为vEdge或cEdge配置首选默认路由或前缀路由

下载选项

PDF (513.8 KB)
在各种设备上使用 Adobe Reader 查看
ePub (203.1 KB)
在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上使用各种应用查看
Mobi (Kindle) (206.9 KB)
在 Kindle 设备上查看或在多个设备上使用 Kindle 应用查看

已更新: 2022 年 8 月 29 日

文档 ID:218112

非歧视性语言

此产品的文档集力求使用非歧视性语言。在本文档集中，非歧视性语言是指不隐含针对年龄、残障、性别、种族身份、族群身份、性取向、社会经济地位和交叉性的歧视的语言。由于产品软件的用户界面中使用的硬编码语言、基于 RFP 文档使用的语言或引用的第三方产品使用的语言，文档中可能无法确保完全使用非歧视性语言。深入了解思科如何使用包容性语言。

关于此翻译

思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言，希望全球的用户都能通过各自的语言得到支持性的内容。请注意：即使是最好的机器翻译，其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任，并建议您总是参考英文原始文档（已提供链接）。

简介

本文档介绍如何配置软件定义的广域网(SD-WAN)控制策略以首选默认路由或前缀。

要求

Cisco 建议您了解以下主题：

Cisco SD-WAN重叠管理协议(OMP)。
SD-WAN集中控制策略。

使用的组件

本文档中的信息基于以下软件和硬件版本：

Cisco cEdge版本17.3.3
思科vEdge版本20.3.2
思科vSmart控制器版本20.4.2

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您的网络处于活动状态，请确保您了解所有命令的潜在影响。

背景信息

出于本演示的目的，本实验在不同的端ID上设置5个cEdge/vEdge，其中Router01、Router02和Router03在VPN 1中配置了默认路由。

vSmart system ip 10.1.1.7。
Edge Router01系统ip 10.70.70.1，站点ID 70。
Edge Router02系统ip 10.80.80.1，站点ID 80。
Edge Router03系统ip 10.80.80.2，站点ID 80。
Edge Router04系统ip 10.70.70.2，站点ID 40。
vEdge Router05系统ip 10.20.20.1，站点ID 20。

Router04(10.70.70.2)和Router05(10.20.20.1)从Router01(10.70.70.1)、Router02(10.80.80.1)和Router03(10.80.80.1)接收并安装默认路由。设备没有应用活动的集中策略或本地化策略，默认情况下为全网状拓扑。

Router04和Router05从三个不同的设备接收默认路由。

Router04# show sdwan omp routes 
Generating output, this might take time, please wait ...
Code:
C   -> chosen
I   -> installed
Red -> redistributed
Rej -> rejected
L   -> looped
R   -> resolved
S   -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA  -> On-demand inactive
U   -> TLOC unresolved
                                            PATH                      ATTRIBUTE                                                       
VPN    PREFIX              FROM PEER        ID     LABEL    STATUS    TYPE       TLOC IP          COLOR            ENCAP  PREFERENCE  
--------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           10.1.1.7          29     1002     C,I,R     installed  10.70.70.1       biz-internet     ipsec  -           
                           10.1.1.7          30     1005     C,I,R     installed  10.80.80.1       mpls             ipsec  -           
                           10.1.1.7          31     1003     C,I,R     installed  10.80.80.2       mpls             ipsec  -

提示：此 show sdwan omp routes 如果路由器收到许多路由，则cEdge的输出可能很大。您只能使用 show sdwan omp route vpn 要过滤输出，或者，您可以使用 show sdwan omp route vpn | s 过滤cEdge中前缀的所有扇区输出。

Router05# show omp routes vpn 1
Code:
C   -> chosen
I   -> installed
Red -> redistributed
Rej -> rejected
L   -> looped
R   -> resolved
S   -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA  -> On-demand inactive
U   -> TLOC unresolved

                                            PATH                      ATTRIBUTE                                                       
VPN    PREFIX              FROM PEER        ID     LABEL    STATUS    TYPE       TLOC IP          COLOR            ENCAP  PREFERENCE  
--------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           10.1.1.7          5      1002     C,I,R     installed  10.70.70.1       biz-internet     ipsec  -           
                           10.1.1.7          6      1005     C,I,R     installed  10.80.80.1       mpls             ipsec  -           
                           10.1.1.7          7      1003     C,I,R     installed  10.80.80.2       mpls             ipsec  -

提示：此 show omp route 如果路由器收到太多路由，vEdge的输出可能会很大。您只能使用 show omp routes vpn 以过滤vEdge中的输出。您只能使用 | tab 命令旁边的，以查看vEdge格式表中的输出。

Router04(10.70.70.2)和Router05(10.20.20.1)安装来自Router01(10.70.70.1)、Router02(10.80.80.1)和Router03(10.80.80.1)的默认路由。

Router04# show ip route vrf 1 

Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
       n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       H - NHRP, G - NHRP registered, g - NHRP registration summary
       o - ODR, P - periodic downloaded static route, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
       & - replicated local route overrides by connected

Gateway of last resort is 10.80.80.2 to network 0.0.0.0

m*    0.0.0.0/0 [251/0] via 10.80.80.2, 00:05:02, Sdwan-system-intf
                [251/0] via 10.80.80.1, 00:05:02, Sdwan-system-intf
                [251/0] via 10.70.70.1, 00:05:02, Sdwan-system-intf

提示：此 show ip route vrf 如果路由器接收到too路由，则cEdge的输出可能很大。您只能使用 show ip route vrf 要过滤输出，也可使用 show ip route vrf | s过滤前缀的所有扇区输出。

Router05# show ip routes vpn 1 0.0.0.0/0
Codes Proto-sub-type:
  IA -> ospf-intra-area, IE -> ospf-inter-area,
  E1 -> ospf-external1, E2 -> ospf-external2,
  N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
  e -> bgp-external, i -> bgp-internal
Codes Status flags:
  F -> fib, S -> selected, I -> inactive,
  B -> blackhole, R -> recursive, L -> import

                                            PROTOCOL  NEXTHOP     NEXTHOP          NEXTHOP                                                   
VPN    PREFIX              PROTOCOL         SUB TYPE  IF NAME     ADDR             VPN      TLOC IP          COLOR            ENCAP  STATUS  
---------------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           omp              -         -           -                -        10.70.70.1       biz-internet     ipsec  F,S     
1      0.0.0.0/0           omp              -         -           -                -        10.80.80.1       mpls             ipsec  F,S     
1      0.0.0.0/0           omp              -         -           -                -        10.80.80.2       mpls             ipsec  F,S

提示：此 show ip routes 如果路由器收到太多路由，vEdge的输出可能会很大。您只能使用 show ip routes vpn 以过滤vEdge中的输出。

配置

解决方案 1：集中控制策略使用，首选来自特定远程路由器Router04上Router01的默认路由

使用拓扑自定义控件并在OMP中应用默认路由的首选项。

使用路由规则代替传输位置(TLOC)规则。

匹配条件

匹配在带有0.0.0.0/0前缀的策略列表中预定义的Router01 System-ip 10.70.70.1的发起方选项和Prefix-list。
ip prefix-list 0.0.0.0/0仅匹配default-route并非所有路由，因此您可以将此前缀用于前缀列表。
ip prefix-list 0.0.0.0/0 le 32匹配所有路由。

操作

将此策略应用于出站方向到Router04站点ID 40。

模板策略配置

您可以使用vManage GUI配置 Centralized Policy 使用 Control Policy.

在中配置控制策略 Topology，您可以选择 Hub-and-Spoke, Mesh,或 Custom Control 策略。

Custom Control(Route & TLOC) 用于此特定场景，如图所示。

Add Custom Control Topology

Sequence type 和Sequence Rule ，否则没有任何作用。
Originator system-ip和前缀列表在匹配条件中设置。

Accept 和 Preference 为相同顺序的操作设置，如图所示。

Custom Control Match Condition

Control Policy 应用于站点40的出站方向，如图所示。

Control Policy Application

警告：激活 Centralized Policy,vSmart需要附加设备模板，或 Centralized Policy 发送 Failed to activate policy 错误.vSmart必须处于vManage模式。

CLI策略配置

您可以手动配置vSmart而不是vManage GUI。

control-policy originatoronly
    sequence 1
     match route
      originator 10.70.70.1
      prefix-list Default_Route
     !
     action accept
      set
       preference 200
      !
     !
    !
  default-action accept
 !
 lists
  prefix-list Default_Route
   ip-prefix 0.0.0.0/0 
  !
  site-list sitio40
   site-id 40 
  !
 !
!
apply-policy
 site-list sitio40
  control-policy originatoronly out <<<<<<<
 !
!

vSmart只从始发者Router01(10.70.70.1)向Router04发送具有更高优先级200的默认路由。

警告：默认操作设置为拒绝。
默认操作可设置为接受或拒绝。

警告：如果序列不匹配，路由将采取默认操作。
这意味着如果默认操作设置为reject并且路由与任何序列都不匹配，则会从vSmart中拒绝该路由，并且不会将其通告到重叠。
如果默认操作设置为accept且路由不匹配任何序列，则会从vsmart接受并通告到重叠。

验证

您可以使用 show running-config policy 命令以验证 Control-Policy 已正确应用。

vsmart# show running-config policy control-policy 
policy
 control-policy originatoronly
  sequence 1
   match route
    originator  10.70.70.1
    prefix-list Default_Route
   !
   action accept
    set
     preference 200
    !
   !
  !
  default-action accept
 !
!

使用 show running-config apply-policy 检查站点和方向， Control-Policy 已应用。

vsmart# show running-config apply-policy 
apply-policy
 site-list sitio40
  control-policy originatoronly out
 !
!

提示：您只能使用 show running-config policy control-policy default-action | sequence在vSmart具有多个控制策略时过滤输出。

Router04(10.70.70.2)接收来自Router01(10.70.70.1)、Router02(10.80.80.1)和Router03(10.80.80.1)的所有default-route，但来自Router01的default-route具有较高优先级(200)。

Router04# show sdwan omp routes 
Generating output, this might take time, please wait ...
Code:
C   -> chosen
I   -> installed
Red -> redistributed
Rej -> rejected
L   -> looped
R   -> resolved
S   -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA  -> On-demand inactive
U   -> TLOC unresolved
                                            PATH                      ATTRIBUTE                                                       
VPN    PREFIX              FROM PEER        ID     LABEL    STATUS    TYPE       TLOC IP          COLOR            ENCAP  PREFERENCE  
--------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           10.1.1.7          29     1002     C,I,R     installed  10.70.70.1       biz-internet     ipsec  200   <<<<<<<<<<<<      
                           10.1.1.7          30     1005     R         installed  10.80.80.1       mpls             ipsec  -           
                           10.1.1.7          31     1003     R         installed  10.80.80.2       mpls             ipsec  -

Router04(10.70.70.2)在IP路由表中仅安装来自Router01(10.70.70.1)的路由。

Router04# show ip route vrf 1

Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
       n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       H - NHRP, G - NHRP registered, g - NHRP registration summary
       o - ODR, P - periodic downloaded static route, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
       & - replicated local route overrides by connected

Gateway of last resort is 10.70.70.1 to network 0.0.0.0

m*    0.0.0.0/0 [251/0] via 10.70.70.1, 00:13:25, Sdwan-system-intf

Router05(10.20.20.1)位于站点20，仍然接收并安装来自Router01(10.70.70.1)、Router02(10.80.80.1)和Router03(10.80.80.1)的所有默认路由。

Router05# show omp routes vpn 1
Code:
C   -> chosen
I   -> installed
Red -> redistribute
Rej -> rejected
L   -> looped
R   -> resolved
S   -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA  -> On-demand inactive
U   -> TLOC unresolved

                                            PATH                      ATTRIBUTE                                                       
VPN    PREFIX              FROM PEER        ID     LABEL    STATUS    TYPE       TLOC IP          COLOR            ENCAP  PREFERENCE  
--------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           10.1.1.7          5      1002     C,I,R     installed  10.70.70.1       biz-internet     ipsec  -     <<<<<< no preference      
                           10.1.1.7          6      1005     C,I,R     installed  10.80.80.1       mpls             ipsec  -           
                           10.1.1.7          7      1003     C,I,R     installed  10.80.80.2       mpls             ipsec  -           


Router05# show ip routes vpn 1  
Codes Proto-sub-type:
  IA -> ospf-intra-area, IE -> ospf-inter-area,
  E1 -> ospf-external1, E2 -> ospf-external2,
  N1 -> ospf-nssa-external1, N2 -> ospf-nssa-external2,
  e -> bgp-external, i -> bgp-internal
Codes Status flags:
  F -> fib, S -> selected, I -> inactive,
  B -> blackhole, R -> recursive, L -> import

                                            PROTOCOL  NEXTHOP     NEXTHOP          NEXTHOP                                                   
VPN    PREFIX              PROTOCOL         SUB TYPE  IF NAME     ADDR             VPN      TLOC IP          COLOR            ENCAP  STATUS  
---------------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           omp              -         -           -                -        10.70.70.1       biz-internet     ipsec  F,S     
1      0.0.0.0/0           omp              -         -           -                -        10.80.80.1       mpls             ipsec  F,S     
1      0.0.0.0/0           omp              -         -           -                -        10.80.80.2       mpls             ipsec  F,S

解决方案 2：集中控制策略使用，以首选从路由器01到全网状网中所有路由器的默认路由

使用与 Solution 1 已使用，并将其应用于来自Router01站点ID 70的入站方向。

control-policy originatoronly
    sequence 1
     match route
      originator 10.70.70.1
      prefix-list Default_Route
     !
     action accept
      set
       preference 200
      !
     !
    !
  default-action accept
 !
 lists
  prefix-list Default_Route
   ip-prefix 0.0.0.0/0 
  !
  site-list SiteList_70
   site-id 70 
  !
 !
!
apply-policy
 site-list SiteList_70
  control-policy originatoronly in <<<<<<<<<
 !
!

验证

如果使用入站方向，则Router04(10.70.70.2)和Router05(10.20.20.1)只会从Router01(10.70.70.1)接收并安装默认路由。

Router04# show sdwan omp routes 
Generating output, this might take time, please wait ...
Code:
C   -> chosen
I   -> installed
Red -> redistributed
Rej -> rejected
L   -> looped
R   -> resolved
S   -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA  -> On-demand inactive
U   -> TLOC unresolved
                                            PATH                      ATTRIBUTE                                                       
VPN    PREFIX              FROM PEER        ID     LABEL    STATUS    TYPE       TLOC IP          COLOR            ENCAP  PREFERENCE  
--------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           10.1.1.7          29     1002     C,I,R     installed  10.70.70.1       biz-internet     ipsec  200        <<<<<<< 

Router05# show omp routes vpn 1
Code:
C   -> chosen
I   -> installed
Red -> redistributed
Rej -> rejected
L   -> looped
R   -> resolved
S   -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA  -> On-demand inactive
U   -> TLOC unresolved

                                            PATH                      ATTRIBUTE                                                       
VPN    PREFIX              FROM PEER        ID     LABEL    STATUS    TYPE       TLOC IP          COLOR            ENCAP  PREFERENCE  
--------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           10.1.1.7          5      1002     C,I,R     installed  10.70.70.1       biz-internet     ipsec  200         <<<<<<<

两种方案的注意事项：入站或出站方向

如果丢失Router01(10.70.70.1)，路由器将安装所有没有首选项收到的默认路由。在本场景中，从Router02(10.80.80.1)和Router03(10.80.80.2):

Router04# show sdwan omp routes 
Generating output, this might take time, please wait ...
Code:
C   -> chosen
I   -> installed
Red -> redistributed
Rej -> rejected
L   -> looped
R   -> resolved
S   -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA  -> On-demand inactive
U   -> TLOC unresolved
                                            PATH                      ATTRIBUTE                                                       
VPN    PREFIX              FROM PEER        ID     LABEL    STATUS    TYPE       TLOC IP          COLOR            ENCAP  PREFERENCE  
--------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           10.1.1.7          36     1005     C,I,R     installed  10.80.80.1       mpls             ipsec  -           
                           10.1.1.7          37     1003     C,I,R     installed  10.80.80.2       mpls             ipsec  -           

Router05# show omp routes vpn 1
Code:
C   -> chosen
I   -> installed
Red -> redistributed
Rej -> rejected
L   -> looped
R   -> resolved
S   -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA  -> On-demand inactive
U   -> TLOC unresolved

                                            PATH                      ATTRIBUTE                                                       
VPN    PREFIX              FROM PEER        ID     LABEL    STATUS    TYPE       TLOC IP          COLOR            ENCAP  PREFERENCE  
--------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           10.1.1.7          14     1005     C,I,R     installed  10.80.80.1       mpls             ipsec  -           
                           10.1.1.7          15     1003     C,I,R     installed  10.80.80.2       mpls             ipsec  -

解决方案 3：集中控制策略的使用，以首选来自路由器01的默认路由和来自其他路由器的备用默认路由

在本解决方案中，路由器仅从Router01(10.70.70.1)接收默认路由器，但如果您丢失默认路由，则希望远程路由器安装的备用默认路由来自Router02(10.80.80.1)，而不是像中所述同时来自Router02(10.80.80.1)和Router03(10.80.1) Solution 1 和 Solution 2.

在同一控制策略上添加一个序列，并应用您从Router01 preference 200的default-route中设置的较低优先级，但比默认优先级(100)高。

对于从Router02(10.80.80.1)通告的默认路由，您可以将优先级设置为150。

control-policy originator
    sequence 1
     match route
      originator 10.70.70.1
      prefix-list Default_Route
     !
     action accept
      set
       preference 200
      !
     !
    !
    sequence 11   <<<<< new sequence
     match route
      originator 10.80.80.1     <<<<< Router02 system ip as originator
      prefix-list Default_Route
     !
     action accept
      set
       preference 150   <<< lower preference of Router01
      !
     !
    !
  default-action accept
 !
 lists
  prefix-list Default_Route
   ip-prefix 0.0.0.0/0 
  !
  site-list sitio40
   site-id 40 
  !
 !
!
apply-policy
 site-list sitio40
  control-policy originator out
 !
!

验证

路由器会收到首选项为200、150和默认首选项的默认路由。

Router04# show sdwa omp routes 
Generating output, this might take time, please wait ...
Code:
C   -> chosen
I   -> installed
Red -> redistributed
Rej -> rejected
L   -> looped
R   -> resolved
S   -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA  -> On-demand inactive
U   -> TLOC unresolved
                                            PATH                      ATTRIBUTE                                                       
VPN    PREFIX              FROM PEER        ID     LABEL    STATUS    TYPE       TLOC IP          COLOR            ENCAP  PREFERENCE  
--------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           10.1.1.7          36     1005     R         installed  10.80.80.1       mpls             ipsec  150   <<<<<<<<      
                           10.1.1.7          37     1003     R         installed  10.80.80.2       mpls             ipsec  -           
                           10.1.1.7          38     1002     C,I,R     installed  10.70.70.1       biz-internet     ipsec  200   <<<<<<<<

Router04(10.70.70.2)仅将来自Router01(10.70.70.1)的默认路由添加到路由表中，并且具有较高的优先级：

Router04# show ip route vrf 1  

Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
       n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       H - NHRP, G - NHRP registered, g - NHRP registration summary
       o - ODR, P - periodic downloaded static route, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
       & - replicated local route overrides by connected

Gateway of last resort is 10.70.70.1 to network 0.0.0.0

m*    0.0.0.0/0 [251/0] via 10.70.70.1, 00:02:47, Sdwan-system-intf

如果丢失Router01(10.70.70.1),Router04(10.70.70.2)只会安装具有下一个更高优先级的路由(来自Router02(10.80.80.1))。

Router04# show sdwa omp routes 
Generating output, this might take time, please wait ...
Code:
C   -> chosen
I   -> installed
Red -> redistributed
Rej -> rejected
L   -> looped
R   -> resolved
S   -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA  -> On-demand inactive
U   -> TLOC unresolved
                                            PATH                      ATTRIBUTE                                                       
VPN    PREFIX              FROM PEER        ID     LABEL    STATUS    TYPE       TLOC IP          COLOR            ENCAP  PREFERENCE  
--------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           10.1.1.7          36     1005     C,I,R     installed  10.80.80.1       mpls             ipsec  150      <<<<<<<   
                           10.1.1.7          37     1003     R         installed  10.80.80.2       mpls             ipsec  -           
Router04# show ip route vrf 1  

Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
       n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       H - NHRP, G - NHRP registered, g - NHRP registration summary
       o - ODR, P - periodic downloaded static route, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
       & - replicated local route overrides by connected

Gateway of last resort is 10.80.80.1 to network 0.0.0.0

m*    0.0.0.0/0 [251/0] via 10.80.80.1, 00:00:15, Sdwan-system-intf

如果丢失Router02,Router04会安装来自Router03(10.80.80.1)的default-route，该路由是具有默认优先级的路由。

提示：入站和出站方向在下一条路径上工作，入站方向是要向全网状网络中的所有远程路由器通告首选项，出站方向是要仅向特定远程站点通告首选项。

解决方案 4：集中控制策略使用以首选某些前缀路由

如果您使用任何其他前缀而不是默认路由前缀，前面的所有解决方案都完全相同。

前缀为10.40.40.0/24的示例从Router01(10.70.70.1)通告到Router04(10.70.70.2)。

control-policy originator
    sequence 1
     match route
      originator 10.70.70.1
      prefix-list prefix40
     !
     action accept
      set
       preference 200
      !
     !
    !
default-action accept
 !
 lists
  prefix-list prefix40
   ip-prefix 10.40.40.0/24 <<<<<<<<<
  !
  site-list sitio40
   site-id 40 
  !
 !
!
apply-policy
 site-list sitio40
  control-policy originator out
 !
!

验证

Router04# show sdwan omp routes 
Generating output, this might take time, please wait ...
Code:
C   -> chosen
I   -> installed
Red -> redistributed
Rej -> rejected
L   -> looped
R   -> resolved
S   -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA  -> On-demand inactive
U   -> TLOC unresolved
                                            PATH                      ATTRIBUTE                                                       
VPN    PREFIX              FROM PEER        ID     LABEL    STATUS    TYPE       TLOC IP          COLOR            ENCAP  PREFERENCE  
--------------------------------------------------------------------------------------------------------------------------------------
1      0.0.0.0/0           10.1.1.7          36     1005     C,I,R     installed  10.80.80.1       mpls             ipsec  150         
                           10.1.1.7          37     1003     R         installed  10.80.80.2       mpls             ipsec  -          
1      10.40.40.0/24       10.1.1.7          13     1002     C,I,R     installed  10.70.70.1       biz-internet     ipsec  200      <<<<<<<<   
                           10.1.1.7          15     1005     R         installed  10.80.80.1       mpls             ipsec  -           
                           10.1.1.7          16     1003     R         installed  10.80.80.2       mpls             ipsec  -         

Router04# show ip route vrf 1

Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
       E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
       n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       H - NHRP, G - NHRP registered, g - NHRP registration summary
       o - ODR, P - periodic downloaded static route, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
       & - replicated local route overrides by connected

Gateway of last resort is 10.80.80.1 to network 0.0.0.0

m*    0.0.0.0/0 [251/0] via 10.80.80.1, 00:11:55, Sdwan-system-intf 
      10.0.0.0/24 is subnetted, 1 subnets
m        10.40.40.0 [251/0] via 10.70.70.1, 00:02:17, Sdwan-system-intf  <<<<<<
Router04#