packet receiving time: 2015-09-10 08:58:37.6 Lost packet ratio: 0 % 5 . Test 77 result The test is finished Send operation times: 2 Receive response times: 2 Completion: success RTD over thresholds number: 0 Attempts number: 1 Drop operation number: 0 Disconnect operation number: 0 Operation timeout number: 0 System busy operation number: 0 Connection fail number: 0 Operation sequence errors number: 0 RTT Status errors number: 0 Destination IP address: 10.1.30.1 Min/Max/Average completion time: 4/4/4 Sum/Square-Sum completion time: 8/32 Last response packet receiving time: 2015-09-10 08:58:47.6 Lost packet ratio: 0 %
# Check the ACL configuration.
[~SwitchA] display acl 3001 Advanced ACL 3001, 1 rule ACL's step is 5 rule 5 permit ip source 192.168.100.0 0.0.0.255 (0 times matched)
# Check the traffic classifier configuration.
[~SwitchA] display traffic classifier Traffic Classifier Information: Classifier: c1 Type: OR Rule(s): if-match acl 3001 Total classifier number is 1
# Check the traffic policy configuration.
[~SwitchA] display traffic policy Traffic Policy Information: Policy: p1 Classifier: c1 Type: OR Behavior: b1 Redirect: Redirect remote 10.1.30.1 track nqa admin icmp reaction probe-failtimes 3 Total policy number is 1
Configuration Files
SwitchA configuration file
# sysname SwitchA # router id 10.1.1.1 # vlan batch 100 200 # acl number 3001 rule 5 permit ip source 192.168.100.0 0.0.0.255 # traffic classifier c1 type or if-match acl 3001 # traffic behavior b1 redirect remote 10.1.30.1 track nqa admin icmp reaction probe-failtimes 3 # traffic policy p1 classifier c1 behavior b1 precedence 5 # interface Vlanif100 ip address 172.16.1.2 255.255.255.0 # interface Vlanif200 ip address 172.16.2.2 255.255.255.0 # interface Vlanif300 ip address 172.16.3.2 255.255.255.0 # interface GE1/0/1 port link-type trunk port trunk allow-pass vlan 100 # interface GE1/0/2 port link-type trunk port trunk allow-pass vlan 200 # interface GE1/0/3 port link-type trunk port trunk allow-pass vlan 300 traffic-policy p1 inbound # ospf 1 area 0.0.0.0 network 172.16.1.0 0.0.0.255 network 172.16.2.0 0.0.0.255 network 172.16.3.0 0.0.0.255 # nqa test-instance admin icmp test-type icmp destination-address ipv4 10.1.30.1 interval seconds 5 timeout 4 probe-count 2 frequency 10 start now # returnSwitchB configuration file
# sysname SwitchB # router id 10.2.2.2 # vlan batch 100 # interface Vlanif100 ip address 172.16.1.1 255.255.255.0 # interface GE1/0/1 port link-type trunk port trunk allow-pass vlan 100 # interface GE1/0/2 undo portswitch ip address 10.1.20.2 255.255.255.0 # ospf 1 area 0.0.0.0 network 172.16.1.0 0.0.0.255 network 10.1.20.0 0.0.0.255 # returnSwitchC configuration file
# sysname SwitchC # router id 10.3.3.3 # vlan batch 200 # interface Vlanif200 ip address 172.16.2.1 255.255.255.0 # interface GE1/0/1 port link-type trunk port trunk allow-pass vlan 200 # interface GE1/0/2 undo portswitch ip address 10.1.30.2 255.255.255.0 # ospf 1 area 0.0.0.0 network 172.16.2.0 0.0.0.255 network 10.1.30.0 0.0.0.255 # returnSwitchD configuration file
# sysname SwitchD # router id 10.4.4.4 # vlan batch 300 # interface Vlanif300 ip address 172.16.3.1 255.255.255.0 # interface GE1/0/1 port link-type trunk port trunk allow-pass vlan 300 # ospf 1 area 0.0.0.0 network 172.16.3.0 0.0.0.255 # return