策略路由(PBR)

1、基本概念PBR (Policy-Based Routing，策略路由): PBR使得网络设备不仅能够基于报文的目的IP地址进行数据转发，更能基于其他元素进行数据转发，例如源IP地址、源MAc地址、目的MAc地址、源端口号、目的端口号、VLAN-ID等等。用户还可以使用ACL匹配特定的报文，然后针对该ACL进行PBR部署。若设备部署了PBR，则被匹配的报文优先根据PBR的策略进行转发，即PBR策

文章共1,075字 · 阅读需要大约4分钟

一键AI生成摘要，助你高效阅读

问答

弥补之途

18494人浏览 · 2022-01-04 17:55:36

弥补之途 · 2022-01-04 17:55:36 发布

1、基本概念

PBR (Policy-Based Routing，策略路由): PBR使得网络设备不仅能够基于报文的目的IP地址进行数据转发，更能基于其他元素进行数据转发，例如源IP地址、源MAc地址、目的MAc地址、源端口号、目的端口号、VLAN-ID等等。

用户还可以使用ACL匹配特定的报文，然后针对该ACL进行PBR部署。

若设备部署了PBR，则被匹配的报文优先根据PBR的策略进行转发，即PBR策略的优先级高于传统路由表。(仅在华为路由设备中)

2、PBR与路由策略区别

3、PBR分类

（1）接口PBR。只对转发的报文起作用，对本地始发的报文无效。接口PBR调用在接口下，对接口的入方向报文生效。缺省情况下，设备按照路由表的下—跳进行报文转发，如果配置了接口PBR,则设备按照接口PBR指定的下一跳进行转发。

（2）本地PBR。对本地始发的流量生效，如:本地始发的ICMP报文。本地PBR在系统视图调用。

4、PBR介绍

（1）PBR与Route-policy类似，由多个节点组成，每个节点由匹配条件（条件语句)和执行动作(执行语句)组成。

（2）每个节点内可包含多个条件语句。

（3）节点内的多个条件语句之间的关系为“与”，即匹配所有条件语句才会执行本节点内的动作。

（4）节点之间的关系为“或”，PBR根据节点编号从小到大顺序执行，匹配当前节点将不会继续向下匹配。

5、拓扑图

6、关键配置

[Huawei]acl 3000

[Huawei-acl-adv-3000]ru

Jan  3 2022 13:08:04-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 5, the change loop count is 0, and the maximum number of records is 4095.

[Huawei-acl-adv-3000]rule 5 deny ip source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255

Jan  3 2022 13:09:54-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 6, the change loop count is 0, and the maximum number of records is 4095.

[Huawei-acl-adv-3000]rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 0.0.0.0 0

Jan  3 2022 13:12:04-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 7, the change loop count is 0, and the maximum number of records is 4095.

[Huawei-acl-adv-3000]quit

[Huawei]acl 3001

Jan  3 2022 13:12:34-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 8, the change loop count is 0, and the maximum number of records is 4095.

[Huawei-acl-adv-3001]rule 5 deny ip source 192.168.2.0 0.0.0.255 destination 192.168.3.2 0.0.0.255

Jan  3 2022 13:13:34-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 9, the change loop count is 0, and the maximum number of records is 4095.

[Huawei-acl-adv-3001]rule 10 permit ip source 192.168.2.0 0.0.0.255 destination 0.0.0.0 0

Jan  3 2022 13:14:05-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 10, the change loop count is 0, and the maximum number of records is 4095.

[Huawei-acl-adv-3001]quit

[Huawei]policy-based-route hcip permit node 10

Info: Succeeded in creating a new node of policy-based route.

Jan  3 2022 13:14:55-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 11, the change loop count is 0, and the maximum number of records is 4095.

[Huawei-policy-based-route-hcip-10]if-match acl 3000

Jan  3 2022 13:15:15-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 12, the change loop count is 0, and the maximum number of records is 4095.

[Huawei-policy-based-route-hcip-10]apply ip-address next-hop 100.100.100.2

[Huawei-policy-based-route-hcip-10]quit

Jan  3 2022 13:16:15-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 13, the change loop count is 0, and the maximum number of records is 4095.

[Huawei]policy-based-route hcip permit node 20

Info: Succeeded in creating a new node of policy-based route.

Jan  3 2022 13:16:55-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 14, the change loop count is 0, and the maximum number of records is 4095.

[Huawei-policy-based-route-hcip-20]if-match acl 3001

Jan  3 2022 13:17:05-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 15, the change loop count is 0, and the maximum number of records is 4095.

[Huawei-policy-based-route-hcip-20]apply ip-address next-hop 200.200.200.2

[Huawei-policy-based-route-hcip-20]quit

[Huawei]

Jan  3 2022 13:17:35-08:00 Huawei DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 16, the change loop count is 0, and the maximum number of records is 4095.

[Huawei]int g0/0/0

[Huawei-GigabitEthernet0/0/0]ip policy-based-route hcip

[Huawei-GigabitEthernet0/0/0]