網絡技術應用中，作為網工如何通過政策路由，來配置公司雙線接入

在企事業網絡中，網絡連接配接的穩定性和可靠性對于企業的營運至關重要。為了確定公司的網絡接入具有高度的備援性和彈性，多數公司選擇配置雙線接入。雙線接入意味着同時使用兩個獨立的網絡服務提供商，以實作更高的帶寬、更低的延遲和更好的故障恢複能力。

然而，僅僅擁有兩個獨立的網絡連接配接并不足以確定網絡的高效運作。這就需要網工采取政策路由的方法，以優化資料包的傳輸路徑，并根據實時網絡狀況和需求動态選擇合适的路徑。

政策路由在網絡技術應用中，允許網工根據一系列規則和政策來決定資料包的流向。通過設定适當的路由政策，網工可以基于不同的因素（如接口故障、帶寬使用率、網絡延遲、服務品質等）來優化資料包的傳輸路徑。這樣一來，可以實作網絡資源的最佳利用，并確定重要資料的高速傳輸。

通過政策路由配置公司雙線接入，網工可以確定流量在兩個網絡連接配接之間智能地配置設定，以實作負載均衡和故障備援。在一個網絡連接配接發生故障或性能下降時，政策路由可以自動将流量切換到另一個可用的連接配接，以確定業務的連續性和可用性。

實驗要求：

1、教學樓A區接入電信專線

2、教學樓B區接入移動專線

3、當出口裝置的某個接口出現故障時，兩區流量經同一條專線輸出

政策配置思路

(1) 配置比對的流量 -- acl

(2) 流分類 -- traffic classifier

(3) 流行為 -- traffic behavior

(4) 流政策 -- traffic policy

(5) 應用-接口 -- traffic-policy 政策名 inbound/outbound

網絡拓撲

詳細配置

1、基礎配置

AR1:

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR1
[AR1]
[AR1]undo inf	
[AR1]undo info-center en
Info: Information center is disabled.
[AR1]
[AR1]int	
[AR1]interface gi	
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[AR1-GigabitEthernet0/0/0]int gi 0/0/1
[AR1-GigabitEthernet0/0/1]ip add 192.168.2.254 24
[AR1-GigabitEthernet0/0/1]int gi 0/0/2
[AR1-GigabitEthernet0/0/2]ip add 12.1.1.1 24
[AR1-GigabitEthernet0/0/2]int gi 6/0/0
[AR1-GigabitEthernet6/0/0]ip add 13.1.1.1 24
[AR1-GigabitEthernet6/0/0]
[AR1-GigabitEthernet6/0/0]q
[AR1]q
<AR1>save
  The current configuration will be written to the device. 
  Are you sure to continue? (y/n)[n]:y
  It will take several minutes to save configuration file, please wait.......
  Configuration file had been saved successfully
  Note: The configuration file will take effect after being activated
<AR1>
<AR1>           

AR2:

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysna	
[Huawei]sysname AR2
[AR2]undo inf	
[AR2]undo info-center en
Info: Information center is disabled.
[AR2]
[AR2]int gi	
[AR2]int GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[AR2-GigabitEthernet0/0/0]int gi 0/0/1
[AR2-GigabitEthernet0/0/1]ip add 100.1.1.1 24
[AR2-GigabitEthernet0/0/1]int lo0
[AR2-LoopBack0]ip add 1.1.1.1 32
[AR2-LoopBack0]q
[AR2]q
<AR2>save
  The current configuration will be written to the device. 
  Are you sure to continue? (y/n)[n]:y
  It will take several minutes to save configuration file, please wait.......
  Configuration file had been saved successfully
  Note: The configuration file will take effect after being activated
<AR2> 
<AR2>           

AR3:

The device is running!

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sysna	
[Huawei]sysname AR3
[AR3]int gi 0/0/0
[AR3-GigabitEthernet0/0/0]ip add 13.1.1.2 24
Jun 27 2023 15:00:18-08:00 AR3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
 on the interface GigabitEthernet0/0/0 has entered the UP state. 
[AR3-GigabitEthernet0/0/0]dis th
[V200R003C00]
#
interface GigabitEthernet0/0/0
 ip address 13.1.1.2 255.255.255.0 
#
return
[AR3-GigabitEthernet0/0/0]
[AR3-GigabitEthernet0/0/0]int gi 0/0/1
[AR3-GigabitEthernet0/0/1]ip add 100.1.1.2 24
Jun 27 2023 15:01:40-08:00 AR3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP
 on the interface GigabitEthernet0/0/1 has entered the UP state. 
[AR3-GigabitEthernet0/0/1]
[AR3-GigabitEthernet0/0/1]int lo0
[AR3-LoopBack0]ip add 2.2.2.2 32
[AR3-LoopBack0]q
[AR3]q
<AR3>save
  The current configuration will be written to the device. 
  Are you sure to continue? (y/n)[n]:y
  It will take several minutes to save configuration file, please wait.......
  Configuration file had been saved successfully
  Note: The configuration file will take effect after being activated
<AR3>
<AR3>           

PC主機配置

PC1和PC2

PC3和PC4

雲設定

2、網絡連通性配置

AR1

[AR1]ip rout	
[AR1]ip rout	
[AR1]ip route-static 0.0.0.0 0 12.1.1.2
[AR1]ip rout	
[AR1]ip route
[AR1]ip route-static 0.0.0.0 0 13.1.1.2
[AR1]
[AR1]           

AR2:

<AR2>
<AR2>sys
Enter system view, return user view with Ctrl+Z.
[AR2]
[AR2]ospf 1
[AR2-ospf-1]area 0
[AR2-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]
[AR2-ospf-1-area-0.0.0.0]netw	
[AR2-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]net	
[AR2-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[AR2-ospf-1-area-0.0.0.0]q
[AR2-ospf-1]q
[AR2]q
<AR2>save
  The current configuration will be written to the device. 
  Are you sure to continue? (y/n)[n]:y
  It will take several minutes to save configuration file, please wait.......
  Configuration file had been saved successfully
  Note: The configuration file will take effect after being activated
<AR2>           

AR3:

<AR3>
<AR3>sys
Enter system view, return user view with Ctrl+Z.
[AR3]ospf 1
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]netw	
[AR3-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]net	
[AR3-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]net	
[AR3-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[AR3-ospf-1-area-0.0.0.0]q
[AR3-ospf-1]q
[AR3]q
<AR3>save
  The current configuration will be written to the device. 
  Are you sure to continue? (y/n)[n]:y
  It will take several minutes to save configuration file, please wait.......
  Configuration file had been saved successfully
  Note: The configuration file will take effect after being activated
<AR3>
<AR3>           

3、NAT轉換配置

<AR1>
<AR1>
<AR1>sys
Enter system view, return user view with Ctrl+Z.
[AR1]
[AR1]acl 2000
[AR1-acl-basic-2000]rule 5 per	
[AR1-acl-basic-2000]rule 5 permit sou	
[AR1-acl-basic-2000]rule 5 permit source 192.168.1.0 0.0.0.255
[AR1-acl-basic-2000]rul	
[AR1-acl-basic-2000]rule 10 per	
[AR1-acl-basic-2000]rule 10 permit sou	
[AR1-acl-basic-2000]rule 10 permit source 192.168.2.0 0.0.0.255
[AR1-acl-basic-2000]q
[AR1]
[AR1]int	
[AR1]interface gi	
[AR1]interface GigabitEthernet 0/0/2
[AR1-GigabitEthernet0/0/2]nat out	
[AR1-GigabitEthernet0/0/2]nat outbound 2000
[AR1-GigabitEthernet0/0/2]int gi 6/0/0
[AR1-GigabitEthernet6/0/0]nat ou	
[AR1-GigabitEthernet6/0/0]nat outbound 2000
[AR1-GigabitEthernet6/0/0]q
[AR1]q
<AR1>save
  The current configuration will be written to the device. 
  Are you sure to continue? (y/n)[n]:y
  It will take several minutes to save configuration file, please wait.......
  Configuration file had been saved successfully
  Note: The configuration file will take effect after being activated
<AR1>
<AR1>
<AR1>           

4、測試：

5、抓包

這裡對AR1 的 ge 0/0/2 和ge 6/0/0 接口抓包

通過上述抓包，我們可以看到所有的資料流量是通過ge6/0/0 這個接口輸出，也就是走的移動專線。這樣會帶來一個問題，就是 ge 0/0/2 空閑 ge6/0/0 很忙，進而導緻ge6/0/0 這個接口的負載比較大，那如何解決這個問題，通過什麼辦法來對其進行分攤呢？這裡就提到了政策路由

6、政策路由的配置

1）建立ACL

<AR1>sys
Enter system view, return user view with Ctrl+Z.
[AR1]acl 2010
[AR1-acl-basic-2010]rul	
[AR1-acl-basic-2010]rule 5 per	
[AR1-acl-basic-2010]rule 5 permit sour	
[AR1-acl-basic-2010]rule 5 permit source 192.168.1.0 0.0.0.255
[AR1-acl-basic-2010]acl 2020
[AR1-acl-basic-2020]ru	
[AR1-acl-basic-2020]rule 5 per	
[AR1-acl-basic-2020]rule 5 permit sour	
[AR1-acl-basic-2020]rule 5 permit source 192.168.2.0 0.0.0.255
[AR1-acl-basic-2020]q
[AR1]           

2）建立流分類

[AR1]traff	
[AR1]traffic cla	
[AR1]traffic classifier jiaoxuelouA
[AR1-classifier-jiaoxuelouA]if	
[AR1-classifier-jiaoxuelouA]if-match ac	
[AR1-classifier-jiaoxuelouA]if-match acl 2010
[AR1-classifier-jiaoxuelouA]q
[AR1]tra	
[AR1]tracert cla	
[AR1]traff	
[AR1]traffic cla	
[AR1]traffic classifier jiaoxuelouB
[AR1-classifier-jiaoxuelouB]if	
[AR1-classifier-jiaoxuelouB]if-match acl	
[AR1-classifier-jiaoxuelouB]if-match acl 2020
[AR1-classifier-jiaoxuelouB]q
[AR1]           

3）建立流行為

[AR1]traffic behavior dianxin
[AR1-behavior-dianxin]redirect 
[AR1-behavior-dianxin]redirect ip	
[AR1-behavior-dianxin]redirect ip-nexthop 12.1.1.2
[AR1-behavior-dianxin]q
[AR1]traf	
[AR1]traffic beh	
[AR1]traffic behavior yidong
[AR1-behavior-yidong]red	
[AR1-behavior-yidong]redirect ip	
[AR1-behavior-yidong]redirect ip-nexthop 13.1.1.2
[AR1-behavior-yidong]           

4）建立流政策

[AR1]traff	
[AR1]traffic poli	
[AR1]traffic policy poA
[AR1-trafficpolicy-poA]class	
[AR1-trafficpolicy-poA]classifier jiaoxuelouA beh	
[AR1-trafficpolicy-poA]classifier jiaoxuelouA behavior dianxin
[AR1-trafficpolicy-poA]q
[AR1]traff	
[AR1]traffic pol	
[AR1]traffic policy poB
[AR1-trafficpolicy-poB]class	
[AR1-trafficpolicy-poB]classifier jiaoxuelouB be	
[AR1-trafficpolicy-poB]classifier jiaoxuelouB behavior yidong
[AR1-trafficpolicy-poB]q
[AR1]
[AR1]           

5）應用到接口

[AR1]int	
[AR1]interface gi	
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]traff	
[AR1-GigabitEthernet0/0/0]traffic-po	
[AR1-GigabitEthernet0/0/0]traffic-policy poA in	
[AR1-GigabitEthernet0/0/0]traffic-policy poA inbound 
[AR1-GigabitEthernet0/0/0]
[AR1-GigabitEthernet0/0/0]int gi 0/0/1
[AR1-GigabitEthernet0/0/1]traff	
[AR1-GigabitEthernet0/0/1]traffic-po	
[AR1-GigabitEthernet0/0/1]traffic-policy poB in	
[AR1-GigabitEthernet0/0/1]traffic-policy poB inbound 
[AR1-GigabitEthernet0/0/1]q
[AR1]
[AR1]           

7、測試

PC1

PC2

現在斷開ge0/0/2

[AR1]int	
[AR1]interface gi	
[AR1]interface GigabitEthernet 0/0/2
[AR1-GigabitEthernet0/0/2]shutdo	
[AR1-GigabitEthernet0/0/2]shutdown 
[AR1-GigabitEthernet0/0/2]
[AR1-GigabitEthernet0/0/2]dis th
[V200R003C00]
#
interface GigabitEthernet0/0/2
 shutdown
 ip address 12.1.1.1 255.255.255.0 
 nat outbound 2000
#
return
[AR1-GigabitEthernet0/0/2]
[AR1-GigabitEthernet0/0/2]           

斷開與電信連接配接的接口後，在進行測試，我們看到流量走的是移動專線。

實驗完成！

寫在最後：

自我設限，固步自封，唯有突破極限，才能發掘潛能。以上就是本期整理的《網絡技術應用中，作為網工如何通過政策路由，來配置公司雙線接入》，自己經曆過的風雨，是以知道你也會堅強。你的【點贊】+【關注】，我會自動解讀為認可。

作者簡介：

我是“網絡系統技藝者”，系統運維工程師一枚，持續分享【網絡技術+系統運維技術】幹貨。碼字不易，如果您覺得文章還可以，就收藏吧，也許在以後某個時間能夠用得到。