示例:当 M、MX 或 T Series 路由器将数据包转发到原始目标时,将流量复制到 PIC
通过流量采样,您可以将流量复制到物理接口卡 (PIC),同时路由器将数据包转发到其原始目的地。此示例介绍如何配置路由器以使用 采样 过程在路由引擎上执行采样。对于此方法,您可以使用包含 then sample 语句的匹配术语配置筛选器(输入或输出)。此外,对于基于 VPN 路由和转发 (VRF) 路由引擎的采样,您需要配置一个映射到接口的 VRF 路由实例。每个 VRF 实例对应一个转发表。接口上的路由进入相应的转发表。
对于基于 VRF 路由引擎的采样,内核会根据所接收数据包的入口接口索引查询正确的 VRF 路由表。对于在 VRF 中配置的接口,采样数据包包含正确的输入和输出接口 SNMP 索引、源和目标 AS 编号以及源和目标掩码。
注意:
在 Junos OS 10.1 版中,仅对 IPv4 流量执行基于 VRF 路由引擎的采样。您不能对 IPv6 流量或 MPLS 标签交换路径使用基于路由引擎的采样。
此示例介绍如何在四路由器拓扑中的一台路由器上配置和验证基于 VRF 路由引擎的采样。
要求
此示例使用以下硬件和软件组件:
-
Junos OS 10.1 或更高版本
-
M Series、MX 系列或 T Series 路由器
在路由器上配置基于 VRF 路由引擎的采样之前,请确保在配置采样的路由器之间具有活动连接。此外,您需要了解 VRF 来配置构成采样配置基础的接口和路由实例;并了解 BGP、MPLS 和 OSPF 协议,以配置网络中的其他路由器以提供采样配置。
概述和拓扑
此示例中的场景演示了在四路由器网络中的 PE1 路由器上配置的基于 VRF 路由引擎的采样。CE 路由器使用 BGP 作为路由协议与 PE 路由器进行通信。MPLS LSP 在 PE 路由器之间传递流量。来自 CE1 路由器的数据包在 PE1 路由器上进行采样。常规流量将被转发到原始目的地址(CE2 路由器)。
拓扑学
图 1:基于路由引擎的采样网络拓扑
配置
在此配置示例中,PE1 路由器上配置了基于 VRF 路由引擎的采样,用于对通过 VRF 中配置的接口和路由的流量进行采样。还包括其他三个路由器上的配置,以显示在网络环境中工作的 PE1 路由器上的采样配置。
要为网络示例配置基于 VRF 路由引擎的采样,请执行以下任务:
配置 CE1 路由器
分步过程
在此步骤中,您将为 CE1 路由器配置接口、路由选项、协议和策略选项。要配置 CE1 路由器,请执行以下作:
-
使用两个 IP 地址配置一个接口。一个地址用于发往 PE1 路由器的流量;另一个地址是检查流量是否流向 CE2 路由器:
[edit interfaces] user@router-ce1# set ge-1/3/2 unit 0 family inet address 192.0.2.1/24 user@router-ce1# set ge-1/3/2 unit 0 family inet address 198.51.100.2/8 -
配置自治系统以在 BGP 对等方之间建立连接:
[edit routing-options] user@router-ce1# set autonomous-system 95000 -
将 BGP 配置为 CE 路由器与 PE 路由器之间的路由协议:
[edit protocols] user@router-ce1# set bgp group to_r1 type external user@router-ce1# set bgp group to_r1 export my_lo0_addr user@router-ce1# set bgp group to_r1 peer-as 200 user@router-ce1# set bgp group to_r1 neighbor 192.0.2.2 -
配置确保 CE 路由器交换路由信息的策略。在此示例中,路由器 CE1 与路由器 CE2 交换路由信息:
[edit policy-options] user@router-ce1# set policy-statement my_lo0_addr term one from protocol direct user@router-ce1# set policy-statement my_lo0_addr term one from route-filter 10.255.15.32/32 exact user@router-ce1# set policy-statement my_lo0_addr term one then accept user@router-ce1# set policy-statement my_lo0_addr term four from protocol direct user@router-ce1# set policy-statement my_lo0_addr term four from route-filter 203.0.113.0/8 exact user@router-ce1# set policy-statement my_lo0_addr term four then accept
结果
以下输出显示了 CE1 路由器的配置:
[edit]
user@router-ce1# show
[...Output Truncated...]
interfaces {
ge-1/3/2 {
unit 0 {
family inet {
address 192.0.2.1/24;
address 198.51.100.2/8;
}
}
}
}
routing-options {
autonomous-system 95000;
}
protocols {
bgp {
group to_r1 {
type external;
export my_lo0_addr;
peer-as 200;
neighbor 192.0.2.2;
}
}
}
policy-options {
policy-statement my_lo0_addr {
term one {
from {
protocol direct;
route-filter 10.255.15.32/32 exact;
}
then accept;
}
term four {
from {
protocol direct;
route-filter 203.0.113.0/8 exact;
}
then accept;
}
}
}
配置 PE1 路由器
分步过程
在此步骤中,您将使用包含 then sample 语句的匹配词配置过滤器,并将过滤器应用于入口接口。您还可以使用导入和导出策略配置 VRF 路由实例。此外,您还可以为 PE1 路由器配置接口、转发选项、路由选项、协议和策略选项。要配置 PE1 路由器,请执行以下作:
-
创建应用于正在采样的逻辑接口的 防 火墙过滤器:
[edit firewall] user@router-pe1# set family inet filter fw term 1 from protocol tcp user@router-pe1# set family inet filter fw term 1 from port bgp user@router-pe1# set family inet filter fw term 1 then accept user@router-pe1# set family inet filter fw term 2 then sample -
配置两个接口,一个接口连接到 CE1 路由器 (ge-2/0/2),另一个接口连接到 PE2 路由器 (ge-2/0/0):
[edit interfaces] user@router-pe1# set ge-2/0/2 unit 0 family inet address 192.0.2.2/24 user@router-pe1# set ge-2/0/0 unit 0 family inet address 192.168.20.1/24 user@router-pe1# set ge-2/0/0 unit 0 family mpls -
在连接到 PE2 路由器的接口上启用 MPLS (ge-2/0/0):
[edit interfaces] user@router-pe1# set ge-2/0/0 unit 0 family mpls -
在连接到 CE1 路由器的接口上,应用防火墙配置中配置的 防火 墙过滤器:
[edit interfaces] user@router-pe1# set ge-2/0/2 unit 0 family inet filter input fw user@router-pe1# set ge-2/0/2 unit 0 family inet filter output fw -
配置管理 (fxp0) 和环路 (lo0) 接口:
[edit interfaces] user@router-pe1# set fxp0 unit 0 family inet address 192.168.69.153/21 user@router-pe1# set lo0 unit 0 family inet address 127.0.0.1/32 -
在 /var/log 目录中配置采样日志文件以记录流量采样:
[edit forwarding-options] user@router-pe1# set sampling traceoptions file sampled user@router-pe1# set sampling traceoptions file world-readable user@router-pe1# set sampling traceoptions flag all -
指定流量采样的采样率和阈值:
[edit forwarding-options] user@router-pe1# set sampling input rate 1 user@router-pe1# set sampling input run-length 0 user@router-pe1# set sampling input max-packets-per-second 20000 -
指定活动和非活动流周期,以及发送受监控信息的路由器 (198.51.100.2):
[edit forwarding-options] user@router-pe1# set sampling family inet output flow-active-timeout 60 user@router-pe1# set sampling family inet output flow-inactive-timeout 60 user@router-pe1# set sampling family inet output flow-server 198.51.100.2 port 2055 user@router-pe1# set sampling family inet output flow-server 198.51.100.2 local-dump user@router-pe1# set sampling family inet output flow-server 198.51.100.2 version 500 -
配置自治系统以在 BGP 对等方之间建立连接:
[edit routing-options] user@router-pe1# set autonomous-system 200 -
配置 RSVP 以支持 PE 路由器之间的 MPLS 标签交换路径 (LSP):
[edit protocols] user@router-pe1# set rsvp interface all user@router-pe1# set rsvp interface fxp0.0 disable -
配置从 PE1 路由器到 PE2 路由器的 MPLS LSP:
[edit protocols] user@router-pe1# set mpls label-switched-path R1toR2 from 192.168.20.1 user@router-pe1# set mpls label-switched-path R1toR2 to 192.168.20.2 user@router-pe1# set mpls interface all user@router-pe1# set mpls interface fxp0.0 disable -
为 PE 路由器配置内部 BGP 组。包括以下
family inet-vpn unicast语句以使 BGP 能够携带网络层可达性信息 (NLRI) 参数,并使 BGP 对等方仅能够携带单播路由进行转发:[edit protocols] user@router-pe1# set bgp group to_r2 type internal user@router-pe1# set bgp group to_r2 local-address 192.168.20.1 user@router-pe1# set bgp group to_r2 neighbor 192.168.20.2 family inet-vpn unicast -
将 OSPF 配置为内部网关协议 (IGP) 并计算 MPLS LSP:
user@router-pe1# set ospf traffic-engineering user@router-pe1# set ospf area 0.0.0.0 interface all user@router-pe1# set ospf area 0.0.0.0 interface fxp0.0 disable -
创建在策略选项配置中应用的扩展社区:
[edit policy-options] user@router-pe1# set community vpna-comm members target:200:100 -
在路由实例配置中定义在
vrf-export语句中应用的 VPNA 导出路由策略。此外,应用从中学习路由的 VPNA-comm 社区:[edit policy-options] user@router-pe1# set policy-statement vpna-export term one from protocol bgp user@router-pe1# set policy-statement vpna-export term one from protocol direct user@router-pe1# set policy-statement vpna-export term one then community add vpna-comm user@router-pe1# set policy-statement vpna-export term one then accept user@router-pe1# set policy-statement vpna-export term two then reject -
定义在路由实例配置的语句中应用
vrf-import的 VPNA 导入路由策略。此外,应用从中学习路由的 VPNA-comm 社区:[edit policy-options] user@router-pe1# set policy-statement vpna-import term one from protocol bgp user@router-pe1# set policy-statement vpna-import term one from community vpna-comm user@router-pe1# set policy-statement vpna-import term one then accept user@router-pe1# set policy-statement vpna-import term two then reject -
配置 VRF 路由实例,以便将从提供商边缘-提供商边缘 (PE-PE) 会话收到的路由导入到实例的任何 VRF 辅助路由表中:
[edit routing-instances] user@router-pe1#set vrf1 instance-type vrf set vrf1 interface ge-2/0/2.0 user@router-pe1# set vrf1 route-distinguisher 10.255.15.51:1 user@router-pe1# set vrf1 vrf-import vpna-import user@router-pe1# set vrf1 vrf-export vpna-export user@router-pe1# set vrf1 protocols bgp group customer type external user@router-pe1# set vrf1 protocols bgp group customer peer-as 95000 user@router-pe1# set vrf1 protocols bgp group customer as-override user@router-pe1# set vrf1 protocols bgp group customer neighbor 192.168.30.1 user@router-pe1# set vrf1 protocols bgp group customer neighbor 192.0.2.1
结果
检查 PE1 路由器的配置结果:
user@router-pe1> show configuration
[...Output Truncated...]
}
interfaces {
ge-2/0/0 {
unit 0 {
family inet {
address 192.168.20.1/24;
}
family mpls;
}
}
ge-2/0/2 {
unit 0 {
family inet {
filter {
input fw;
output fw;
}
address 192.0.2.2/24;
}
}
}
fxp0 {
unit 0 {
family inet {
address 192.168.69.153/21;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
}
forwarding-options {
sampling {
traceoptions {
file sampled world-readable;
flag all;
}
input {
rate 1;
run-length 0;
max-packets-per-second 20000;
}
family inet {
output {
flow-inactive-timeout 60;
flow-active-timeout 60;
flow-server 198.51.100.2 {
port 2055;
local-dump;
version 500;
}
}
}
}
}
routing-options {
[...Output Truncated...]
autonomous-system 200;
}
protocols {
rsvp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
label-switched-path R1toR2 {
from 192.168.20.1;
to 192.168.20.2;
}
interface all;
interface fxp0.0 {
disable;
}
}
bgp {
group to_r2 {
type internal;
local-address 192.168.20.1;
neighbor 192.168.20.2 {
family inet-vpn {
unicast;
}
}
}
}
ospf {
traffic-engineering;
area 0.0.0.0 {
interface all;
interface fxp0.0 {
disable;
}
}
}
}
policy-options {
policy-statement vpna-export {
term one {
from protocol [ bgp direct ];
then {
community add vpna-comm;
accept;
}
}
term two {
then reject;
}
}
policy-statement vpna-import {
term one {
from {
protocol bgp;
community vpna-comm;
}
then accept;
}
term two {
then reject;
}
}
community vpna-comm members target:200:100;
}
firewall {
family inet {
filter fw {
term 1 {
from {
protocol tcp;
port bgp;
}
then accept;
}
term 2 {
then sample;
}
}
}
}
routing-instances {
vrf1 {
instance-type vrf;
interface ge-2/0/2.0;
route-distinguisher 10.255.15.51:1;
vrf-import vpna-import;
vrf-export vpna-export;
protocols {
bgp {
group customer {
type external;
peer-as 95000;
as-override;
neighbor 192.168.30.1;
neighbor 192.0.2.1;
}
}
}
}
}
配置 PE2 路由器
分步过程
在此步骤中,您将使用包含 then sample 语句的匹配词配置过滤器,并将过滤器应用于入口接口。您还可以使用导入和导出策略配置 VRF 路由实例。此外,您还可以为 PE2 路由器配置接口、转发选项、路由选项、协议和策略选项。要配置 PE2 路由器,请执行以下作:
-
创建应用于正在采样的逻辑接口的 防 火墙过滤器:
[edit firewall] user@router-pe2# set family inet filter fw term 1 from protocol tcp user@router-pe2# set family inet filter fw term 1 from port bgp user@router-pe2# set family inet filter fw term 1 then accept user@router-pe2# set family inet filter fw term 2 then sample user@router-pe2# set family inet filter fw term 2 then accept -
配置两个接口,一个接口连接到 CE2 路由器 (ge-3/1/2),另一个接口连接到 PE1 路由器 (ge-3/1/0):
[edit interfaces] user@router-pe2# set ge-3/1/0 unit 0 family inet address 192.168.20.2/24 user@router-pe2# set ge-3/1/0 unit 0 family mpls user@router-pe2# set ge-3/1/2 unit 0 family inet address 10.10.10.2/24 -
在连接到 PE1 路由器 (ge-3/1/0) 的接口上启用 MPLS:
[edit interfaces] user@router-pe2# set ge-3/1/0 unit 0 family mpls -
在连接到 CE2 路由器的接口上,应用在防火墙配置中配置的 防火 墙过滤器:
[edit interfaces] user@router-pe2# set ge-3/1/2 unit 0 family inet filter input fw user@router-pe2# set ge-3/1/2 unit 0 family inet filter output fw -
在 /var/log 目录中配置采样日志文件以记录流量采样:
[edit forwarding-options] user@router-pe2# set sampling traceoptions file sampled user@router-pe2# set sampling traceoptions file world-readable user@router-pe1# set sampling traceoptions flag all -
指定流量采样的采样率和阈值:
[edit forwarding-options] user@router-pe2# set sampling input rate 1 user@router-pe2# set sampling input run-length 0 user@router-pe2# set sampling input max-packets-per-second 20000 -
指定活动和非活动流周期,以及发送受监控信息的路由器 (198.51.100.2):
[edit forwarding-options] user@router-pe2# set sampling family inet output flow-active-timeout 60 user@router-pe2# set sampling family inet output flow-inactive-timeout 60 user@router-pe2# set sampling family inet output flow-server 198.51.100.2 port 2055 user@router-pe2# set sampling family inet output flow-server 198.51.100.2 local-dump user@router-pe2# set sampling family inet output flow-server 198.51.100.2 version 500 -
配置自治系统以在 BGP 对等方之间建立连接:
[edit routing-options] user@router-pe2# set autonomous-system 200 -
配置 RSVP 以支持 PE 路由器之间的 MPLS 标签交换路径 (LSP):
[edit protocols] user@router-pe2# set rsvp interface all user@router-pe2# set rsvp interface fxp0.0 disable -
配置从 PE2 路由器到 PE1 路由器的 MPLS LSP:
[edit protocols] user@router-pe2# set mpls label-switched-path R2toR1 from 192.168.20.2 user@router-pe2# set mpls label-switched-path R2toR1 to 192.168.20.1 user@router-pe2# set mpls interface all user@router-pe2# set mpls interface fxp0.0 disable -
为 PE 路由器配置内部 BGP 组。包括以下
family inet-vpn unicast语句以使 BGP 能够携带网络层可达性信息 (NLRI) 参数,并使 BGP 对等方仅能够携带单播路由进行转发:[edit protocols] user@router-pe2# set bgp group to_r1 type internal user@router-pe2# set bgp group to_r1 local-address 192.168.20.2 user@router-pe2# set bgp group to_r1 neighbor 192.168.20.1 family inet-vpn unicast -
将 OSPF 配置为内部网关协议 (IGP) 并计算 MPLS LSP:
[edit protocols] user@router-pe2# set ospf traffic-engineering user@router-pe2# set ospf area 0.0.0.0 interface all user@router-pe2# set ospf area 0.0.0.0 interface fxp0.0 disable -
创建在策略选项配置中应用的扩展社区:
[edit policy-options] user@router-pe2# set community vpna-comm members target:200:100 -
在路由实例配置中定义在
vrf-export语句中应用的 VPNA 导出路由策略。此外,应用从中学习路由的 VPNA-comm 社区:[edit policy-options] user@router-pe2# set policy-statement vpna-export term one from protocol bgp user@router-pe2# set policy-statement vpna-export term one from protocol direct user@router-pe2# set policy-statement vpna-export term one then community add vpna-comm user@router-pe2# set policy-statement vpna-export term one then accept user@router-pe2# set policy-statement vpna-export term two then reject -
定义在路由实例配置的语句中应用
vrf-import的 VPNA 导入路由策略。此外,应用从中学习路由的 VPNA-comm 社区:[edit policy-options] user@router-pe2# set policy-statement vpna-import term one from protocol bgp user@router-pe2# set policy-statement vpna-import term one from community vpna-comm user@router-pe2# set policy-statement vpna-import term one then accept user@router-pe2# set policy-statement vpna-import term two then reject -
配置 VRF 路由实例,以便将从提供商边缘-提供商边缘 (PE-PE) 会话收到的路由导入到实例的任何 VRF 辅助路由表中:
[edit routing-instances] user@router-pe2# set vrf1 instance-type vrf user@router-pe2# set vrf1 interface ge-3/1/2.0 user@router-pe2# set vrf1 route-distinguisher 10.255.19.12:1 user@router-pe2# set vrf1 vrf-import vpna-import user@router-pe2# set vrf1 vrf-export vpna-export user@router-pe2#set vrf1 protocols bgp group R3-R4 type external user@router-pe2# set vrf1 protocols bgp group R3-R4 peer-as 65000 user@router-pe2# set vrf1 protocols bgp group R3-R4 as-override user@router-pe2# set vrf1 protocols bgp group R3-R4 neighbor 10.10.10.1
结果
检查 PE2 路由器的配置结果:
user@router-pe2> show configuration
[...Output Truncated...]
}
interfaces {
ge-3/1/0 {
unit 0 {
family inet {
address 192.168.20.2/24;
}
family mpls;
}
}
ge-3/1/2 {
unit 0 {
family inet {
filter {
input fw;
output fw;
}
address 10.10.10.2/24;
}
}
}
}
forwarding-options {
sampling {
traceoptions {
file sampled world-readable;
flag all;
}
input {
rate 1;
run-length 0;
max-packets-per-second 20000;
}
family inet {
output {
flow-inactive-timeout 60;
flow-active-timeout 60;
flow-server 198.51.100.2 {
port 2055;
local-dump;
version 500;
}
}
}
}
}
routing-options {
[...Output Truncated...]
autonomous-system 200;
}
protocols {
rsvp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
label-switched-path R2toR1 {
from 192.168.20.2;
to 192.168.20.1;
}
interface all;
interface fxp0.0 {
disable;
}
}
bgp {
group to_r1 {
type internal;
local-address 192.168.20.2;
neighbor 192.168.20.1 {
family inet-vpn {
unicast;
}
}
neighbor 192.0.2.1;
}
}
ospf {
traffic-engineering;
area 0.0.0.0 {
interface all;
interface fxp0.0 {
disable;
}
}
}
}
policy-options {
policy-statement vpna-export {
term one {
from protocol [ bgp direct ];
then {
community add vpna-comm;
accept;
}
}
term two {
then reject;
}
}
policy-statement vpna-import {
term one {
from {
protocol bgp;
community vpna-comm;
}
then accept;
}
term two {
then reject;
}
}
community vpna-comm members target:200:100;
}
firewall {
family inet {
filter fw {
term 1 {
from {
protocol tcp;
port bgp;
}
then accept;
}
term 2 {
then {
sample;
accept;
}
}
}
}
}
routing-instances {
vrf1 {
instance-type vrf;
interface ge-3/1/2.0;
route-distinguisher 10.255.19.12:1;
vrf-import vpna-import;
vrf-export vpna-export;
protocols {
bgp {
group R3-R4 {
type external;
peer-as 65000;
as-override;
neighbor 10.10.10.1;
}
}
}
}
}
配置 CE2 路由器
分步过程
在此步骤中,您将为 CE2 路由器配置接口、路由选项、协议和策略选项。要配置 CE2 路由器,请执行以下作:
-
使用两个 IP 地址配置一个接口。一个地址用于流向 PE2 路由器的流量,另一个地址用于检查流量是否从 CE1 路由器流出:
[edit interfaces] user@router-ce2# set ge-0/1/2 unit 0 family inet address 10.10.10.1/24 user@router-ce2# set ge-0/1/2 unit 0 family inet address 10.4.4.4/16 -
配置自治系统以在 BGP 对等方之间建立连接:
[edit routing-options] user@router-ce1# set autonomous-system 65000 -
将 BGP 配置为 CE 和 PE 路由器之间的路由协议:
[edit protocols] user@router-ce2# set bgp group R3-R4 type external user@router-ce2# set bgp group R3-R4 export l3vpn-policy user@router-ce2# set bgp group R3-R4 peer-as 200 user@router-ce2# set bgp group R3-R4 neighbor 10.10.10.2 -
配置确保 CE 路由器交换路由信息的策略。在此示例中,路由器 CE2 与路由器 CE1 交换路由信息:
[edit policy-options] user@router-ce2# set policy-statement l3vpn-policy term one from protocol direct user@router-ce2# set policy-statement l3vpn-policy term one from route-filter 10.255.15.75/32 exact user@router-ce2# set policy-statement l3vpn-policy term one then accept user@router-ce2# set policy-statement l3vpn-policy term two from protocol direct user@router-ce2# set policy-statement l3vpn-policy term two from route-filter 10.4.0.0/16 exact user@router-ce2# set policy-statement l3vpn-policy term two then accept
结果
以下输出显示了 CE2 路由器的配置:
[edit]
user@router-ce2# show
[...Output Truncated...]
interfaces {
ge-0/1/2 {
unit 0 {
family inet {
address 10.10.10.1/24;
address 10.4.4.4/16;
}
}
}
}
routing-options {
autonomous-system 65000;
}
protocols {
bgp {
group R3-R4 {
type external;
export l3vpn-policy;
peer-as 200;
neighbor 10.10.10.2;
}
}
}
policy-options {
policy-statement l3vpn-policy {
term one {
from {
protocol direct;
route-filter 10.255.15.75/32 exact;
}
then accept;
}
term two {
from {
protocol direct;
route-filter 10.4.0.0/16 exact;
}
then accept;
}
}
}
验证
完成四台路由器的配置后,您可以验证流量是否从 CE1 路由器流向 CE2 路由器,并且可以观察来自两个位置的采样流量。要确认配置工作正常,请执行以下任务:
验证 CE 路由器之间的流量
目的
ping 使用命令验证 CE 路由器之间的流量。
行动
从 CE1 路由器向 CE2 路由器发出 ping 命令:
user@router-ce2> ping 10.4.4.4 source 198.51.100.2 PING 10.4.4.4 (10.4.4.4): 56 data bytes 64 bytes from 10.4.4.4: icmp_seq=0 ttl=64 time=0.861 ms 64 bytes from 10.4.4.4: icmp_seq=1 ttl=64 time=0.869 ms 64 bytes from 10.4.4.4: icmp_seq=2 ttl=64 time=0.786 ms ^C --- 10.4.4.4 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.786/0.839/0.869/0.037 ms
意义
命令的输出 ping 显示命令 ping 已成功。流量在 CE 路由器之间流动。
验证抽样流量
目的
您可以通过命令从 CLI 观察采样流量,也可以从路由器 shell 使用命令观察tail –f /var/log/sampled采样流量show log sampled。此外,您还可以在流收集器中收集日志。相同的信息会显示在这两个命令的输出和流收集器中。有关使用流收集器的信息,请参阅“将 cflowd 记录发送到流收集器接口”和“示例:在 M、MX 或 T Series 路由器上配置流收集器接口”。
行动
在 PE1 路由器上,使用命令 show log sampled :
user@router-pe1> show log sampled
[...Output Truncated...]
Nov 16 23:24:19 Src addr: 198.51.100.2
Nov 16 23:24:19 Dst addr: 10.4.4.4
Nov 16 23:24:19 Nhop addr: 192.168.20.2
Nov 16 23:24:19 Input interface: 503 # SNMP index of the incoming interface on PE1
Nov 16 23:24:19 Output interface: 505 # SNMP index of the outgoing interface on PE1
Nov 16 23:24:19 Pkts in flow: 5
Nov 16 23:24:19 Bytes in flow: 420
Nov 16 23:24:19 Start time of flow: 602411369
Nov 16 23:24:19 End time of flow: 602415369
Nov 16 23:24:19 Src port: 0
Nov 16 23:24:19 Dst port: 2048
Nov 16 23:24:19 TCP flags: 0x0
Nov 16 23:24:19 IP proto num: 1
Nov 16 23:24:19 TOS: 0x0
Nov 16 23:24:19 Src AS: 95000 # The autonomous system of CE1
Nov 16 23:24:19 Dst AS: 65000,,,,,# The autonomous system of CE2
Nov 16 23:24:19 Src netmask len: 8
Nov 16 23:24:19 Dst netmask len: 16
Nov 16 23:24:19 cflowd header:
Nov 16 23:24:19 Num-records: 1
Nov 16 23:24:19 Version: 500
Nov 16 23:24:19 Flow seq num: 13
Nov 16 23:24:19 Sys Uptime: 602450382 (msecs)
Nov 16 23:24:19 Time-since-epoch: 1258413859 (secs)
Nov 16 23:24:19 Engine id: 0
Nov 16 23:24:19 Engine type: 0
Nov 16 23:24:19 Sample interval: 1
[...Output Truncated...]
意义
命令输出 show log sampled 显示 PE1 路由器上传入接口和传出接口的正确 SNMP 索引。此外,两台 CE 路由器的自治系统的源地址和目的地址也正确无误。
交叉验证抽样流量
目的
您还可以使用 show interface interface-name-fpc/pic/port.unit-number | match SNMP 命令和 show route route-name detail 命令仔细检查采样的流量是否正确。
行动
以下输出是对 “验证采样流量 ”任务中输出的交叉检查:
user@router-pe1> show interfaces ge-2/0/2.0 | match SNMP
Logical interface ge-2/0/2.0 (Index 76) (SNMP ifIndex 503)
Flags: SNMP-Traps 0x4000000 Encapsulation: ENET2
user@router-pe1> show route 10.4.4.4 detail
vrf1.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
10.4.0.0/16 (1 entry, 1 announced)
*BGP Preference: 170/-101
Route Distinguisher: 10.255.19.12:1
Next hop type: Indirect
Next-hop reference count: 6
Source: 192.168.20.2
Next hop type: Router, Next hop index: 659
Next hop: 192.168.20.2 via ge-2/0/0.0 weight 0x1, selected
Label operation: Push 299776
Protocol next hop: 192.168.20.2
Push 299776
Indirect next hop: 8e6f780 1048574
State: <Secondary Active Int Ext>
Local AS: 200 Peer AS: 200
Age: 3d 19:49:32 Metric2: 65535
Task: BGP_200.20.20.20.2+179
Announcement bits (3): 0-RT 1-BGP RT Background 2-KRT
AS path: 65000 I
AS path: Recorded
Communities: target:200:100
Import Accepted
VPN Label: 299776
Localpref: 100
Router ID: 10.10.10.2
Primary Routing Table bgp.l3vpn.0