Scribd
Upload
84 views9 pages

Route Control

Uploaded by

Michel Huizing
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
84 views9 pages

Route Control

Uploaded by

Michel Huizing
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Foreword

 Enterprise networks may encounter the problems such as

Route Control unauthorized access of certain traffic and sub-optimal traffic path
selection. To ensure data access security and improve link
bandwidth usage, traffic behavior on the network must be
controlled, for example, reachability control and traffic path
adjustment.
[Link]

 Tools may be required to meet complicated and precise traffic


control requirements. This course introduces the traffic control
tools and their usage scenarios.

Copyright © 2017 Huawei Technologies Co., Ltd. All rights reserved.


Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page11

Objectives Contents
 Upon completion of this section, you will be able to: 1. Traffic Behavior Control Requirement
 Master the method to control network traffic reachability 2. Control Reachability
 Master the method to adjust network traffic paths 3. Adjust Network Traffic Path

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page22 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page33

1
Traffic Behavior Control Requirement Contents
1. Control traffic reachability. 1. Traffic Behavior Control Requirement
To enhance network security, some departments
Financial

Marketing
are not allowed to access each other.
department 2. Control Reachability
department OSPF
R&D
 Routing Policy
department

Headquarters
 Policy-based Routing
Documentation
department
3. Adjust Network Traffic Path
2. Adjust network traffic path.
In network optimization stage, network
traffic paths may need to be adjusted.
Marketing
department
10M 10M

OSPF Headquarters
Financial 5M 10M
department
Idle link

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page44 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page55

Control Traffic Reachability Solution 1: Routing Policy


Financial
 Question: How to control network traffic reachability. department
Marketing RTC
OSPF
department
Financial RTB
department R&D
Marketing RTC
OSPF department
department
RTB Headquarters RTA
R&D RTD
department Documentation
department
Headquarters RTA
RTD

Documentation Use the Filter-Policy tool to filter the routes imported from RTA to OSPF and the routes
department
imported from RTC to the routing table:


Use ACL or IP-Prefix List to match the target flow.
Solution 1: Change the number of routing entries (filter the received and 
Use the Filter-Policy in the protocol view to advertise policies for the target flow.
advertised routes) to control reachability. This is called routing policy.

 Use the Route-Policy tool to filter the direct routes imported by RTA:
Solution 2: Forward packets based on customized policies. This method is called 
Use ACL or IP-Prefix List to match the target flow.
policy-based routing and takes precedence of routing table-based forwarding. 
Use the Route-Policy in the protocol view to control the imported routes.

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page66 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page77

2
ACL Application Example (1/3) ACL Application Example (2/3)

ACL classifies packets into different types by based on packet


acl 2001
information. rule 0 permit source [Link] 0
rule 1 deny source [Link] 0
acl 2001 rule 2 permit source [Link] [Link]
rule 0 permit source [Link] [Link] rule 3 deny source any

[Link]/32 [Link]/32
[Link]/32 [Link]/32
[Link]/24 [Link]/16
[Link]/24 [Link]/24
[Link]/16
[Link]/16 [Link]/16
[Link]/8
[Link]/8

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page88 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page99

ACL Application Example (3/3) IP-Prefix List Application Example (1/2)

acl 2001 IP-Prefix List can match both IP address prefix and
rule 0 permit source [Link] 0
mask length.

[Link]/32 [Link]/24 IP-Prefix List cannot filter IP packets, but can filter only routing
information.
[Link]/24 [Link]/25
ip ip-prefix test index 10 permit [Link] 16
[Link]/25 ACL can flexibly match packets against greater-equal 24 less-equal 28
IP address prefixes, but cannot match IP address range: [Link] – 10.0.x.x
[Link]/16 mask length. 24<= Mask length<=28
Example: [Link]/24, [Link]/25, [Link]/26
[Link]/8 Question: How to filter out the
route [Link]/25?

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page10
10 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page11
11

3
IP-Prefix List Application Example (2/2) Filter-Policy Tool
 Filter-Policy can filter the received or advertised RIP, OSPF, and BGP routes.
ip ip-prefix Pref1 index 10 permit [Link] 24
greater-equal 24 less-equal 24
 Filter the routes received by protocols:
[Link]/32 [Link]/24 filter-policy { acl-number | ip-prefix ip-prefix-name } import

[Link]/24
"greater-equal 24 less-equal 24"  Filter the routes advertised by protocols:
[Link]/25 indicates that the mask length is 24.
filter-policy { acl-number | ip-prefix ip-prefix-name } export
[Link]/16

[Link]/8 The route [Link]/25 will be filtered


out.

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page12
12 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page13
13

Route-Policy Tool Route-Policy Application Example


Table-1 acl 2001
Network Cost NextHop rule 0 permit source [Link] [Link]
Route-policy is a powerful tool. It can be used together with other tools such [Link]/24 4687 [Link] acl 2002
rule 0 permit source [Link] 0
as ACL, IP prefix list, and AS path filter. 4687 [Link]
[Link]/24 4687 [Link]
route-policy RP deny node 10
4687 [Link]
if-match ip-prefix Pref1
[Link]/25 1 [Link] route-policy RP permit node 20
1 [Link] if-match ip-prefix Pref2
Format of route policy: [Link]/32 4687 [Link] route-policy RP permit node 30
route-policy route-policy-name { permit | deny } node node 4687 [Link] if-match acl 2001
[Link]/32 4687 [Link] if-match ip next-hop acl 2002
if-match {acl/cost/interface/ip next-hop/ip-prefix} apply cost 21
4687 [Link]
apply {cost/ip-address next-hop/tag} route-policy RP permit node 40
if-match ip-prefix Pref3
apply cost 11
Table-2 route-policy RP permit node 50
#
Network Cost NextHop
ip ip-prefix Pref1 index 10 permit [Link] 32
A route policy consists of multiple nodes, which have the OR relationship. Each [Link]/24 4687 [Link] ip ip-prefix Pref1 index 20 permit [Link] 24
21 [Link]
node has multiple if-match and apply clauses, and the if-match clauses have the [Link]/25 11 [Link]
ip ip-prefix Pref2 index 10 deny [Link] 32
ip ip-prefix Pref3 index 10 permit [Link] 24
AND relationship. 21 [Link] greater-equal 25 less-equal 25

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page14
14 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page15
15

4
Route-Policy Configuration (1/3) Route-Policy Configuration (2/3)
ospf 1 ospf 1 acl 2000
area 0 area 0 rule 5 deny source [Link] [Link]
network [Link] [Link] network [Link] [Link] rule 10 permit source any
network [Link] [Link] network [Link] [Link] ospf 1
network [Link] [Link]
filter-policy 2000 import

Marketing OSPF Financial RTC Financial


department
RTC Marketing OSPF
department department
department

[Link] [Link]
R&D R&D
[Link] department
department
Headquarters RTB RTA Headquarters RTB RTA
Documentation
Documentation
RTD department RTD department

ip ip-prefix ab index 10 permit [Link] 24


ospf 1 ospf 1
area 0 import-route direct
ip ip-prefix ab index 20 permit [Link] 24
network [Link] [Link] area 0 ospf 1 Route Route
network [Link] [Link] network [Link] [Link] filter-policy ip-prefix ab export direct Policy-Filter-Policy Tool Policy-Route-Policy Tool

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page16
16 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page17
17

Route-Policy Configuration (3/3) Contents


<RTC>dis ip routing-table
Route Flags: R - relay, D - download to fib 1. Traffic Behavior Control Requirement
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14 2. Control Reachability
Destination/Mask Proto Pre Cost Flags NextHop Interface
 Routing Policy
[Link]/24 O_ASE 150 1 D [Link] GigabitEthernet 0/0/0
[Link]/24 Direct 0 0 D [Link] GigabitEthernet 0/0/1
[Link]/24 OSPF 10 3 D [Link] GigabitEthernet 0/0/0  Policy-based Routing
<RTD>dis ip routing-table
Route Flags: R - relay, D - download to fib 3. Adjust Network Traffic Path
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15

Destination/Mask Proto Pre Cost Flags NextHop Interface

[Link]/24 O_ASE 150 1 D [Link] GigabitEthernet 0/0/0


[Link]/24 O_ASE 150 1 D [Link] GigabitEthernet 0/0/0
[Link]/24 OSPF 10 3 D [Link] GigabitEthernet 0/0/0
[Link]/24 Direct 0 0 D [Link] GigabitEthernet 0/0/1

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page18
18 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page19
19

5
Solution 2: Policy-based Routing (1/2) Solution 2: Policy-based Routing (2/2)
[RTC]dis ip routing-table
 Based on customized policy: uses the traffic filter. Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
acl number 3000 Routing Tables: Public
rule 0 deny ip source [Link] [Link] dest [Link] [Link] Destinations : 16 Routes : 16
rule 5 deny ip source [Link] [Link] dest [Link] [Link]
rule 10 permit ip source any
int g0/0/1
Destination/Mask Proto Pre Cost Flags NextHop Interface
traffic-filter inbound acl 3000
[Link]/24 O_ASE 150 1 D [Link] GigabitEthernet 0/0/0
[Link]/24 O_ASE 150 1 D [Link] GigabitEthernet 0/0/0
Financial [Link]/24 O_ASE 150 1 D [Link] GigabitEthernet 0/0/0
Marketing RTC OSPF department [Link]/24 Direct 0 0 D [Link] GigabitEthernet 0/0/1
department
[Link]/24 OSPF 10 3 D [Link] GigabitEthernet 0/0/0

R&D PC-Marketing department>ping [Link]


department
Ping [Link]: 32 data bytes, Press Ctrl_C to break
RTB RTA Request timeout!
Headquarters Request timeout!
Documentation
Request timeout!
RTD department
Request timeout!
acl 3000 --- [Link] ping statistics ---
rule 0 deny ip source [Link] [Link] dest [Link] [Link] 4 packet(s) transmitted
int g0/0/1 PBR-Traffic-Filte
r Tool 0 packet(s) received
traffic-filter inbound acl 3000
100.00% packet loss

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page20
20 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page21
21

Adjust Network Traffic Path - Single


Contents
Protocol
1. Traffic Behavior Control Requirement
 In network optimization stage, network traffic paths may need to be adjusted.
2. Control Reachability RTB

3. Adjust Network Traffic Path Marketing


department 10M 10M
 Routing Policy
OSPF Headquarters

 Policy-based Routing Financial


RTA
5M 10M
RTD
department

Idle link
RTC
 Solution 1: uses route policy to change the protocol attribute to control routing
table entries and adjust traffic path.
 Solution 2: uses policy-based routing to control traffic behavior before searching
the routing table.

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page22
22 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page23
23

6
Solution 1: Routing Policy Limitation of Solution 1
dis ip routing-table  The traffic path from the marketing department to headquarters is RTA-RTB-
Destination/Mask Proto Pre Cost Flags NextHop Interface
[Link]/24 OSPF 10 3 D [Link] GigabitEthernet 0/0/0 RTD, and the traffic path from the financial department to headquarters is RTA-
RTB RTC-RTD.
Marketing
department RTB
10M(cost 1)
20 persons 10M(cost 1) Headquarters Marketing
G0/0/0 department
10M 10M
OSPF 20 persons Headquarters
G0/0/1
Financial 5M(cost 2) 10M(cost 1)
RTD
[Link]
department RTA OSPF
10 persons Financial 5M 10M
department RTA RTD
RTC 10 persons
int g0/0/0
Route RTC
ospf cost 2
Policy-Adjust OSPF Attributes


dis ip routing-table As shown in the figure, solution 1 cannot meet the requirement because packets are
Destination/Mask Proto Pre Cost Flags NextHop Interface
[Link]/24 OSPF 10 4 D [Link] GigabitEthernet 0/0/0 forwarded based on destination address. It cannot meet the requirements of source
OSPF 10 4 D [Link] GigabitEthernet 0/0/1
address-based, destination address-based, or application layer-based forwarding.

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page24
24 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page25
25

Contents Solution 2: Policy-based Routing (1/3)


1. Traffic Behavior Control Requirement The routing is based on source address. That is, the next hop of
traffic from the marketing department is RTB and the next hop of
2. Control Reachability traffic from the financial department is RTC.

RTB
3. Adjust Network Traffic Path Marketing
department
20 persons 10M 10M Headquarters
 Routing Policy
OSPF
 Policy-based Routing Financial 5M 10M
[Link]
department RTA RTD
10 persons

RTC


Policy-based routing is implemented using traffic policy:

Use ACL to match traffic;

Define behavior for traffic, for example, change the next hop.

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page26
26 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page27
27

7
Solution 2: Policy-based Routing (2/3) Solution 2: Policy-based Routing (3/3)

[RTA]acl 3000 <RTA>dis ip routing-table


rule 5 permit ip source [Link] [Link] dest [Link] [Link] Route Flags: R - relay, D - download to fib
traffic classifier huawei-control1 -------------------------------------------------------------------------
if-match acl 3000 Routing Tables: Public
traffic behavior huawei-control1 Destinations : 19 Routes : 20
redirect ip-nexthop [Link]
Destination/Mask Proto Pre Cost Flags NextHop Interface
traffic policy huawei-control1
classifier huawei-control1 behavior huawei-control1 [Link]/24 Direct 0 0 D [Link] GigabitEthernet 0/0/2
int g0/0/2 [Link]/24 Direct 0 0 D [Link] GigabitEthernet 4/0/0
traffic-policy huawei-control1 inbound [Link]/24 OSPF 10 3 D [Link] GigabitEthernet 0/0/0

[RTA]acl 3001
rule 5 permit ip source [Link] [Link] dest [Link] [Link] PC-Marketing department>tracert PC-Financial department>tracert
[Link] [Link]
traffic classifier huawei-control2
if-match acl 3001
traceroute to [Link], 8 hops max traceroute to [Link], 8 hops max
traffic behavior huawei-control2 (ICMP), press Ctrl+C to stop (ICMP), press Ctrl+C to stop
redirect ip-nexthop [Link] 1 [Link] 47 ms 31 ms 15 ms 1 [Link] 16 ms 31 ms 16 ms
traffic policy huawei-control2 2 [Link] 47 ms 31 ms 32 ms 2 [Link] 62 ms 47 ms 31 ms
classifier huawei-control2 behavior huawei-control2 3 [Link] 93 ms 63 ms 46 ms 3 [Link] 47 ms 47 ms 31 ms
PBR-Traffic-Polic
int g4/0/0 y Tool
4 *[Link] 62 ms 31 ms 4 [Link] 32 ms 46 ms 32 ms
traffic-policy huawei-control2 inbound

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page28
28 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page29
29

Differences Between the Routing Policy


Quiz
and PBR
1. Can the IP prefix list be used to filter IP packets?
Routing Policy Policy-based Routing
2. Which methods can be used to adjust traffic paths?
Based on the forwarding plane, do not affect
Based on the control plane, routing entries. Packets are forwarded based on
affect routing entries. policy first, and then based on routing table if
policy-based forwarding fails.
Policy based on destination Policy based on source address, destination
address. address, protocol type, and packet size.
A routing policy needs to be manually
Used with routing protocol. configured hop by hop to ensure that packets
are forwarded according to the policy.
Tools: Route-Policy, Filter-Policy, Tools: Traffic-Filter, Traffic-Policy, Policy-Based-
etc. Route, etc.

Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page30
30 Copyright
Copyright©©2017
2017Huawei
HuaweiTechnologies Co.,Co.,
Technologies Ltd. All
[Link] reserved.
All rights reserved. Page
Page31
31

8
Thank You
[Link]

You might also like