Actual use case of strategic routing in a school cloud computer project

1、 Topology

2、 customer demand

Cloud computing network segment 10.16.77.0/24 Take Telecom 1 exit

Cloud computing network segment 10.16.73.0/24 Take Telecom 2 exit

All Internet outlets are home wide , To configure pppoe dial , Home width has a limit on the number of call back connections , All open multiple home widths share the number of user callback connections

3、 Main equipment configuration

AR Router configuration

Policy routing ,acl Flow policy configuration

acl number 2000  

rule 5 permit source 10.16.73.0 0.0.0.255

acl number 2001  

rule 5 permit source 10.16.77.0 0.0.0.255

acl number 2002  

rule 5 permit source 10.16.79.0 0.0.0.255

#

traffic classifier DX2-C operator or

if-match acl 2001

traffic classifier DX1-C operator or

if-match acl 2000

traffic classifier DX3-C operator or

if-match acl 2002

#

traffic behavior DX2-B

redirect interface Dialer2

traffic behavior DX1-B

redirect interface Dialer1

traffic behavior DX3-B

redirect interface Dialer3

#

traffic policy DX2-P

classifier DX2-C behavior DX2-B

traffic policy DX1-P

classifier DX1-C behavior DX1-B

traffic policy DX3-P

classifier DX3-C behavior DX3-B

#

The policy is applied to the corresponding intranet interface

​interface Vlanif102​

ip address 10.16.73.1 255.255.255.0

​traffic-policy DX1-P inbound​

#

​interface Vlanif105​

ip address 10.16.79.1 255.255.255.0

​traffic-policy DX3-P inbound​

#

​interface Vlanif108​

ip address 10.16.77.1 255.255.255.0

​traffic-policy DX2-P inbound​

To configure pppoe Dynamic dialing

interface Dialer1

des DX1

link-protocol ppp

ppp chap user t539fzy021870087

ppp chap password cipher %^%#Nq^eHWnK})YCI+Qai{@CIdC#/dG{$;&MG'4V"EK;%^%#

ppp pap local-user t539fzy021870087 password cipher %^%#~WtW#68S28_T'a1StVd39p7g(ZM~*@|8Y]PAB|a)%^%#

ppp ipcp dns admit-any

ppp ipcp dns request

tcp adjust-mss 1200

ip address ppp-negotiate

dialer user arweb

dialer bundle 1

dialer-group 1

nat outbound 2000                        

#

interface Dialer2

des DX2

link-protocol ppp

ppp chap user t539fzy021869365

ppp chap password cipher %^%#Yf{<6;R^[email protected]\-V_XbmT"8rsmL>6sT9G#obWJ$l)=,%^%#

ppp pap local-user t539fzy021869365 password cipher %^%#a(4Y7tYfVRiDJLTwjkcDin>}='g":Fp}~06>wA)R%^%#

ppp ipcp dns admit-any

ppp ipcp dns request

tcp adjust-mss 1200

ip address ppp-negotiate

dialer user arweb

dialer bundle 2

dialer-group 2

nat outbound 2001

#

interface Dialer3

des DX3

link-protocol ppp

ppp chap user t539fzy021869909

ppp chap password cipher %^%#L,ee;lQR16$|mdK^+G#({P\R8lv2b5VRcb~e)']S%^%#

ppp pap local-user t539fzy021869909 password cipher %^%#`F;t=lc1`0qUSW&FzjzGQ[Y{2+IIo,ohGvJ^s_6T%^%#

ppp ipcp dns admit-any

ppp ipcp dns request

tcp adjust-mss 1200

ip address ppp-negotiate                

dialer user arweb

dialer bundle 3

dialer-group 3

nat outbound 2002 

interface GigabitEthernet0/0/5

des DX1

undo portswitch

pppoe-client dial-bundle-number 1

​mac-address 28a6-db00-44c0​

#

interface GigabitEthernet0/0/6

des DX2

undo portswitch

pppoe-client dial-bundle-number 2

​mac-address 28a6-db00-44c1​

#

interface GigabitEthernet0/0/7

des DX3

undo portswitch

pppoe-client dial-bundle-number 3

​mac-address 28a6-db00-44c2​

​ Physical network port for dialing , must mac Change the address to mac Different addresses , Otherwise, you cannot dial ​

dialer-rule

dialer-rule 1 ip permit

dialer-rule 2 ip permit

dialer-rule 3 ip permit

Configure the default route

ip route-static 0.0.0.0 0.0.0.0 Dialer1

ip route-static 0.0.0.0 0.0.0.0 Dialer2

ip route-static 0.0.0.0 0.0.0.0 Dialer3

4、 Business validation

View the address obtained by dialing

​Dialer1                           100.70.48.156/32     up         up(s)     ​

​Dialer2                           100.70.36.39/32      up         up(s)     ​

​Dialer3                           100.70.51.36/32      up         up(s)     ​

GigabitEthernet0/0/5              unassigned           up         down      

GigabitEthernet0/0/6              unassigned           up         down      

GigabitEthernet0/0/7              unassigned           up         down      

GigabitEthernet0/0/8              unassigned           down       down      

GigabitEthernet0/0/9              172.16.1.1/24        down       down      

GigabitEthernet0/0/10             unassigned           up         down      

NULL0                             unassigned           up         up(s)    

Vlanif102                         10.16.73.1/24        up         up        

Vlanif105                         10.16.79.1/24        up         up        

Vlanif108                         10.16.77.1/24        up         up        

5、 Some problems in configuring policy routing

After the configuration policy route takes effect , All computers appear ping The gateway is unavailable . After investigation

​ ​https://support.huawei.com/enterprise/zh/knowledge/EKB1000086865​​

The network segment used by the policy route needs to be modified , To exclude the traffic of terminal computer accessing the gateway