< Home

Example for Configuring PBR

Networking Requirements

In Figure 1, enterprise users are dual-homed to external network devices through the Switch. The Switch is connected to two core routers through two links, a high-speed link with the gateway 10.1.30.1/24 and a low-speed link with the gateway 10.1.20.1/24.

The enterprise requires that outgoing packets with IP precedences 4, 5, 6, and 7 be transmitted on the high-speed link and outgoing packets with IP precedences 0, 1, 2, and 3 be transmitted on the low-speed link.

Figure 1 PBR networking

Configuration Roadmap

Implement PBR through redirection so that the Switch can provide differentiated services. The configuration roadmap is as follows:
  1. Create VLANs and configure interfaces to connect the enterprise' devices to external network devices.
  2. Configure ACL rules to separately match the packets with IP precedences of 4, 5, 6, and 7 and the packets with IP precedences of 0, 1, 2, and 3.
  3. Configure traffic classifiers and bind them to ACL rules in the traffic classifiers so that the Switch can differentiate packets.
  4. Configure traffic behaviors to redirect the packets matching traffic classification rules to 10.1.20.1/24 and 10.1.30.1/24 separately.
  5. Configure a traffic policy, bind it to the traffic classifiers and traffic behaviors, and apply it to the inbound direction of GE0/0/3 to implement PBR.

Procedure

  1. Create VLANs and configure interfaces.

    # Create VLAN 100 and VLAN 200 on the Switch.

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan batch 100 200

    # Configure GE0/0/1, GE0/0/2, and GE0/0/3 on the Switch as trunk interfaces and add them to VLAN 100 and VLAN 200.

    [Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type trunk
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 100 200
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type trunk
[Switch-GigabitEthernet0/0/2] port trunk allow-pass vlan 100 200
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type trunk
[Switch-GigabitEthernet0/0/3] port trunk allow-pass vlan 100 200
[Switch-GigabitEthernet0/0/3] quit

    Configure the interface connecting the LSW to the Switch as a trunk interface and add it to VLAN 100 and VLAN 200.

    # Create VLANIF 100 and VLANIF 200 and configure IP addresses for them.

    [Switch] interface vlanif 100
[Switch-Vlanif100] ip address 10.1.20.2 24
[Switch-Vlanif100] quit
[Switch] interface vlanif 200
[Switch-Vlanif200] ip address 10.1.30.2 24
[Switch-Vlanif200] quit

  2. Configure ACLs.

    # Create advanced ACLs 3001 and 3002 on the Switch. ACL 3001 permits packets with IP precedences of 0, 1, 2, and 3 and ACL 3002 permits packets with IP precedences of 4, 5, 6, and 7.

    [Switch] acl 3001
[Switch-acl-adv-3001] rule permit ip precedence 0
[Switch-acl-adv-3001] rule permit ip precedence 1
[Switch-acl-adv-3001] rule permit ip precedence 2
[Switch-acl-adv-3001] rule permit ip precedence 3
[Switch-acl-adv-3001] quit
[Switch] acl 3002
[Switch-acl-adv-3002] rule permit ip precedence 4
[Switch-acl-adv-3002] rule permit ip precedence 5
[Switch-acl-adv-3002] rule permit ip precedence 6
[Switch-acl-adv-3002] rule permit ip precedence 7
[Switch-acl-adv-3002] quit

  3. Configure traffic classifiers.

    On the Switch, create traffic classifiers c1 and c2, and bind c1 to ACL 3001 and c2 to ACL 3002.

    [Switch] traffic classifier c1 operator and
[Switch-classifier-c1] if-match acl 3001
[Switch-classifier-c1] quit
[Switch] traffic classifier c2 operator and
[Switch-classifier-c2] if-match acl 3002
[Switch-classifier-c2] quit

  4. Configure traffic behaviors.

    # On the Switch, create traffic behaviors b1 and b2 to redirect traffic to 10.1.20.1/24 and 10.1.30.1/24, respectively.

    [Switch] traffic behavior b1
[Switch-behavior-b1] redirect ip-nexthop 10.1.20.1
[Switch-behavior-b1] quit
[Switch] traffic behavior b2
[Switch-behavior-b2] redirect ip-nexthop 10.1.30.1
[Switch-behavior-b2] quit

  5. Configure a traffic policy and apply it to an interface.

    # On the Switch, create a traffic policy p1, and bind it to the traffic classifiers and traffic behaviors.

    [Switch] traffic policy p1
[Switch-trafficpolicy-p1] classifier c1 behavior b1
[Switch-trafficpolicy-p1] classifier c2 behavior b2
[Switch-trafficpolicy-p1] quit

    # Apply the traffic policy p1 to the inbound direction of GE0/0/3.

    [Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] traffic-policy p1 inbound
[Switch-GigabitEthernet0/0/3] return

  6. Verify the configuration.

    # Check the ACL configuration.

    <Switch> display acl 3001
Advanced ACL 3001, 4 rules
Acl's step is 5
 rule 5 permit ip precedence routine
 rule 10 permit ip precedence priority
 rule 15 permit ip precedence immediate
 rule 20 permit ip precedence flash
    <Switch> display acl 3002
Advanced ACL 3002, 4 rules
Acl's step is 5
 rule 5 permit ip precedence flash-override
 rule 10 permit ip precedence critical
 rule 15 permit ip precedence internet
 rule 20 permit ip precedence network

    # Check the traffic classifier configuration.

    <Switch> display traffic classifier user-defined
  User Defined Classifier Information:
    Classifier: c2
     Operator: AND
     Rule(s) : if-match acl 3002

    Classifier: c1
      Operator: AND
      Rule(s) : if-match acl 3001
        
Total classifier number is 2

    # Check the traffic policy configuration.

    <Switch> display traffic policy user-defined p1
  User Defined Traffic Policy Information:
  Policy: p1
   Classifier: c1
    Operator: AND
     Behavior: b1
      Redirect: no forced
        Redirect ip-nexthop
        10.1.20.1
   Classifier: c2
    Operator: AND
     Behavior: b2
      Redirect: no forced
        Redirect ip-nexthop
        10.1.30.1

Configuration Files

  • Switch configuration file

    #
sysname Switch
#
vlan batch 100 200 
#
acl number 3001
 rule 5 permit ip precedence routine
 rule 10 permit ip precedence priority
 rule 15 permit ip precedence immediate
 rule 20 permit ip precedence flash
acl number 3002
 rule 5 permit ip precedence flash-override
 rule 10 permit ip precedence critical
 rule 15 permit ip precedence internet
 rule 20 permit ip precedence network
#
traffic classifier c1 operator and
 if-match acl 3001
traffic classifier c2 operator and
 if-match acl 3002
#
traffic behavior b1
 redirect ip-nexthop 10.1.20.1
traffic behavior b2
 redirect ip-nexthop 10.1.30.1
#
traffic policy p1 match-order config
 classifier c1 behavior b1
 classifier c2 behavior b2
#
interface Vlanif100
 ip address 10.1.20.2 255.255.255.0
#
interface Vlanif200
 ip address 10.1.30.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet0/0/2
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet0/0/3
 port link-type trunk
 port trunk allow-pass vlan 100 200
 traffic-policy p1 inbound
#
return
Parent Topic: Configuration Examples for PBR
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >