안녕하세요
오늘은 PBR에 관해 포스팅 해보려고 합니다.
PBR은 Enterprise Services license에서 가능합니다. Lan base license일 경우, 90일간 임시 license 사용할수 있습니다.
PBR이란.
With policy-based routing, you can configure a defined policy for IPv4 and IPv6 traffic flows that lessens the reliance on routes derived from routing protocols. All packets received on an interface with policy-based routing enabled are passed through enhanced packet filters or route maps. The route maps dictate the policy that determines where to forward packets.
Policy-based routing includes the following features:
- Source-based routing—Routes traffic that originates from different sets of users through different connections across the policy routers.
- Quality of Service (QoS)—Differentiates traffic by setting the precedence or type of service (ToS) values in the IP packet headers at the periphery of the network and leveraging queuing mechanisms to prioritize traffic in the core or backbone of the network (see the Cisco Nexus 9000 Series NX-OS Quality of Service Configuration Guide).
- Load sharing—Distributes traffic among multiple paths based on the traffic characteristics.
PBR 처리 방식
When a packet is received on an interface that is configured with a route map, the forwarding logic processes each route-map statement according to the sequence number.
If the route-map statement encountered is a route-map...permit statement, the packet is matched against the criteria in the match command. This command may refer to an ACL that has one or more access control entries (ACEs). If the packet matches the permit ACEs in the ACL, the policy-based routing logic executes the action specified by the set command on the packet.
If the route-map statement encountered is a route-map... deny statement, the packet is matched against the criteria in the match command. This command may refer to an ACL that has one or more ACEs. If the packet matches the permit ACEs in the ACL, policy-based routing processing terminates, and the packet is routed using the default IP routing table.
PBR 옵션을 줄수 있는것들
- Layer 3 source and/or destination address
- TCP and UDP ports
- Precedence level
- Differentiated Services Code Point (DSCP) value
- TCP packets with the ACK, FIN, PSH, RST, SYN, or URG bit set
- Established TCP connections
- Packet length
가운데 있는 스위치에 PBR적용할 config입니다.
ip
access-list test
statistics per-entry
10 permit ip 172.19.107.0/24 172.18.99.0/24
route-map test permit 10
match ip address test
set ip next-hop 172.22.129.13
interface vlan3096
ip policy route-map test
PC에서 ping 을 걸거고, 아래처럼 두가지로 할 겁니다.
결과입니다.
잘 되네요..
'IT > Traditional Network' 카테고리의 다른 글
| Nexus 7000 series_Config Rollback (0) | 2019.02.22 |
|---|---|
| Cisco Stack 가능 product 비교, Stackwise virtual link (0) | 2019.02.21 |
| Nexus license download 및 license upgrade (0) | 2019.02.13 |
| Nexus 93128/9396 등 QSA module 사용시 주의사항 (0) | 2019.02.13 |
| ACS server IP address change procedure (0) | 2019.02.11 |
