3Com Router User Manual

							Configuring IP Routing Policy487
Ta b l e 567   Display and Debug of IP Routing Policy
Configuring IP 
Routing PolicyThis example explains how an OSPF protocol selectively imports an RIP route.
As shown in the following figure, the router connects a campus network which 
uses RIP as its internal routing protocol and an external area network which uses 
OSPF routing protocol. The router advertises some routing information of the 
campus network around the external area network. To implement this, the OSPF 
protocol imports a routing policy to perform route filtering in order to import the 
RIP information. The routing policy consists of two nodes, and the routing 
information of 192.1.0.0/24 and 128.2.0.0/16 is advertised by the OSPF protocol 
with different weighting values.
Figure 157   Networking diagram of OSPF importing route distributed by RIP
1Define IP prefix lists
[Router]ip ip-prefix  p1 permit 192.1.1.0/24 
[Router]ip ip-prefix  p2 permit 128.2.0.0/16 
2Configure Routing policy
[Router]route-policy r1 permit 10 
[Router-route-policy]if-match ip address ip-prefix p1 
[Router-route-policy]route-policy r1 permit 20 
[Router-route-policy]if-match ip address ip-prefix p2 
[Router-route-policy]quit 
3Configure OSPF
[Router]ospf enable 
[Router-ospf]import-route rip route-policy r1 
[Router-ospf]interface ethernet 0 
[Router-Ethernet0]ip address 128.1.0.1 255.255.255.0 
[Router-Ethernet0]ospf enable area 0
Configuring Filtering 
Route Information for 
OSPFI. Networking requirements
■Router A is  connected to Router B, and the link layer encapsulates PPP 
protocol.
■Router A receives three static routes and the next hop is an Ethernet interface.
■Router B is configured with filtering rules, making the three static routes 
partially visible and partially shielded. The routes of network segments 20.0.0.0 
and 40.0.0.0 are visible and those of network segment 30.0.0.0 are filtered.
OperationCommand
Display routing policydisplay route-policy [ policy-name ]
Display IP prefix list informationdisplay ip ip-prefix [ 
prefix-list-name ]
campus
net wor kex t er nal  ar ea
net wor k
128.1.0.1
128. 2. 0. 0/ 16 192. 1. 0. 0/ 24
128.1.0.0/16 
						

							488CHAPTER 31: CONFIGURING IP ROUTING POLICY
Figure 158   Networking diagram of configuring OSPF route filtering
1Configure Router A:
aConfigure static routes:
[RouterA]ip route-static 20.0.0.1 32 ethernet 0 
[RouterA]ip route-static 30.0.0.1 32 ethernet 0 
[RouterA]ip route-static 40.0.0.1 32 ethernet 0 
bStart OSPF protocol.
[RouterA]router id 1.1.1.1 
[RouterA]ospf enable 
cImport static route
[RouterA-ospf]import-route static 
dConfigure Serial 0, and specify id of area including the interface.
[RouterA-ospf]interface serial 0 
[RouterA-Serial0]ip address 10.0.0.1 255.0.0.0 
[RouterA-Serial0]link-protocol ppp 
[RouterA-Serial0]interface serial 0 
[RouterA-Serial0]ospf enable area 0
2Configure Router B:
aConfigure an access list:
[RouterB]acl 1 
[RouterB-acl-1]rule deny source 30.0.0.0 255.255.255.0 
[RouterB-acl-1]permit any 
[RouterB-acl-1]quit
bStart OSPF protocol and configure the area number of this interface
[RouterB]router id 2.2.2.2 
[RouterB]ospf enable 
cConfigure filtering route information received for OSPF
[RouterB-ospf]filter-policy 1 import 
dConfigure IP address of Serial0, encapsulated to PPP protocol.
[RouterB-ospf]interface serial 0 
[RouterB-Serial0]link-protocol ppp 
[RouterB-Serial0]ip address 10.0.0.2 255.0.0.0 
[RouterB-Serial0]ospf enable area 0
 Configuring Filtering 
Route InformationThis example describes how OSPF imports RIP route selectively. 
The router connects campus network A and campus network B, both of which use 
RIP as the internal routing protocol. The router needs to distribute the routes 
192.1.1.0/24 and 192.1.2.0/24 of campus A in the local network. To achieve this 
function, RIP protocol on the router defines a filter-policy to filter the routing 
information, perform the route filtering function through quoting a prefix list.
area 0
S0S0 static 20.0.0.1
 30.0.0.1
 40.0.0.1
Router A
Router B 
						

							Troubleshooting IP Routing Policy489
Figure 159   Networking diagram of filtering the distributed routing information
1Configure ip-prefix
[Router]ip ip-prefix p1 permit 192.1.1.0/24 
2Configure RIP protocol 
[Router]rip 
[Router-rip]network 192.1.0.0 
[Router-rip]network 202.1.1.0 
[Router-rip]filter-policy ip-prefix p1 export 
Troubleshooting IP 
Routing PolicyRouting information cannot be filtered when the routing protocol is in 
normal operation
Check the following:
■At least one node in the routing policy should be in permit matching mode. 
When a routing policy is used to filter routing information or a specific routing 
information does not pass the filtering of a node, the routing information is 
considered not passing the filtering of this routing policy. When all nodes of the 
routing policy are in deny mode, no routing information will pass the filtering 
of this routing policy.
■At least one item in the prefix-list should be in permit matching mode. The list 
items in deny mode can be defined to fast filtering routing information that 
does not meet the conditions. But if all list items are in deny mode, no route 
will pass the filtering of this prefix-list. Define a permit 0.0.0.0/0 list item after 
multiple items are defined in deny modes, so that all other routes will pass the 
filtering.
When an ACL is quoted for filtering routing information and ACL 
definition is modified, the route strategy is not updated.
In this case, reconfigure by quoting the strategy and rule of this ACL to inform the 
protocol of the ACL change. If other filters are quoted, this operation is not 
necessary and the protocols are informed of the change of the router.
Campus network A
Router
202.1.1.0Campus network B 192.1.10.0 
						

							490CHAPTER 31: CONFIGURING IP ROUTING POLICY 
						

							32
CONFIGURING IP POLICY ROUTING
This chapter covers the following topics:
■IP Policy Routing Overview
■Configuring IP Policy Routing
■Displaying and Debugging IP Policy Routing
■IP Policy Routing Configuration Example
IP Policy Routing 
OverviewIP policy routing is a mechanism in which messages are transmitted and forwarded 
by strategy without going through the routing table. When a router is forwarding 
a packet by policy routing, it is first filtered by a route policy which decides the 
packets to be forwarded and to which router.
The user configures the IP policy for routing. It is composed of a group of if-match 
clauses and a group of apply clauses. Only when all 
if-match clauses of policy 
routings are fully satisfied are the apply clauses in the policy routings executed in 
sequence, to affect the message forwarding.
At present, two if-match clauses, if-match length and if-match ip address, 
are provided.
Apply clause defines the operation of the strategy. there are five apply clauses: 
apply ip precedence, apply interface, apply ip next-hop, apply default 
interface
, apply ip default next-hop. They are executed in sequence until 
the operation can proceed.
There are two kinds of policy routings: interface policy routing and local policy 
routing. Interface policy routing is configured in interface view and performs 
strategic routing for messages from this interface. Local policy routing is 
configured in system view and performs policy routing for messages generated by 
this host. Generally, the local policy routing must not be configured.
The policy routing can be used for security and load balancing.
Configuring IP Policy 
RoutingIP policy routing configuration includes:
■Creating a Routing Policy
■Define Match Rules
■Define Apply Clause
■Enabling and Disabling Local Policy Routing
■Enabling and Disabling Interface Policy Routing 
						

							492CHAPTER 32: CONFIGURING IP POLICY ROUTING
Creating a Routing 
PolicyThe strategy specified with the strategy name may have several strategy points 
and each strategy point is specified with sequence-num. The smaller the 
sequence-num, the higher the preference and the defined strategy will be 
executed first. This strategy can be used to import routes and perform policy 
routing when IP messages are forwarded. When a routing policy is recreated, the 
configuration information of the new routing policy overwrites that of the old 
routing policy. The contents of the strategy is specified by if-match and apply 
clauses.
See “Configuring IP Routing Policy” for details.
Perform the following configurations in system view.
Ta b l e 568   Create a Routing Policy
permit means policy routing for the messages meets the conditions and deny 
means no policy routing for the message meets the conditions.
By default, no strategy is created.
Define Match RulesIP policy routing provides two if-match clauses that allow matching strategy 
according to IP message length and IP address. One strategy includes multiple 
if-match clauses, which can be used in combination.
Perform the following configurations in Routing policy view.
Ta b l e 569   Define Match Rules
By default, no if-match clause is defined.
Define Apply ClauseIP policy routing provides 5 apply clauses. One strategy includes multiple apply 
clauses, which can be used in combination. 
Perform the following configurations in Routing policy view.
Ta b l e 570   Define Apply Clause
OperationCommand
Create a routing policy and enter into the 
Routing policy viewroute-policy policy-name { permit | 
deny} { seq-number }
Delete a routing policyno route-policy policy-name [ permit 
| deny ] [ seq-number ]
OperationCommand
Specify IP message matching the lengthif-match length min-len max-len
Remove IP message matching the lengthno if-match length 
Specify IP address matching the specified 
access listsif-match ip address acl-number
Remove IP address matching the specified 
access listsundo if-match ip address 
OperationCommand
Set message precedenceapply ip precedence precedence 
						

							Displaying and Debugging IP Policy Routing493
You can specify multiple next-hops or send the message to multiple interfaces. 
Generally, only the first parameter works. If the first parameter is mismatched, the 
second parameter will take effect, and so on.
By default, no apply clause is defined.
Enabling and Disabling 
Local Policy RoutingPerform the following configurations in system view.
Ta b l e 571   Enable/Disable the Local Policy Routing
By default, local policy routing is disabled. Only one local policy route can be 
configured.
Enabling and Disabling 
Interface Policy RoutingPerform the following configurations in interface view
Ta b l e 572   Enable/Disable Interface Policy Routing
By default, interface policy routing is disabled.
Displaying and 
Debugging IP Policy 
RoutingPerform the following configurations in all views.
Ta b l e 573   Display and Debug IP Policy Routing
Cancel apply clauses setting message 
precedenceundo apply ip precedence
Set message transmitting interfaceapply interface type number 
Cancel apply clauses setting message 
transmitting interfaceno apply interface
Set message default transmitting interfaceapply default interface type number 
Cancel apply clauses setting message 
default sending interfaceundo apply default interface
Set message next-hopapply ip next-hop ip-address
Cancel apply clauses setting message 
next-hopundo apply ip next-hop 
Set message default next-hopapply ip default next-hop ip-address
Cancel apply clauses setting message 
default next-hopundo apply ip default next-hop
Operation Command
OperationCommand
Enable local policy routingip local policy route-policy 
policy-name
Disable local policy routing undo ip local policy route-policy 
OperationCommand
Enable interface policy routingip policy route-policy policy-name
Disable interface policy routing undo ip policy route-policy 
OperationCommand
Turn on the debugging information switch 
of policy routingdebugging ip policy-routing 
						

							494CHAPTER 32: CONFIGURING IP POLICY ROUTING
IP Policy Routing 
Configuration 
ExampleThis section describes two different configurations for IP policy routing with a 
suggested procedure for each configuration.
Configure Policy Routing 
Based on Source AddressDefine a policy named “aaa” that includes two nodes, through which all TCP 
messages are transferred from serial interface 0 and the others are transferred 
from serial interface 1.
■Node 10 indicates that messages matched with access list 102 will be sent to 
serial interface 0.
■Node 20 indicates that all the other messages will be sent to serial interface 1.
The messages from Ethernet 0 attempt to match if-match clauses of nodes 10 and 
20, in turn. If nodes in permit mode are matched, the corresponding apply clauses 
are executed. If nodes in deny modes are matched, exit from policy routing.
LAN A is connected with the Internet through the 3Com router, requiring that TCP 
messages be transmitted through path 1 and other messages be transmitted 
through path 2.
Figure 160   Networking diagram of configuring policy routing based on source address
1Define access list:
[Router]acl 101
[Router-acl-101]rule deny tcp source any destination any
[Router-acl-101]acl 102 
[Router-acl-102]rule permit tcp source any destination any 
2Define a node 10, indicating messages matching access list 102 will be sent to 
serial interface 1
[Router-acl-101]route-policy aaa permit 10 
[Router-route-policy]if-match ip address  102 
[Router-route-policy]apply interface serial 1 
3Define node 20, indicating all the other messages will be sent to serial interface 0
[Router-route-policy]route-policy aaa permit 20 
[Router-route-policy]if-match ip address  101 
[Router-route-policy]apply interface serial 0
LAN A 10.110.0.0/16
InternetQuidwayEO
S1
S0 
						

							IP Policy Routing Configuration Example495
4Adopt policy aaa in Ethernet interface 
[Router-route-policy]interface ethernet 0 
[Router-Ethernet0]ip policy route-policy aaa 
Configure Policy Routing 
Based on Message SizeRouter A sends the messages of 64-100 bytes through S0, messages of 101-1000 
bytes through S1 and those of other sizes must be routed normally.
Apply IP policy routing lab1 on E0 of Router A. This strategy sets message of 
64-100 bytes to 150.1.1.2 as the IP address of next forwarding and set message of 
101-1000 bytes to 151.1.1.2 as the IP address of next forwarding. All messages of 
other levels must be routed in the method based on the destination address
Figure 161   Networking diagram of configuring policy routing based on message size
1Configure Router A:
[RouterA]interface ethernet 0 
[RouterA-Ethernet0]ip address 192.1.1.1 255.255.255.0 
[RouterA-Ethernet0]ip policy route-policy lab1 
[RouterA-Ethernet0]interface serial 0 
[RouterA-Serial0]ip address 150.1.1.1 255.255.255.0 
[RouterA-Serial0]interface serial 1 
[RouterA-Serial1]ip address 151.1.1.1 255.255.255.0 
[RouterA-Serial1]quit 
[RouterA]rip 
[RouterA-rip]network 192.1.1.0 
[RouterA-rip] network 150.1.1.0 
[RouterA-rip] network 151.1.1.0 
[RouterA-rip]route-policy lab1 permit 10 
[RouterA-route-policy]if-match length 64 100 
[RouterA-route-policy] apply ip next-hop 150.1.1.2 
[RouterA-route-policy]route-policy lab1 permit 20 
[RouterA-route-policy]if-match length 101 1000 
[RouterA-route-policy]apply ip next-hop 151.1.1.2
2Configure Router B:
[RouterB]interface serial 0 
[RouterB-Serial0]ip address 150.1.1.2 255.255.255.0
[RouterB-Serial0]interface serial 1 
[RouterB-Serial1]ip address 151.1.1.2 255.255.255.0 
[RouterB-Serial1]quit 
[RouterB]rip 
[RouterB-rip]network 150.1.1.0 
[RouterB-rip]network 151.1.1.0
Monitor policy routing with debug ip policy command on Router A. Note: the 
messages of 64 bytes match the entry item whose serial number 10 as shown in 
the routing diagram lab1, therefore they are forwarded to 150.1.1.2.
Router A
Router B
S0
150.1.1.1S0
150.1.1.2
S1
151.1.1.1S1
151.1.1.2
Apply strategy on E0
E0
192.1.1.1
64-100 bytes
101-1000 bytes 
						

							496CHAPTER 32: CONFIGURING IP POLICY ROUTING
[RouterA]debugging ip policy-routing
IP:  s=151.1.1.1(local),d=152.1.1.1, len  64, policy match
IP:  route map lab1, item 10, permit
IP:  s=151.1.1.1(local),d=152.1.1.1, len  64, policy routed
IP:  local to serial 150.1.1.2
On Router A, change the message size to 101 bytes and monitor policy routing 
with debug ip policy command. Note: the messages of 101 bytes match the entry 
item whose serial number 20 as shown in the routing diagram lab1. They are sent 
to 151.1.1.2.
[RouterA]debugging ip policy-routing
IP:  s=151.1.1.1(local),d=152.1.1.1, len  101, policy match
IP:  route map lab1, item 20, permit
IP:  s=151.1.1.1(local),d=152.1.1.1, len  101, 64, policy routed
IP:  local to serial 151.1.1.2
On Router A, change the message size to 1001 bytes and monitor policy routing 
with debug ip policy command. Note that this message does not match any entry 
item in lab1, so it is forwarded in regular mode.
[RouterA]debugging ip policy-routing
IP:s=151.1.1.1(local),d=152.1.1.1, len  1001, policy rejected-normal forwarding
IP:s=151.1.1.1(local),d=152.1.1.1, len  1001, policy rejected-normal forwarding