NE40E SRv6 P节点流统
问题描述
NE40E L3VPN over SRv6 Policy场景如何在P节点匹配内层IP,P节点流量统计隧道内V4业务流量
解决方案
首先该功能只有V8R21C10及之后版本支持,示例如下:
L3VPN over SRv6 Policy场景匹配内层IP
1. 配置匹配SRv6内层报文信息进行复杂流分类。
1. 定义子流量策略匹配的ACL规则。
[~P] acl 3000
[~P-acl4-advance-3000] rule permit icmp source 1.1.1.2 24 destination 2.1.1.2 24
[*P-acl4-advance-3000] commit
2. 定义父流量策略和子流量策略绑定的流分类。
# 定义父流量策略的流分类。
[~P] traffic classifier outer
[*P-classifier-outer] if-match ipv6 any
[*P-classifier-outer] commit
[~P-classifier-outer] quit
# 定义子流量策略的流分类。
[~P] traffic classifier inner
[*P-classifier-inner] if-match acl 3000
[*P-classifier-inner] commit
[~P-classifier-inner] quit
3. 定义子流量策略的流行为inner,创建子策略inner并绑定流分类和流行为。
[~P] traffic behavior inner
[*P-behavior-inner] permit
[*P-behavior-inner] commit
[~P-behavior-inner] quit
[~P] traffic policy inner
[*P-trafficpolicy-inner] classifier inner behavior inner
[*P-trafficpolicy-inner] undo share-mode
[*P-trafficpolicy-inner] statistic enable
[*P-trafficpolicy-inner] commit
[~P-trafficpolicy-inner] quit
4. 定义父策略的流行为outer,创建父流量策略outer并绑定流分类和流行为。
# 流行为outer下配置匹配SRv6报文内层信息的级联流策略inner。
[~P] traffic behavior outer
[*P-behavior-outer] traffic-policy inner ip-layer srv6-inner
[*P-behavior-outer] commit
[~P-behavior-outer] quit
[~P] traffic policy outer
[*P-trafficpolicy-outer] classifier outer behavior outer
[*P-trafficpolicy-outer] undo share-mode
[*P-trafficpolicy-outer] statistic enable
[*P-trafficpolicy-outer] commit
[~P-trafficpolicy-outer] quit
5. 应用流量策略,在P设备的接口入出方向上应用父流量策略outer。
[~P-GigabitEthernet7/0/1.1] traffic-policy outer outbound
[*P-GigabitEthernet7/0/1.1] commit
[~P-GigabitEthernet7/0/23.1] traffic-policy outer inbound
[*P-GigabitEthernet7/0/23.1] commit
2. 清除统计结果。
reset traffic policy outer statistics interface gigabitethernet 7/0/23.1 inbound
reset traffic policy inner statistics interface gigabitethernet 7/0/23.1 inbound
reset traffic policy inner statistics interface gigabitethernet 7/0/1.1 outbound
reset traffic policy outer statistics interface gigabitethernet 7/0/1.1 outbound
3. 查询业务统计结果。
1. 查询入口统计,查询命令行相比传统命令行增加policy名称inner。
[~P] display traffic policy inner statistics interface GigabitEthernet 7/0/23.1 inbound verbose rule-based
Info: The statistics is shared because the policy is shared.
Interface: GigabitEthernet7/0/23.1
Traffic policy inbound: inner
Traffic policy applied at 2022-03-31 11:09:14
Statistics enabled at 2022-03-31 11:04:46
Statistics last cleared: 2022-03-31 11:22:54
Rule number: 4 IPv4, 0 IPv6
Current status: OK!
Classifier: inner operator or
if-match acl 3000 precedence 1
rule 5 permit icmp source 1.1.1.0 0.0.0.255 destination 2.1.1.0 0.0.0.255
148,144,324 bytes, 131,801 packets
Last 30 seconds rate 3,899 pps, 35,055,912 bps
Behavior: inner
-none-
2. 查询出口统计结果,查询命令行相比传统命令行增加policy名称inner。
[~P] display traffic policy inner statistics interface GigabitEthernet 7/0/1.1 outbound verbose rule-based
Info: The statistics is shared because the policy is shared.
Interface: GigabitEthernet7/0/1.1
Traffic policy outbound: inner
Traffic policy applied at 2022-03-31 11:12:32
Statistics enabled at 2022-03-31 11:04:46
Statistics last cleared: 2022-03-31 11:22:55
Rule number: 4 IPv4, 0 IPv6
Current status: OK!
Classifier: inner operator or
if-match acl 3000 precedence 1
rule 5 permit icmp source 1.1.1.0 0.0.0.255 destination 2.1.1.0 0.0.0.255
148,144,324 bytes, 131,801 packets
Last 30 seconds rate 3,077 pps, 27,666,232 bps
Behavior: inner
-none-
4. 回退配置。
[~P] interface GigabitEthernet7/0/1.1
[*P-GigabitEthernet7/0/1.1] undo traffic-policy inbound
[*P-GigabitEthernet7/0/1.1] undo traffic-policy outbound
[*P] commit
[*P] interface GigabitEthernet7/0/23.1
[*P-GigabitEthernet7/0/23.1] undo traffic-policy inbound
[*P-GigabitEthernet7/0/23.1] undo traffic-policy outbound
[*P] commit
[*P] undo traffic policy outer
[*P] undo traffic behavior outer
[*P] undo traffic classifier outer
[*P] undo traffic policy inner
[*P] undo traffic behavior inner
[*P] undo traffic classifier inner
[*P] undo acl 3000
[*P] commit
