Nesta página
Exemplo: Usando a política de roteamento em uma rede ISP
Este exemplo é um estudo de caso sobre como as políticas de roteamento podem ser usadas em uma rede de provedores de serviços de Internet (ISP) típica.
Requisitos
Nenhuma configuração especial além da inicialização do dispositivo é necessária antes de configurar este exemplo.
Visão geral
Neste exemplo de rede, o número AS do ISP é 64510. O ISP tem dois pares de trânsito (AS 64514 e AS 64515) aos quais se conecta em um ponto de troca. O ISP também está conectado a dois pares privados (AS 64513 e AS 64516) com os quais troca rotas de clientes específicas. O ISP tem dois clientes (AS 64511 e AS 64512).
As políticas de ISP estão configuradas em uma direção de saída. Ou seja, o exemplo se concentra nas rotas que o ISP anuncia para seus pares e clientes, e inclui o seguinte:
O ISP foi atribuído como 64510 e o espaço de roteamento de 172.16.32.0/21. Com exceção das duas redes de clientes, todas as outras rotas de clientes são simuladas com rotas estáticas.
Os pares de troca são usados para o serviço de trânsito para outras partes da Internet. Isso significa que o ISP está aceitando todas as rotas (a tabela completa de roteamento da Internet) desses pares BGP. Para ajudar a manter uma tabela otimizada de roteamento de Internet, o ISP está configurado para anunciar apenas duas rotas agregadas para os pares de trânsito.
Os administradores do ISP querem que todos os dados para os pares privados usem os links diretos. Como resultado, todas as rotas de clientes do ISP são anunciadas para esses pares privados. Esses pares então anunciam todas as suas rotas de clientes para o ISP.
Por fim, cada cliente tem um conjunto diferente de requisitos. O Cliente 1 requer uma rota padrão de singe. O Cliente 2 requer rotas específicas.
Definir comandos para todos os dispositivos na topologia
Configuração rápida da CLI
Para configurar este exemplo rapidamente, copie os seguintes comandos, cole-os em um arquivo de texto, remova qualquer quebra de linha, altere os detalhes necessários para combinar com a configuração da sua rede e, em seguida, copie e cole os comandos no CLI no nível de [edit]
hierarquia.
Dispositivo Cliente-1
set interfaces fe-1/2/3 unit 0 description to_ISP-3 set interfaces fe-1/2/3 unit 0 family inet address 10.1.0.6/30 set interfaces lo0 unit 0 family inet address 192.168.0.8/32 set protocols bgp group ext type external set protocols bgp group ext export send-statics set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.1.0.5 set policy-options policy-statement send-statics term static-routes from protocol static set policy-options policy-statement send-statics term static-routes then accept set routing-options static route 172.16.40.0/25 reject set routing-options static route 172.16.40.128/25 reject set routing-options static route 172.16.41.0/25 reject set routing-options static route 172.16.41.128/25 reject set routing-options autonomous-system 64511
Dispositivo Cliente-2
set interfaces fe-1/2/1 unit 0 description to_ISP-3 set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.10/30 set interfaces fe-1/2/0 unit 0 description to-Private-Peer-2 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.21/30 set interfaces lo0 unit 0 family inet address 192.168.0.9/32 set protocols bgp group ext type external set protocols bgp group ext import inbound-routes set protocols bgp group ext export outbound-routes set protocols bgp group ext neighbor 10.0.0.9 peer-as 64510 set protocols bgp group ext neighbor 10.0.0.22 peer-as 64516 set policy-options policy-statement inbound-routes term AS64510-primary from protocol bgp set policy-options policy-statement inbound-routes term AS64510-primary from as-path AS64510-routes set policy-options policy-statement inbound-routes term AS64510-primary then local-preference 200 set policy-options policy-statement inbound-routes term AS64510-primary then accept set policy-options policy-statement inbound-routes term AS64516-backup from protocol bgp set policy-options policy-statement inbound-routes term AS64516-backup from as-path AS64516-routes set policy-options policy-statement inbound-routes term AS64516-backup then local-preference 50 set policy-options policy-statement inbound-routes term AS64516-backup then accept set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set policy-options policy-statement outbound-routes term internal-bgp-routes from protocol bgp set policy-options policy-statement outbound-routes term internal-bgp-routes from as-path my-own-routes set policy-options policy-statement outbound-routes term internal-bgp-routes then accept set policy-options policy-statement outbound-routes term no-transit then reject set policy-options as-path my-own-routes "()" set policy-options as-path AS64510-routes "64510 .*" set policy-options as-path AS64516-routes "64516 .*" set routing-options static route 172.16.44.0/26 reject set routing-options static route 172.16.44.64/26 reject set routing-options static route 172.16.44.128/26 reject set routing-options static route 172.16.44.192/26 reject set routing-options autonomous-system 64512
ISP-1 do dispositivo
set interfaces fe-1/2/0 unit 0 description to_ISP-3 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.2/30 set interfaces fe-1/2/1 unit 0 description to_ISP-2 set interfaces fe-1/2/1 unit 0 family inet address 10.1.0.2/30 set interfaces fe-1/2/2 unit 0 description to_Private-Peer-1 set interfaces fe-1/2/2 unit 0 family inet address 10.2.0.2/30 set interfaces fe-1/2/3 unit 0 description to_Exchange-1 set interfaces fe-1/2/3 unit 0 family inet address 10.2.0.6/30 set interfaces lo0 unit 0 family inet address 192.168.0.1/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.1 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.2 set protocols bgp group int neighbor 192.168.0.3 set protocols bgp group to_64513 type external set protocols bgp group to_64513 export private-peer set protocols bgp group to_64513 peer-as 64513 set protocols bgp group to_64513 neighbor 10.2.0.1 set protocols bgp group to_64514 type external set protocols bgp group to_64514 export exchange-peer set protocols bgp group to_64514 peer-as 64514 set protocols bgp group to_64514 neighbor 10.2.0.5 set protocols ospf area 0.0.0.0 interface fe-1/2/0.0 set protocols ospf area 0.0.0.0 interface fe-1/2/1.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement exchange-peer term AS64510-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term AS64510-Aggregate from route-filter 172.16.32.0/21 exact set policy-options policy-statement exchange-peer term AS64510-Aggregate then accept set policy-options policy-statement exchange-peer term Customer-2-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term Customer-2-Aggregate from route-filter 172.16.40.0/22 exact set policy-options policy-statement exchange-peer term Customer-2-Aggregate then accept set policy-options policy-statement exchange-peer term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next-hop-self then next-hop self set policy-options policy-statement private-peer term statics from protocol static set policy-options policy-statement private-peer term statics then accept set policy-options policy-statement private-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement private-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement private-peer term isp-and-customer-routes then accept set policy-options policy-statement private-peer term reject-all then reject set routing-options static route 172.16.32.0/24 reject set routing-options static route 172.16.33.0/24 reject set routing-options aggregate route 172.16.32.0/21 set routing-options aggregate route 172.16.40.0/22 set routing-options router-id 192.168.0.1 set routing-options autonomous-system 64510
ISP-2 do dispositivo
set interfaces fe-1/2/1 unit 0 description to_ISP-1 set interfaces fe-1/2/1 unit 0 family inet address 10.1.0.1/30 set interfaces fe-1/2/2 unit 0 description to_ISP-3 set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.6/30 set interfaces fe-1/2/3 unit 0 description to_Private-Peer-2 set interfaces fe-1/2/3 unit 0 family inet address 10.3.0.6/30 set interfaces fe-1/2/0 unit 0 description to_Exchange-2 set interfaces fe-1/2/0 unit 0 family inet address 10.3.0.2/30 set interfaces lo0 unit 0 family inet address 192.168.0.2/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.2 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.1 set protocols bgp group int neighbor 192.168.0.3 set protocols bgp group AS-64516 type external set protocols bgp group AS-64516 export private-peer set protocols bgp group AS-64516 peer-as 64516 set protocols bgp group AS-64516 neighbor 10.3.0.5 set protocols bgp group AS-64515 type external set protocols bgp group AS-64515 export exchange-peer set protocols bgp group AS-64515 peer-as 64515 set protocols bgp group AS-64515 neighbor 10.3.0.1 set protocols ospf area 0.0.0.0 interface fe-1/2/2.0 set protocols ospf area 0.0.0.0 interface fe-1/2/1.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement exchange-peer term AS64510-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term AS64510-Aggregate from route-filter 172.16.32.0/21 exact set policy-options policy-statement exchange-peer term AS64510-Aggregate then accept set policy-options policy-statement exchange-peer term Customer-2-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term Customer-2-Aggregate from route-filter 172.16.44.0/23 exact set policy-options policy-statement exchange-peer term Customer-2-Aggregate then accept set policy-options policy-statement exchange-peer term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next-hop-self then next-hop self set policy-options policy-statement private-peer term statics from protocol static set policy-options policy-statement private-peer term statics then accept set policy-options policy-statement private-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement private-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement private-peer term isp-and-customer-routes then accept set policy-options policy-statement private-peer term reject-all then reject set routing-options static route 172.16.34.0/24 reject set routing-options static route 172.16.35.0/24 reject set routing-options aggregate route 172.16.44.0/23 set routing-options aggregate route 172.16.32.0/21 set routing-options router-id 192.168.0.2 set routing-options autonomous-system 64510
ISP-3 do dispositivo
set interfaces fe-1/2/0 unit 0 description to_ISP-1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.1/30 set interfaces fe-1/2/2 unit 0 description to_ISP-2 set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.5/30 set interfaces fe-1/2/3 unit 0 description to_Customer-1 set interfaces fe-1/2/3 unit 0 family inet address 10.1.0.5/30 set interfaces fe-1/2/1 unit 0 description to_Customer-2 set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.9/30 set interfaces lo0 unit 0 family inet address 192.168.0.3/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.3 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.1 set protocols bgp group int neighbor 192.168.0.2 set protocols bgp group to_64511 type external set protocols bgp group to_64511 export customer-1-peer set protocols bgp group to_64511 neighbor 10.1.0.6 peer-as 64511 set protocols bgp group to_64512 type external set protocols bgp group to_64512 export customer-2-peer set protocols bgp group to_64512 neighbor 10.0.0.10 peer-as 64512 set protocols ospf area 0.0.0.0 interface fe-1/2/0.0 set protocols ospf area 0.0.0.0 interface fe-1/2/2.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement customer-1-peer term defaut-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement customer-1-peer term defaut-route then accept set policy-options policy-statement customer-1-peer term reject-all-other-routes then reject set policy-options policy-statement customer-2-peer term statics from protocol static set policy-options policy-statement customer-2-peer term statics then accept set policy-options policy-statement customer-2-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement customer-2-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement customer-2-peer term isp-and-customer-routes then accept set policy-options policy-statement customer-2-peer term default-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement customer-2-peer term default-route then accept set policy-options policy-statement customer-2-peer term reject-all-other-routes then reject set policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes from route-filter 172.16.8.0/21 exact set policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes then accept set policy-options policy-statement if-upstream-routes-exist term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next then next-hop self set routing-options static route 172.16.36.0/24 reject set routing-options static route 172.16.37.0/24 reject set routing-options static route 172.16.38.0/24 reject set routing-options static route 172.16.39.0/24 reject set routing-options generate route 0.0.0.0/0 policy if-upstream-routes-exist set routing-options router-id 192.168.0.3 set routing-options autonomous-system 64510
Troca de dispositivos-1
set interfaces fe-1/2/3 unit 0 description to_ISP-1 set interfaces fe-1/2/3 unit 0 family inet address 10.2.0.5/30 set interfaces fe-1/2/2 unit 0 description to_Exchange-2 set interfaces fe-1/2/2 unit 0 family inet address 10.3.0.42/30 set interfaces fe-1/2/1 unit 0 description to_Private-Peer-1 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.45/30 set interfaces lo0 unit 0 family inet address 192.168.0.6/32 set protocols bgp group ext type external set protocols bgp group ext export send-static set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.2.0.6 set protocols bgp group ext neighbor 10.3.0.41 peer-as 64515 set policy-options policy-statement send-static from protocol static set policy-options policy-statement send-static then accept set routing-options static route 172.16.8.0/21 reject set routing-options autonomous-system 64514
Troca de dispositivos-2
set interfaces fe-1/2/0 unit 0 description to_ISP-2 set interfaces fe-1/2/0 unit 0 family inet address 10.3.0.1/30 set interfaces fe-1/2/2 unit 0 description to_Exchange-1 set interfaces fe-1/2/2 unit 0 family inet address 10.3.0.41/30 set interfaces fe-1/2/1 unit 0 description to_Private-Peer-2 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.49/30 set interfaces lo0 unit 0 family inet address 192.168.0.7/32 set protocols bgp group ext type external set protocols bgp group ext export outbound-routes set protocols bgp group ext neighbor 10.3.0.2 peer-as 64510 set protocols bgp group ext neighbor 10.3.0.50 peer-as 64516 set protocols bgp group ext neighbor 10.3.0.42 peer-as 64514 set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set routing-options autonomous-system 64515 set routing-options static route 172.16.16.0/21 reject
Dispositivo private-peer-1
set interfaces fe-1/2/2 unit 0 description to_ISP-1 set interfaces fe-1/2/2 unit 0 family inet address 10.2.0.1/30 set interfaces fe-1/2/1 unit 0 description to_Exchange-1 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.46/30 set interfaces lo0 unit 0 family inet address 192.168.0.4/32 set protocols bgp group ext type external set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.2.0.2 set routing-options autonomous-system 64513
Dispositivo private-peer-2
set interfaces fe-1/2/3 unit 0 description to_ISP-2 set interfaces fe-1/2/3 unit 0 family inet address 10.3.0.5/30 set interfaces fe-1/2/0 unit 0 description to_Customer-1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.22/30 set interfaces fe-1/2/1 unit 0 description to_Exchange-2 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.50/30 set interfaces lo0 unit 0 family inet address 192.168.0.5/32 set protocols bgp group ext type external set protocols bgp group ext export outbound-routes set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.3.0.6 set protocols bgp group to-64512 type external set protocols bgp group to-64512 peer-as 64512 set protocols bgp group to-64512 neighbor 10.0.0.21 set protocols bgp group to-64512 export internal-routes set protocols bgp group to-64515 type external set protocols bgp group to-64515 export outbound-routes set protocols bgp group to-64515 peer-as 64515 set protocols bgp group to-64515 neighbor 10.3.0.49 set policy-options policy-statement if-upstream-routes-exist term as-64515-routes from route-filter 172.16.16.0/21 exact set policy-options policy-statement if-upstream-routes-exist term as-64515-routes then accept set policy-options policy-statement if-upstream-routes-exist term reject-all-other-routes then reject set policy-options policy-statement internal-routes term statics from protocol static set policy-options policy-statement internal-routes term statics then accept set policy-options policy-statement internal-routes term default-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement internal-routes term default-route then accept set policy-options policy-statement internal-routes term reject-all-other-routes then reject set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set policy-options policy-statement outbound-routes term allowed-bgp-routes from as-path my-own-routes set policy-options policy-statement outbound-routes term allowed-bgp-routes from as-path AS64512-routes set policy-options policy-statement outbound-routes term allowed-bgp-routes then accept set policy-options policy-statement outbound-routes term no-transit then reject set policy-options as-path my-own-routes "()" set policy-options as-path AS64512-routes 64512 set routing-options static route 172.16.24.0/25 reject set routing-options static route 172.16.24.128/25 reject set routing-options static route 172.16.25.0/26 reject set routing-options static route 172.16.25.64/26 reject set routing-options generate route 0.0.0.0/0 policy if-upstream-routes-exist set routing-options autonomous-system 64516
Configuração do dispositivo Cliente 1
Procedimento
Procedimento passo a passo
O exemplo a seguir exige que você navegue por vários níveis na hierarquia de configuração. Para obter informações sobre como navegar na CLI, veja Use o editor de CLI no modo de configuração no Guia de usuário do Junos OS CLI.
O dispositivo Customer-1 tem várias rotas estáticas configuradas para simular rotas de clientes. Essas rotas são enviadas para o ISP.
Para configurar o dispositivo Cliente-1:
Configure as interfaces do dispositivo.
[edit interfaces] user@Customer-1# set fe-1/2/3 unit 0 description to_ISP-3 user@Customer-1# set fe-1/2/3 unit 0 family inet address 10.1.0.6/30 user@Customer-1# set lo0 unit 0 family inet address 192.168.0.8/32
Configure as rotas estáticas.
[edit routing-options static] user@Customer-1# set route 172.16.40.0/25 reject user@Customer-1# set route 172.16.40.128/25 reject user@Customer-1# set route 172.16.41.0/25 reject user@Customer-1# set route 172.16.41.128/25 reject
Configure a política para enviar rotas estáticas.
[edit policy-options policy-statement send-statics term static-routes] user@Customer-1# set from protocol static user@Customer-1# set then accept
Configure a conexão BGP externa (EBGP) com o ISP.
[edit protocols bgp group ext] user@Customer-1# set type external user@Customer-1# set export send-statics user@Customer-1# set peer-as 64510 user@Customer-1# set neighbor 10.1.0.5
Configure o número do sistema autônomo (AS).
[edit routing-options] user@Customer-1# set autonomous-system 64511
Resultados
A partir do modo de configuração, confirme sua configuração entrando noshow interfaces
, show protocols
show policy-options
e show routing-options
comandos. Se a saída não exibir a configuração pretendida, repita as instruções neste exemplo para corrigir a configuração.
user@Customer-1# show interfaces fe-1/2/1 { unit 0 { description to_ISP-3; family inet { address 10.1.0.6/30; } } } lo0 { unit 0 { family inet { address 192.168.0.8/32; } } }
user@Customer-1# show protocols bgp { group ext { type external; export send-statics; peer-as 64510; neighbor 10.1.0.5; } }
user@Customer-1# show policy-options policy-statement send-statics { term static-routes { from protocol static; then accept; } }
user@Customer-1# show routing-options static { route 172.16.40.0/25 reject; route 172.16.40.128/25 reject; route 172.16.41.0/25 reject; route 172.16.41.128/25 reject; } autonomous-system 64511;
Se você terminar de configurar o dispositivo, entre no commit
modo de configuração.
Configuração do dispositivo Cliente 2
Procedimento
Procedimento passo a passo
O exemplo a seguir exige que você navegue por vários níveis na hierarquia de configuração. Para obter informações sobre como navegar na CLI, veja Use o editor de CLI no modo de configuração no Guia de usuário do Junos OS CLI.
O dispositivo Customer-2 tem duas rotas estáticas configuradas para simular rotas de clientes. Essas rotas são enviadas para o ISP. O Customer-2 tem um link para o ISP, bem como um link para o AS 8000. Esse cliente solicitou rotas de clientes específicas do ISP, bem como do AS 64516. O Cliente 2 quer usar o ISP para o serviço de trânsito para a Internet, e solicitou uma rota padrão do ISP.
Para configurar o dispositivo Customer-2:
Configure as interfaces do dispositivo.
[edit interfaces] user@Customer-2# set fe-1/2/1 unit 0 description to_ISP-3 user@Customer-2# set fe-1/2/1 unit 0 family inet address 10.0.0.10/30 user@Customer-2# set fe-1/2/0 unit 0 description to-Private-Peer-2 user@Customer-2# set fe-1/2/0 unit 0 family inet address 10.0.0.21/30 user@Customer-2# set lo0 unit 0 family inet address 192.168.0.9/32
Configure as rotas estáticas.
[edit routing-options static] user@Customer-2# set route 172.16.44.0/26 reject user@Customer-2# set route 172.16.44.64/26 reject user@Customer-2# set route 172.16.44.128/26 reject user@Customer-2# set route 172.16.44.192/26 reject
Configure a política de roteamento de importação.
A rota com o mais alto valor de preferência local é preferida. As rotas do ISP são preferidas nas mesmas rotas do dispositivo Private-Peer-2
[edit policy-options policy-statement inbound-routes] user@Customer-2# set term AS64510-primary from protocol bgp user@Customer-2# set term AS64510-primary from as-path AS64510-routes user@Customer-2# set term AS64510-primary then local-preference 200 user@Customer-2# set term AS64510-primary then accept [edit policy-options policy-statement inbound-routes] user@Customer-2# set term AS64516-backup from protocol bgp user@Customer-2# set term AS64516-backup from as-path AS64516-routes user@Customer-2# set term AS64516-backup then local-preference 50 user@Customer-2# set term AS64516-backup then accept [edit policy-options] user@Customer-2# set as-path AS64510-routes "64510 .*" user@Customer-2# set as-path AS64516-routes "64516 .*"
Configure a política de roteamento de exportação.
[edit policy-options policy-statement outbound-routes] user@Customer-2# set term statics from protocol static user@Customer-2# set term statics then accept user@Customer-2# set term internal-bgp-routes from protocol bgp user@Customer-2# set term internal-bgp-routes from as-path my-own-routes user@Customer-2# set term internal-bgp-routes then accept user@Customer-2# set term no-transit then reject [edit policy-options] user@Customer-2# set as-path my-own-routes "()"
Configure a conexão BGP (EBGP) externa ao ISP e ao dispositivo Private-Peer-2.
[edit protocols bgp group ext] user@Customer-2# set type external user@Customer-2# set import inbound-routes user@Customer-2# set export outbound-routes user@Customer-2# set neighbor 10.0.0.9 peer-as 64510 user@Customer-2# set neighbor 10.0.0.22 peer-as 64516
Configure o número do sistema autônomo (AS).
[edit routing-options] user@Customer-2# set autonomous-system 64512
Resultados
A partir do modo de configuração, confirme sua configuração entrando noshow interfaces
, show protocols
show policy-options
e show routing-options
comandos. Se a saída não exibir a configuração pretendida, repita as instruções neste exemplo para corrigir a configuração.
user@Customer-2# show interfaces fe-1/2/1 { unit 0 { description to_ISP-3; family inet { address 10.0.0.10/30; } } } fe-1/2/0 { unit 0 { description to-Private-Peer-2; family inet { address 10.0.0.21/30; } } } lo0 { unit 0 { family inet { address 192.168.0.9/32; } } }
user@Customer-2# show protocols bgp { group ext { type external; import inbound-routes; export outbound-routes; neighbor 10.0.0.9 { peer-as 64510; } neighbor 10.0.0.22 { peer-as 64516; } } }
user@Customer-2# show policy-options policy-statement inbound-routes { term AS64510-primary { from { protocol bgp; as-path AS64510-routes; } then { local-preference 200; accept; } } term AS64516-backup { from { protocol bgp; as-path AS64516-routes; } then { local-preference 50; accept; } } } policy-statement outbound-routes { term statics { from protocol static; then accept; } term internal-bgp-routes { from { protocol bgp; as-path my-own-routes; } then accept; } term no-transit { then reject; } } as-path my-own-routes "()"; as-path AS64510-routes "64510 .*"; as-path AS64516-routes "64516 .*";
user@Customer-2# show routing-options static { route 172.16.44.0/26 reject; route 172.16.44.64/26 reject; route 172.16.44.128/26 reject; route 172.16.44.192/26 reject; } autonomous-system 64512;
Se você terminar de configurar o dispositivo, entre no commit
modo de configuração.
Configuração de dispositivos ISP-1 e ISP-2
Procedimento
Procedimento passo a passo
O exemplo a seguir exige que você navegue por vários níveis na hierarquia de configuração. Para obter informações sobre como navegar na CLI, veja Use o editor de CLI no modo de configuração no Guia de usuário do Junos OS CLI.
O ISP-1 do dispositivo e o ISP-2 do dispositivo têm duas políticas configuradas: A private-peer
política e a exchange-peer
política. Devido a configurações semelhantes, este exemplo mostra a configuração passo a passo apenas para o dispositivo ISP-2.
No DISPOSITIVO ISP-2, a política de peer privado envia as rotas de clientes ISP para o dispositivo Private-Peer-2. A política aceita todas as rotas estáticas locais (clientes ISP-2 de dispositivo local) e todas as rotas BGP na faixa 172.16.32.0/21 (anunciada por outros roteadores ISP). Esses dois termos de política representam as rotas de clientes ISP. O termo de política final rejeita todas as outras rotas, o que inclui toda a tabela de roteamento da Internet enviada pelos pares de intercâmbio. Essas rotas não precisam ser enviadas ao dispositivo Private-Peer-2 por dois motivos:
O peer já mantém uma conexão com o Intercâmbio de dispositivos-2 em nosso exemplo, de modo que as rotas são redundantes.
O peer privado quer apenas rotas para clientes. A
private-peer
política cumpre esse objetivo. Aexchange-peer
política envia rotas para a Troca de Dispositivos-2.
No exemplo, apenas duas rotas precisam ser enviadas para a Troca de Dispositivos-2:
A rota agregada que representa o espaço de roteamento AS 64510 de 172.16.32.0/21. Essa rota é configurada como uma rota agregada localmente e é anunciada pela
exchange-peer
política.O espaço de endereço atribuído ao Cliente-2, 172.16.44.0/23. Essa rota agregada menor precisa ser enviada para a Troca de Dispositivos-2 porque o cliente também está vinculado ao peer AS 64516 (Dispositivo Private-Peer-2).
O envio dessas duas rotas para o Intercâmbio de dispositivos-2 permite que outras redes na Internet cheguem ao cliente através do ISP ou do peer privado. Se apenas o peer privado anunciasse a rede /23, enquanto o ISP mantinha apenas seu /21 agregado, todo o tráfego destinado ao cliente transitaria apenas como 64516. Como o cliente também quer rotas a partir do ISP, a rota 172.16.44.0/23 é anunciada pelo dispositivo ISP-2. Como a rota agregada maior, a rota 172.16.44.0/23 é configurada localmente e é anunciada pela política de peer de intercâmbio. O termo final dessa política rejeita todas as rotas, incluindo as redes de clientes específicas do ISP, as rotas de clientes do Dispositivo Private-Peer-1, as rotas de clientes do Dispositivo Private-Peer-2 e a tabela de roteamento do Device Exchange-1. Em essência, este termo final impede que o ISP realize serviços de trânsito para a Internet em geral.
Para configurar o ISP-2 do dispositivo:
Configure as interfaces do dispositivo.
[edit interfaces] user@ISP-2# set fe-1/2/1 unit 0 description to_ISP-1 user@ISP-2# set fe-1/2/1 unit 0 family inet address 10.1.0.1/30 user@ISP-2# set fe-1/2/2 unit 0 description to_ISP-3 user@ISP-2# set fe-1/2/2 unit 0 family inet address 10.0.0.6/30 user@ISP-2# set fe-1/2/3 unit 0 description to_Private-Peer-2 user@ISP-2# set fe-1/2/3 unit 0 family inet address 10.3.0.6/30 user@ISP-2# set fe-1/2/0 unit 0 description to_Exchange-2 user@ISP-2# set fe-1/2/0 unit 0 family inet address 10.3.0.2/30 user@ISP-2# set lo0 unit 0 family inet address 192.168.0.2/32
Configure o protocolo de gateway interior (IGP).
[edit protocols ospf area 0.0.0.0] user@ISP-2# set interface fe-1/2/2.0 user@ISP-2# set interface fe-1/2/1.0 user@ISP-2# set interface lo0.0 passive
Configure as rotas estáticas e agregadas.
[edit routing-options static] user@ISP-2# set route 172.16.34.0/24 reject user@ISP-2# set route 172.16.35.0/24 reject [edit routing-options aggregate] user@ISP-2# set route 172.16.44.0/23 user@ISP-2# set route 172.16.32.0/21
Configure as políticas de roteamento para os pares de intercâmbio.
[edit policy-options policy-statement exchange-peer] user@ISP-2# set term AS64510-Aggregate from protocol aggregate user@ISP-2# set term AS64510-Aggregate from route-filter 172.16.32.0/21 exact user@ISP-2# set term AS64510-Aggregate then accept user@ISP-2# set term Customer-2-Aggregate from protocol aggregate user@ISP-2# set term Customer-2-Aggregate from route-filter 172.16.44.0/23 exact user@ISP-2# set term Customer-2-Aggregate then accept user@ISP-2# set term reject-all-other-routes then reject
Configure as políticas de roteamento para os pares internos.
[edit policy-options policy-statement internal-peers] user@ISP-2# set term statics from protocol static user@ISP-2# set term statics then accept user@ISP-2# set term next-hop-self then next-hop self
Configure as políticas de roteamento para o peer privado.
[edit policy-options policy-statement private-peer] user@ISP-2# set term statics from protocol static user@ISP-2# set term statics then accept user@ISP-2# set term isp-and-customer-routes from protocol bgp user@ISP-2# set term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger user@ISP-2# set term isp-and-customer-routes then accept user@ISP-2# set term reject-all then reject
Configure as conexões BGP internas (IBGP) com os outros dispositivos ISP.
[edit protocols bgp group int] user@ISP-2# set type internal user@ISP-2# set local-address 192.168.0.2 user@ISP-2# set export internal-peers user@ISP-2# set neighbor 192.168.0.1 user@ISP-2# set neighbor 192.168.0.3
Configure as conexões EBGP para o peer de intercâmbio e para o peer privado.
[edit protocols bgp group AS-64516] user@ISP-2# set type external user@ISP-2# set export private-peer user@ISP-2# set peer-as 64516 user@ISP-2# set neighbor 10.3.0.5 [edit protocols bgp group AS-64515] user@ISP-2# set type external user@ISP-2# set export exchange-peer user@ISP-2# set peer-as 64515 user@ISP-2# set neighbor 10.3.0.1
Configure o número do sistema autônomo (AS) e o ID do roteador.
[edit routing-options] user@ISP-2# set router-id 192.168.0.2 user@ISP-2# set autonomous-system 64510
Resultados
A partir do modo de configuração, confirme sua configuração entrando noshow interfaces
, show protocols
show policy-options
e show routing-options
comandos. Se a saída não exibir a configuração pretendida, repita as instruções neste exemplo para corrigir a configuração.
user@ISP-2# show interfaces fe-1/2/0 { unit 0{ description to_Exchange-2; family inet { address 10.3.0.2/30; } } } fe-1/2/1 { unit 0{ description to_ISP-1; family inet { address 10.1.0.1/30; } } } fe-1/2/2 { unit 0 { description to_ISP-3; family inet { address 10.0.0.6/30; } } } fe-1/2/3 { unit 0 { description to_Private-Peer-2; family inet { address 10.3.0.6/30; } } } lo0 { unit 0 { family inet { address 192.168.0.2/32; } } }
user@ISP-2# show protocols bgp { group int { type internal; local-address 192.168.0.2; export internal-peers; neighbor 192.168.0.1; neighbor 192.168.0.3; } group AS-64516 { type external; export private-peer; peer-as 64516; neighbor 10.3.0.5; } group AS-64515 { type external; export exchange-peer; peer-as 64515; neighbor 10.3.0.1; } } ospf { area 0.0.0.0 { interface fe-1/2/2.0; interface fe-1/2/1.0; interface lo0.0 { passive; } } }
user@ISP-2# show policy-options policy-statement exchange-peer { term AS64510-Aggregate { from { protocol aggregate; route-filter 172.16.32.0/21 exact; } then accept; } term Customer-2-Aggregate { from { protocol aggregate; route-filter 172.16.44.0/23 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement internal-peers { term statics { from protocol static; then accept; } term next-hop-self { then { next-hop self; } } } policy-statement private-peer { term statics { from protocol static; then accept; } term isp-and-customer-routes { from { protocol bgp; route-filter 172.16.32.0/21 orlonger; } then accept; } term reject-all { then reject; } }
user@ISP-2# show routing-options static { route 172.16.34.0/24 reject; route 172.16.35.0/24 reject; } aggregate { route 172.16.44.0/23; route 172.16.32.0/21; } router-id 192.168.0.2; autonomous-system 64510;
Se você terminar de configurar o dispositivo, entre no commit
modo de configuração.
Configuração do dispositivo ISP-3
Procedimento
Procedimento passo a passo
O exemplo a seguir exige que você navegue por vários níveis na hierarquia de configuração. Para obter informações sobre como navegar na CLI, veja Use o editor de CLI no modo de configuração no Guia de usuário do Junos OS CLI.
No DISPOSITIVO ISP-3, uma política separada está em vigor para cada cliente. A rota padrão para o Cliente 1 está sendo enviada pela customer-1-peer
política. Essa política encontra a rota padrão 0.0.0.0/0 em inet.0 e a aceita. A política também rejeita todas as outras rotas, não enviando assim todas as rotas BGP no roteador ISP. A customer-2-peer
política é para o Cliente-2 e contém os mesmos termos de política, que também enviam a rota padrão e nenhuma outra rota BGP de trânsito. Os termos adicionais da customer-2-peer
política enviam as rotas de clientes ISP para o Cliente 2. Como existem rotas estáticas locais no dispositivo ISP-3 que representam clientes locais, essas rotas são enviadas, bem como todas as outras rotas internas anunciadas ao roteador local pelos outros roteadores ISP.
Se a rota upstream da Troca de Dispositivos-1 (172.16.8.0/21) estiver presente, o dispositivo ISP-3 gera uma rota padrão.
Para configurar o ISP-3 do dispositivo:
Configure as interfaces do dispositivo.
[edit interfaces] user@ISP-3# set fe-1/2/0 unit 0 description to_ISP-1 user@ISP-3# set fe-1/2/0 unit 0 family inet address 10.0.0.1/30 user@ISP-3# set fe-1/2/2 unit 0 description to_ISP-2 user@ISP-3# set fe-1/2/2 unit 0 family inet address 10.0.0.5/30 user@ISP-3# set fe-1/2/3 unit 0 description to_Customer-1 user@ISP-3# set fe-1/2/3 unit 0 family inet address 10.1.0.5/30 user@ISP-3# set fe-1/2/1 unit 0 description to_Customer-2 user@ISP-3# set fe-1/2/1 unit 0 family inet address 10.0.0.9/30 user@ISP-3# set lo0 unit 0 family inet address 192.168.0.3/32
Configure o protocolo de gateway interior (IGP).
[edit protocols ospf area 0.0.0.0] user@ISP-3# set interface fe-1/2/0.0 user@ISP-3# set interface fe-1/2/2.0 user@ISP-3# set interface lo0.0 passive
Configure as rotas estáticas.
[edit routing-options static] user@ISP-3# set route 172.16.36.0/24 reject user@ISP-3# set route 172.16.37.0/24 reject user@ISP-3# set route 172.16.38.0/24 reject user@ISP-3# set route 172.16.39.0/24 reject
Configure uma política de roteamento que gere uma rota estática padrão apenas se existir uma determinada rota upstream.
[edit policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes] user@ISP-3# set from route-filter 172.16.8.0/21 exact user@ISP-3# set then accept [edit policy-options policy-statement if-upstream-routes-exist] user@ISP-3# set term reject-all-other-routes then reject [edit routing-options generate route 0.0.0.0/0] user@ISP-3# set policy if-upstream-routes-exist
Configure a política de roteamento para o Cliente 1.
[edit policy-options policy-statement customer-1-peer] user@ISP-3# set term defaut-route from route-filter 0.0.0.0/0 exact user@ISP-3# set term defaut-route then accept user@ISP-3# set term reject-all-other-routes then reject
Configure a política de roteamento para o Cliente 2.
[edit policy-options policy-statement customer-2-peer] user@ISP-3# set term statics from protocol static user@ISP-3# set term statics then accept user@ISP-3# set term isp-and-customer-routes from protocol bgp user@ISP-3# set term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger user@ISP-3# set term isp-and-customer-routes then accept user@ISP-3# set term default-route from route-filter 0.0.0.0/0 exact user@ISP-3# set term default-route then accept user@ISP-3# set term reject-all-other-routes then reject
Configure as políticas de roteamento para os pares internos.
[edit policy-options policy-statement internal-peers] user@ISP-3# set term statics from protocol static user@ISP-3# set term statics then accept user@ISP-3# set term next then next-hop self
Configure as conexões BGP internas (IBGP) com os outros dispositivos ISP.
[edit protocols bgp group int] user@ISP-3# set type internal user@ISP-3# set local-address 192.168.0.3 user@ISP-3# set export internal-peers user@ISP-3# set neighbor 192.168.0.1 user@ISP-3# set neighbor 192.168.0.2
Configure as conexões EBGP com os pares do cliente.
[edit protocols bgp group to_64511] user@ISP-3# set type external user@ISP-3# set export customer-1-peer user@ISP-3# set neighbor 10.1.0.6 peer-as 64511 [edit protocols bgp group to_64512] user@ISP-3# set type external user@ISP-3# set export customer-2-peer user@ISP-3# set neighbor 10.0.0.10 peer-as 64512
Configure o número do sistema autônomo (AS) e o ID do roteador.
[edit routing-options] user@ISP-3# set router-id 192.168.0.3 user@ISP-3# set autonomous-system 64510
Resultados
A partir do modo de configuração, confirme sua configuração entrando noshow interfaces
, show protocols
show policy-options
e show routing-options
comandos. Se a saída não exibir a configuração pretendida, repita as instruções neste exemplo para corrigir a configuração.
user@ISP-3# show interfaces fe-1/2/0 { unit 0 { description to_ISP-1; family inet { address 10.0.0.1/30; } } } fe-1/2/1 { unit 0 { description to_Customer-2; family inet { address 10.0.0.9/30; } } } fe-1/2/2 { unit 0 { description to_ISP-2; family inet { address 10.0.0.5/30; } } } fe-1/2/3 { unit 0 { description to_Customer-1; family inet { address 10.1.0.5/30; } } } lo0 { unit 0 { family inet { address 192.168.0.3/32; } } }
user@ISP-3# show protocols bgp { group int { type internal; local-address 192.168.0.3; export internal-peers; neighbor 192.168.0.1; neighbor 192.168.0.2; } group to_64511 { type external; export customer-1-peer; neighbor 10.1.0.6 { peer-as 64511; } } group to_64512 { type external; export customer-2-peer; neighbor 10.0.0.10 { peer-as 64512; } } } ospf { area 0.0.0.0 { interface fe-1/2/0.0; interface fe-1/2/2.0; interface lo0.0 { passive; } } }
user@ISP-3# show policy-options policy-statement customer-1-peer { term defaut-route { from { route-filter 0.0.0.0/0 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement customer-2-peer { term statics { from protocol static; then accept; } term isp-and-customer-routes { from { protocol bgp; route-filter 172.16.32.0/21 orlonger; } then accept; } term default-route { from { route-filter 0.0.0.0/0 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement if-upstream-routes-exist { term only-certain-contributing-routes { from { route-filter 172.16.8.0/21 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement internal-peers { term statics { from protocol static; then accept; } term next { then { next-hop self; } } }
user@ISP-3# show routing-options static { route 172.16.36.0/24 reject; route 172.16.37.0/24 reject; route 172.16.38.0/24 reject; route 172.16.39.0/24 reject; } generate { route 0.0.0.0/0 policy if-upstream-routes-exist; } router-id 192.168.0.3; autonomous-system 64510;
Se você terminar de configurar o dispositivo, entre no commit
modo de configuração.
Configuração da troca de dispositivos-2
Procedimento
Procedimento passo a passo
O exemplo a seguir exige que você navegue por vários níveis na hierarquia de configuração. Para obter informações sobre como navegar na CLI, veja Use o editor de CLI no modo de configuração no Guia de usuário do Junos OS CLI.
O Intercâmbio de dispositivos-2 troca todas as rotas BGP com todos os pares BGP. A política de rotas de saída para o Device Exchange-2 anuncia rotas estáticas definidas localmente usando BGP. A exclusão de um termo final then reject
faz com que a política de exportação BGP padrão entre em vigor, que é enviar todas as rotas BGP para todos os pares BGP externos.
Para configurar a troca de dispositivos-2:
Configure as interfaces do dispositivo.
[edit interfaces] user@Exchange-2# set fe-1/2/0 unit 0 description to_ISP-2 user@Exchange-2# set fe-1/2/0 unit 0 family inet address 10.3.0.1/30 user@Exchange-2# set fe-1/2/2 unit 0 description to_Exchange-1 user@Exchange-2# set fe-1/2/2 unit 0 family inet address 10.3.0.41/30 user@Exchange-2# set fe-1/2/1 unit 0 description to_Private-Peer-2 user@Exchange-2# set fe-1/2/1 unit 0 family inet address 10.3.0.49/30 user@Exchange-2# set lo0 unit 0 family inet address 192.168.0.7/32
Configure as rotas estáticas.
[edit routing-options static] set route 172.16.16.0/21 reject
Configure uma política de roteamento que gere uma rota estática padrão apenas se determinadas rotas internas existirem.
[edit policy-options policy-statement outbound-routes term statics] user@Exchange-2# set from protocol static user@Exchange-2# set then accept
Configure as conexões EBGP com os pares do cliente.
[edit protocols bgp group ext] user@Exchange-2# set type external user@Exchange-2# set export outbound-routes user@Exchange-2# set neighbor 10.3.0.2 peer-as 64510 user@Exchange-2# set neighbor 10.3.0.50 peer-as 64516 user@Exchange-2# set neighbor 10.3.0.42 peer-as 64514
Configure o número do sistema autônomo (AS).
[edit routing-options] user@Exchange-2# set autonomous-system 64515
Resultados
A partir do modo de configuração, confirme sua configuração entrando noshow interfaces
, show protocols
show policy-options
e show routing-options
comandos. Se a saída não exibir a configuração pretendida, repita as instruções neste exemplo para corrigir a configuração.
user@Exchange-2 show interfaces fe-1/2/0 { unit 0 { description to_ISP-2; family inet { address 10.3.0.1/30; } } } fe-1/2/1 { unit 0 { description to_Private-Peer-2; family inet { address 10.3.0.49/30; } } } fe-1/2/2 { unit 0 { description to_Exchange-1; family inet { address 10.3.0.41/30; } } } lo0 { unit 0 { family inet { address 192.168.0.7/32; } } }
user@Exchange-2# show protocols bgp { group ext { type external; export outbound-routes; neighbor 10.3.0.2 { peer-as 64510; } neighbor 10.3.0.50 { peer-as 64516; } neighbor 10.3.0.42 { peer-as 64514; } } }
user@Exchange-2# show policy-options policy-statement outbound-routes { term statics { from protocol static; then accept; } }
user@Exchange-2# show routing-options static { route 172.16.16.0/21 reject; } autonomous-system 64515;
Se você terminar de configurar o dispositivo, entre no commit
modo de configuração.
Configuração do dispositivo private-peer-2
Procedimento
Procedimento passo a passo
O exemplo a seguir exige que você navegue por vários níveis na hierarquia de configuração. Para obter informações sobre como navegar na CLI, veja Use o editor de CLI no modo de configuração no Guia de usuário do Junos OS CLI.
O dispositivo Private-Peer-2 executa duas funções principais:
Anuncia rotas locais para AS 64516 tanto para os pares de intercâmbio quanto para os roteadores ISP. A
outbound-routes
política anuncia as rotas estáticas locais (ou seja, clientes) no roteador, e também anuncia todas as rotas aprendidas pelo BGP que se originaram no AS 64516 ou AS 64512. Essas rotas incluem outras rotas de clientes AS 64516, além do cliente AS 64512. As rotas AS são identificadas por critérios regulares de correspondência de expressão de caminho AS na política.Anuncia a rota padrão de 0.0.0.0/0 para o roteador de clientes AS 64512. Para isso, o peer privado cria uma rota gerada para 0,0.0.0/0 localmente no roteador. Essa rota gerada recebe ainda uma política chamada
if-upstream-routes-exist
, que permite que apenas determinadas rotas contribuam para a rota gerada, tornando-a uma rota ativa na tabela de roteamento. Assim que a rota estiver ativa, ela pode ser enviada ao roteador AS 64512 usando BGP e as políticas configuradas. Aif-upstream-routes-exist
política aceita apenas a rota 172.16.32.0/21 da Troca de Dispositivos-2, e rejeita todas as outras rotas. Se a rota 172.16.32.0/21 for retirada pelo peer de intercâmbio, o peer privado perde a rota padrão de 0,0,0,0/0/0 e retira a rota padrão do roteador de clientes AS 64512.
Para configurar o dispositivo private-peer-2:
Configure as interfaces do dispositivo.
[edit interfaces] user@Private-Peer-2# set fe-1/2/3 unit 0 description to_ISP-2 user@Private-Peer-2# set fe-1/2/3 unit 0 family inet address 10.3.0.5/30 user@Private-Peer-2# set fe-1/2/0 unit 0 description to_Customer-1 user@Private-Peer-2# set fe-1/2/0 unit 0 family inet address 10.0.0.22/30 user@Private-Peer-2# set fe-1/2/1 unit 0 description to_Exchange-2 user@Private-Peer-2# set fe-1/2/1 unit 0 family inet address 10.3.0.50/30 user@Private-Peer-2# set lo0 unit 0 family inet address 192.168.0.5/32
Configure as rotas estáticas.
[edit routing-options static] user@Private-Peer-2# set route 172.16.24.0/25 reject user@Private-Peer-2# set route 172.16.24.128/25 reject user@Private-Peer-2# set route 172.16.25.0/26 reject user@Private-Peer-2# set route 172.16.25.64/26 reject
Configure uma política de roteamento que gere uma rota estática padrão apenas se determinadas rotas internas existirem.
[edit policy-options policy-statement if-upstream-routes-exist] user@Private-Peer-2# set term as-64515-routes from route-filter 172.16.16.0/21 exact user@Private-Peer-2# set term as-64515-routes then accept user@Private-Peer-2# set term reject-all-other-routes then reject [edit routing-options generate route 0.0.0.0/0] user@Private-Peer-2# set policy if-upstream-routes-exist
Configure a política de roteamento que anuncia rotas estáticas locais e a rota padrão.
[edit policy-options policy-statement internal-routes] user@Private-Peer-2# set term statics from protocol static user@Private-Peer-2# set term statics then accept user@Private-Peer-2# set term default-route from route-filter 0.0.0.0/0 exact user@Private-Peer-2# set term default-route then accept user@Private-Peer-2# set term reject-all-other-routes then reject
Configure a política de roteamento que anuncia rotas de clientes locais.
[edit policy-options policy-statement outbound-routes] user@Private-Peer-2# set term statics from protocol static user@Private-Peer-2# set term statics then accept user@Private-Peer-2# set term allowed-bgp-routes from as-path my-own-routes user@Private-Peer-2# set term allowed-bgp-routes from as-path AS64512-routes user@Private-Peer-2# set term allowed-bgp-routes then accept user@Private-Peer-2# set term no-transit then reject [edit policy-options] user@Private-Peer-2# set as-path my-own-routes "()" user@Private-Peer-2# set as-path AS64512-routes 64512
Configure a conexão EBGP com o Cliente 2.
[edit protocols bgp group to-64512] user@Private-Peer-2# set type external user@Private-Peer-2# set export internal-routes user@Private-Peer-2# set peer-as 64512 user@Private-Peer-2# set neighbor 10.0.0.21
Configure a conexão EBGP com a troca de dispositivos-2.
[edit protocols bgp group to-64515] user@Private-Peer-2# set type external user@Private-Peer-2# set export outbound-routes user@Private-Peer-2# set peer-as 64515 user@Private-Peer-2# set neighbor 10.3.0.49
Configure as conexões EBGP com o ISP.
[edit protocols bgp group ext] user@Private-Peer-2# set type external user@Private-Peer-2# set export outbound-routes user@Private-Peer-2# set peer-as 64510 user@Private-Peer-2# set neighbor 10.3.0.6
Configure o número do sistema autônomo (AS).
[edit routing-options] user@Private-Peer-2# set autonomous-system 64516
Resultados
A partir do modo de configuração, confirme sua configuração entrando noshow interfaces
, show protocols
show policy-options
e show routing-options
comandos. Se a saída não exibir a configuração pretendida, repita as instruções neste exemplo para corrigir a configuração.
user@Private-Peer-2# show interfaces fe-1/2/0 { unit 0 { description to_Customer-1; family inet { address 10.0.0.22/30; } } } fe-1/2/1 { unit 0 { description to_Exchange-2; family inet { address 10.3.0.50/30; } } } fe-1/2/3 { unit 0 { description to_ISP-2; family inet { address 10.3.0.5/30; } } } lo0 { unit 0 { family inet { address 192.168.0.5/32; } } }
user@Private-Peer-2# show protocols bgp { group ext { type external; export outbound-routes; peer-as 64510; neighbor 10.3.0.6; } group to-64512 { type external; export internal-routes; peer-as 64512; neighbor 10.0.0.21; } group to-64515 { type external; export outbound-routes; peer-as 64515; neighbor 10.3.0.49; } }
user@Private-Peer-2# show policy-options policy-statement if-upstream-routes-exist { term as-64515-routes { from { route-filter 172.16.16.0/21 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement internal-routes { term statics { from protocol static; then accept; } term default-route { from { route-filter 0.0.0.0/0 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement outbound-routes { term statics { from protocol static; then accept; } term allowed-bgp-routes { from as-path [ my-own-routes AS64512-routes ]; then accept; } term no-transit { then reject; } } as-path my-own-routes "()"; as-path AS64512-routes 64512;
user@Private-Peer-2# show routing-options static { route 172.16.24.0/25 reject; route 172.16.24.128/25 reject; route 172.16.25.0/26 reject; route 172.16.25.64/26 reject; } generate { route 0.0.0.0/0 policy if-upstream-routes-exist; } autonomous-system 64516;
Se você terminar de configurar o dispositivo, entre no commit
modo de configuração.
Verificação
Confirme se a configuração está funcionando corretamente.
- Verificando as rotas no dispositivo Customer-1
- Verificando as rotas no dispositivo Customer-2
- Verificação das rotas no dispositivo ISP-1
- Verificação das rotas no dispositivo ISP-2
- Verificando as rotas no dispositivo ISP-3
- Verificação das rotas na troca de dispositivos-1
- Verificação das rotas na troca de dispositivos-2
- Verificação das rotas no dispositivo private-peer-1
- Verificação das rotas no dispositivo private-peer-2
Verificando as rotas no dispositivo Customer-1
Propósito
No dispositivo Customer-1, verifique as rotas na tabela de roteamento.
Ação
user@Customer-1> show route inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[BGP/170] 00:09:25, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.1.0.5 via fe-1/2/3.0 10.1.0.4/30 *[Direct/0] 23:50:20 > via fe-1/2/3.0 10.1.0.6/32 *[Local/0] 5d 21:56:47 Local via fe-1/2/3.0 172.16.40.0/25 *[Static/5] 22:59:04 Reject 172.16.40.128/25 *[Static/5] 22:59:04 Reject 172.16.41.0/25 *[Static/5] 22:59:04 Reject 172.16.41.128/25 *[Static/5] 22:59:04 Reject 192.168.0.8/32 *[Direct/0] 5d 21:25:45 > via lo0.0
Significado
O dispositivo Customer-1 tem suas quatro rotas estáticas, e aprendeu a rota padrão através do BGP.
Verificando as rotas no dispositivo Customer-2
Propósito
No dispositivo Customer-2, verifique as rotas na tabela de roteamento.
Ação
user@Customer-2> show route inet.0: 22 destinations, 23 routes (22 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[BGP/170] 00:10:35, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 [BGP/170] 04:58:09, localpref 50 AS path: 64516 I, validation-state: unverified > to 10.0.0.22 via fe-1/2/0.0 10.0.0.8/30 *[Direct/0] 23:51:29 > via fe-1/2/0.10 10.0.0.10/32 *[Local/0] 23:52:49 Local via fe-1/2/0.10 10.0.0.20/30 *[Direct/0] 23:52:49 > via fe-1/2/0.0 10.0.0.21/32 *[Local/0] 23:52:49 Local via fe-1/2/0.0 172.16.24.0/25 *[BGP/170] 04:58:09, localpref 50 AS path: 64516 I, validation-state: unverified > to 10.0.0.22 via fe-1/2/0.0 172.16.24.128/25 *[BGP/170] 04:58:09, localpref 50 AS path: 64516 I, validation-state: unverified > to 10.0.0.22 via fe-1/2/0.0 172.16.25.0/26 *[BGP/170] 04:58:09, localpref 50 AS path: 64516 I, validation-state: unverified > to 10.0.0.22 via fe-1/2/0.0 172.16.25.64/26 *[BGP/170] 04:58:09, localpref 50 AS path: 64516 I, validation-state: unverified > to 10.0.0.22 via fe-1/2/0.0 172.16.32.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.33.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.34.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.35.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.36.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.37.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.38.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.39.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.44.0/26 *[Static/5] 22:57:28 Reject 172.16.44.64/26 *[Static/5] 22:57:28 Reject 172.16.44.128/26 *[Static/5] 22:57:28 Reject 172.16.44.192/26 *[Static/5] 22:57:28 Reject 192.168.0.9/32 *[Direct/0] 23:52:49 > via lo0.0
Significado
O Dispositivo Customer-2 aprendeu a rota padrão durante sua sessão com o ISP e também através de sua sessão com o peer privado. A rota aprendida com o ISP é preferida porque tem uma maior preferência local.
Verificação das rotas no dispositivo ISP-1
Propósito
No ISP-1 do dispositivo, verifique as rotas na tabela de roteamento.
Ação
user@ISP-1> show route inet.0: 42 destinations, 53 routes (42 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[BGP/170] 22:44:26, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 10.0.0.0/30 *[Direct/0] 23:52:01 > via fe-1/2/0.0 10.0.0.2/32 *[Local/0] 23:52:01 Local via fe-1/2/0.0 10.0.0.4/30 *[OSPF/10] 23:51:06, metric 2 to 10.1.0.1 via fe-1/2/1.0 > to 10.0.0.1 via fe-1/2/0.0 10.0.0.20/30 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:51:28, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 10.1.0.0/30 *[Direct/0] 23:52:01 > via fe-1/2/1.0 10.1.0.2/32 *[Local/0] 23:52:01 Local via fe-1/2/1.0 10.2.0.0/30 *[Direct/0] 23:52:01 > via fe-1/2/2.0 10.2.0.2/32 *[Local/0] 23:52:01 Local via fe-1/2/2.0 10.2.0.4/30 *[Direct/0] 23:52:00 > via fe-1/2/3.0 10.2.0.6/32 *[Local/0] 23:52:00 Local via fe-1/2/3.0 10.3.0.4/30 *[BGP/170] 23:51:28, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 10.3.0.48/30 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 172.16.8.0/21 *[BGP/170] 00:11:08, localpref 100 AS path: 64514 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.16.0/21 *[BGP/170] 02:02:10, localpref 100, from 192.168.0.2 AS path: 64515 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 02:02:10, localpref 100 AS path: 64514 64515 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.24.0/25 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:06:33, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.24.128/25 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:06:33, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.25.0/26 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:06:33, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.25.64/26 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:06:33, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.32.0/21 *[Aggregate/130] 22:44:27 Reject 172.16.32.0/24 *[Static/5] 22:44:27 Reject 172.16.33.0/24 *[Static/5] 22:44:27 Reject 172.16.34.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.2 AS path: I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 172.16.35.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.2 AS path: I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 172.16.36.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.37.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.38.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.39.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.40.0/22 *[Aggregate/130] 22:44:27 Reject 172.16.40.0/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.40.128/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.41.0/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.41.128/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.44.0/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 [BGP/170] 22:58:01, localpref 100 AS path: 64514 64515 64516 64512 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.44.64/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 [BGP/170] 22:58:01, localpref 100 AS path: 64514 64515 64516 64512 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.44.128/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 [BGP/170] 22:58:01, localpref 100 AS path: 64514 64515 64516 64512 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.44.192/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 [BGP/170] 22:58:01, localpref 100 AS path: 64514 64515 64516 64512 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 192.168.0.1/32 *[Direct/0] 23:52:01 > via lo0.0 192.168.0.2/32 *[OSPF/10] 23:51:06, metric 1 > to 10.1.0.1 via fe-1/2/1.0 192.168.0.3/32 *[OSPF/10] 23:51:06, metric 1 > to 10.0.0.1 via fe-1/2/0.0 192.168.0.5/32 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:51:28, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.233.5/32 *[OSPF/10] 23:52:07, metric 1 MultiRecv
Verificação das rotas no dispositivo ISP-2
Propósito
No ISP-2 do dispositivo, verifique as rotas na tabela de roteamento.
Ação
user@ISP-2> show route inet.0: 41 destinations, 59 routes (41 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[BGP/170] 22:45:44, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 10.0.0.0/30 *[OSPF/10] 23:52:25, metric 2 to 10.0.0.5 via fe-1/2/2.0 > to 10.1.0.2 via fe-1/2/1.0 10.0.0.4/30 *[Direct/0] 23:53:21 > via fe-1/2/2.0 10.0.0.6/32 *[Local/0] 23:53:23 Local via fe-1/2/2.0 10.0.0.20/30 *[BGP/170] 23:53:11, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:53:09, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 10.1.0.0/30 *[Direct/0] 23:53:19 > via fe-1/2/1.0 10.1.0.1/32 *[Local/0] 23:53:23 Local via fe-1/2/1.0 10.3.0.0/30 *[Direct/0] 23:53:22 > via fe-1/2/0.0 10.3.0.2/32 *[Local/0] 23:53:23 Local via fe-1/2/0.0 10.3.0.4/30 *[Direct/0] 23:53:23 > via fe-1/2/3.0 [BGP/170] 23:53:11, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:53:09, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 [BGP/170] 23:52:13, localpref 100, from 192.168.0.1 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.1.0.2 via fe-1/2/1.0 10.3.0.6/32 *[Local/0] 23:53:23 Local via fe-1/2/3.0 10.3.0.48/30 *[BGP/170] 23:53:11, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 172.16.8.0/21 *[BGP/170] 00:12:26, localpref 100, from 192.168.0.1 AS path: 64514 I, validation-state: unverified > to 10.1.0.2 via fe-1/2/1.0 [BGP/170] 00:12:26, localpref 100 AS path: 64515 64514 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.16.0/21 *[BGP/170] 02:03:28, localpref 100 AS path: 64515 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.24.0/25 *[BGP/170] 23:07:51, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:07:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.24.128/25 *[BGP/170] 23:07:51, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:07:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.25.0/26 *[BGP/170] 23:07:51, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:07:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.25.64/26 *[BGP/170] 23:07:51, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:07:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.32.0/21 *[Aggregate/130] 22:40:38 Reject 172.16.32.0/24 *[BGP/170] 22:45:44, localpref 100, from 192.168.0.1 AS path: I, validation-state: unverified > to 10.1.0.2 via fe-1/2/1.0 172.16.33.0/24 *[BGP/170] 22:45:44, localpref 100, from 192.168.0.1 AS path: I, validation-state: unverified > to 10.1.0.2 via fe-1/2/1.0 172.16.34.0/24 *[Static/5] 22:40:38 Reject 172.16.35.0/24 *[Static/5] 22:40:38 Reject 172.16.36.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.37.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.38.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.39.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.40.0/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.40.128/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.41.0/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.41.128/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.44.0/23 *[Aggregate/130] 22:40:38 Reject 172.16.44.0/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 [BGP/170] 22:59:19, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 22:59:19, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.44.64/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 [BGP/170] 22:59:19, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 22:59:19, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.44.128/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 [BGP/170] 22:59:19, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 22:59:19, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.44.192/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 [BGP/170] 22:59:19, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 22:59:19, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 192.168.0.1/32 *[OSPF/10] 23:52:25, metric 1 > to 10.1.0.2 via fe-1/2/1.0 192.168.0.2/32 *[Direct/0] 23:53:23 > via lo0.0 192.168.0.3/32 *[OSPF/10] 23:52:30, metric 1 > to 10.0.0.5 via fe-1/2/2.0 192.168.0.5/32 *[BGP/170] 23:53:11, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:53:09, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.233.5/32 *[OSPF/10] 23:53:25, metric 1 MultiRecv
Verificando as rotas no dispositivo ISP-3
Propósito
No ISP-3 do dispositivo, verifique as rotas na tabela de roteamento.
Ação
user@ISP-3> show route inet.0: 40 destinations, 41 routes (40 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Aggregate/130] 23:53:57, metric2 1 > to 10.0.0.2 via fe-1/2/0.0 [BGP/170] 22:46:17, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 10.0.0.0/30 *[Direct/0] 23:53:52 > via fe-1/2/0.0 10.0.0.1/32 *[Local/0] 23:53:53 Local via fe-1/2/0.0 10.0.0.4/30 *[Direct/0] 23:53:54 > via fe-1/2/2.0 10.0.0.5/32 *[Local/0] 23:53:54 Local via fe-1/2/2.0 10.0.0.8/30 *[Direct/0] 23:53:53 > via fe-1/2/1.0 10.0.0.9/32 *[Local/0] 23:53:53 Local via fe-1/2/1.0 10.0.0.20/30 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 10.1.0.0/30 *[OSPF/10] 23:53:03, metric 2 > to 10.0.0.6 via fe-1/2/2.0 to 10.0.0.2 via fe-1/2/0.0 10.1.0.4/30 *[Direct/0] 23:53:54 > via fe-1/2/3.0 10.1.0.5/32 *[Local/0] 23:53:54 Local via fe-1/2/3.0 10.3.0.4/30 *[BGP/170] 23:52:46, localpref 100, from 192.168.0.1 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.0.0.2 via fe-1/2/0.0 10.3.0.48/30 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.8.0/21 *[BGP/170] 00:12:59, localpref 100, from 192.168.0.1 AS path: 64514 I, validation-state: unverified > to 10.0.0.2 via fe-1/2/0.0 172.16.16.0/21 *[BGP/170] 02:04:01, localpref 100, from 192.168.0.2 AS path: 64515 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.24.0/25 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.24.128/25 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.25.0/26 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.25.64/26 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.32.0/24 *[BGP/170] 22:46:17, localpref 100, from 192.168.0.1 AS path: I, validation-state: unverified > to 10.0.0.2 via fe-1/2/0.0 172.16.33.0/24 *[BGP/170] 22:46:17, localpref 100, from 192.168.0.1 AS path: I, validation-state: unverified > to 10.0.0.2 via fe-1/2/0.0 172.16.34.0/24 *[BGP/170] 22:41:11, localpref 100, from 192.168.0.2 AS path: I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.35.0/24 *[BGP/170] 22:41:11, localpref 100, from 192.168.0.2 AS path: I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.36.0/24 *[Static/5] 22:41:11 Reject 172.16.37.0/24 *[Static/5] 22:41:11 Reject 172.16.38.0/24 *[Static/5] 22:41:11 Reject 172.16.39.0/24 *[Static/5] 22:41:11 Reject 172.16.40.0/25 *[BGP/170] 23:02:38, localpref 100 AS path: 64511 I, validation-state: unverified > to 10.1.0.6 via fe-1/2/3.0 172.16.40.128/25 *[BGP/170] 23:02:38, localpref 100 AS path: 64511 I, validation-state: unverified > to 10.1.0.6 via fe-1/2/3.0 172.16.41.0/25 *[BGP/170] 23:02:38, localpref 100 AS path: 64511 I, validation-state: unverified > to 10.1.0.6 via fe-1/2/3.0 172.16.41.128/25 *[BGP/170] 23:02:38, localpref 100 AS path: 64511 I, validation-state: unverified > to 10.1.0.6 via fe-1/2/3.0 172.16.44.0/26 *[BGP/170] 22:59:52, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.10 via fe-1/2/1.0 172.16.44.64/26 *[BGP/170] 22:59:52, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.10 via fe-1/2/1.0 172.16.44.128/26 *[BGP/170] 22:59:52, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.10 via fe-1/2/1.0 172.16.44.192/26 *[BGP/170] 22:59:52, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.10 via fe-1/2/1.0 192.168.0.1/32 *[OSPF/10] 23:53:03, metric 1 > to 10.0.0.2 via fe-1/2/0.0 192.168.0.2/32 *[OSPF/10] 23:53:03, metric 1 > to 10.0.0.6 via fe-1/2/2.0 192.168.0.3/32 *[Direct/0] 23:53:54 > via lo0.0 192.168.0.5/32 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.233.5/32 *[OSPF/10] 23:53:58, metric 1 MultiRecv
Verificação das rotas na troca de dispositivos-1
Propósito
Na troca de dispositivos-1, verifique as rotas na tabela de roteamento.
Ação
user@Exchange-1> show route inet.0: 23 destinations, 24 routes (23 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.0.0.20/30 *[BGP/170] 23:53:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 10.2.0.4/30 *[Direct/0] 23:54:23 > via fe-1/2/3.0 10.2.0.5/32 *[Local/0] 23:54:29 Local via fe-1/2/3.0 10.3.0.4/30 *[BGP/170] 23:53:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 10.3.0.40/30 *[Direct/0] 23:54:27 > via fe-1/2/2.0 10.3.0.42/32 *[Local/0] 23:54:29 Local via fe-1/2/2.0 10.3.0.44/30 *[Direct/0] 23:54:29 > via fe-1/2/1.0 10.3.0.45/32 *[Local/0] 23:54:29 Local via fe-1/2/1.0 172.16.8.0/21 *[Static/5] 00:13:31 Reject 172.16.16.0/21 *[BGP/170] 02:04:33, localpref 100 AS path: 64515 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.24.0/25 *[BGP/170] 23:08:56, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.24.128/25 *[BGP/170] 23:08:56, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.25.0/26 *[BGP/170] 23:08:56, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.25.64/26 *[BGP/170] 23:08:56, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.32.0/21 *[BGP/170] 22:46:49, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.6 via fe-1/2/3.0 [BGP/170] 22:41:43, localpref 100 AS path: 64515 64510 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.40.0/22 *[BGP/170] 22:46:49, localpref 100 AS path: 64510 64511 I, validation-state: unverified > to 10.2.0.6 via fe-1/2/3.0 172.16.44.0/23 *[BGP/170] 22:41:43, localpref 100 AS path: 64515 64510 64512 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.44.0/26 *[BGP/170] 23:00:24, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.44.64/26 *[BGP/170] 23:00:24, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.44.128/26 *[BGP/170] 23:00:24, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.44.192/26 *[BGP/170] 23:00:24, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 192.168.0.5/32 *[BGP/170] 23:53:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 192.168.0.6/32 *[Direct/0] 23:54:29 > via lo0.0
Verificação das rotas na troca de dispositivos-2
Propósito
Na troca de dispositivos-2, verifique as rotas na tabela de roteamento.
Ação
user@Exchange-2> show route inet.0: 24 destinations, 26 routes (23 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 10.0.0.20/30 *[BGP/170] 23:54:44, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 10.3.0.0/30 *[Direct/0] 23:54:57 > via fe-1/2/0.0 10.3.0.1/32 *[Local/0] 23:54:57 Local via fe-1/2/0.0 10.3.0.4/30 *[BGP/170] 23:54:44, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 10.3.0.40/30 *[Direct/0] 23:54:57 > via fe-1/2/2.0 10.3.0.41/32 *[Local/0] 23:54:57 Local via fe-1/2/2.0 10.3.0.48/30 *[Direct/0] 23:54:57 > via fe-1/2/1.0 [BGP/170] 23:54:44, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 10.3.0.49/32 *[Local/0] 23:54:57 Local via fe-1/2/1.0 172.16.8.0/21 *[BGP/170] 00:14:01, localpref 100 AS path: 64514 I, validation-state: unverified > to 10.3.0.42 via fe-1/2/2.0 172.16.16.0/21 *[Static/5] 02:05:03 Reject 172.16.24.0/25 *[BGP/170] 23:09:26, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.24.128/25 *[BGP/170] 23:09:26, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.25.0/26 *[BGP/170] 23:09:26, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.25.64/26 *[BGP/170] 23:09:26, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.32.0/21 *[BGP/170] 22:42:13, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.2 via fe-1/2/0.0 [BGP/170] 22:47:19, localpref 100 AS path: 64514 64510 I, validation-state: unverified > to 10.3.0.42 via fe-1/2/2.0 172.16.40.0/22 *[BGP/170] 22:47:19, localpref 100 AS path: 64514 64510 64511 I, validation-state: unverified > to 10.3.0.42 via fe-1/2/2.0 172.16.44.0/23 *[BGP/170] 22:42:13, localpref 100 AS path: 64510 64512 I, validation-state: unverified > to 10.3.0.2 via fe-1/2/0.0 172.16.44.0/26 *[BGP/170] 23:00:54, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.44.64/26 *[BGP/170] 23:00:54, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.44.128/26 *[BGP/170] 23:00:54, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.44.192/26 *[BGP/170] 23:00:54, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 192.168.0.5/32 *[BGP/170] 23:54:44, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 192.168.0.7/32 *[Direct/0] 23:54:57 > via lo0.0
Significado
Na Troca de Dispositivos-2, a rota padrão 0/0 está oculta porque o próximo salto para a rota é sua própria interface para o dispositivo Private-Peer-2, do qual a rota foi recebida. A rota está oculta para evitar um loop.
Verificação das rotas no dispositivo private-peer-1
Propósito
No dispositivo Private-Peer-1, verifique as rotas na tabela de roteamento.
Ação
user@Private-Peer-1> show route inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.2.0.0/30 *[Direct/0] 23:58:57 > via fe-1/2/2.0 10.2.0.1/32 *[Local/0] 5d 21:34:22 Local via fe-1/2/2.0 10.3.0.44/30 *[Direct/0] 23:59:02 > via fe-1/2/1.0 10.3.0.46/32 *[Local/0] 1d 03:19:52 Local via fe-1/2/1.0 172.16.32.0/24 *[BGP/170] 22:51:22, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.33.0/24 *[BGP/170] 22:51:22, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.34.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.35.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.36.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.37.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.38.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.39.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 192.168.0.4/32 *[Direct/0] 5d 21:34:22 > via lo0.0
Verificação das rotas no dispositivo private-peer-2
Propósito
No dispositivo Private-Peer-2, verifique as rotas na tabela de roteamento.
Ação
user@Private-Peer-2> show route inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Aggregate/130] 1d 02:13:28 > to 10.3.0.49 via fe-1/2/1.0 10.0.0.20/30 *[Direct/0] 1d 00:00:53 > via fe-1/2/0.0 10.0.0.22/32 *[Local/0] 4d 23:51:14 Local via fe-1/2/0.0 10.3.0.4/30 *[Direct/0] 23:59:36 > via fe-1/2/3.0 10.3.0.5/32 *[Local/0] 5d 21:34:57 Local via fe-1/2/3.0 10.3.0.48/30 *[Direct/0] 23:59:35 > via fe-1/2/1.0 10.3.0.50/32 *[Local/0] 1d 03:20:27 Local via fe-1/2/1.0 172.16.8.0/21 *[BGP/170] 00:18:39, localpref 100 AS path: 64515 64514 I, validation-state: unverified > to 10.3.0.49 via fe-1/2/1.0 172.16.16.0/21 *[BGP/170] 02:09:41, localpref 100 AS path: 64515 I, validation-state: unverified > to 10.3.0.49 via fe-1/2/1.0 172.16.24.0/25 *[Static/5] 23:14:04 Reject 172.16.24.128/25 *[Static/5] 23:14:04 Reject 172.16.25.0/26 *[Static/5] 23:14:04 Reject 172.16.25.64/26 *[Static/5] 23:14:04 Reject 172.16.32.0/21 *[BGP/170] 22:46:51, localpref 100 AS path: 64515 64510 I, validation-state: unverified > to 10.3.0.49 via fe-1/2/1.0 172.16.32.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.33.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.34.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.35.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.36.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.37.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.38.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.39.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.40.0/22 *[BGP/170] 22:51:57, localpref 100 AS path: 64515 64514 64510 64511 I, validation-state: unverified > to 10.3.0.49 via fe-1/2/1.0 172.16.44.0/23 *[BGP/170] 22:46:51, localpref 100 AS path: 64515 64510 64512 I, validation-state: unverified > to 10.3.0.49 via fe-1/2/1.0 172.16.44.0/26 *[BGP/170] 23:05:32, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.21 via fe-1/2/0.0 172.16.44.64/26 *[BGP/170] 23:05:32, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.21 via fe-1/2/0.0 172.16.44.128/26 *[BGP/170] 23:05:32, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.21 via fe-1/2/0.0 172.16.44.192/26 *[BGP/170] 23:05:32, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.21 via fe-1/2/0.0 192.168.0.5/32 *[Direct/0] 5d 21:34:57 > via lo0.0