05 IP - FC3027 - E01 - 1-ZXR10 M6000 Routing Policy and Policy Routing Configuration (V2.00.20) - 44p

Routing Policy and Policy
Routing
(ZXR10 M6000 V2.00.20)
V2.0
Objectives
n Know functions of routing policy

n Know how to define routing policy
n Be familiar with applications of routing policy
n Know functions of policy routing
n Be familiar with applications of policy routing
2
Contents
n Chapter I Routing Policy

l Functions of Routing Policy
l How to Define Routing Policy
l Common Applications of Routing Policy
n Chapter II Policy Routing

l Functions of Policy Routing
l Configuration Steps of Policy Routing
l Common Applications of Policy Routing
3
What is Routing Policy?
Problem One:
Router B needs to filter routes distributed
AS100 by Router A, only receiving routes
Lo0:30.1.1.1/3
2 20.1.1.1/32 and shielding routes
Lo1:20.1.1.1/3
30.1.1.1/32
2
10.1.1.1/3
A
A
20.1.1.1/3
Problem Two:
0 0
Router A only distributes AS100 routes to
router B and other routing entries will be
10.1.1.2/3 20.1.1.2/3 shielded for security reason.
0 0
Problem Three:
B Router B needs to firstly choose
B
AS200 10.1.1.0/30 link to AS100.
© ZTE All rights reserved 4

Functions of Routing Policy
An efficient method is needed to solve above

problems!!
Routing Policy
n Filter distributed and received routing

information
n Control route attributes flexibly

Solve These Problems via Routing Policy
Solution to Problem One:
Router B filters received routing
information via routing policy, only
AS100 receiving route 20.1.1.1/32 and shielding
Lo0:30.1.1.1/3
route 30.1.1.1/32.
2
Solution to Problem Two:
Lo1:20.1.1.1/3
2
A
A Router A filters routing information
10.1.1.1/3 20.1.1.1/3
0 0 distributed to router B via routing policy,
only distributing routes generated within
10.1.1.2/3 20.1.1.2/3
0 AS100 and not distributing other routes.
0
Solution to Problem Three:
B Router B modifies the priority of route
B
AS200 entry received via 10.1.1.0/30 link via
routing policy to make it higher than that
of route entry learned via 20.1.1.0/30 link.

Contents


7
How to Define Routing Policy (1)
n Route-Map
l It mainly consists of clauses Match and Set and conducts setting
according to matching conditions
n Access Control List
l It is used to configure matching conditions
n Prefix-List
l It functions like ACL, used to configure matching conditions. It can
both be used individually and used together with route map and
Area Filter-List.
n As-Path Access-List
l It is only used for BGP protocol to filter routes according to AS path
information and it is used together with route map.

How to Define Routing Policy (2)
n Community-List
l It is only used for BGP protocol to filter routes according to Community List
and it is used together with route map.
n OSPF Route Filter

l It is used for OSPF protocol to filter Type-5 and Type-7 LSAs.
n OSPF Area Filter-List

l It is used for route filtering inter-areas, filtering Type-3 LSA.

Route-Map
n route-map <route-map name> [permit|deny] [<sequence-

number>]
n Match <matching conditions>
n Set <Actions>
n Route-map consists of a series of Match sub-clauses and Set sub-clauses
n Firstly execute the part with the smaller sequence-number
n Use As-Path Access-List for matching AS-Path
n Use Community-List for matching Community
n Use Access-List for matching IP address

Route-Map--Match Clause
n Matching conditions for Match sub-clauses such as:

l match ip {[address <ip access-list or prefix-list>]|[metric <metric-
value>]|[next-hop <IP access-list name>]|[tag <tag-value> ]}
l match as-path <path-list-number>
l match community-list <community-list-number>
l match route-type {[external <external-type>]|internal|level-1|level-2|local}

Route-Map--Set Clause
n Available actions for Set sub-clauses such as:

l set ip next-hop < ip-address>
l set interface < interface-name>
l set as-path prepend <as-path-number>
l set community {<community number>|no-advertise | no-export | no-export-
subconfed }
l set ip metric {+ <metric-value>|- <metric-value>|<metric-value> }

Route-Map Instance
n Define a route-map named Test
route-map test permit 2 //sequence-number is 2
match xxx
set xxx
route-map test permit 3 //sequence-number is 3
match xxx
set xxx
n In this instance, route-map consists of two parts and the former part
where sequence-number is 2 will be executed first. If matching conditions
in Match sub-clause are met in part sequence-number 2, proceed
corresponding Set actions to matched part; if not, skip to the part
sequence-number 3. If neither part is matched, deny by default and this
route entry will not be distributed or received.

Route-Map--Execution Principle (1)
n Combination One:
ZXR10(config)#ipv4-access-list 1
ZXR10(config-ipv4-acl)#rule 1 permit 1.1.1.1 0.0.0.0
ZXR10(config-ipv4-acl)#exit
ZXR10(config)#route-map redistribute permit 10
ZXR10(config-route-map)#match ip address 1
ZXR10(config-route-map)# set ip metric 300
ZXR10(config)# router ospf 100
ZXR10(config-ospfv2)# redistribute static route-map redistribute
Result:
Redistribution succeeds. The static route
pointing to 1.1.1.1 is redistributed to OSPF routing
table and Metric value is set to 300.

n Combination Two:
ZXR10(config-ipv4-acl)#rule 1 permit 1.1.1.1 0.0.0.0
ZXR10(config)#route-map redistribute deny 10
ZXR10(config-route-map)# set ip metric 120
ZXR10(config)# router ospf 100
Result:
static route pointing to 1.1.1.1 can not be redistributed
——How about the other static routes?

n Combination Three:
ZXR10(config-ipv4-acl)#rule 1 deny 1.1.1.1 0.0.0.0
ZXR10(config-ipv4-acl)#rule 2 permit any
ZXR10(config)#route-map redistribute deny 10
ZXR10(config-route-map)#set ip metric 300
ZXR10(config)#route-map redistribute permit 20
ZXR10(config)#router ospf 100
Result:
The static route pointing to 1.1.1.1 is redistributed to OSPF routing
table and Metric value is the default value. Other static routes cannot be
redistributed.

ACL
n Common methods used to set matching conditions include:

l Standard ACL, can only use source address as the filtering condition
ZXR10(config)#ipv4-access-list <acl-name >

ZXR10(config-ipv4-acl)# rule [ <rule-id > ] {permit | deny }
{ source [ <source-wildcard > ] | any }
l Extended ACL, can use source address, destination address, source
port, destination port, protocol type as accurate filtering conditions.
rule [ <rule-id > ] {permit | deny } protocol { source

[ <source-wildcard > ] | any } { destination [ <destination-
wildcard > ] | any } [ { <tos-value > | <precedence-value > |
<dscp-value > } ] [ fragments ] time-range <time-range-
name >

IP Prefix-list
n Similar to Access-List, it is used to set matching conditions
ZXR10(config)#ip prefix-list < prefix-list-name> { [ seq < seq-

number> ]
{ deny | permit} < network-num> < len> [ ge < value> ] [ le <
value> ]} Note: Masklen < ge-value <= le-value <=32
n There are two parts of address prefix range, specified by length ge and
le. If both two parts of address prefix range are specified, IP addresses to
be filtered must match these two prefix limits simultaneously.
l For example: zxr10(config)# ip prefix-list test permit 10.1.1.0 8 ge 15
le 16
l This prefix-list shows that: Filter to distribute route entries whose
former 8 bits must match those of 10.1.1.0 and subnet is on 15～16
bits.
Questions: If route entry 10.1.3.0/9 can match this prefix-list? And
what about 10.1.4.0/15?

As-path access-list
n Define expression of AS-Path

l AS-Path records AS systems that BGP routing information
passes through
l ip as-path access-list <access-list-number> {permit|deny}

<as-regular-expression>
n As-Path Access-List is only used for BGP protocol to

define routing policy

As-path access-list
--Regular Expression of AS-Path
n The regular expression of AS-Path is used to define AS path
conditions matching BGP routing information
Character Meaning
$ Ending of Input String
. Any Character
_ Beginning and Ending of A String
^ Beginning of Input String
Expression Meaning
^$ Route not passing through any AS-Path, i.e. originate locally
^100$ Only indicate route that originates from AS100 and not
passes through any other AS
_100$ All paths originate from AS100

_100_ Path passing through AS100
^100_ A path, for which AS100 is the last system it passing through.

As-path access-list
--Configuration Instance
n As a matching method of routing policy, As-Path access-List is
usually not used individually and in usual cases we use it as a
matching condition of Match sub-clause in Route-Map.
n Configuration Instance:
ip as-path access-list 10 permit ^$
route-map test permit 3
match as-path 10
Set xxx
//As-Path access-List 10 means permitting the path to originate

and end at the same AS

Community-list
n Expression to define community list
ip community-list { { < 1-99 > | { permit | deny } | { any | <
community-number >…… } } | { <100-499 > | {permit | deny } | <line
>}}
n Instance of using this attribute together with route-map
ip community-list 1 deny 5
ip community-list 1 permit any
match community-list 1
set xxx
//community-list 1 indicates permitting all other routes except
routes of community 5
n Community-List is only used for BGP protocol. A community
attribute field is contained in BGP packet.

Filter
n Filter Definition:
l In OSPF Route Configuration Mode
filter [exact] <ip-address> <net-mask> <route
preference>
l Only routes matching Filter can be imported into the
routing table, otherwise it will be denied. This command
can be used to filter routes of type 7 LSA and type 5 LSA.
n Filter Application:
Note: router ospf 100
Filter command can only filter type 5 and type 7 LSAs and do no
functionfilter 5.5.5.5
to other 255.255.255.255
types 10
of LSAs. Filter command here controls whether
to import an OSPF route into routing table and can not control the
//only permit 5.5.5.5 routes to be imported into routing table,
learning of external LSAs, i.e. Filter command will not effect LSA
learning inchange the priority to 10 and deny all the other routes.
OSPF database.
OSPF Area Filter-List
n Definition of OSPF Area Filter-List
l area <area-id> filter-list prefix <prefix-list> {out | in }
1.in/out: filter networks sent to/from this area
2.It only functions on type 3 LSA, Prefix defines the permit/deny action,
and the default value of Prefix is Deny All.
3.It is only used on ABR.
n Instance of OSPF Area Filter-List
ip prefix-list test seq 1 deny 20.20.20.0 24
ip prefix-list test seq 2 permit 0.0.0.0 0 le 32
router ospf 1
area 0.0.0.0 filter-list prefix test out
//Do not distribute type 3 LSA of 20.20.20.0/24 of Area0 to other
areas
Question: If not configure ip prefix-list test seq 2 permit 0.0.0.0 0, what the result will
be?

Contents


25
Routing Policy Application Instance I (1)
AS100 AS200
10.1.1.1/3 10.1.1.2/3
AA 0 0 BB
Lo1:20.1.1.1/3
2
Lo2:30.1.1.1/3
2
Router B filters routes distributed by Router A, only

receiving route 20.1.1.1/32 and shielding route 30.1.1.1/32

Key Configuration of Router B (Use ACL):

//Configure BGP Protocol
router bgp 200
neighbor 10.1.1.1 remote-as 100
neighbor 10.1.1.1 route-map test in //only receive routes specified by route-map
test
//Configure Route-Map
ipv4-access-list 10
rule 1 permit 20.1.1.1 0.0.0.0
match ip address 10

Key Configuration of Router B (Use prefix-list):

router bgp 200
neighbor 10.1.1.1 route-map test in
ip prefix-list filter permit 20.1.1.1 32
match ip address prefix-list filter

Routing Policy Application Instance II (1)
Lo0:30.1.1.1/32
AS100
10.1.1.1/30 A
A 20.1.1.1/30
10.1.1.2/30 20.1.1.2/30
B
B
Router B can learn route 30.1.1.1/32 from two directions and

prefer route learned from 10.1.1.2 via routing policy.

Routing Policy Application Instance II (2)
Key Configuration of Router B ：
router bgp 100
neighbor 10.1.1.1 route-map higher-pref in
neighbor 20.1.1.1 route-map lower-pref in
route-map higher-pref permit 10
set local preference 200
route-map lower-pref permit 10
set local preference 100

Routing Policy Application Instance III (1)
AREA 0
Lo1:20.1.1.1/32
Lo2:30.1.1.1/32 A BB
40.1.1.1/30 40.1.1.2/30
Router A redistributes direct route 20.1.1.1/32 and 30.1.1.1/32 into OSPF.

Router B only receives 30.1.1.1/32 via routing policy.

Routing Policy Application Instance III (2)
Configuration of Router B:
router ospf 200
network 40.1.1.0 0.0.0.3 area 0
filter 30.1.1.1 255.255.255.255 110
Note:
We can view 20.1.1.1/32 and 30.1.1.1/32 related link
state information in LSDB of Router B. After enabling
command Filter, 20.1.1.1/32 will be forbidden to be
imported to routing table.

Contents


33
Demands
ISP1 ISP2
212.0.1.1/30 A 200.30.10.1/30
Gei-0/1/1/1
B 222.1.0.0/24
B
202.102.11.0/24
Users in 202.102.11.0/24 belong to ISP1 and their addresses are assigned by ISP1;
Users in 222.1.0.0/24 belong to ISP2 and their addresses are assigned by ISP2;
Demands:
Users of ISP1 access Internet via egress of ISP1;
Users of ISP2 access Internet via egress of ISP2.
Demands--Solution
ISP1 ISP2
212.0.1.1/30 A 200.30.10.1/30
Gei-
0/1/1/1
B 222.1.0.0/24
B
202.102.11.0/24
Solution——Designate egress manually according to source address of
user: designate specific route for specific packet forwarding via policy
routing

Functions of Policy Routing
n Common Routing
l Look up routing table according to destination address of IP packet for
forwarding
n Policy Routing
l Perform routing for packet forwarding according to policy routing rather than
looking up routing table
n Routing Policy
l It’s a method to control routing information

Contents


37
Configuration Steps of Policy Routing
n Define Route Map

l route-map <route-map name> [permit|deny] [<sequence-
number>]
Match <matching conditions>
Set <Actions>
l Match sub-clause here is used together with ACL and Set sub-
clause is used to set next-hop address or interface (only two
actions: next-hop and interface), performing route backup by
setting multiple next-hop addresses.
n Apply the policy on interface
l ZXR10(config)#ip policy interface < interface-name> route-map
<route-map name>

Contents


39
Policy Routing Instance (1)
ISP1 ISP2
212.0.1.1/30 A 200.30.10.1/30
Gei-0/1/1/1
B 222.1.0.0/24
B
202.102.11.0/24
Router A is connected with two ISPs, where 202.102.11.0/24
is assigned by ISP1 and 222.1.0.0/24 is assigned by ISP2; ISP1
is interconnected with Router A via address 212.0.1.1 and
ISP2 is interconnected with Router A via address 200.30.10.1.

Key Configuration of Router A (Pointing to Next-Hop IP)
ZXR10(config)# interface gei-0/1/1/1
ZXR10(config-if)# ip address 61.132.77.106 255.255.255.252
ZXR10(config-if)#exit
ZXR10(config)#ip policy interface gei-0/1/1/1 route-map test
//Apply specified policy on interface gei-0/1/1/1
ZXR10(config-ipv4-acl)#rule 1 permit 202.102.11.0 0.0.0.255 any
ZXR10(config)#route-map test permit 5
//Match ACL-specified 101 and the next-hop points to IP address of ISP1
ZXR10(config-route-map)#set ip next-hop 212.0.1.1
ZXR10(config-route-map)#exit
//Match ACL-specified 102 and the next-hop points to IP address of ISP2
ZXR10(config-route-map)#set ip next-hop 200.30.10.1
Key Configuration of Router A (Pointing to Next-Hop Interface):
ZXR10(config)# interface gei-0/1/1/1
ZXR10(config-if)# ip address 61.132.77.106 255.255.255.252
ZXR10(config-if)#exit
ZXR10(config)#ip policy interface gei-0/1/1/1 route-map test
ZXR10(config-route-map)#set ip path interface gei-1/1/1/2 next-hop 212.0.1.1
ZXR10(config-route-map)# set ip path interface gei-1/1/1/3 next-hop 200.30.10.1

Summary
n Functions of routing policy and methods to define routing policy

n Use routing policy to control reception, distribution and
redistribution of route
n Functions of policy routing and actual applications

Thank you

05 IP - FC3027 - E01 - 1-ZXR10 M6000 Routing Policy and Policy Routing Configuration (V2.00.20) - 44p

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

05 IP - FC3027 - E01 - 1-ZXR10 M6000 Routing Policy and Policy Routing Configuration (V2.00.20) - 44p

Uploaded by

Copyright:

Available Formats

Routing Policy and Policy

n Know functions of routing policy

n Chapter I Routing Policy

l How to Define Routing Policy

l Common Applications of Routing Policy

n Chapter II Policy Routing

l Configuration Steps of Policy Routing

l Common Applications of Policy Routing

© ZTE All rights reserved 4

An efficient method is needed to solve above

n Filter distributed and received routing

© ZTE All rights reserved 5

© ZTE All rights reserved 6

n Chapter I Routing Policy

l How to Define Routing Policy

l Common Applications of Routing Policy

n Chapter II Policy Routing

l Configuration Steps of Policy Routing

l Common Applications of Policy Routing

© ZTE All rights reserved 8

n OSPF Route Filter

n OSPF Area Filter-List

© ZTE All rights reserved 9

n route-map <route-map name> [permit|deny] [<sequence-

© ZTE All rights reserved 10

n Matching conditions for Match sub-clauses such as:

© ZTE All rights reserved 11

n Available actions for Set sub-clauses such as:

© ZTE All rights reserved 12

© ZTE All rights reserved 13

© ZTE All rights reserved 14

© ZTE All rights reserved 15

© ZTE All rights reserved 16

n Common methods used to set matching conditions include:

ZXR10(config)#ipv4-access-list <acl-name >

rule [ <rule-id > ] {permit | deny } protocol { source

© ZTE All rights reserved 17

ZXR10(config)#ip prefix-list < prefix-list-name> { [ seq < seq-

© ZTE All rights reserved 18

n Define expression of AS-Path

l ip as-path access-list <access-list-number> {permit|deny}

n As-Path Access-List is only used for BGP protocol to

© ZTE All rights reserved 19

_100$ All paths originate from AS100

© ZTE All rights reserved 20

//As-Path access-List 10 means permitting the path to originate

© ZTE All rights reserved 21

© ZTE All rights reserved 22

© ZTE All rights reserved 24

n Chapter I Routing Policy

l How to Define Routing Policy

l Common Applications of Routing Policy

n Chapter II Policy Routing

l Configuration Steps of Policy Routing

l Common Applications of Policy Routing

Router B filters routes distributed by Router A, only

© ZTE All rights reserved 26

Key Configuration of Router B (Use ACL):

© ZTE All rights reserved 27

Key Configuration of Router B (Use prefix-list):

© ZTE All rights reserved 28

Router B can learn route 30.1.1.1/32 from two directions and

© ZTE All rights reserved 29