[原创]Route-map(一) (2009-12-05 14:01:59)转载
标签: route-map 路由图 路由映射 cisco 杂谈 分类: Router
<Route-Map>
也叫路由图或者路由映射表,是对路由进行加工处理的工具。
1、route-map可以调用ACL或prefix抓出一部分路由进行加工处理
2、每一个route-map可以有多条语句,每条语句都有一个序号
3、每条语句都有两种动作:match 和 set
4、每条语句对抓出来的路由都有两种处理方式:permit 或 deny
route-map的使用分三步操作:
1、定义ACL或prefix抓出路由
2、定义route-map说明对匹配的路由所采取的处理方式
3、调用route-map //route-map只是一个策略的工具,不调用是没有作用的.
route-map的匹配逻辑:
route-map NAME permit 10
match ip address x y z
-------> OR
match ip address a �W
match ip address b �W AND
match ip address c ↓
如不写match/set,默认: match any
set nothing
案例1:路由映射和重新分配
要求在R1上将EIGRP重分布进OSPF,其中172.16.1.0路由要以OE1重分布,172.16.2.0路由重分布时metric值要改为100,172.16.3.0的路由不允许重分布,其它路由不改动,默认重分布,在R3上的几个环回口,只向R2重分发第三个八位组是奇数的路由
在还没有配置策略时,R2和R3的路由表分别为:
R2#sh ip ro ei
1.0.0.0/24 is subnetted, 1 subnets
D EX 1.1.1.0 [170/2195456] via 12.1.1.1, 00:04:50, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
D EX 3.3.3.3 [170/2195456] via 12.1.1.1, 00:04:50, Serial1/1
111.0.0.0/32 is subnetted, 9 subnets
D EX 111.111.1.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D EX 111.111.3.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D EX 111.111.2.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D EX 111.111.5.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D EX 111.111.4.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D EX 111.111.7.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D EX 111.111.6.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D EX 111.111.9.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
D EX 111.111.8.1 [170/2195456] via 12.1.1.1, 00:00:05, Serial1/1
13.0.0.0/24 is subnetted, 1 subnets
D EX 13.1.1.0 [170/2195456] via 12.1.1.1, 00:04:50, Serial1/1
R3#sh ip ro os
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 13.1.1.1, 00:00:31, Serial1/0
2.0.0.0/24 is subnetted, 1 subnets
O E2 2.2.2.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.1.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
O E2 172.16.2.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
O E2 172.16.3.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
12.0.0.0/24 is subnetted, 1 subnets
O E2 12.1.1.0 [110/20] via 13.1.1.1, 00:00:31, Serial1/0
此时,在R1上做配置:
R1#sh run | b r e
router eigrp 100
redistribute ospf 100 metric 10000 100 1 255 1500 route-map ccie
!
router ospf 100
redistribute eigrp 100 subnets route-map wolf
!
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 2 permit 172.16.2.0 0.0.0.255
access-list 3 permit 172.16.3.0 0.0.0.255
access-list 4 permit 111.111.1.1
access-list 4 permit 111.111.3.1
access-list 4 permit 111.111.5.1
access-list 4 permit 111.111.7.1
access-list 4 permit 111.111.9.1
access-list 4 permit 13.1.1.0
!
route-map ccie permit 10
match ip address 4
!
route-map wolf permit 10
match ip address 1
set metric-type type-1
!
route-map wolf permit 20
match ip address 2
set metric 100
!
route-map wolf deny 30
match ip address 3
!
route-map wolf permit 40
再来看一看R2和R3的路由表:
R2#sh ip ro ei
111.0.0.0/32 is subnetted, 5 subnets
D EX 111.111.1.1 [170/2195456] via 12.1.1.1, 00:02:15, Serial1/1
D EX 111.111.3.1 [170/2195456] via 12.1.1.1, 00:01:57, Serial1/1
D EX 111.111.5.1 [170/2195456] via 12.1.1.1, 00:01:56, Serial1/1
D EX 111.111.7.1 [170/2195456] via 12.1.1.1, 00:01:54, Serial1/1
D EX 111.111.9.1 [170/2195456] via 12.1.1.1, 00:01:52, Serial1/1
13.0.0.0/24 is subnetted, 1 subnets
D EX 13.1.1.0 [170/2195456] via 12.1.1.1, 00:01:43, Serial1/1
R3#sh ip ro os
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 13.1.1.1, 00:16:55, Serial1/0
2.0.0.0/24 is subnetted, 1 subnets
O E2 2.2.2.0 [110/20] via 13.1.1.1, 00:16:55, Serial1/0
172.16.0.0/24 is subnetted, 2 subnets
O E1 172.16.1.0 [110/84] via 13.1.1.1, 00:10:36, Serial1/0
O E2 172.16.2.0 [110/100] via 13.1.1.1, 00:10:36, Serial1/0
12.0.0.0/24 is subnetted, 1 subnets
O E2 12.1.1.0 [110/20] via 13.1.1.1, 00:16:55, Serial1/0
看一看三台路由器的配置:
R2的配置:
R2#sh run | b r e
router eigrp 100
network 2.2.2.2 0.0.0.0
network 12.1.1.2 0.0.0.0
network 172.16.0.0
no auto-summary
R1的配置:
R1#sh run | b r e
router eigrp 100
redistribute ospf 100 metric 10000 100 1 255 1500 route-map ccie
network 12.1.1.1 0.0.0.0
no auto-summary
!
router ospf 100
router-id 1.1.1.1
log-adjacency-changes
redistribute eigrp 100 subnets route-map wolf
network 1.1.1.1 0.0.0.0 area 0
network 13.1.1.1 0.0.0.0 area 0
!
ip classless
no ip http server
!
!
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 2 permit 172.16.2.0 0.0.0.255
access-list 3 permit 172.16.3.0 0.0.0.255
access-list 4 permit 111.111.1.1
access-list 4 permit 111.111.3.1
access-list 4 permit 111.111.5.1
access-list 4 permit 111.111.7.1
access-list 4 permit 111.111.9.1
access-list 4 permit 13.1.1.0
!
route-map ccie permit 10
match ip address 4
!
route-map wolf permit 10
match ip address 1
set metric-type type-1
!
route-map wolf permit 20
match ip address 2
set metric 100
!
route-map wolf deny 30
match ip address 3
!
route-map wolf permit 40
R3的配置:
R3#sh run | b r o
router ospf 100
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 13.1.1.3 0.0.0.0 area 0
network 111.111.0.0 0.0.255.255 area 0
注意:
·在route-map的最后隐含了一条deny any的语句
·如果不写一句空Route-map 去允许其它路由通过,则没有匹配的路由直接被丢弃。
还可以在重分布直连的时候match一个接口,直接写route-map就可以,不用定义访问列表。
R1(config)#route-map WOLF permit 10
R1(config-route-map)#match interface e0
案例2:使用route-map打tag
作用:可以对一些路由打上tag,好让后面的路由器根据tag找出这些路由并进行相应的策略
如上图所示,要求:
1、在R3上将RIP重分布进OSPF
2、在R1上将OSPF重分布进EIGRP,但不能将从RIP学到的路由带过去
可以用tag解决:
1、在R3上将RIP重分布进OSPF时,利用route-map打上tag标记
2、在R1上将OSPF重分布进EIGRP时,找出打了tag标记的路由再deny掉就行了
现看一看没有配置策略时R2和R1的路由表:
R2#sh ip ro ei
1.0.0.0/24 is subnetted, 1 subnets
D EX 1.1.1.0 [170/2195456] via 12.1.1.1, 00:04:09, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
D EX 3.3.3.3 [170/2195456] via 12.1.1.1, 00:04:09, Serial1/1
172.16.0.0/24 is subnetted, 3 subnets
D EX 172.16.1.0 [170/2195456] via 12.1.1.1, 00:00:41, Serial1/1
D EX 172.16.2.0 [170/2195456] via 12.1.1.1, 00:00:32, Serial1/1
D EX 172.16.3.0 [170/2195456] via 12.1.1.1, 00:00:24, Serial1/1
13.0.0.0/24 is subnetted, 1 subnets
D EX 13.1.1.0 [170/2195456] via 12.1.1.1, 00:04:09, Serial1/1
R1#sh ip ro os
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 13.1.1.3, 00:00:37, Serial1/1
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.1.0 [110/20] via 13.1.1.3, 00:00:37, Serial1/1
O E2 172.16.2.0 [110/20] via 13.1.1.3, 00:00:37, Serial1/1
O E2 172.16.3.0 [110/20] via 13.1.1.3, 00:00:37, Serial1/1
R1#sh ip ro 172.16.1.0
Routing entry for 172.16.1.0/24
Known via "ospf 100", distance 110, metric 20, type extern 2, forward metric 64
Redistributing via eigrp 100
Advertised by eigrp 100 metric 10000 100 1 255 1500
Last update from 13.1.1.3 on Serial1/1, 00:01:04 ago
Routing Descriptor Blocks:
* 13.1.1.3, from 3.3.3.3, 00:01:04 ago, via Serial1/1
Route metric is 20, traffic share count is 1
此时,我们在3上做配置:
R3# sh run | b r o
router ospf 100
redistribute rip subnets route-map wolf
!
route-map wolf permit 10
set tag 20
此时查看R2和R1的路由表:
R1#sh ip ro 172.16.1.0
Routing entry for 172.16.1.0/24
Known via "ospf 100", distance 110, metric 20
Tag 20, type extern 2, forward metric 64
Redistributing via eigrp 100
Advertised by eigrp 100 metric 10000 100 1 255 1500
Last update from 13.1.1.3 on Serial1/1, 00:00:33 ago
Routing Descriptor Blocks:
* 13.1.1.3, from 3.3.3.3, 00:00:33 ago, via Serial1/1
Route metric is 20, traffic share count is 1
R2#sh ip ro 172.16.1.0
Routing entry for 172.16.1.0/24
Known via "eigrp 100", distance 170, metric 2195456
Tag 20, type external
Redistributing via eigrp 100
Last update from 12.1.1.1 on Serial1/1, 00:02:15 ago
Routing Descriptor Blocks:
* 12.1.1.1, from 12.1.1.1, 00:02:15 ago, via Serial1/1
Route metric is 2195456, traffic share count is 1
Total delay is 21000 microseconds, minimum bandwidth is 1544 Kbit
Reliability 1/255, minimum MTU 1500 bytes
Loading 255/255, Hops 1
到了R1之后,对打tag的路由丢弃:在R1上做配置:
R1#sh run | b r e
router eigrp 100
redistribute ospf 100 metric 10000 100 1 255 1500 route-map ccnp
!
route-map ccnp deny 10
match tag 20
!
route-map ccnp permit 20
此时,再查看R2的路由表:
R2#sh ip ro ei
1.0.0.0/24 is subnetted, 1 subnets
D EX 1.1.1.0 [170/2195456] via 12.1.1.1, 00:01:27, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
D EX 3.3.3.3 [170/2195456] via 12.1.1.1, 00:01:27, Serial1/1
13.0.0.0/24 is subnetted, 1 subnets
D EX 13.1.1.0 [170/2195456] via 12.1.1.1, 00:01:27, Serial1/1
案例3:TCP/IP卷一实验之------路由策略
实验需求:
1: Configure policy routes for Router A in Figure 14-14 that forward packets from subnets 172.16.1.0/28 through 172.16.1.112/28 to Router D and forward packets from subnets 172.16.1.128/28 through 172.16.1.240/28 to Router E.
2: Configure policy routes for Router A in Figure 14-14 so that packets from subnets 172.16.1.64/28 through 172.16.1.112/28 are forwarded to Router D if they are received from Router C. If packets from the same subnets are received from Router B, forward them to Router E. All other packets should be forwarded normally.
3: Configure policy routes for Router A in Figure 14-14 that will forward any packets destined for subnets 172.16.1.0/28 through 172.16.1.240/28, sourced from an SMTP port, to Router C. Route any other UDP packets destined for the same subnets to Router B. No other packets should be forwarded to Routers C or B by either the policy routes or the normal routing protocol.
当初始配置完成后RB,RC,RD,RE的路由表分别为:
RB:
RB#sh ip ro os
172.16.0.0/16 is variably subnetted, 36 subnets, 3 masks
O 172.16.1.178/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.162/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.146/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.130/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.242/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.226/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.210/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.194/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.50/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.34/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.14.16/30 [110/128] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.18/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.14.8/30 [110/128] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.14.12/30 [110/128] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.2/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.114/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.98/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.82/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
O 172.16.1.66/32 [110/129] via 172.16.14.6, 00:01:27, Serial0/0
RC:
RC#sh ip ro os
172.16.0.0/16 is variably subnetted, 36 subnets, 3 masks
O 172.16.1.177/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.161/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.145/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.129/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.241/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.225/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.209/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.193/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.49/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.33/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.14.16/30 [110/128] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.17/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.14.4/30 [110/128] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.1/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.14.12/30 [110/128] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.113/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.97/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.81/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
O 172.16.1.65/32 [110/129] via 172.16.14.10, 00:02:03, Serial0/1
RD:
RD#sh ip ro os
172.16.0.0/16 is variably subnetted, 36 subnets, 2 masks
O 172.16.1.177/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.178/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.161/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.162/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.145/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.146/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.129/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.130/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.241/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.242/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.225/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.226/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.209/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.210/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.193/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.194/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.49/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.50/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.33/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.34/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.17/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.1.18/32 [110/129] via 172.16.14.18, 00:02:08, Serial0/2
O 172.16.14.4/30 [110/128] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.14.8/30 [110/128] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.1/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.14.12/30 [110/128] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.2/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.113/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.114/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.97/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.98/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.81/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.82/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.65/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2
O 172.16.1.66/32 [110/129] via 172.16.14.18, 00:02:28, Serial0/2