策略路由不生效流量统计未发出
- 0关注
- 0收藏,127浏览
问题描述:
客户反馈当前设备做了策略路由,然后抓包发现,流量是按照静态路由走了。之前做的策略路由都是没有问题的,但是这个新增的策略路由无法生效
查看acl资源是正常的
<DC-CORE>dis qos-acl resource
Interfaces: XGE1/0/1 to XGE1/0/48, HGE1/0/49
HGE1/0/50, HGE1/0/51
HGE1/0/52, HGE1/0/53
HGE1/0/54 (slot 1)
---------------------------------------------------------------------
Type Total Reserved Configured Remaining Usage
---------------------------------------------------------------------
TTI ACL 512 0 0 512 0%
IPCL0 ACL 2048 21 408 1619 20%
IPCL1 ACL 256 0 0 256 0%
IPCL2 ACL 256 32 0 224 12%
IPCL0 Counter 4096 19 408 3669 10%
IPCL1 Counter 1024 0 0 1024 0%
IPCL2 Counter 1024 30 0 994 2%
EPCL ACL 256 0 0 256 0%
EPCL Counter 1024 0 0 1024 0%
IPCL Meter 3072 2 0 3070 0%
EPCL Meter 4608 0 0 4608 0%
Interfaces: XGE2/0/1 to XGE2/0/48, HGE2/0/49
HGE2/0/50, HGE2/0/51
HGE2/0/52, HGE2/0/53
HGE2/0/54 (slot 2)
---------------------------------------------------------------------
Type Total Reserved Configured Remaining Usage
---------------------------------------------------------------------
TTI ACL 512 0 0 512 0%
IPCL0 ACL 2048 21 408 1619 20%
IPCL1 ACL 256 0 0 256 0%
IPCL2 ACL 256 32 0 224 12%
IPCL0 Counter 4096 19 408 3669 10%
IPCL1 Counter 1024 0 0 1024 0%
IPCL2 Counter 1024 30 0 994 2%
EPCL ACL 256 0 0 256 0%
EPCL Counter 1024 0 0 1024 0%
IPCL Meter 3072 2 0 3070 0%
EPCL Meter 4608 0 0 4608 0%
acl advanced 3011
rule 0 permit ip source 172.29.98.212 0 destination 222.9.9.193 0
rule 5 permit ip source 222.9.9.193 0 destination 172.29.98.212 0
acl advanced 3010
rule 0 permit ip source 172.29.98.212 0 destination 222.9.9.193 0
policy-based-route pbr98test permit node 10
if-match acl 3010
apply next-hop 172.29.99.2
interface Vlan-interface98
ip address 172.29.98.1 255.255.255.0
ip policy-based-route pbr98test
[DC-CORE]dis arp 172.29.99.2
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VLAN/VSI name Interface Aging Type
172.29.99.2 a41a-3af4-201b 99 BAGG2 796 D
[DC-CORE]dis arp 172.29.98.212
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VLAN/VSI name Interface Aging Type
172.29.98.212 0050-5690-ef49 98 BAGG11 1142 D
Aggregate Interface: Bridge-Aggregation2
Aggregation Mode: Static
Loadsharing Type: Shar
Management VLANs: None
Port Status Priority Oper-Key
XGE1/0/2(R) S 32768 1
XGE2/0/2 S 32768 1
Aggregate Interface: Bridge-Aggregation11
Aggregation Mode: Static
Loadsharing Type: Shar
Management VLANs: None
Port Status Priority Oper-Key
XGE1/0/11(R) S 32768 11
XGE2/0/11 S 32768 11
[DC-CORE]dis qos policy interface
Interface: Ten-GigabitEthernet1/0/2
Direction: Outbound
Policy: 1
Classifier: 1
Operator: AND
Rule(s) :
If-match acl 3011
Behavior: 1
Accounting enable:
0 (Packets)
Interface: Ten-GigabitEthernet1/0/11
Direction: Outbound
Policy: 1
Classifier: 1
Operator: AND
Rule(s) :
If-match acl 3011
Behavior: 1
Accounting enable:
3 (Packets)
Interface: Ten-GigabitEthernet2/0/2
Direction: Outbound
Policy: 1
Classifier: 1
Operator: AND
Rule(s) :
If-match acl 3011
Behavior: 1
Accounting enable:
0 (Packets)
Interface: Ten-GigabitEthernet2/0/11
Direction: Outbound
Policy: 1
Classifier: 1
Operator: AND
Rule(s) :
If-match acl 3011
Behavior: 1
Accounting enable:
0 (Packets)
- 2024-11-13提问
- 举报
-
(0)
看配置很多PBR都指定的下一跳是172.29.99.2,这些PBR都是能正常匹配的是吗
看着不像资源不够
#
policy-based-route lab permit node 10
if-match acl 3900
apply next-hop 172.29.99.2
#
policy-based-route lab-97 deny node 5
if-match acl name dc-localnet
#
policy-based-route lab-97 permit node 10
if-match acl name lab-97
apply next-hop 172.29.99.2
#
- 2024-11-13回答
- 评论(0)
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论