Example for Configuring PBR

CloudEngine 12800 and 12800E V200R005C10 Configuration Guide - IP Unicast Routing

This document describes the configurations of IP Unicast Routing, including IP Routing, Static Route, RIP, RIPng, OSPF, OSPFv3, IPv4 IS-IS, IPv6 IS-IS, BGP, Routing Policy, and PBR.

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Example for Configuring PBR

Networking Requirements

On a data center network shown in Figure 11-2, tenants are dual-homed to external network devices through Switch. Packets that tenants send are distinguished based on VLAN IDs. Packets from tenant 1 are marked with VLAN 100 and those from tenant 2 are marked with VLAN 200. Packets from the two tenants reach external network devices through the gateway 10.40.40.2/24.

To enable packets from tenant 1 to reach external network devices through the gateway 10.30.30.2/24, you can configure PBR to ensure tenant experience. Table 11-1 lists the PBR configuration parameters.

Table 11-1 Parameters for configuring PBR

Device	Interface	VLANIF	IP Address
Switch	10GE1/0/1	100	10.10.10.1/24
Switch	10GE1/0/2	200	10.20.20.1/24
Switch	10GE1/0/3	300	10.30.30.1/24
Switch	10GE1/0/4	400	10.40.40.1/24

Figure 11-2 Networking for configuring PBR

Configuration Roadmap

Redirection is used to implement PBR so that Switch can provide differentiated services. The configuration roadmap is as follows:

Create VLANs and configure interfaces so that Switch can connect to the external network devices.
Configure a traffic classifier to classify packets based on VLAN IDs.
Configure a traffic behavior to redirect the packets with VLAN ID 100 to 10.30.30.2/24.
Configure a traffic policy, and bind the traffic classifier and traffic behavior to the traffic policy. Apply the traffic policy to the inbound direction of 10GE1/0/1 on Switch to implement PBR for tenant 1.

Procedure

Create VLANs and configure interfaces and the default route to allow all packets to access the external network devices through the gateway 10.40.40.2/24.

# Create VLAN 100 on SwitchA.

<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[*HUAWEI] commit
[~SwitchA] vlan 100
[*SwitchA-vlan100] quit
[*SwitchA] commit

# Configure 10GE1/0/2 on SwitchA as a trunk interface. Add 10GE1/0/1 and 10GE1/0/2 to VLAN 100.

[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] port default vlan 100
[*SwitchA-10GE1/0/1] quit
[*SwitchA] interface 10ge 1/0/2
[*SwitchA-10GE1/0/2] port link-type trunk
[*SwitchA-10GE1/0/2] port trunk allow-pass vlan 100
[*SwitchA-10GE1/0/2] quit
[*SwitchA] commit

# Create VLAN 200 on SwitchB.

<HUAWEI> system-view
[~HUAWEI] sysname SwitchB
[*HUAWEI] commit
[~SwitchB] vlan 200
[*SwitchB-vlan200] quit
[*SwitchB] commit

# Configure 10GE1/0/2 on SwitchB as a trunk interface. Add 10GE1/0/1 and 10GE1/0/2 to VLAN 200.

[~SwitchB] interface 10ge 1/0/1
[~SwitchB-10GE1/0/1] port default vlan 200
[*SwitchB-10GE1/0/1] quit
[*SwitchB] interface 10ge 1/0/2
[*SwitchB-10GE1/0/2] port link-type trunk
[*SwitchB-10GE1/0/2] port trunk allow-pass vlan 200
[*SwitchB-10GE1/0/2] quit
[*SwitchB] commit

# Create VLAN 100, VLAN 200, VLAN 300, and VLAN 400 on Switch.

<HUAWEI> system-view
[~HUAWEI] sysname Switch
[*HUAWEI] commit
[~Switch] vlan batch 100 200 300 400
[*Switch] commit

# Configure 10GE1/0/1 and 10GE1/0/2 on Switch as trunk interfaces. Add 10GE1/0/1 to VLAN 100, 10GE1/0/2 to VLAN 200, 10GE1/0/3 to VLAN 300, and 10GE1/0/4 to VLAN 400.

[~Switch] interface 10ge 1/0/1
[~Switch-10GE1/0/1] port link-type trunk
[*Switch-10GE1/0/1] port trunk allow-pass vlan 100
[*Switch-10GE1/0/1] quit
[*Switch] interface 10ge 1/0/2
[*Switch-10GE1/0/2] port link-type trunk
[*Switch-10GE1/0/2] port trunk allow-pass vlan 200
[*Switch-10GE1/0/2] quit
[*Switch] interface 10ge 1/0/3
[*Switch-10GE1/0/3] port default vlan 300
[*Switch-10GE1/0/3] quit
[*Switch] interface 10ge 1/0/4
[*Switch-10GE1/0/4] port default vlan 400
[*Switch-10GE1/0/4] quit
[*Switch] commit

# Create VLANIF 100, VLANIF 200, VLANIF 300, and VLANIF 400 on Switch and configure IP addresses for them.

[~Switch] interface vlanif 100
[*Switch-Vlanif100] ip address 10.10.10.1 24
[*Switch-Vlanif100] quit
[*Switch] interface vlanif 200
[*Switch-Vlanif200] ip address 10.20.20.1 24
[*Switch-Vlanif200] quit
[*Switch] interface vlanif 300
[*Switch-Vlanif300] ip address 10.30.30.1 24
[*Switch-Vlanif300] quit
[*Switch] interface vlanif 400
[*Switch-Vlanif400] ip address 10.40.40.1 24
[*Switch-Vlanif400] quit
[*Switch] commit

# Configure the default route on Switch to allow all packets to access the external network devices through the gateway 10.40.40.2/24.

[~Switch] ip route-static 0.0.0.0 0.0.0.0 10.40.40.2
[*Switch] commit

Configure a traffic classifier.

# On Switch, create traffic classifier c1 to match packets with VLAN ID 100.

[~Switch] traffic classifier c1
[*Switch-classifier-c1] if-match vlan 100
[*Switch-classifier-c1] quit
[*Switch] commit

Configure a traffic behavior.

# On Switch, create traffic behavior b1 to specify redirection to the gateway 10.30.30.2/24.

[~Switch] traffic behavior b1
[*Switch-behavior-b1] redirect nexthop 10.30.30.2
[*Switch-behavior-b1] quit
[*Switch] commit

Configure a traffic policy and apply the traffic policy to interfaces.

# Create a traffic policy p1 on the Switch and bind the traffic policy to the traffic classifier and traffic behavior.

[~Switch] traffic policy p1
[*Switch-trafficpolicy-p1] classifier c1 behavior b1
[*Switch-trafficpolicy-p1] quit
[*Switch] commit

# Apply the traffic policy p1 to the inbound direction of 10GE1/0/1.

[~Switch] interface 10ge 1/0/1
[~Switch-10GE1/0/1] traffic-policy p1 inbound
[*Switch-10GE1/0/1] quit
[*Switch] commit

Verify the configuration.

# View the traffic classifier configuration.

<Switch> display traffic classifier
  Traffic Classifier Information:
    Classifier: c1 
      Type: OR
      Rule(s) : 
        if-match vlan 100

Total classifier number is 1

# View the traffic policy configuration.

<Switch> display traffic policy p1
  Traffic Policy Information:
    Policy: p1  
      Classifier: c1
        Type: OR
      Behavior: b1
        Redirect: 
          Redirect nexthop
          10.30.30.2

Configuration Files

Configuration file of Switch

#
sysname Switch
#
vlan batch 100 200 300 400
#
traffic classifier c1 type or
 if-match vlan 100
#
traffic behavior b1
 redirect nexthop 10.30.30.2
#
traffic policy p1
 classifier c1 behavior b1 precedence 5
#
interface Vlanif100
 ip address 10.10.10.1 255.255.255.0
#
interface Vlanif200
 ip address 10.20.20.1 255.255.255.0
#
interface Vlanif300
 ip address 10.30.30.1 255.255.255.0
#
interface Vlanif400
 ip address 10.40.40.1 255.255.255.0
#
interface 10GE1/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
 traffic-policy p1 inbound
#
interface 10GE1/0/2
 port link-type trunk
 port trunk allow-pass vlan 200
#
interface 10GE1/0/3
 port default vlan 300
#
interface 10GE1/0/4
 port default vlan 400
#
ip route-static 0.0.0.0 0.0.0.0 10.40.40.2
#
return

Configuration file of SwitchA

#
sysname SwitchA
#
vlan batch 100
#
interface 10GE1/0/1
 port default vlan 100
#
interface 10GE1/0/2
 port link-type trunk
 port trunk allow-pass vlan 100
#
return

Configuration file of SwitchB

#
sysname SwitchB
#
vlan batch 200
#
interface 10GE1/0/1
 port default vlan 200
#
interface 10GE1/0/2
 port link-type trunk
 port trunk allow-pass vlan 200
#
return

Translation

简体中文

Download

Updated: 2021-09-17

Document ID: EDOC1100075354

Downloads: 114

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate