Friday , March 29 2024
Home / Tag Archives: PBR

Tag Archives: PBR

local PBR on Huawei AR routers

Some time ago I wrote about interface policy-based routing PBR. Today I will show you example of local PBR configuration on Huawei AR routers. Local PBR allows you to forward packets through different interfaces or to different hops. Unlike interface PBR, local PBR is used for locally generated packets and classifies packets based on source addresses or packet lengths.

Let’s look at the topology and configure as follows:

  1. Locally generated ICMP packets (with the size of 70-1300 bytes) will be sent to next hop IP address 172.16.0.2.
  2. Locally generated ICMP packets (with the size of 1301-1500 bytes) will be sent to outbound interface GE0/0/1.

Configure IP addresses and static routes to ensure connectivity between loopback interfaces of both routers:

Read More »

ACL and PBR on Huawei CX600

Access Control List ACL

There are five types of ACLs on Huawei devices. Taking CX600 into consideration there are:

  1. Basic ACL (number ranges from 2000 to 2999) classifies packets based on a source address
  2. Advanced ACL (number ranges from 3000 to 3999) source address, destination address, source port number, destination port number, and protocol type
  3. Interface-based ACL (number ranges from 1000 to 1999) classifies packets based on the interface from which the packets are received
  4. Ethernet Frame Header ACL (number ranges from 4000 to 4099) classifies packets based on source and destination MAC addresses
  5. User ACL (number ranges from 6000 to 9999) classifies packets based on user groups.

The rules order depends on rule ID and rule matching order. There are two matching orders:

  • Configuration order – ACL rules are matched based on their configuration order. Rules IDs can be configured by user or generated by system automatically according to ACL step. By default the system generates 5 as the first rule ID. So the next rule ID will be 10, 15 and so on. Anytime you can configure rule ID manually, for example rule 1 and this rule will be placed before 5. You do not have to delete the whole ACL. Each time you can delete a specific rule without deleting the whole ACL.
  • Automatic order – the most precise rule is taking as the first. This is implemented through the comparison of wildcard masks. The system assigns rule IDs automatically.

Read More »