Hcip day 9 notes (OSPF routing feedback, routing policy, and Configuration Guide)

One 、 Routing feedback

           Default RIP and OSPF If the agreement is reissued at two points , Because of their different priorities , So the first one ASBR After the re release of the device , Will affect other ASBR Routing table of the device , The route of may be returned to the source protocol , happen Routing feedback ----A Reroute protocol to B After the agreement , It was republished back A agreement . Routing feedback may lead to poor routing and even the emergence of routing loops .

Eliminate route feedback ：
           Huawei equipment in order to eliminate the phenomenon of routing feedback , It will OSPF The priority of internally generated routes is defined as 10, And will be The default priority of routes imported outside the domain is defined as 150（150 Priority of is higher than that of all Huawei systems IGP Default priority of the protocol ）. In this way, route feedback is eliminated .

Due to the seed metric problem of republishing Technology , Will inevitably lead to poor route selection — Can only rely on Routing strategy （// Route control ） Someone intervenes to choose the way .

// Data coming R1,R1 Judge according to your routing table . Suppose the data goes to R2 Network segment ,R1 Just take the road down to R2 Network segment , The flow direction of this traffic is the data layer traffic .（ Premise ：R1 Know how to go 2.0 Network segment , That is, static routing or dynamic routing ）

 If you choose a static route , There is no waste in manual configuration , But if it is dynamic routing , then R2 tell R1, If you want to go 2.0 Network segment , I need to go R2 That way , notice R1 The process of routing information is to control layer traffic .

Control layer flow ： The routing protocol transmits the traffic generated by the routing information
Data layer traffic ： When the device accesses the target network segment , Data traffic generated

Two 、 Routing strategy

           Routing strategy ： In the process of controlling the flow of the layer , Intercept flow , Modify the traffic and then forward or not forward ; The final implementation affects the generation of router routing table , The effect of interference in route selection .

          Step1： Grab traffic
                    1、ACL list ---- because ACL The list design itself is to capture the data layer traffic , therefore , Because of the existence of wildcards, it can flexibly match digital features , however , There is no way to match the mask characteristics in the routing information , therefore , He is not good at capturing the traffic of the control layer .

eg：172.16.1.1/24 This kind cannot be grabbed , however 172.16.1.1 0 This kind can . The following mask cannot have , Otherwise, you can't catch .

                    2、IP-prefix----- The prefix list （// Grab the information of the target network segment )

[r1]ip ip-prefix aa( Custom prefix list name ） permit（ Allow and deny , Only crawl traffic selection permit） 192.168.1.0 24（ The address and mask of the target network segment in the captured control layer traffic ）

[r1]ip ip-prefix aa permit 192.168.2.0 24---- Prefix list add 192.168.2.0 24 The network segment 

[r1]display ip ip-prefix aa------ View prefix list content information 
Prefix-list aa
Permitted 0
Denied 0
        index: 10               permit  192.168.1.0/24          
        index: 20               permit  192.168.2.0/24          
[r1]

Matching rules for prefix list ： From top to bottom , One by one matching , Once matched, the action will be executed according to the corresponding rules , Don't match down any more , The end implicitly rejects all rules .

The rule in the prefix list defaults to （index）10 by Step automatically adds sequence number , Easy to insert and delete .

[r1]ip ip-prefix aa index 15 permit 192.168.3.0 24--- Insert according to the serial number 15 The rules of 
[r1]dis ip ip-prefix aa
Prefix-list aa
Permitted 0
Denied 0
        index: 10               permit  192.168.1.0/24          
        index: 15               permit  192.168.3.0/24          
        index: 20               permit  192.168.2.0/24          
[r1]

[r1]undo ip ip-prefix aa index 15--- Delete prefix list 15 The rules of 

[r1]ip ip-prefix aa permit 192.168.3.0 24 less-equal 28---- Crawl mask length is 24 To 28 The address of the section 

[r1]ip ip-prefix aa permit 192.168.4.0 24 greater-equal 28----- After the current contradiction , The latter will prevail , Ahead 24 Become former 24 Bits are fixed ,// The crawl mask length is greater than or equal to 28 The address of 

[r1]ip ip-prefix aa permit 192.168.5.0 24 greater-equal 28 less-equal 30----- front 24 Bit fixation , The matching mask length is 28-30 Network segment information .

[r1]ip ip-prefix aa permit 192.168.6.0 24 greater-equal 28 less-equal 28---- front 24 Bit fixation , The matching mask length is 28 Bit network segment 

[r1]ip ip-prefix aa permit 0.0.0.0 0 greater-equal 32--- Match all host routes 

[r1]ip ip-prefix aa permit 0.0.0.0 0 --- Match default route 

[r1]ip ip-prefix aa permit 0.0.0.0 0 less-equal 32------ Relax all traffic 

          Step2： Routing strategy
                    1、RIP Of merticin and merticout------ Offset list , Only for distance vector protocols
                              step1： Grab traffic

 [r1]ip ip-prefix aa permit 23.0.0.0 24

                              step2： Call... On the interface

  [r1-GigabitEthernet0/0/0]rip metricin ip-prefix aa 10（// Add... To the cost value on the original basis 10）

                    2、filter policy---- Filtering strategy （// It is equivalent to not forwarding the routing information ）
                              step1、 Grab traffic

[r1]ip ip-prefix bb deny 34.0.0.0 24 
[r1]ip ip-prefix bb permit  0.0.0.0 0 less-equal 32
[r1]

                              step 2、 Called in the process

[r1-rip-1]filter-policy ip-prefix bb import g 0/0/0

Be careful ： The filtering strategy itself can be used in OSPF Use in , however , stay OSPF In the area When using , Because topology information is transferred inside the region , therefore , Cannot call in the outgoing direction , Can only be called in the incoming direction , Influence yourself , Nor does it mean that LSA Information filtering out , Only filter the routing information when adding tables , Don't let it add a watch . stay When routing information is transferred between regions, you can call in the out direction .

                    3、 Routing strategy
                              1、 Grab traffic

[r1]acl 2000
[r1-acl-basic-2000]rule permit  source 1.1.1.0 0


[r2]acl 2001
[r2-acl-basic-2001]rule permit  source 2.2.2.0 0

[r2]ip ip-prefix aa permit 3.3.3.0 24

[r2]ip ip-prefix bb permit 4.4.4.0 24

                              2、 Configure routing policies

[r2]route-policy aa deny( Refuse ） node（// node ） 10（// Make rule serial number 10）
[r2-route-policy]if-match acl 2000----- Refuse acl 2000 A list of 

[r2]route-policy aa permit node  20-.-- Modify the cost value 
[r2-route-policy]if-match acl 2001
[r2-route-policy]apply cost 10-.-- Modify the cost value 


[r2]route-policy aa permit node 30-.-- Modify the rule to type 1
[r2-route-policy]if-match ip-prefix aa
[r2-route-policy]apply cost-type type-1 .-- Modify the cost value 



[r2]route-policy aa permit node 30-.-- Modify the rule to type 1
[r2-route-policy]if-match ip-prefix bb
[r2-route-policy]apply cost-type type-1-.-- Modify the cost value 
[r2-route-policy]apply  tag  666----- Call traffic 666 The label of 

Be careful ： In a rule , If there are multiple apply perhaps if-match, Then these needs are met at the same time , Satisfy “ And ” Relationship .

[r2]route-policy aa permit node 50----- Add an empty rule 

          1、 No, if-match----- Match all
          2、 No, apply— Just follow the big action

                              3、 Call the routing policy during republishing

 [r2-ospf-1]import-route rip route-policy aa

Matching rules of routing policy ： From top to bottom , One by one matching , Once matched, the action will be executed according to the corresponding rules , Don't match down any more , The end implicitly rejects all rules .

3、 ... and 、ROUTE-POLICY Configuration Guide for

1、 Even if a traffic needs to be rejected , When capturing traffic , Permission must also be used , Then reject in the routing policy .
2、 In one rule , If there is no flow matching , Then it means that all ; If there is no apply（ Little affectations ）, Only follow the big action , therefore , If the big action is empty, it means that all .