从重分发到OMP中排除路由
简介
本文档介绍如何排除不需要的路由重分发到重叠管理协议(OMP)中。
先决条件
要求
建议掌握下列主题的相关知识:
-
思科软件定义的广域网(SD-WAN)
- 路由
使用的组件
本文档中的信息基于以下软件和硬件版本:
- 思科vManage版本20.6.5.2
- 思科广域网边缘路由器17.6.3a
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
配置
默认情况下,已连接、静态、OSPF区域间以及OSPF区域内均被重分发到OMP。
本地化策略+ CLI插件模板
在本使用案例中,您不想在vrf 1中重分布其中一个已连接路由。默认情况下,所有连接的路由都会重分布到OMP中,此用例有助于过滤特定连接前缀。
1.本地化政策
在Localized policy的自定义选项下创建新的前缀列表:需要前缀才能知道需要重分发的路由。
创建路由策略并将其应用于本地化策略:匹配之前创建的前缀,并将操作设置为Accept。 路由策略在推送到广域网边缘设备后会转换为路由映射。
默认操作必须为Reject,因为需要重新分发之前创建的前缀。
预览:这是创建本地化策略后配置的外观。
2.使用CLI插件模板。
确保创建CLI加载项模板以映射之前在OMP下创建的路由映射,因为没有在OMP功能模板下映射的选项。
将创建的本地化策略和CLI附加模板附加到设备模板。
CLI插件模板
1.在本使用案例中,您要重分发OSPF内部路由,而不是OSPF外部路由。默认情况下,OSPF内部路由重分发到OMP,此用例有助于过滤特定的OSPF前缀。
要仅限制重分发到OMP的VRF 1上的OSPF内部路由,请将其设置为route-map,并定义与类型OSPF internal匹配的路由映射。路由映射配置通过CLI插件模板完成。
将CLI附加模板附加到设备模板。
2.在本使用案例中,您要重分发OSPF外部路由而不是OSPF内部路由。默认情况下,OSPF外部路由不会重分发到OMP,此用例有助于过滤特定的OSPF前缀。
要仅限制重分发到OMP的VRF 1上的OSPF外部路由,请将其置于路由映射下,并定义与类型OSPF external匹配的路由映射。 路由映射配置通过CLI插件模板完成。
将CLI附加模板附加到设备模板。
集中控制策略
1.在本使用案例中,您希望在站点ID为10和100的两个目标站点上不接收特定路由192.168.50.2/32。
在“集中策略”(Centralized Policy)的自定义选项下创建站点列表:需要站点列表来了解不得接收哪些站点路由。
在Centralized policy(集中策略)的自定义选项下创建新的前缀列表:需要前缀才能知道不需要接收哪些路由。
在集中式策略的自定义选项下创建具有自定义控制(Route & TLOC)的拓扑。
创建路由策略并将其应用于集中策略:匹配之前创建的前缀,并将操作设置为Reject。
默认操作必须为Accept,因为不应只接收一个路由。
需要对给定目标站点将此策略应用于出站,因为此方向来自vSmart视角。
预览:这是创建集中策略后配置的外观。
2.如果从源站点40向vSmart入站应用控制策略,也可以实现相同的使用案例。
在“集中策略”(Centralized Policy)的自定义选项下创建站点列表:需要站点列表来了解不得通告路由的站点。
您只需在应用策略时更改方向并更新站点列表。
预览:这是创建集中策略后配置的外观。
确认
本地化策略+ CLI插件模板
本地化策略+ CLI附加模板:
根据默认行为,所有连接的路由都重新分发到OMP(重点是192.168.40.2)。
cEdge_Site40#show sdwan omp routes
Generating output, this might take time, please wait ...
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 0.0.0.0/0 10.10.10.2 123 1004 C,I,R installed 10.10.10.60 biz-internet ipsec -
1 172.20.0.0/24 10.10.10.2 124 1003 C,I,R installed 10.10.10.65 biz-internet ipsec -
1 192.168.40.2/32 0.0.0.0 68 1004 C,Red,R installed 10.10.10.40 biz-internet ipsec -
1 192.168.50.2/32 0.0.0.0 68 1004 C,Red,R installed 10.10.10.40 biz-internet ipsec -
cEdge_Site40#
连接的路由位于RIB中。
cEdge_Site40#show ip route vrf 1
Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.10.10.60 to network 0.0.0.0
m* 0.0.0.0/0 [251/0] via 10.10.10.60, 20:25:46, Sdwan-system-intf
172.20.0.0/24 is subnetted, 1 subnets
m 172.20.0.0 [251/0] via 10.10.10.65, 20:25:46, Sdwan-system-intf
192.168.40.0/32 is subnetted, 1 subnets
C 192.168.40.2 is directly connected, Loopback1
192.168.50.0/32 is subnetted, 1 subnets
C 192.168.50.2 is directly connected, Loopback2
cEdge_Site40#
使用show ip protocols vrf 1命令,您可以检查哪些路由在默认情况下重新分发到OMP。
cEdge_Site40#show ip protocols vrf 1
*** IP Routing is NSF aware ***
Routing Protocol is "omp"
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: connected, static, nat-route
ospf 1 (internal)
Maximum path: 32
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 251)
cEdge_Site40#
此处,在成功推送设备模板后,不会将192.168.40.2重分发到OMP。因为192.168.50.2仅作为本地化策略的一部分被允许。
cEdge_Site40#show sdwan omp routes
Generating output, this might take time, please wait ...
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 0.0.0.0/0 10.10.10.2 123 1004 C,I,R installed 10.10.10.60 biz-internet ipsec -
1 172.20.0.0/24 10.10.10.2 124 1003 C,I,R installed 10.10.10.65 biz-internet ipsec -
1 192.168.50.2/32 0.0.0.0 68 1004 C,Red,R installed 10.10.10.40 biz-internet ipsec -
cEdge_Site40#
下一个输出捕获vrf 1路由表,192.168.40.2位于RIB中。
cEdge_Site40#show ip route vrf 1
Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.10.10.60 to network 0.0.0.0
m* 0.0.0.0/0 [251/0] via 10.10.10.60, 00:09:43, Sdwan-system-intf
172.20.0.0/24 is subnetted, 1 subnets
m 172.20.0.0 [251/0] via 10.10.10.65, 00:09:43, Sdwan-system-intf
192.168.40.0/32 is subnetted, 1 subnets
C 192.168.40.2 is directly connected, Loopback1
192.168.50.0/32 is subnetted, 1 subnets
C 192.168.50.2 is directly connected, Loopback2
cEdge_Site40#
CLI插件模板
根据当前配置,OSPF外部路由和内部路由都重新分发到OMP。
cEdge_ospf#show sdwan omp routes 192.168.60.0/24
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.60.0/24 0.0.0.0 75 1003 C,Red,R installed 10.10.10.100 gold ipsec -
cEdge_ospf#show sdwan omp routes 172.16.16.0/24
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 172.16.16.0/24 0.0.0.0 75 1003 C,Red,R installed 10.10.10.100 gold ipsec -
cEdge_ospf#
下一输出捕获vrf 1 ospf路由表,OSPF外部路由和内部路由都在RIB中。
cEdge_ospf#show ip route vrf 1 ospf
Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.10.10.60 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
O E2 172.16.16.0 [110/20] via 192.168.70.3, 00:14:04, GigabitEthernet0/0/1
O IA 192.168.60.0/24 [110/2] via 192.168.70.3, 01:07:51, GigabitEthernet0/0/1
cEdge_ospf#
1.使用路由映射过滤以仅重分发内部路由后,OSPF外部路由不再重分发到OMP。
cEdge_ospf#show sdwan omp routes 172.16.16.0/24
% No such element exists.
cEdge_ospf#show sdwan omp routes 192.168.60.0/24
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.60.0/24 0.0.0.0 75 1003 C,Red,R installed 10.10.10.100 gold ipsec -
cEdge_ospf
下一输出捕获vrf 1 ospf路由表,OSPF外部路由和内部路由都在RIB中。
cEdge_ospf#show ip route vrf 1 ospf
Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.10.10.60 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
O E2 172.16.16.0 [110/20] via 192.168.70.3, 00:09:12, GigabitEthernet0/0/1
O IA 192.168.60.0/24 [110/2] via 192.168.70.3, 01:02:59, GigabitEthernet0/0/1
cEdge_ospf#
2.使用路由映射过滤以仅重分发外部路由后,OSPF内部路由不再重分发到OMP。
cEdge_ospf#show sdwan omp routes 192.168.60.0/24
% No such element exists.
cEdge_ospf#show sdwan omp routes 172.16.16.0/24
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 172.16.16.0/24 0.0.0.0 75 1003 C,Red,R installed 10.10.10.100 gold ipsec -
cEdge_ospf#
下一输出捕获vrf 1 OSPF路由表,OSPF外部路由和内部路由都在RIB中。
cEdge_ospf#show ip route vrf 1 ospf
Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.10.10.60 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
O E2 172.16.16.0 [110/20] via 192.168.70.3, 00:02:16, GigabitEthernet0/0/1
O IA 192.168.60.0/24 [110/2] via 192.168.70.3, 00:56:03, GigabitEthernet0/0/1
cEdge_ospf#
集中控制策略
默认情况下,所有连接的路由都从站点40在OMP中重分发(重点是192.168.50.2/32)。
cEdge_Site40#show sdwan running-config | i site
site-id 40
cEdge_Site40#show sdwan omp routes 192.168.50.2/32
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 0.0.0.0 68 1004 C,Red,R installed 10.10.10.40 biz-internet ipsec -
cEdge_Site40#
站点10和站点100从OMP接收路由。
cEdge_Site10#show sdwan running-config | i site
site-id 10
cEdge_Site10#show sdwan omp routes 192.168.50.2/32
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 10.10.10.2 32 1004 C,I,R installed 10.10.10.40 biz-internet ipsec -
cEdge_Site10#
cEdge_ospf#show sdwan running-config | i site
site-id 100
cEdge_ospf#show sdwan omp routes 192.168.50.2/32
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 10.10.10.2 73 1004 C,I,R installed 10.10.10.40 biz-internet ipsec -
cEdge_ospf#
1.将集中策略推送到vSmart后,站点40仍在将192.168.50.2重分发到OMP,vSmart正在接收它。
cEdge_Site40#show sdwan running-config | i site
site-id 40
cEdge_Site40#show sdwan omp routes 192.168.50.2/32
Generating output, this might take time, please wait ...
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 0.0.0.0 68 1004 C,Red,R installed 10.10.10.40 biz-internet ipsec -
cEdge_Site40#
rcdn_lab_vSmart# show omp routes 192.168.50.2/32
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 10.10.10.40 68 1004 C,R installed 10.10.10.40 biz-internet ipsec -
rcdn_lab_vSmart#
但是,站点10和100没有接收该特定路由。
cEdge_Site10#show sdwan running-config | i site
site-id 10
cEdge_Site10#show sdwan omp routes 192.168.50.2/32
% No such element exists.
cEdge_Site10#
cEdge_ospf#show sdwan running-config | i site
site-id 100
cEdge_ospf#show sdwan omp routes 192.168.50.2/32
% No such element exists.
cEdge_ospf#
2.将集中策略推送到vSmart后,站点40仍在将192.168.50.2重分发到OMP,但vSmart拒绝它,使其无效。
rcdn_lab_vSmart# show omp routes 192.168.50.2/32
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 10.10.10.40 68 1004 Rej,R,Inv installed 10.10.10.40 biz-internet ipsec -
rcdn_lab_vSmart#
站点10和100没有接收特定路由。
cEdge_Site10#show sdwan running-config | i site
site-id 10
cEdge_Site10#show sdwan omp routes 192.168.50.2/32
% No such element exists.
cEdge_Site10#
cEdge_ospf#show sdwan running-config | i site
site-id 100
cEdge_ospf#show sdwan omp routes 192.168.50.2/32
% No such element exists.
cEdge_ospf#
相关信息
修订历史记录
| 版本 | 发布日期 | 备注 |
|---|---|---|
1.0 |
20-Jul-2023 |
初始版本 |
反馈