從重分發到OMP中排除路由
簡介
本文說明如何避免將不需要的路由重新分發到重疊管理協定(OMP)中。
必要條件
需求
思科建議瞭解以下主題:
-
思科軟體定義廣域網路(SD-WAN)
- 路由
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- Cisco vManage 20.6.5.2版
- Cisco WAN邊緣路由器17.6.3a
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
組態
預設情況下,連線、靜態、OSPF區域間以及OSPF區域內重新分發到OMP。
本地化策略+ CLI附加模板
在此使用情形中,您不想在vrf 1中重分佈其中一個連線的路由。預設情況下,所有連線的路由都重新分發到OMP中,此用例有助於過濾特定的連線字首。
1.本地化政策
在Localized策略的自定義選項下建立新的字首清單:需要字首才能知道需要重新分發的路由。
建立路由策略並將其應用於本地化策略:匹配之前建立的字首,並將操作設定為接受。 路由策略被推送到WAN邊緣裝置後,就會轉換為路由對映。
預設操作必須為Reject,因為需要重新分發之前建立的字首。
預覽:這是建立本地化策略後配置的外觀。
2.使用CLI附加模板。
確保建立CLI附加模板以對映先前在OMP下建立的路由對映,因為沒有選項可在OMP功能模板下對映它。
將建立的本地化策略和CLI附加模板附加到裝置模板。
CLI附加模板
1.在本使用案例中,您要重分發OSPF內部路由,而不是OSPF外部路由。預設情況下,OSPF內部路由會重分佈到OMP中,此用例有助於過濾特定的OSPF字首。
要僅限制重分發到OMP的VRF 1上的OSPF內部路由,請對其進行路由對映,並定義與型別OSPF internal匹配的路由對映。路由對映配置通過CLI附加模板完成。
將CLI附加模板附加到裝置模板。
2.在本使用案例中,您要重分發OSPF外部路由,而不是OSPF內部路由。預設情況下,OSPF外部路由不會重分佈到OMP中,此用例有助於過濾特定的OSPF字首。
要僅限制重分發到OMP的VRF 1上的OSPF外部路由,請對其進行路由對映,並定義與型別OSPF external匹配的路由對映。 路由對映配置通過CLI附加模板完成。
將CLI附加模板附加到裝置模板。
集中控制策略
1.在本使用案例中,您希望站點ID為10和100的兩個目標站點上不接收特定路由192.168.50.2/32。
在Centralized Policy(集中策略)的自定義選項下建立站點清單:需要站點清單才能知道在哪些站點上不能接收路由。
在Centralized policy的自定義選項下建立新的字首清單:需要字首才能知道不需要接收哪個路由。
在帶有自定義控制(路由和TLOC)的集中策略自定義選項下建立拓撲。
建立路由策略並將其應用於集中策略:匹配之前建立的字首,並將操作設定為Reject。
預設操作必須為Accept,因為不應只接收一個路由。
需要將此策略應用於給定目標站點的出站,因為此方向來自vSmart視角。
預覽:這是建立集中策略後配置的外觀。
2.如果從源站點40向vSmart應用控制策略,也可以實現相同使用案例。
在Centralized Policy(集中策略)的自定義選項下建立站點清單:需要站點清單才能知道哪個站點不能通告路由。
您只需在應用策略時更改方向並更新站點清單即可。
預覽:這是建立集中策略後配置的外觀。
驗證
本地化策略+ CLI附加模板
本地化策略+ CLI附加模板:
根據預設行為,所有連線的路由都會重新分發到OMP(重點是192.168.40.2)。
cEdge_Site40#show sdwan omp routes
Generating output, this might take time, please wait ...
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 0.0.0.0/0 10.10.10.2 123 1004 C,I,R installed 10.10.10.60 biz-internet ipsec -
1 172.20.0.0/24 10.10.10.2 124 1003 C,I,R installed 10.10.10.65 biz-internet ipsec -
1 192.168.40.2/32 0.0.0.0 68 1004 C,Red,R installed 10.10.10.40 biz-internet ipsec -
1 192.168.50.2/32 0.0.0.0 68 1004 C,Red,R installed 10.10.10.40 biz-internet ipsec -
cEdge_Site40#
連線的路由位於RIB中。
cEdge_Site40#show ip route vrf 1
Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.10.10.60 to network 0.0.0.0
m* 0.0.0.0/0 [251/0] via 10.10.10.60, 20:25:46, Sdwan-system-intf
172.20.0.0/24 is subnetted, 1 subnets
m 172.20.0.0 [251/0] via 10.10.10.65, 20:25:46, Sdwan-system-intf
192.168.40.0/32 is subnetted, 1 subnets
C 192.168.40.2 is directly connected, Loopback1
192.168.50.0/32 is subnetted, 1 subnets
C 192.168.50.2 is directly connected, Loopback2
cEdge_Site40#
使用show ip protocols vrf 1命令,可以檢查預設情況下哪些路由重新分發到OMP。
cEdge_Site40#show ip protocols vrf 1
*** IP Routing is NSF aware ***
Routing Protocol is "omp"
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: connected, static, nat-route
ospf 1 (internal)
Maximum path: 32
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 251)
cEdge_Site40#
此處,在成功推送裝置模板後,不會將192.168.40.2重新分發到OMP。因為192.168.50.2僅作為本地化策略的一部分被允許。
cEdge_Site40#show sdwan omp routes
Generating output, this might take time, please wait ...
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 0.0.0.0/0 10.10.10.2 123 1004 C,I,R installed 10.10.10.60 biz-internet ipsec -
1 172.20.0.0/24 10.10.10.2 124 1003 C,I,R installed 10.10.10.65 biz-internet ipsec -
1 192.168.50.2/32 0.0.0.0 68 1004 C,Red,R installed 10.10.10.40 biz-internet ipsec -
cEdge_Site40#
下一個輸出捕獲vrf 1路由表,192.168.40.2位於RIB中。
cEdge_Site40#show ip route vrf 1
Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.10.10.60 to network 0.0.0.0
m* 0.0.0.0/0 [251/0] via 10.10.10.60, 00:09:43, Sdwan-system-intf
172.20.0.0/24 is subnetted, 1 subnets
m 172.20.0.0 [251/0] via 10.10.10.65, 00:09:43, Sdwan-system-intf
192.168.40.0/32 is subnetted, 1 subnets
C 192.168.40.2 is directly connected, Loopback1
192.168.50.0/32 is subnetted, 1 subnets
C 192.168.50.2 is directly connected, Loopback2
cEdge_Site40#
CLI附加模板
根據當前配置,OSPF外部路由和內部路由都重新分發到OMP中。
cEdge_ospf#show sdwan omp routes 192.168.60.0/24
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.60.0/24 0.0.0.0 75 1003 C,Red,R installed 10.10.10.100 gold ipsec -
cEdge_ospf#show sdwan omp routes 172.16.16.0/24
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 172.16.16.0/24 0.0.0.0 75 1003 C,Red,R installed 10.10.10.100 gold ipsec -
cEdge_ospf#
下一輸出捕獲vrf 1 ospf路由表,OSPF外部和內部路由都位於RIB中。
cEdge_ospf#show ip route vrf 1 ospf
Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.10.10.60 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
O E2 172.16.16.0 [110/20] via 192.168.70.3, 00:14:04, GigabitEthernet0/0/1
O IA 192.168.60.0/24 [110/2] via 192.168.70.3, 01:07:51, GigabitEthernet0/0/1
cEdge_ospf#
1.使用路由對映進行過濾以僅重分佈內部路由後,OSPF外部路由將不再重分佈到OMP中。
cEdge_ospf#show sdwan omp routes 172.16.16.0/24
% No such element exists.
cEdge_ospf#show sdwan omp routes 192.168.60.0/24
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.60.0/24 0.0.0.0 75 1003 C,Red,R installed 10.10.10.100 gold ipsec -
cEdge_ospf
下一輸出捕獲vrf 1 ospf路由表,OSPF外部和內部路由都位於RIB中。
cEdge_ospf#show ip route vrf 1 ospf
Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.10.10.60 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
O E2 172.16.16.0 [110/20] via 192.168.70.3, 00:09:12, GigabitEthernet0/0/1
O IA 192.168.60.0/24 [110/2] via 192.168.70.3, 01:02:59, GigabitEthernet0/0/1
cEdge_ospf#
2.使用路由對映進行過濾以僅重分發外部路由後,OSPF內部路由將不再重分發到OMP。
cEdge_ospf#show sdwan omp routes 192.168.60.0/24
% No such element exists.
cEdge_ospf#show sdwan omp routes 172.16.16.0/24
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 172.16.16.0/24 0.0.0.0 75 1003 C,Red,R installed 10.10.10.100 gold ipsec -
cEdge_ospf#
下一輸出捕獲vrf 1 OSPF路由表,OSPF外部和內部路由都位於RIB中。
cEdge_ospf#show ip route vrf 1 ospf
Routing Table: 1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is 10.10.10.60 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
O E2 172.16.16.0 [110/20] via 192.168.70.3, 00:02:16, GigabitEthernet0/0/1
O IA 192.168.60.0/24 [110/2] via 192.168.70.3, 00:56:03, GigabitEthernet0/0/1
cEdge_ospf#
集中控制策略
預設情況下,所有連線的路由都是從站點40以OMP方式重新分發的(重點是192.168.50.2/32)。
cEdge_Site40#show sdwan running-config | i site
site-id 40
cEdge_Site40#show sdwan omp routes 192.168.50.2/32
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 0.0.0.0 68 1004 C,Red,R installed 10.10.10.40 biz-internet ipsec -
cEdge_Site40#
站點10和站點100從OMP接收路由。
cEdge_Site10#show sdwan running-config | i site
site-id 10
cEdge_Site10#show sdwan omp routes 192.168.50.2/32
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 10.10.10.2 32 1004 C,I,R installed 10.10.10.40 biz-internet ipsec -
cEdge_Site10#
cEdge_ospf#show sdwan running-config | i site
site-id 100
cEdge_ospf#show sdwan omp routes 192.168.50.2/32
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 10.10.10.2 73 1004 C,I,R installed 10.10.10.40 biz-internet ipsec -
cEdge_ospf#
1.在將集中策略推送到vSmart後,站點40仍會將192.168.50.2重新分發到OMP中,並且vSmart正在接收它。
cEdge_Site40#show sdwan running-config | i site
site-id 40
cEdge_Site40#show sdwan omp routes 192.168.50.2/32
Generating output, this might take time, please wait ...
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 0.0.0.0 68 1004 C,Red,R installed 10.10.10.40 biz-internet ipsec -
cEdge_Site40#
rcdn_lab_vSmart# show omp routes 192.168.50.2/32
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 10.10.10.40 68 1004 C,R installed 10.10.10.40 biz-internet ipsec -
rcdn_lab_vSmart#
但是,站點10和100沒有接收該特定路由。
cEdge_Site10#show sdwan running-config | i site
site-id 10
cEdge_Site10#show sdwan omp routes 192.168.50.2/32
% No such element exists.
cEdge_Site10#
cEdge_ospf#show sdwan running-config | i site
site-id 100
cEdge_ospf#show sdwan omp routes 192.168.50.2/32
% No such element exists.
cEdge_ospf#
2.在將集中策略推送到vSmart後,站點40仍將192.168.50.2重新分發到OMP,但vSmart拒絕它,使其無效。
rcdn_lab_vSmart# show omp routes 192.168.50.2/32
Code:
C -> chosen
I -> installed
Red -> redistributed
Rej -> rejected
L -> looped
R -> resolved
S -> stale
Ext -> extranet
Inv -> invalid
Stg -> staged
IA -> On-demand inactive
U -> TLOC unresolved
PATH ATTRIBUTE
VPN PREFIX FROM PEER ID LABEL STATUS TYPE TLOC IP COLOR ENCAP PREFERENCE
--------------------------------------------------------------------------------------------------------------------------------------
1 192.168.50.2/32 10.10.10.40 68 1004 Rej,R,Inv installed 10.10.10.40 biz-internet ipsec -
rcdn_lab_vSmart#
站點10和100沒有接收該特定路由。
cEdge_Site10#show sdwan running-config | i site
site-id 10
cEdge_Site10#show sdwan omp routes 192.168.50.2/32
% No such element exists.
cEdge_Site10#
cEdge_ospf#show sdwan running-config | i site
site-id 100
cEdge_ospf#show sdwan omp routes 192.168.50.2/32
% No such element exists.
cEdge_ospf#
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
20-Jul-2023 |
初始版本 |
意見