A policy-based route is configured on the router to divert the traffic meeting conditions to the cleaning device. The policy-based route needs to be configured only on the traffic-diversion router, not on the cleaning device.
Implementation Mechanism
A policy-based route is generally applicable to static traffic-diversion. As shown in Figure 1, a traffic-diversion channel is established between GE1/0/1 on Router1 and GE2/0/1 (cleaning interface) on the cleaning device. Apply a policy-based route to inbound interface GE1/0/0 on Router1. In this way, the packets meeting conditions are forwarded to the cleaning device through GE1/0/1, instead of the routing table. Therefore, traffic destined for the Zone is forcibly diverted.
Configuring the Cleaning Device
In policy-based route injection, you need to configure a policy-based route only for GE1/0/0 on Router1.
Configuring the Router
The following uses Huawei NE80E as an example for describing how to configure Router1 for traffic diversion through the policy-based route.
As shown in Figure 1, configure a policy-based route for inbound traffic GE1/0/0 on Router1.
- Run the system-view command to access the system view.
- Configure the ACL to define the data flow matching the policy-based route.
Run the following commands to define a traffic classifier.
Run the traffic classifier classifier-name command in the system view to define a traffic classifier and access the traffic classifier view.
classifier-name specifies the name of a traffic classifier. It is a string of 1 to 31 characters, case sensitive.
Run the if-match [ ipv6 ] acl { acl-number | name acl-name } command to define an ACL rule.
acl-number specifies the number of the ACL. The value is an integer.
For IPv4 packets, the value ranges from 2000 to 4099.
- A value ranging from 2000 to 3999 indicates a basic or an advanced ACL.
- A value ranging from 4000 to 4099 indicates an ACL based on the Layer-2 Ethernet frame header.
For IPv6 packets, the value ranges from 2000 to 3999.
- A value ranging from 2000 to 2999 indicates a basic ACL.
- A value ranging from 3000 to 3999 indicates an advanced ACL.
acl-name specifies the name of a naming ACL. The value is a string of 1 to 32 case-sensitive characters and cannot contain a space. It must start with a letter from a to z or A to Z, and can be a combination of letters, digits, hyphens (-), or underscores (_).
Run the following commands to define a traffic behavior and set an action accordingly.
Run the traffic behavior behavior-name command in the system view to define a traffic behavior and access the traffic behavior view.
behavior-name: specifies the name of a traffic behavior. The value is a string of 1 to 31 characters.
Run the redirect ip-nexthop ip-address [ interface interface-type interface-number ] command to redirect to the next hop.
ip-address specifies the IP address of the redirected next hop.
interface-type interface-number specifies the type and number of the outbound interface. The number is in the slot number/card number/port number format.
Run the following commands to define a traffic policy and specify a behavior for the classifier in the policy.
Run the traffic policy policy-name command in the system view to define a traffic policy and access the policy view.
policy-name: specifies the name of a traffic policy. The value is a string of 1 to 31 characters.
Run the classifier classifier-name behavior behavior-name [ precedence precedence ] command to specify a behavior for the traffic classifier in the policy.
classifier-name specifies the name of a traffic classifier. It must be already defined.
behavior-name specifies the name of a traffic behavior. It must be already defined.
precedence indicates the priority of the associated traffic classifier and behavior. The value is an integer ranging from 1 to 255. The smaller the precedence value, the higher the priority. The associated traffic classifier and behavior are preferentially processed. If precedence is not specified, the system searches for associations by configuration sequence.
Run the following commands to apply the policy-based route to the interface.
Run the interface interface-type interface-number commands in the system view to access the interface view.
Run the traffic policy policy-name inbound command to apply the policy-based route.
inbound applies the traffic policy to the inbound direction.