Ruijie Community

Title: How to configure plocy-based route (PBR) on ruijie device? [Print this page]
Author: admin    Time: 2022-3-18 18:16
Title: How to configure plocy-based route (PBR) on ruijie device?
Applied scenarios
As shown in the following topology, there are two egress switches, Switch 3 and Switch 4, between Switch 1 and the Internet. Distribute the Internet access traffic from the Intranet 172.16.1.0/24 to Switch 3 and the Internet access traffic from the Intranet 172.16.2.0/24 to Switch 4.

Case of configuration
a) Network Topology
                     
b) Configuration Tips
1) Configure the basic IP addresses.
2) Configure the basic IP routes to enable full reachability through the entire network.
3) On Switch 1, configure the ACL to match the Intranet traffic.
4) Configure the policy routing.
5) Apply policy routing.

c) Configuration Steps
1) Configure the basic IP addresses.
Ruijie(config)#hostname SW1
SW1(config)#interface gigabitEthernet 1/3
SW1(config-if-GigabitEthernet 1/3)#no switchport
SW1(config-if-GigabitEthernet 1/3)#ip address 192.168.1.1 255.255.255.0
SW1(config-if-GigabitEthernet 1/3)#exit
SW1(config)#interface gigabitEthernet 1/2
SW1(config-if-GigabitEthernet 1/2)#no switchport
SW1(config-if-GigabitEthernet 1/2)#ip address 192.168.2.1 255.255.255.0
SW1(config-if-GigabitEthernet 1/2)#exit
SW1(config)#interface gigabitEthernet1/2
SW1(config-if-GigabitEthernet 1/2)#no switchport
SW1(config-if-GigabitEthernet 1/2)#ip address 192.168.3.1 255.255.255.0
SW1(config-if-GigabitEthernet 1/2)#exit

Ruijie(config)#hostname SW2
SW2(config)#interface gigabitEthernet 1/3
SW1(config-if-GigabitEthernet 1/3)#no switchport
SW2(config-if-GigabitEthernet 1/3)#ip address 192.168.1.2 255.255.255.0
SW2(config-if-GigabitEthernet 1/3)#exit
SW2(config)#interface gigabitEthernet 1/1
SW2(config-if-GigabitEthernet 1/1)#no switchport
SW2(config-if-GigabitEthernet 1/1)#ip address 172.16.1.1 255.255.255.0
SW2(config-if-GigabitEthernet 1/1)#exit
SW2(config)#interface gigabitEthernet 1/2
SW2(config-if-GigabitEthernet 1/2)#no switchport
SW2(config-if-GigabitEthernet 1/2)#ip address 172.16.2.1 255.255.255.0
SW2(config-if-GigabitEthernet 1/2)#exit

Ruijie(config)#hostname SW3
SW3(config)#interface gigabitEthernet 1/1
SW3(config-if-GigabitEthernet 1/1)#no switchport
SW3(config-if-GigabitEthernet 1/1)#ip address 192.168.2.2 255.255.255.0
SW3(config-if-GigabitEthernet 1/1)#exit

Ruijie(config)#hostname SW4
SW4(config)#interface gigabitEthernet 1/1
SW4(config-if-GigabitEthernet 1/1)#no switchport
SW4(config-if-GigabitEthernet 1/1)#ip address 192.168.3.2 255.255.255.0
SW4(config-if-GigabitEthernet 1/1)#exit

2) Configure the basic IP routes to enable full reachability through the entire network.
SW1(config)#ip route 172.16.0.0 255.255.0.0 192.168.1.2
SW2(config)#ip route 100.1.1.0 255.255.255.0 192.168.1.1
SW3(config)#ip route 172.16.0.0 255.255.0.0 192.168.2.1
SW4(config)#ip route 172.16.0.0 255.255.0.0 192.168.3.1

3) On Switch 1, configure the ACL to match the Intranet traffic.
SW1(config)#ip access-list standard 10        
SW1(config-std-nacl)#10 permit 172.16.1.0 0.0.0.255
SW1(config-std-nacl)#exit
SW1(config)#ip access-list standard 20   
SW1(config-std-nacl)#10 permit 172.16.2.0 0.0.0.255
SW1(config-std-nacl)#exit

4) Configure the policy routing.
SW1(config)#route-map uijie permit 10      
SW1(config-route-map)#match ip address 10   
SW1(config-route-map)#set ip next-hop 192.168.2.2
SW1(config-route-map)#exit
SW1(config)#route-map uijie permit 20
SW1(config-route-map)#match ip address 20
SW1(config-route-map)#set ip next-hop 192.168.3.2
SW1(config-route-map)#exit

Note:
1) The route map executes policy matching from top to bottom. When the data traffic matches a policy, it is forwarded based on the matched policy and is not longer matched to the follow-up policies.
2) The route map has a deny any statement on the bottom, which enables normal IP route forwarding for data traffic that does not match any policies and avoids discarding such Intranet traffic.
3) The set ip next-hop statement allows you to set the IP address of the next hop or the egress interface of the data packet. The IP address of the next hop is recommended.
4) Apply policy routing.
SW1(config)#interface gigabitEthernet 1/3
SW1(config-if-GigabitEthernet 1/3)#ip policy route-map ruijie   
SW1(config-if-GigabitEthernet 1/3)#exit

Note:
Policy routing must be applied on the in direction interface of the data packets, not the interface in the out direction. This is because policy routing sets the next hop of the data packet in force when it passes through the router. As the router has completed IP route modification on the data packet on the interface in the out direction, the data packet is sent from the interface directly and policy routing applied on the out direction does not take effect.

Verification
Perform route tracking with data packets destined for the Internet 100.1.1.0/24 with source addresses on SW2. If the data packet sourced from 172.16.1.0/24 reaches the Internet through R3 and the data packet sourced from 172.16.2.0/24 reaches the Internet through Switch 4, policy routing is configured correctly.
SW2#traceroute 100.1.1.1 source 172.16.1.1
  < press Ctrl+C to break >
Tracing the route to 100.1.1.1

1    192.168.1.1 0 msec 0 msec 0 msec
2    192.168.2.2 10 msec 0 msec 10 msec   

SW2#traceroute 100.1.1.1 source 172.16.2.1
  < press Ctrl+C to break >
Tracing the route to 100.1.1.1

1    192.168.1.1 0 msec 0 msec 0 msec
2    192.168.3.2 10 msec 0 msec 10 msec  



Welcome to Ruijie Community (https://community.ruijienetworks.com/) Powered by Discuz! X3.2