设备型号及版本:CR19000-20 Release 3521P15
流量经设备的走向:入端口是Route-Aggregation10和Route-Aggregation11,出端口是Ten-GigabitEthernet1/7/1/9
设备要对源地址为源为X.X.250.0的流量进行镜像,同时对该报文再次进行重定向,现场配置并应用到接口后发现业务不通了,去掉之后业务就正常。关键配置如下:
流镜像配置:
acl basic 2000
rule 0 permit source X.X.250.128 0.0.0.31
traffic classifier POLICE_monitor operator or
if-match acl 2000
traffic behavior POLICE_monitor_b
mirror-to interface Ten-GigabitEthernet1/7/1/5
qos policy PPPoE-policy-BR1-GDZ
classifier POLICE_monitor behavior POLICE_monitor_b
重定向配置:
#
traffic classifier Static_Zhuanxian_NAT operator or
if-match acl 2051
#
acl basic 2001
description ZhuanxianNAT
rule 5 permit source X.X.250.0 0.0.0.255
#
traffic behavior Panabit-1_IX1_zhuanxian
redirect next-hop Y. Y.Y.54
qos策略:
qos policy PPPoE-policy-BR1-GDZ
classifier POLICE_monitor behavior POLICE_monitor_b
classifier Static_Zhuanxian_NAT behavior Panabit-1_IX1_zhuanxian
接口配置:
interface Route-Aggregation10
qos apply policy PPPoE-policy-BR1-GDZ inbound
从qos策略可以看出,接口下应用了多个CB对,但是由于这两个CB对的acl是包含行为,且CB对之前的关系是“或”,因此QOS匹配了前面的CB对 classifier POLICE_monitor behavior POLICE_monitor_b ,就不会走到后面的 classifier Static_Zhuanxian_NAT behavior Panabit-1_IX1_zhuanxian ,所以后面的重定向不生效导致业务不通
在镜像流的qos CB对中behavior增加redirect动作,让镜像和重定向同时执行,而不影响正常的业务。如下:
traffic behavior POLICE_monitor_b
mirror-to interface Ten-GigabitEthernet1/7/1/5
redirect next-hop Y. Y.Y.54
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作