Exemple : Utilisation d’une stratégie de routage dans le réseau d’un FAI
Cet exemple est une étude de cas illustrant l’utilisation des stratégies de routage dans le réseau typique d’un fournisseur d’accès à Internet (FAI).
Conditions préalables
Aucune configuration spéciale au-delà de l’initialisation de l’appareil n’est requise avant de configurer cet exemple.
Présentation
Dans cet exemple de réseau, le numéro AS du FAI est 64510. Le FAI dispose de deux homologues de transit (AS 64514 et AS 64515) auxquels il se connecte à un point d’échange. Le FAI est également connecté à deux homologues privés (AS 64513 et AS 64516) avec lesquels il échange des itinéraires clients spécifiques. Le FAI compte deux clients (AS 64511 et AS 64512).
Les stratégies du FAI sont configurées dans le sens du trafic sortant. C’est-à-dire que l’exemple se concentre sur les routes que le FAI annonce à ses pairs et à ses clients, et comprend les éléments suivants :
Le FAI s’est vu attribuer l’AS 64510 et l’espace de routage 172.16.32.0/21. À l’exception des deux réseaux clients, tous les autres itinéraires clients sont simulés avec des itinéraires statiques.
Les homologues d’échange sont utilisés pour le service de transit vers d’autres parties de l’Internet. Cela signifie que le FAI accepte tous les itinéraires (la table de routage Internet complète) de ces homologues BGP. Pour aider à maintenir une table de routage Internet optimisée, le FAI est configuré pour annoncer seulement deux routes agrégées aux homologues de transit.
Les administrateurs du FAI souhaitent que toutes les données transmises aux homologues privés utilisent les liens directs. Par conséquent, tous les itinéraires clients du FAI sont annoncés à ces homologues privés. Ces homologues annoncent ensuite tous leurs itinéraires clients au FAI.
Enfin, chaque client a des exigences différentes. Customer-1 nécessite une route unique par défaut. Customer-2 requiert des routes spécifiques.
Définir des commandes pour tous les périphériques de la topologie
Configuration rapide de l’interface de ligne de commande
Pour configurer rapidement cet exemple, copiez les commandes suivantes, collez-les dans un fichier texte, supprimez les sauts de ligne, modifiez tous les détails nécessaires pour qu’ils correspondent à votre configuration réseau, puis copiez et collez les commandes dans l’interface de ligne de commande au niveau de la [edit]
hiérarchie.
Appareil Client-1
set interfaces fe-1/2/3 unit 0 description to_ISP-3 set interfaces fe-1/2/3 unit 0 family inet address 10.1.0.6/30 set interfaces lo0 unit 0 family inet address 192.168.0.8/32 set protocols bgp group ext type external set protocols bgp group ext export send-statics set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.1.0.5 set policy-options policy-statement send-statics term static-routes from protocol static set policy-options policy-statement send-statics term static-routes then accept set routing-options static route 172.16.40.0/25 reject set routing-options static route 172.16.40.128/25 reject set routing-options static route 172.16.41.0/25 reject set routing-options static route 172.16.41.128/25 reject set routing-options autonomous-system 64511
Appareil Client-2
set interfaces fe-1/2/1 unit 0 description to_ISP-3 set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.10/30 set interfaces fe-1/2/0 unit 0 description to-Private-Peer-2 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.21/30 set interfaces lo0 unit 0 family inet address 192.168.0.9/32 set protocols bgp group ext type external set protocols bgp group ext import inbound-routes set protocols bgp group ext export outbound-routes set protocols bgp group ext neighbor 10.0.0.9 peer-as 64510 set protocols bgp group ext neighbor 10.0.0.22 peer-as 64516 set policy-options policy-statement inbound-routes term AS64510-primary from protocol bgp set policy-options policy-statement inbound-routes term AS64510-primary from as-path AS64510-routes set policy-options policy-statement inbound-routes term AS64510-primary then local-preference 200 set policy-options policy-statement inbound-routes term AS64510-primary then accept set policy-options policy-statement inbound-routes term AS64516-backup from protocol bgp set policy-options policy-statement inbound-routes term AS64516-backup from as-path AS64516-routes set policy-options policy-statement inbound-routes term AS64516-backup then local-preference 50 set policy-options policy-statement inbound-routes term AS64516-backup then accept set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set policy-options policy-statement outbound-routes term internal-bgp-routes from protocol bgp set policy-options policy-statement outbound-routes term internal-bgp-routes from as-path my-own-routes set policy-options policy-statement outbound-routes term internal-bgp-routes then accept set policy-options policy-statement outbound-routes term no-transit then reject set policy-options as-path my-own-routes "()" set policy-options as-path AS64510-routes "64510 .*" set policy-options as-path AS64516-routes "64516 .*" set routing-options static route 172.16.44.0/26 reject set routing-options static route 172.16.44.64/26 reject set routing-options static route 172.16.44.128/26 reject set routing-options static route 172.16.44.192/26 reject set routing-options autonomous-system 64512
Appareil ISP-1
set interfaces fe-1/2/0 unit 0 description to_ISP-3 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.2/30 set interfaces fe-1/2/1 unit 0 description to_ISP-2 set interfaces fe-1/2/1 unit 0 family inet address 10.1.0.2/30 set interfaces fe-1/2/2 unit 0 description to_Private-Peer-1 set interfaces fe-1/2/2 unit 0 family inet address 10.2.0.2/30 set interfaces fe-1/2/3 unit 0 description to_Exchange-1 set interfaces fe-1/2/3 unit 0 family inet address 10.2.0.6/30 set interfaces lo0 unit 0 family inet address 192.168.0.1/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.1 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.2 set protocols bgp group int neighbor 192.168.0.3 set protocols bgp group to_64513 type external set protocols bgp group to_64513 export private-peer set protocols bgp group to_64513 peer-as 64513 set protocols bgp group to_64513 neighbor 10.2.0.1 set protocols bgp group to_64514 type external set protocols bgp group to_64514 export exchange-peer set protocols bgp group to_64514 peer-as 64514 set protocols bgp group to_64514 neighbor 10.2.0.5 set protocols ospf area 0.0.0.0 interface fe-1/2/0.0 set protocols ospf area 0.0.0.0 interface fe-1/2/1.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement exchange-peer term AS64510-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term AS64510-Aggregate from route-filter 172.16.32.0/21 exact set policy-options policy-statement exchange-peer term AS64510-Aggregate then accept set policy-options policy-statement exchange-peer term Customer-2-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term Customer-2-Aggregate from route-filter 172.16.40.0/22 exact set policy-options policy-statement exchange-peer term Customer-2-Aggregate then accept set policy-options policy-statement exchange-peer term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next-hop-self then next-hop self set policy-options policy-statement private-peer term statics from protocol static set policy-options policy-statement private-peer term statics then accept set policy-options policy-statement private-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement private-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement private-peer term isp-and-customer-routes then accept set policy-options policy-statement private-peer term reject-all then reject set routing-options static route 172.16.32.0/24 reject set routing-options static route 172.16.33.0/24 reject set routing-options aggregate route 172.16.32.0/21 set routing-options aggregate route 172.16.40.0/22 set routing-options router-id 192.168.0.1 set routing-options autonomous-system 64510
Appareil ISP-2
set interfaces fe-1/2/1 unit 0 description to_ISP-1 set interfaces fe-1/2/1 unit 0 family inet address 10.1.0.1/30 set interfaces fe-1/2/2 unit 0 description to_ISP-3 set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.6/30 set interfaces fe-1/2/3 unit 0 description to_Private-Peer-2 set interfaces fe-1/2/3 unit 0 family inet address 10.3.0.6/30 set interfaces fe-1/2/0 unit 0 description to_Exchange-2 set interfaces fe-1/2/0 unit 0 family inet address 10.3.0.2/30 set interfaces lo0 unit 0 family inet address 192.168.0.2/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.2 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.1 set protocols bgp group int neighbor 192.168.0.3 set protocols bgp group AS-64516 type external set protocols bgp group AS-64516 export private-peer set protocols bgp group AS-64516 peer-as 64516 set protocols bgp group AS-64516 neighbor 10.3.0.5 set protocols bgp group AS-64515 type external set protocols bgp group AS-64515 export exchange-peer set protocols bgp group AS-64515 peer-as 64515 set protocols bgp group AS-64515 neighbor 10.3.0.1 set protocols ospf area 0.0.0.0 interface fe-1/2/2.0 set protocols ospf area 0.0.0.0 interface fe-1/2/1.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement exchange-peer term AS64510-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term AS64510-Aggregate from route-filter 172.16.32.0/21 exact set policy-options policy-statement exchange-peer term AS64510-Aggregate then accept set policy-options policy-statement exchange-peer term Customer-2-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term Customer-2-Aggregate from route-filter 172.16.44.0/23 exact set policy-options policy-statement exchange-peer term Customer-2-Aggregate then accept set policy-options policy-statement exchange-peer term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next-hop-self then next-hop self set policy-options policy-statement private-peer term statics from protocol static set policy-options policy-statement private-peer term statics then accept set policy-options policy-statement private-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement private-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement private-peer term isp-and-customer-routes then accept set policy-options policy-statement private-peer term reject-all then reject set routing-options static route 172.16.34.0/24 reject set routing-options static route 172.16.35.0/24 reject set routing-options aggregate route 172.16.44.0/23 set routing-options aggregate route 172.16.32.0/21 set routing-options router-id 192.168.0.2 set routing-options autonomous-system 64510
Appareil ISP-3
set interfaces fe-1/2/0 unit 0 description to_ISP-1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.1/30 set interfaces fe-1/2/2 unit 0 description to_ISP-2 set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.5/30 set interfaces fe-1/2/3 unit 0 description to_Customer-1 set interfaces fe-1/2/3 unit 0 family inet address 10.1.0.5/30 set interfaces fe-1/2/1 unit 0 description to_Customer-2 set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.9/30 set interfaces lo0 unit 0 family inet address 192.168.0.3/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.3 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.1 set protocols bgp group int neighbor 192.168.0.2 set protocols bgp group to_64511 type external set protocols bgp group to_64511 export customer-1-peer set protocols bgp group to_64511 neighbor 10.1.0.6 peer-as 64511 set protocols bgp group to_64512 type external set protocols bgp group to_64512 export customer-2-peer set protocols bgp group to_64512 neighbor 10.0.0.10 peer-as 64512 set protocols ospf area 0.0.0.0 interface fe-1/2/0.0 set protocols ospf area 0.0.0.0 interface fe-1/2/2.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement customer-1-peer term defaut-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement customer-1-peer term defaut-route then accept set policy-options policy-statement customer-1-peer term reject-all-other-routes then reject set policy-options policy-statement customer-2-peer term statics from protocol static set policy-options policy-statement customer-2-peer term statics then accept set policy-options policy-statement customer-2-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement customer-2-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement customer-2-peer term isp-and-customer-routes then accept set policy-options policy-statement customer-2-peer term default-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement customer-2-peer term default-route then accept set policy-options policy-statement customer-2-peer term reject-all-other-routes then reject set policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes from route-filter 172.16.8.0/21 exact set policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes then accept set policy-options policy-statement if-upstream-routes-exist term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next then next-hop self set routing-options static route 172.16.36.0/24 reject set routing-options static route 172.16.37.0/24 reject set routing-options static route 172.16.38.0/24 reject set routing-options static route 172.16.39.0/24 reject set routing-options generate route 0.0.0.0/0 policy if-upstream-routes-exist set routing-options router-id 192.168.0.3 set routing-options autonomous-system 64510
Échange d’appareils-1
set interfaces fe-1/2/3 unit 0 description to_ISP-1 set interfaces fe-1/2/3 unit 0 family inet address 10.2.0.5/30 set interfaces fe-1/2/2 unit 0 description to_Exchange-2 set interfaces fe-1/2/2 unit 0 family inet address 10.3.0.42/30 set interfaces fe-1/2/1 unit 0 description to_Private-Peer-1 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.45/30 set interfaces lo0 unit 0 family inet address 192.168.0.6/32 set protocols bgp group ext type external set protocols bgp group ext export send-static set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.2.0.6 set protocols bgp group ext neighbor 10.3.0.41 peer-as 64515 set policy-options policy-statement send-static from protocol static set policy-options policy-statement send-static then accept set routing-options static route 172.16.8.0/21 reject set routing-options autonomous-system 64514
Échange d’appareils-2
set interfaces fe-1/2/0 unit 0 description to_ISP-2 set interfaces fe-1/2/0 unit 0 family inet address 10.3.0.1/30 set interfaces fe-1/2/2 unit 0 description to_Exchange-1 set interfaces fe-1/2/2 unit 0 family inet address 10.3.0.41/30 set interfaces fe-1/2/1 unit 0 description to_Private-Peer-2 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.49/30 set interfaces lo0 unit 0 family inet address 192.168.0.7/32 set protocols bgp group ext type external set protocols bgp group ext export outbound-routes set protocols bgp group ext neighbor 10.3.0.2 peer-as 64510 set protocols bgp group ext neighbor 10.3.0.50 peer-as 64516 set protocols bgp group ext neighbor 10.3.0.42 peer-as 64514 set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set routing-options autonomous-system 64515 set routing-options static route 172.16.16.0/21 reject
Appareil Private-Peer-1
set interfaces fe-1/2/2 unit 0 description to_ISP-1 set interfaces fe-1/2/2 unit 0 family inet address 10.2.0.1/30 set interfaces fe-1/2/1 unit 0 description to_Exchange-1 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.46/30 set interfaces lo0 unit 0 family inet address 192.168.0.4/32 set protocols bgp group ext type external set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.2.0.2 set routing-options autonomous-system 64513
Appareil Private-Peer-2
set interfaces fe-1/2/3 unit 0 description to_ISP-2 set interfaces fe-1/2/3 unit 0 family inet address 10.3.0.5/30 set interfaces fe-1/2/0 unit 0 description to_Customer-1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.22/30 set interfaces fe-1/2/1 unit 0 description to_Exchange-2 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.50/30 set interfaces lo0 unit 0 family inet address 192.168.0.5/32 set protocols bgp group ext type external set protocols bgp group ext export outbound-routes set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.3.0.6 set protocols bgp group to-64512 type external set protocols bgp group to-64512 peer-as 64512 set protocols bgp group to-64512 neighbor 10.0.0.21 set protocols bgp group to-64512 export internal-routes set protocols bgp group to-64515 type external set protocols bgp group to-64515 export outbound-routes set protocols bgp group to-64515 peer-as 64515 set protocols bgp group to-64515 neighbor 10.3.0.49 set policy-options policy-statement if-upstream-routes-exist term as-64515-routes from route-filter 172.16.16.0/21 exact set policy-options policy-statement if-upstream-routes-exist term as-64515-routes then accept set policy-options policy-statement if-upstream-routes-exist term reject-all-other-routes then reject set policy-options policy-statement internal-routes term statics from protocol static set policy-options policy-statement internal-routes term statics then accept set policy-options policy-statement internal-routes term default-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement internal-routes term default-route then accept set policy-options policy-statement internal-routes term reject-all-other-routes then reject set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set policy-options policy-statement outbound-routes term allowed-bgp-routes from as-path my-own-routes set policy-options policy-statement outbound-routes term allowed-bgp-routes from as-path AS64512-routes set policy-options policy-statement outbound-routes term allowed-bgp-routes then accept set policy-options policy-statement outbound-routes term no-transit then reject set policy-options as-path my-own-routes "()" set policy-options as-path AS64512-routes 64512 set routing-options static route 172.16.24.0/25 reject set routing-options static route 172.16.24.128/25 reject set routing-options static route 172.16.25.0/26 reject set routing-options static route 172.16.25.64/26 reject set routing-options generate route 0.0.0.0/0 policy if-upstream-routes-exist set routing-options autonomous-system 64516
Configuration de l’appareil Customer-1
Procédure
Procédure étape par étape
L’exemple suivant nécessite que vous naviguiez à différents niveaux dans la hiérarchie de configuration. Pour plus d’informations sur la navigation dans la CLI, reportez-vous Utiliser l’éditeur CLI en mode configuration au Guide de l’utilisateur de l’interface de ligne de commande Junos OS.
Device Customer-1 dispose de plusieurs routes statiques configurées pour simuler des routes client. Ces routes sont envoyées au FAI.
Pour configurer l’appareil Customer-1 :
Configurez les interfaces de l’appareil.
[edit interfaces] user@Customer-1# set fe-1/2/3 unit 0 description to_ISP-3 user@Customer-1# set fe-1/2/3 unit 0 family inet address 10.1.0.6/30 user@Customer-1# set lo0 unit 0 family inet address 192.168.0.8/32
Configurez les routes statiques.
[edit routing-options static] user@Customer-1# set route 172.16.40.0/25 reject user@Customer-1# set route 172.16.40.128/25 reject user@Customer-1# set route 172.16.41.0/25 reject user@Customer-1# set route 172.16.41.128/25 reject
Configurez la stratégie pour envoyer des routes statiques.
[edit policy-options policy-statement send-statics term static-routes] user@Customer-1# set from protocol static user@Customer-1# set then accept
Configurez la connexion BGP externe (EBGP) au FAI.
[edit protocols bgp group ext] user@Customer-1# set type external user@Customer-1# set export send-statics user@Customer-1# set peer-as 64510 user@Customer-1# set neighbor 10.1.0.5
Configurez le numéro du système autonome (AS).
[edit routing-options] user@Customer-1# set autonomous-system 64511
Résultats
À partir du mode de configuration, confirmez votre configuration en saisissant les commandes show interfaces
, show protocols
, show policy-options
et show routing-options
. Si la sortie n’affiche pas la configuration prévue, répétez les instructions de cet exemple pour corriger la configuration.
user@Customer-1# show interfaces fe-1/2/1 { unit 0 { description to_ISP-3; family inet { address 10.1.0.6/30; } } } lo0 { unit 0 { family inet { address 192.168.0.8/32; } } }
user@Customer-1# show protocols bgp { group ext { type external; export send-statics; peer-as 64510; neighbor 10.1.0.5; } }
user@Customer-1# show policy-options policy-statement send-statics { term static-routes { from protocol static; then accept; } }
user@Customer-1# show routing-options static { route 172.16.40.0/25 reject; route 172.16.40.128/25 reject; route 172.16.41.0/25 reject; route 172.16.41.128/25 reject; } autonomous-system 64511;
Si vous avez terminé de configurer l’appareil, passez commit
en mode de configuration.
Configuration de l’appareil Customer-2
Procédure
Procédure étape par étape
L’exemple suivant nécessite que vous naviguiez à différents niveaux dans la hiérarchie de configuration. Pour plus d’informations sur la navigation dans la CLI, reportez-vous Utiliser l’éditeur CLI en mode configuration au Guide de l’utilisateur de l’interface de ligne de commande Junos OS.
Device Customer-2 dispose de deux routes statiques configurées pour simuler les routes client. Ces routes sont envoyées au FAI. Le client-2 a un lien vers le FAI, ainsi qu’un lien vers l’AS 8000. Ce client a demandé des itinéraires clients spécifiques au FAI, ainsi qu’à l’AS 64516. Le client-2 souhaite utiliser le FAI pour le service de transit vers Internet et a demandé un itinéraire par défaut au FAI.
Pour configurer l’appareil Customer-2 :
Configurez les interfaces de l’appareil.
[edit interfaces] user@Customer-2# set fe-1/2/1 unit 0 description to_ISP-3 user@Customer-2# set fe-1/2/1 unit 0 family inet address 10.0.0.10/30 user@Customer-2# set fe-1/2/0 unit 0 description to-Private-Peer-2 user@Customer-2# set fe-1/2/0 unit 0 family inet address 10.0.0.21/30 user@Customer-2# set lo0 unit 0 family inet address 192.168.0.9/32
Configurez les routes statiques.
[edit routing-options static] user@Customer-2# set route 172.16.44.0/26 reject user@Customer-2# set route 172.16.44.64/26 reject user@Customer-2# set route 172.16.44.128/26 reject user@Customer-2# set route 172.16.44.192/26 reject
Configurez la stratégie de routage d’importation.
L’itinéraire avec la valeur de préférence locale la plus élevée est préféré. Les routes provenant du FAI sont préférées aux mêmes routes que celles de Device Private-Peer-2
[edit policy-options policy-statement inbound-routes] user@Customer-2# set term AS64510-primary from protocol bgp user@Customer-2# set term AS64510-primary from as-path AS64510-routes user@Customer-2# set term AS64510-primary then local-preference 200 user@Customer-2# set term AS64510-primary then accept [edit policy-options policy-statement inbound-routes] user@Customer-2# set term AS64516-backup from protocol bgp user@Customer-2# set term AS64516-backup from as-path AS64516-routes user@Customer-2# set term AS64516-backup then local-preference 50 user@Customer-2# set term AS64516-backup then accept [edit policy-options] user@Customer-2# set as-path AS64510-routes "64510 .*" user@Customer-2# set as-path AS64516-routes "64516 .*"
Configurez la stratégie de routage d’exportation.
[edit policy-options policy-statement outbound-routes] user@Customer-2# set term statics from protocol static user@Customer-2# set term statics then accept user@Customer-2# set term internal-bgp-routes from protocol bgp user@Customer-2# set term internal-bgp-routes from as-path my-own-routes user@Customer-2# set term internal-bgp-routes then accept user@Customer-2# set term no-transit then reject [edit policy-options] user@Customer-2# set as-path my-own-routes "()"
Configurez la connexion BGP externe (EBGP) au FAI et à Device Private-Peer-2.
[edit protocols bgp group ext] user@Customer-2# set type external user@Customer-2# set import inbound-routes user@Customer-2# set export outbound-routes user@Customer-2# set neighbor 10.0.0.9 peer-as 64510 user@Customer-2# set neighbor 10.0.0.22 peer-as 64516
Configurez le numéro du système autonome (AS).
[edit routing-options] user@Customer-2# set autonomous-system 64512
Résultats
À partir du mode de configuration, confirmez votre configuration en saisissant les commandes show interfaces
, show protocols
, show policy-options
et show routing-options
. Si la sortie n’affiche pas la configuration prévue, répétez les instructions de cet exemple pour corriger la configuration.
user@Customer-2# show interfaces fe-1/2/1 { unit 0 { description to_ISP-3; family inet { address 10.0.0.10/30; } } } fe-1/2/0 { unit 0 { description to-Private-Peer-2; family inet { address 10.0.0.21/30; } } } lo0 { unit 0 { family inet { address 192.168.0.9/32; } } }
user@Customer-2# show protocols bgp { group ext { type external; import inbound-routes; export outbound-routes; neighbor 10.0.0.9 { peer-as 64510; } neighbor 10.0.0.22 { peer-as 64516; } } }
user@Customer-2# show policy-options policy-statement inbound-routes { term AS64510-primary { from { protocol bgp; as-path AS64510-routes; } then { local-preference 200; accept; } } term AS64516-backup { from { protocol bgp; as-path AS64516-routes; } then { local-preference 50; accept; } } } policy-statement outbound-routes { term statics { from protocol static; then accept; } term internal-bgp-routes { from { protocol bgp; as-path my-own-routes; } then accept; } term no-transit { then reject; } } as-path my-own-routes "()"; as-path AS64510-routes "64510 .*"; as-path AS64516-routes "64516 .*";
user@Customer-2# show routing-options static { route 172.16.44.0/26 reject; route 172.16.44.64/26 reject; route 172.16.44.128/26 reject; route 172.16.44.192/26 reject; } autonomous-system 64512;
Si vous avez terminé de configurer l’appareil, passez commit
en mode de configuration.
Configuration des périphériques ISP-1 et ISP-2
Procédure
Procédure étape par étape
L’exemple suivant nécessite que vous naviguiez à différents niveaux dans la hiérarchie de configuration. Pour plus d’informations sur la navigation dans la CLI, reportez-vous Utiliser l’éditeur CLI en mode configuration au Guide de l’utilisateur de l’interface de ligne de commande Junos OS.
Deux stratégies sont configurées pour les périphériques ISP-1 et ISP-2 : La private-peer
politique et la exchange-peer
politique. En raison de leurs configurations similaires, cet exemple montre la configuration étape par étape uniquement pour l’appareil ISP-2.
Sur l’appareil ISP-2, la stratégie private-peer envoie les itinéraires client du FAI à Device Private-Peer-2. La stratégie accepte toutes les routes statiques locales (clients ISP-2 locaux) et toutes les routes BGP dans la plage 172.16.32.0/21 (annoncées par d’autres routeurs FAI). Ces deux termes de stratégie représentent les itinéraires client du FAI. Le terme de stratégie final rejette toutes les autres routes, ce qui inclut l’intégralité de la table de routage Internet envoyée par les homologues d’échange. Ces routes n’ont pas besoin d’être envoyées à Device Private-Peer-2 pour deux raisons :
L’homologue maintient déjà une connexion à Device Exchange-2 dans notre exemple, de sorte que les routes sont redondantes.
L’homologue privé ne veut que les itinéraires client. La
private-peer
politique permet d’atteindre cet objectif. Laexchange-peer
stratégie envoie des routes à Device Exchange-2.
Dans l’exemple, seules deux routes doivent être envoyées à Device Exchange-2 :
Route agrégée qui représente l’espace de routage AS 64510 de 172.16.32.0/21. Cette route est configurée en tant qu’route agrégée localement et est annoncée par la
exchange-peer
stratégie.Espace d’adressage attribué à Client-2, 172.16.44.0/23. Cette route agrégée plus petite doit être envoyée à Device Exchange-2, car le client est également attaché à l’homologue AS 64516 (Device Private-Peer-2).
L’envoi de ces deux routes à Device Exchange-2 permet à d’autres réseaux Internet d’atteindre le client via le FAI ou l’homologue privé. Si seul l’homologue privé annonçait le réseau /23 alors que le FAI ne conservait que son agrégat /21, tout le trafic destiné au client ne transiterait que par l’AS 64516. Étant donné que le client souhaite également obtenir des routes du FAI, la route 172.16.44.0/23 est annoncée par le FAI de l’appareil-2. À l’instar de la route d’agrégation de plus grande taille, la route 172.16.44.0/23 est configurée localement et est annoncée par la stratégie d’homologue d’échange. Le dernier terme de cette stratégie rejette tous les routages, y compris les réseaux client spécifiques du FAI, les itinéraires client de Device Private-Peer-1, les itinéraires client de Device Private-Peer-2 et la table de routage de Device Exchange-1. Essentiellement, cette dernière condition empêche le FAI d’effectuer des services de transit pour l’Internet en général.
Pour configurer l’appareil ISP-2 :
Configurez les interfaces de l’appareil.
[edit interfaces] user@ISP-2# set fe-1/2/1 unit 0 description to_ISP-1 user@ISP-2# set fe-1/2/1 unit 0 family inet address 10.1.0.1/30 user@ISP-2# set fe-1/2/2 unit 0 description to_ISP-3 user@ISP-2# set fe-1/2/2 unit 0 family inet address 10.0.0.6/30 user@ISP-2# set fe-1/2/3 unit 0 description to_Private-Peer-2 user@ISP-2# set fe-1/2/3 unit 0 family inet address 10.3.0.6/30 user@ISP-2# set fe-1/2/0 unit 0 description to_Exchange-2 user@ISP-2# set fe-1/2/0 unit 0 family inet address 10.3.0.2/30 user@ISP-2# set lo0 unit 0 family inet address 192.168.0.2/32
Configurez le protocole IGP (Interior Gateway Protocol).
[edit protocols ospf area 0.0.0.0] user@ISP-2# set interface fe-1/2/2.0 user@ISP-2# set interface fe-1/2/1.0 user@ISP-2# set interface lo0.0 passive
Configurez les routes statiques et agrégées.
[edit routing-options static] user@ISP-2# set route 172.16.34.0/24 reject user@ISP-2# set route 172.16.35.0/24 reject [edit routing-options aggregate] user@ISP-2# set route 172.16.44.0/23 user@ISP-2# set route 172.16.32.0/21
Configurez les stratégies de routage pour les homologues Exchange.
[edit policy-options policy-statement exchange-peer] user@ISP-2# set term AS64510-Aggregate from protocol aggregate user@ISP-2# set term AS64510-Aggregate from route-filter 172.16.32.0/21 exact user@ISP-2# set term AS64510-Aggregate then accept user@ISP-2# set term Customer-2-Aggregate from protocol aggregate user@ISP-2# set term Customer-2-Aggregate from route-filter 172.16.44.0/23 exact user@ISP-2# set term Customer-2-Aggregate then accept user@ISP-2# set term reject-all-other-routes then reject
Configurez les stratégies de routage pour les homologues internes.
[edit policy-options policy-statement internal-peers] user@ISP-2# set term statics from protocol static user@ISP-2# set term statics then accept user@ISP-2# set term next-hop-self then next-hop self
Configurez les stratégies de routage pour l’homologue privé.
[edit policy-options policy-statement private-peer] user@ISP-2# set term statics from protocol static user@ISP-2# set term statics then accept user@ISP-2# set term isp-and-customer-routes from protocol bgp user@ISP-2# set term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger user@ISP-2# set term isp-and-customer-routes then accept user@ISP-2# set term reject-all then reject
Configurez les connexions internes BGP (IBGP) aux autres périphériques du FAI.
[edit protocols bgp group int] user@ISP-2# set type internal user@ISP-2# set local-address 192.168.0.2 user@ISP-2# set export internal-peers user@ISP-2# set neighbor 192.168.0.1 user@ISP-2# set neighbor 192.168.0.3
Configurez les connexions EBGP à l’homologue d’échange et à l’homologue privé.
[edit protocols bgp group AS-64516] user@ISP-2# set type external user@ISP-2# set export private-peer user@ISP-2# set peer-as 64516 user@ISP-2# set neighbor 10.3.0.5 [edit protocols bgp group AS-64515] user@ISP-2# set type external user@ISP-2# set export exchange-peer user@ISP-2# set peer-as 64515 user@ISP-2# set neighbor 10.3.0.1
Configurez le numéro du système autonome (AS) et l’ID du routeur.
[edit routing-options] user@ISP-2# set router-id 192.168.0.2 user@ISP-2# set autonomous-system 64510
Résultats
À partir du mode de configuration, confirmez votre configuration en saisissant les commandes show interfaces
, show protocols
, show policy-options
et show routing-options
. Si la sortie n’affiche pas la configuration prévue, répétez les instructions de cet exemple pour corriger la configuration.
user@ISP-2# show interfaces fe-1/2/0 { unit 0{ description to_Exchange-2; family inet { address 10.3.0.2/30; } } } fe-1/2/1 { unit 0{ description to_ISP-1; family inet { address 10.1.0.1/30; } } } fe-1/2/2 { unit 0 { description to_ISP-3; family inet { address 10.0.0.6/30; } } } fe-1/2/3 { unit 0 { description to_Private-Peer-2; family inet { address 10.3.0.6/30; } } } lo0 { unit 0 { family inet { address 192.168.0.2/32; } } }
user@ISP-2# show protocols bgp { group int { type internal; local-address 192.168.0.2; export internal-peers; neighbor 192.168.0.1; neighbor 192.168.0.3; } group AS-64516 { type external; export private-peer; peer-as 64516; neighbor 10.3.0.5; } group AS-64515 { type external; export exchange-peer; peer-as 64515; neighbor 10.3.0.1; } } ospf { area 0.0.0.0 { interface fe-1/2/2.0; interface fe-1/2/1.0; interface lo0.0 { passive; } } }
user@ISP-2# show policy-options policy-statement exchange-peer { term AS64510-Aggregate { from { protocol aggregate; route-filter 172.16.32.0/21 exact; } then accept; } term Customer-2-Aggregate { from { protocol aggregate; route-filter 172.16.44.0/23 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement internal-peers { term statics { from protocol static; then accept; } term next-hop-self { then { next-hop self; } } } policy-statement private-peer { term statics { from protocol static; then accept; } term isp-and-customer-routes { from { protocol bgp; route-filter 172.16.32.0/21 orlonger; } then accept; } term reject-all { then reject; } }
user@ISP-2# show routing-options static { route 172.16.34.0/24 reject; route 172.16.35.0/24 reject; } aggregate { route 172.16.44.0/23; route 172.16.32.0/21; } router-id 192.168.0.2; autonomous-system 64510;
Si vous avez terminé de configurer l’appareil, passez commit
en mode de configuration.
Configuration de l’appareil ISP-3
Procédure
Procédure étape par étape
L’exemple suivant nécessite que vous naviguiez à différents niveaux dans la hiérarchie de configuration. Pour plus d’informations sur la navigation dans la CLI, reportez-vous Utiliser l’éditeur CLI en mode configuration au Guide de l’utilisateur de l’interface de ligne de commande Junos OS.
Sur l’appareil ISP-3, une politique distincte est en place pour chaque client. L’itinéraire par défaut pour Customer-1 est envoyé par la customer-1-peer
stratégie. Cette stratégie trouve la route 0.0.0.0/0 par défaut dans inet.0 et l’accepte. La stratégie rejette également toutes les autres routes, ce qui empêche toutes les routes BGP d’être envoyées sur le routeur du FAI. La customer-2-peer
stratégie concerne Customer-2 et contient les mêmes conditions de stratégie, qui envoient également l’itinéraire par défaut et aucune autre route BGP de transit. Les conditions supplémentaires de la customer-2-peer
politique envoient les itinéraires client du FAI au client Client-2. Étant donné qu’il existe des routes statiques locales sur l’appareil ISP-3 qui représentent les clients locaux, ces routes sont envoyées ainsi que toutes les autres routes internes annoncées au routeur local par les autres routeurs du FAI.
Si la route en amont de Device Exchange-1 (172.16.8.0/21) est présente, Device ISP-3 génère une route par défaut.
Pour configurer l’appareil ISP-3 :
Configurez les interfaces de l’appareil.
[edit interfaces] user@ISP-3# set fe-1/2/0 unit 0 description to_ISP-1 user@ISP-3# set fe-1/2/0 unit 0 family inet address 10.0.0.1/30 user@ISP-3# set fe-1/2/2 unit 0 description to_ISP-2 user@ISP-3# set fe-1/2/2 unit 0 family inet address 10.0.0.5/30 user@ISP-3# set fe-1/2/3 unit 0 description to_Customer-1 user@ISP-3# set fe-1/2/3 unit 0 family inet address 10.1.0.5/30 user@ISP-3# set fe-1/2/1 unit 0 description to_Customer-2 user@ISP-3# set fe-1/2/1 unit 0 family inet address 10.0.0.9/30 user@ISP-3# set lo0 unit 0 family inet address 192.168.0.3/32
Configurez le protocole IGP (Interior Gateway Protocol).
[edit protocols ospf area 0.0.0.0] user@ISP-3# set interface fe-1/2/0.0 user@ISP-3# set interface fe-1/2/2.0 user@ISP-3# set interface lo0.0 passive
Configurez les routes statiques.
[edit routing-options static] user@ISP-3# set route 172.16.36.0/24 reject user@ISP-3# set route 172.16.37.0/24 reject user@ISP-3# set route 172.16.38.0/24 reject user@ISP-3# set route 172.16.39.0/24 reject
Configurez une stratégie de routage qui génère une route statique par défaut uniquement si une certaine route en amont existe.
[edit policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes] user@ISP-3# set from route-filter 172.16.8.0/21 exact user@ISP-3# set then accept [edit policy-options policy-statement if-upstream-routes-exist] user@ISP-3# set term reject-all-other-routes then reject [edit routing-options generate route 0.0.0.0/0] user@ISP-3# set policy if-upstream-routes-exist
Configurez la stratégie de routage pour Customer-1.
[edit policy-options policy-statement customer-1-peer] user@ISP-3# set term defaut-route from route-filter 0.0.0.0/0 exact user@ISP-3# set term defaut-route then accept user@ISP-3# set term reject-all-other-routes then reject
Configurez la stratégie de routage pour Customer-2.
[edit policy-options policy-statement customer-2-peer] user@ISP-3# set term statics from protocol static user@ISP-3# set term statics then accept user@ISP-3# set term isp-and-customer-routes from protocol bgp user@ISP-3# set term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger user@ISP-3# set term isp-and-customer-routes then accept user@ISP-3# set term default-route from route-filter 0.0.0.0/0 exact user@ISP-3# set term default-route then accept user@ISP-3# set term reject-all-other-routes then reject
Configurez les stratégies de routage pour les homologues internes.
[edit policy-options policy-statement internal-peers] user@ISP-3# set term statics from protocol static user@ISP-3# set term statics then accept user@ISP-3# set term next then next-hop self
Configurez les connexions internes BGP (IBGP) aux autres périphériques du FAI.
[edit protocols bgp group int] user@ISP-3# set type internal user@ISP-3# set local-address 192.168.0.3 user@ISP-3# set export internal-peers user@ISP-3# set neighbor 192.168.0.1 user@ISP-3# set neighbor 192.168.0.2
Configurez les connexions EBGP avec les homologues clients.
[edit protocols bgp group to_64511] user@ISP-3# set type external user@ISP-3# set export customer-1-peer user@ISP-3# set neighbor 10.1.0.6 peer-as 64511 [edit protocols bgp group to_64512] user@ISP-3# set type external user@ISP-3# set export customer-2-peer user@ISP-3# set neighbor 10.0.0.10 peer-as 64512
Configurez le numéro du système autonome (AS) et l’ID du routeur.
[edit routing-options] user@ISP-3# set router-id 192.168.0.3 user@ISP-3# set autonomous-system 64510
Résultats
À partir du mode de configuration, confirmez votre configuration en saisissant les commandes show interfaces
, show protocols
, show policy-options
et show routing-options
. Si la sortie n’affiche pas la configuration prévue, répétez les instructions de cet exemple pour corriger la configuration.
user@ISP-3# show interfaces fe-1/2/0 { unit 0 { description to_ISP-1; family inet { address 10.0.0.1/30; } } } fe-1/2/1 { unit 0 { description to_Customer-2; family inet { address 10.0.0.9/30; } } } fe-1/2/2 { unit 0 { description to_ISP-2; family inet { address 10.0.0.5/30; } } } fe-1/2/3 { unit 0 { description to_Customer-1; family inet { address 10.1.0.5/30; } } } lo0 { unit 0 { family inet { address 192.168.0.3/32; } } }
user@ISP-3# show protocols bgp { group int { type internal; local-address 192.168.0.3; export internal-peers; neighbor 192.168.0.1; neighbor 192.168.0.2; } group to_64511 { type external; export customer-1-peer; neighbor 10.1.0.6 { peer-as 64511; } } group to_64512 { type external; export customer-2-peer; neighbor 10.0.0.10 { peer-as 64512; } } } ospf { area 0.0.0.0 { interface fe-1/2/0.0; interface fe-1/2/2.0; interface lo0.0 { passive; } } }
user@ISP-3# show policy-options policy-statement customer-1-peer { term defaut-route { from { route-filter 0.0.0.0/0 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement customer-2-peer { term statics { from protocol static; then accept; } term isp-and-customer-routes { from { protocol bgp; route-filter 172.16.32.0/21 orlonger; } then accept; } term default-route { from { route-filter 0.0.0.0/0 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement if-upstream-routes-exist { term only-certain-contributing-routes { from { route-filter 172.16.8.0/21 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement internal-peers { term statics { from protocol static; then accept; } term next { then { next-hop self; } } }
user@ISP-3# show routing-options static { route 172.16.36.0/24 reject; route 172.16.37.0/24 reject; route 172.16.38.0/24 reject; route 172.16.39.0/24 reject; } generate { route 0.0.0.0/0 policy if-upstream-routes-exist; } router-id 192.168.0.3; autonomous-system 64510;
Si vous avez terminé de configurer l’appareil, passez commit
en mode de configuration.
Configuration de Device Exchange-2
Procédure
Procédure étape par étape
L’exemple suivant nécessite que vous naviguiez à différents niveaux dans la hiérarchie de configuration. Pour plus d’informations sur la navigation dans la CLI, reportez-vous Utiliser l’éditeur CLI en mode configuration au Guide de l’utilisateur de l’interface de ligne de commande Junos OS.
Device Exchange-2 échange toutes les routes BGP avec tous les homologues BGP. La stratégie outbound-routes pour Device Exchange-2 annonce les routes statiques définies localement à l’aide de BGP. L’exclusion d’un dernier then reject
terme entraîne l’effet de la stratégie d’exportation BGP par défaut, qui consiste à envoyer toutes les routes BGP à tous les homologues BGP externes.
Pour configurer Device Exchange-2 :
Configurez les interfaces de l’appareil.
[edit interfaces] user@Exchange-2# set fe-1/2/0 unit 0 description to_ISP-2 user@Exchange-2# set fe-1/2/0 unit 0 family inet address 10.3.0.1/30 user@Exchange-2# set fe-1/2/2 unit 0 description to_Exchange-1 user@Exchange-2# set fe-1/2/2 unit 0 family inet address 10.3.0.41/30 user@Exchange-2# set fe-1/2/1 unit 0 description to_Private-Peer-2 user@Exchange-2# set fe-1/2/1 unit 0 family inet address 10.3.0.49/30 user@Exchange-2# set lo0 unit 0 family inet address 192.168.0.7/32
Configurez les routes statiques.
[edit routing-options static] set route 172.16.16.0/21 reject
Configurez une stratégie de routage qui génère une route statique par défaut uniquement si certaines routes internes existent.
[edit policy-options policy-statement outbound-routes term statics] user@Exchange-2# set from protocol static user@Exchange-2# set then accept
Configurez les connexions EBGP avec les homologues clients.
[edit protocols bgp group ext] user@Exchange-2# set type external user@Exchange-2# set export outbound-routes user@Exchange-2# set neighbor 10.3.0.2 peer-as 64510 user@Exchange-2# set neighbor 10.3.0.50 peer-as 64516 user@Exchange-2# set neighbor 10.3.0.42 peer-as 64514
Configurez le numéro du système autonome (AS).
[edit routing-options] user@Exchange-2# set autonomous-system 64515
Résultats
À partir du mode de configuration, confirmez votre configuration en saisissant les commandes show interfaces
, show protocols
, show policy-options
et show routing-options
. Si la sortie n’affiche pas la configuration prévue, répétez les instructions de cet exemple pour corriger la configuration.
user@Exchange-2 show interfaces fe-1/2/0 { unit 0 { description to_ISP-2; family inet { address 10.3.0.1/30; } } } fe-1/2/1 { unit 0 { description to_Private-Peer-2; family inet { address 10.3.0.49/30; } } } fe-1/2/2 { unit 0 { description to_Exchange-1; family inet { address 10.3.0.41/30; } } } lo0 { unit 0 { family inet { address 192.168.0.7/32; } } }
user@Exchange-2# show protocols bgp { group ext { type external; export outbound-routes; neighbor 10.3.0.2 { peer-as 64510; } neighbor 10.3.0.50 { peer-as 64516; } neighbor 10.3.0.42 { peer-as 64514; } } }
user@Exchange-2# show policy-options policy-statement outbound-routes { term statics { from protocol static; then accept; } }
user@Exchange-2# show routing-options static { route 172.16.16.0/21 reject; } autonomous-system 64515;
Si vous avez terminé de configurer l’appareil, passez commit
en mode de configuration.
Configuration de Device Private-Peer-2
Procédure
Procédure étape par étape
L’exemple suivant nécessite que vous naviguiez à différents niveaux dans la hiérarchie de configuration. Pour plus d’informations sur la navigation dans la CLI, reportez-vous Utiliser l’éditeur CLI en mode configuration au Guide de l’utilisateur de l’interface de ligne de commande Junos OS.
Device Private-Peer-2 remplit deux fonctions principales :
Annonce les routes locales vers l’AS 64516 à la fois aux homologues Exchange et aux routeurs du FAI. La
outbound-routes
stratégie annonce les routes statiques locales (c’est-à-dire les clients) sur le routeur, ainsi que toutes les routes apprises par BGP et provenant de l’AS 64516 ou de l’AS 64512. Ces itinéraires comprennent d’autres itinéraires clients AS 64516 en plus du client AS 64512. Les routes AS sont identifiées par un critère de correspondance d’expression régulière de chemin AS dans la stratégie.Annonce la route par défaut 0.0.0.0/0 vers le routeur client AS 64512. Pour ce faire, l’homologue privé crée une route générée pour 0.0.0.0/0 localement sur le routeur. Cette route générée se voit ensuite attribuer une stratégie appelée
if-upstream-routes-exist
, qui autorise uniquement certaines routes à contribuer à la route générée, ce qui en fait une route active dans la table de routage. Une fois la route active, elle peut être envoyée au routeur AS 64512 à l’aide du protocole BGP et des stratégies configurées. Laif-upstream-routes-exist
stratégie accepte uniquement la route 172.16.32.0/21 de Device Exchange-2 et rejette toutes les autres routes. Si la route 172.16.32.0/21 est retirée par l’homologue d’échange, l’homologue privé perd la route par défaut 0.0.0.0/0 et retire la route par défaut du routeur client AS 64512.
Pour configurer l’appareil Private-Peer-2 :
Configurez les interfaces de l’appareil.
[edit interfaces] user@Private-Peer-2# set fe-1/2/3 unit 0 description to_ISP-2 user@Private-Peer-2# set fe-1/2/3 unit 0 family inet address 10.3.0.5/30 user@Private-Peer-2# set fe-1/2/0 unit 0 description to_Customer-1 user@Private-Peer-2# set fe-1/2/0 unit 0 family inet address 10.0.0.22/30 user@Private-Peer-2# set fe-1/2/1 unit 0 description to_Exchange-2 user@Private-Peer-2# set fe-1/2/1 unit 0 family inet address 10.3.0.50/30 user@Private-Peer-2# set lo0 unit 0 family inet address 192.168.0.5/32
Configurez les routes statiques.
[edit routing-options static] user@Private-Peer-2# set route 172.16.24.0/25 reject user@Private-Peer-2# set route 172.16.24.128/25 reject user@Private-Peer-2# set route 172.16.25.0/26 reject user@Private-Peer-2# set route 172.16.25.64/26 reject
Configurez une stratégie de routage qui génère une route statique par défaut uniquement si certaines routes internes existent.
[edit policy-options policy-statement if-upstream-routes-exist] user@Private-Peer-2# set term as-64515-routes from route-filter 172.16.16.0/21 exact user@Private-Peer-2# set term as-64515-routes then accept user@Private-Peer-2# set term reject-all-other-routes then reject [edit routing-options generate route 0.0.0.0/0] user@Private-Peer-2# set policy if-upstream-routes-exist
Configurez la stratégie de routage qui annonce les routes statiques locales et l’itinéraire par défaut.
[edit policy-options policy-statement internal-routes] user@Private-Peer-2# set term statics from protocol static user@Private-Peer-2# set term statics then accept user@Private-Peer-2# set term default-route from route-filter 0.0.0.0/0 exact user@Private-Peer-2# set term default-route then accept user@Private-Peer-2# set term reject-all-other-routes then reject
Configurez la stratégie de routage qui annonce les itinéraires des clients locaux.
[edit policy-options policy-statement outbound-routes] user@Private-Peer-2# set term statics from protocol static user@Private-Peer-2# set term statics then accept user@Private-Peer-2# set term allowed-bgp-routes from as-path my-own-routes user@Private-Peer-2# set term allowed-bgp-routes from as-path AS64512-routes user@Private-Peer-2# set term allowed-bgp-routes then accept user@Private-Peer-2# set term no-transit then reject [edit policy-options] user@Private-Peer-2# set as-path my-own-routes "()" user@Private-Peer-2# set as-path AS64512-routes 64512
Configurez la connexion EBGP à Customer-2.
[edit protocols bgp group to-64512] user@Private-Peer-2# set type external user@Private-Peer-2# set export internal-routes user@Private-Peer-2# set peer-as 64512 user@Private-Peer-2# set neighbor 10.0.0.21
Configurez la connexion EBGP à Device Exchange-2.
[edit protocols bgp group to-64515] user@Private-Peer-2# set type external user@Private-Peer-2# set export outbound-routes user@Private-Peer-2# set peer-as 64515 user@Private-Peer-2# set neighbor 10.3.0.49
Configurez les connexions EBGP au FAI.
[edit protocols bgp group ext] user@Private-Peer-2# set type external user@Private-Peer-2# set export outbound-routes user@Private-Peer-2# set peer-as 64510 user@Private-Peer-2# set neighbor 10.3.0.6
Configurez le numéro du système autonome (AS).
[edit routing-options] user@Private-Peer-2# set autonomous-system 64516
Résultats
À partir du mode de configuration, confirmez votre configuration en saisissant les commandes show interfaces
, show protocols
, show policy-options
et show routing-options
. Si la sortie n’affiche pas la configuration prévue, répétez les instructions de cet exemple pour corriger la configuration.
user@Private-Peer-2# show interfaces fe-1/2/0 { unit 0 { description to_Customer-1; family inet { address 10.0.0.22/30; } } } fe-1/2/1 { unit 0 { description to_Exchange-2; family inet { address 10.3.0.50/30; } } } fe-1/2/3 { unit 0 { description to_ISP-2; family inet { address 10.3.0.5/30; } } } lo0 { unit 0 { family inet { address 192.168.0.5/32; } } }
user@Private-Peer-2# show protocols bgp { group ext { type external; export outbound-routes; peer-as 64510; neighbor 10.3.0.6; } group to-64512 { type external; export internal-routes; peer-as 64512; neighbor 10.0.0.21; } group to-64515 { type external; export outbound-routes; peer-as 64515; neighbor 10.3.0.49; } }
user@Private-Peer-2# show policy-options policy-statement if-upstream-routes-exist { term as-64515-routes { from { route-filter 172.16.16.0/21 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement internal-routes { term statics { from protocol static; then accept; } term default-route { from { route-filter 0.0.0.0/0 exact; } then accept; } term reject-all-other-routes { then reject; } } policy-statement outbound-routes { term statics { from protocol static; then accept; } term allowed-bgp-routes { from as-path [ my-own-routes AS64512-routes ]; then accept; } term no-transit { then reject; } } as-path my-own-routes "()"; as-path AS64512-routes 64512;
user@Private-Peer-2# show routing-options static { route 172.16.24.0/25 reject; route 172.16.24.128/25 reject; route 172.16.25.0/26 reject; route 172.16.25.64/26 reject; } generate { route 0.0.0.0/0 policy if-upstream-routes-exist; } autonomous-system 64516;
Si vous avez terminé de configurer l’appareil, passez commit
en mode de configuration.
Vérification
Vérifiez que la configuration fonctionne correctement.
- Vérification des itinéraires sur l’appareil Customer-1
- Vérification des itinéraires sur l’appareil Customer-2
- Vérification des routes sur l’appareil ISP-1
- Vérification des routes sur l’appareil ISP-2
- Vérification des routes sur l’appareil ISP-3
- Vérification des routes sur Device Exchange-1
- Vérification des routes sur Device Exchange-2
- Vérification des routes sur l’appareil private-peer-1
- Vérification des routes sur l’appareil private-peer-2
Vérification des itinéraires sur l’appareil Customer-1
But
Sur Device Customer-1, vérifiez les routes dans la table de routage.
Action
user@Customer-1> show route inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[BGP/170] 00:09:25, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.1.0.5 via fe-1/2/3.0 10.1.0.4/30 *[Direct/0] 23:50:20 > via fe-1/2/3.0 10.1.0.6/32 *[Local/0] 5d 21:56:47 Local via fe-1/2/3.0 172.16.40.0/25 *[Static/5] 22:59:04 Reject 172.16.40.128/25 *[Static/5] 22:59:04 Reject 172.16.41.0/25 *[Static/5] 22:59:04 Reject 172.16.41.128/25 *[Static/5] 22:59:04 Reject 192.168.0.8/32 *[Direct/0] 5d 21:25:45 > via lo0.0
Sens
L’appareil Client-1 possède ses quatre routes statiques, et il a appris l’itinéraire par défaut via BGP.
Vérification des itinéraires sur l’appareil Customer-2
But
Sur Device Customer-2, vérifiez les routes dans la table de routage.
Action
user@Customer-2> show route inet.0: 22 destinations, 23 routes (22 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[BGP/170] 00:10:35, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 [BGP/170] 04:58:09, localpref 50 AS path: 64516 I, validation-state: unverified > to 10.0.0.22 via fe-1/2/0.0 10.0.0.8/30 *[Direct/0] 23:51:29 > via fe-1/2/0.10 10.0.0.10/32 *[Local/0] 23:52:49 Local via fe-1/2/0.10 10.0.0.20/30 *[Direct/0] 23:52:49 > via fe-1/2/0.0 10.0.0.21/32 *[Local/0] 23:52:49 Local via fe-1/2/0.0 172.16.24.0/25 *[BGP/170] 04:58:09, localpref 50 AS path: 64516 I, validation-state: unverified > to 10.0.0.22 via fe-1/2/0.0 172.16.24.128/25 *[BGP/170] 04:58:09, localpref 50 AS path: 64516 I, validation-state: unverified > to 10.0.0.22 via fe-1/2/0.0 172.16.25.0/26 *[BGP/170] 04:58:09, localpref 50 AS path: 64516 I, validation-state: unverified > to 10.0.0.22 via fe-1/2/0.0 172.16.25.64/26 *[BGP/170] 04:58:09, localpref 50 AS path: 64516 I, validation-state: unverified > to 10.0.0.22 via fe-1/2/0.0 172.16.32.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.33.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.34.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.35.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.36.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.37.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.38.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.39.0/24 *[BGP/170] 22:38:47, localpref 200 AS path: 64510 I, validation-state: unverified > to 10.0.0.9 via fe-1/2/0.10 172.16.44.0/26 *[Static/5] 22:57:28 Reject 172.16.44.64/26 *[Static/5] 22:57:28 Reject 172.16.44.128/26 *[Static/5] 22:57:28 Reject 172.16.44.192/26 *[Static/5] 22:57:28 Reject 192.168.0.9/32 *[Direct/0] 23:52:49 > via lo0.0
Sens
L’appareil client-2 a appris l’itinéraire par défaut via sa session avec le FAI et également via sa session avec l’homologue privé. L’itinéraire appris du FAI est préféré car il a une préférence locale plus élevée.
Vérification des routes sur l’appareil ISP-1
But
Sur Device ISP-1, vérifiez les routes dans la table de routage.
Action
user@ISP-1> show route inet.0: 42 destinations, 53 routes (42 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[BGP/170] 22:44:26, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 10.0.0.0/30 *[Direct/0] 23:52:01 > via fe-1/2/0.0 10.0.0.2/32 *[Local/0] 23:52:01 Local via fe-1/2/0.0 10.0.0.4/30 *[OSPF/10] 23:51:06, metric 2 to 10.1.0.1 via fe-1/2/1.0 > to 10.0.0.1 via fe-1/2/0.0 10.0.0.20/30 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:51:28, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 10.1.0.0/30 *[Direct/0] 23:52:01 > via fe-1/2/1.0 10.1.0.2/32 *[Local/0] 23:52:01 Local via fe-1/2/1.0 10.2.0.0/30 *[Direct/0] 23:52:01 > via fe-1/2/2.0 10.2.0.2/32 *[Local/0] 23:52:01 Local via fe-1/2/2.0 10.2.0.4/30 *[Direct/0] 23:52:00 > via fe-1/2/3.0 10.2.0.6/32 *[Local/0] 23:52:00 Local via fe-1/2/3.0 10.3.0.4/30 *[BGP/170] 23:51:28, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 10.3.0.48/30 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 172.16.8.0/21 *[BGP/170] 00:11:08, localpref 100 AS path: 64514 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.16.0/21 *[BGP/170] 02:02:10, localpref 100, from 192.168.0.2 AS path: 64515 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 02:02:10, localpref 100 AS path: 64514 64515 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.24.0/25 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:06:33, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.24.128/25 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:06:33, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.25.0/26 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:06:33, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.25.64/26 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:06:33, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.32.0/21 *[Aggregate/130] 22:44:27 Reject 172.16.32.0/24 *[Static/5] 22:44:27 Reject 172.16.33.0/24 *[Static/5] 22:44:27 Reject 172.16.34.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.2 AS path: I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 172.16.35.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.2 AS path: I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 172.16.36.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.37.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.38.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.39.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.40.0/22 *[Aggregate/130] 22:44:27 Reject 172.16.40.0/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.40.128/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.41.0/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.41.128/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 172.16.44.0/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 [BGP/170] 22:58:01, localpref 100 AS path: 64514 64515 64516 64512 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.44.64/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 [BGP/170] 22:58:01, localpref 100 AS path: 64514 64515 64516 64512 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.44.128/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 [BGP/170] 22:58:01, localpref 100 AS path: 64514 64515 64516 64512 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.44.192/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.1 via fe-1/2/0.0 [BGP/170] 22:58:01, localpref 100 AS path: 64514 64515 64516 64512 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 192.168.0.1/32 *[Direct/0] 23:52:01 > via lo0.0 192.168.0.2/32 *[OSPF/10] 23:51:06, metric 1 > to 10.1.0.1 via fe-1/2/1.0 192.168.0.3/32 *[OSPF/10] 23:51:06, metric 1 > to 10.0.0.1 via fe-1/2/0.0 192.168.0.5/32 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.1.0.1 via fe-1/2/1.0 [BGP/170] 23:51:28, localpref 100 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.2.0.5 via fe-1/2/3.0 172.16.233.5/32 *[OSPF/10] 23:52:07, metric 1 MultiRecv
Vérification des routes sur l’appareil ISP-2
But
Sur Device ISP-2, vérifiez les routes dans la table de routage.
Action
user@ISP-2> show route inet.0: 41 destinations, 59 routes (41 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[BGP/170] 22:45:44, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 10.0.0.0/30 *[OSPF/10] 23:52:25, metric 2 to 10.0.0.5 via fe-1/2/2.0 > to 10.1.0.2 via fe-1/2/1.0 10.0.0.4/30 *[Direct/0] 23:53:21 > via fe-1/2/2.0 10.0.0.6/32 *[Local/0] 23:53:23 Local via fe-1/2/2.0 10.0.0.20/30 *[BGP/170] 23:53:11, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:53:09, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 10.1.0.0/30 *[Direct/0] 23:53:19 > via fe-1/2/1.0 10.1.0.1/32 *[Local/0] 23:53:23 Local via fe-1/2/1.0 10.3.0.0/30 *[Direct/0] 23:53:22 > via fe-1/2/0.0 10.3.0.2/32 *[Local/0] 23:53:23 Local via fe-1/2/0.0 10.3.0.4/30 *[Direct/0] 23:53:23 > via fe-1/2/3.0 [BGP/170] 23:53:11, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:53:09, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 [BGP/170] 23:52:13, localpref 100, from 192.168.0.1 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.1.0.2 via fe-1/2/1.0 10.3.0.6/32 *[Local/0] 23:53:23 Local via fe-1/2/3.0 10.3.0.48/30 *[BGP/170] 23:53:11, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 172.16.8.0/21 *[BGP/170] 00:12:26, localpref 100, from 192.168.0.1 AS path: 64514 I, validation-state: unverified > to 10.1.0.2 via fe-1/2/1.0 [BGP/170] 00:12:26, localpref 100 AS path: 64515 64514 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.16.0/21 *[BGP/170] 02:03:28, localpref 100 AS path: 64515 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.24.0/25 *[BGP/170] 23:07:51, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:07:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.24.128/25 *[BGP/170] 23:07:51, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:07:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.25.0/26 *[BGP/170] 23:07:51, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:07:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.25.64/26 *[BGP/170] 23:07:51, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:07:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.32.0/21 *[Aggregate/130] 22:40:38 Reject 172.16.32.0/24 *[BGP/170] 22:45:44, localpref 100, from 192.168.0.1 AS path: I, validation-state: unverified > to 10.1.0.2 via fe-1/2/1.0 172.16.33.0/24 *[BGP/170] 22:45:44, localpref 100, from 192.168.0.1 AS path: I, validation-state: unverified > to 10.1.0.2 via fe-1/2/1.0 172.16.34.0/24 *[Static/5] 22:40:38 Reject 172.16.35.0/24 *[Static/5] 22:40:38 Reject 172.16.36.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.37.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.38.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.39.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3 AS path: I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.40.0/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.40.128/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.41.0/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.41.128/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3 AS path: 64511 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 172.16.44.0/23 *[Aggregate/130] 22:40:38 Reject 172.16.44.0/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 [BGP/170] 22:59:19, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 22:59:19, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.44.64/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 [BGP/170] 22:59:19, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 22:59:19, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.44.128/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 [BGP/170] 22:59:19, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 22:59:19, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.44.192/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3 AS path: 64512 I, validation-state: unverified > to 10.0.0.5 via fe-1/2/2.0 [BGP/170] 22:59:19, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 22:59:19, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 192.168.0.1/32 *[OSPF/10] 23:52:25, metric 1 > to 10.1.0.2 via fe-1/2/1.0 192.168.0.2/32 *[Direct/0] 23:53:23 > via lo0.0 192.168.0.3/32 *[OSPF/10] 23:52:30, metric 1 > to 10.0.0.5 via fe-1/2/2.0 192.168.0.5/32 *[BGP/170] 23:53:11, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.5 via fe-1/2/3.0 [BGP/170] 23:53:09, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.1 via fe-1/2/0.0 172.16.233.5/32 *[OSPF/10] 23:53:25, metric 1 MultiRecv
Vérification des routes sur l’appareil ISP-3
But
Sur l’appareil ISP-3, vérifiez les routes dans la table de routage.
Action
user@ISP-3> show route inet.0: 40 destinations, 41 routes (40 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Aggregate/130] 23:53:57, metric2 1 > to 10.0.0.2 via fe-1/2/0.0 [BGP/170] 22:46:17, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 10.0.0.0/30 *[Direct/0] 23:53:52 > via fe-1/2/0.0 10.0.0.1/32 *[Local/0] 23:53:53 Local via fe-1/2/0.0 10.0.0.4/30 *[Direct/0] 23:53:54 > via fe-1/2/2.0 10.0.0.5/32 *[Local/0] 23:53:54 Local via fe-1/2/2.0 10.0.0.8/30 *[Direct/0] 23:53:53 > via fe-1/2/1.0 10.0.0.9/32 *[Local/0] 23:53:53 Local via fe-1/2/1.0 10.0.0.20/30 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 10.1.0.0/30 *[OSPF/10] 23:53:03, metric 2 > to 10.0.0.6 via fe-1/2/2.0 to 10.0.0.2 via fe-1/2/0.0 10.1.0.4/30 *[Direct/0] 23:53:54 > via fe-1/2/3.0 10.1.0.5/32 *[Local/0] 23:53:54 Local via fe-1/2/3.0 10.3.0.4/30 *[BGP/170] 23:52:46, localpref 100, from 192.168.0.1 AS path: 64514 64515 64516 I, validation-state: unverified > to 10.0.0.2 via fe-1/2/0.0 10.3.0.48/30 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.8.0/21 *[BGP/170] 00:12:59, localpref 100, from 192.168.0.1 AS path: 64514 I, validation-state: unverified > to 10.0.0.2 via fe-1/2/0.0 172.16.16.0/21 *[BGP/170] 02:04:01, localpref 100, from 192.168.0.2 AS path: 64515 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.24.0/25 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.24.128/25 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.25.0/26 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.25.64/26 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.32.0/24 *[BGP/170] 22:46:17, localpref 100, from 192.168.0.1 AS path: I, validation-state: unverified > to 10.0.0.2 via fe-1/2/0.0 172.16.33.0/24 *[BGP/170] 22:46:17, localpref 100, from 192.168.0.1 AS path: I, validation-state: unverified > to 10.0.0.2 via fe-1/2/0.0 172.16.34.0/24 *[BGP/170] 22:41:11, localpref 100, from 192.168.0.2 AS path: I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.35.0/24 *[BGP/170] 22:41:11, localpref 100, from 192.168.0.2 AS path: I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.36.0/24 *[Static/5] 22:41:11 Reject 172.16.37.0/24 *[Static/5] 22:41:11 Reject 172.16.38.0/24 *[Static/5] 22:41:11 Reject 172.16.39.0/24 *[Static/5] 22:41:11 Reject 172.16.40.0/25 *[BGP/170] 23:02:38, localpref 100 AS path: 64511 I, validation-state: unverified > to 10.1.0.6 via fe-1/2/3.0 172.16.40.128/25 *[BGP/170] 23:02:38, localpref 100 AS path: 64511 I, validation-state: unverified > to 10.1.0.6 via fe-1/2/3.0 172.16.41.0/25 *[BGP/170] 23:02:38, localpref 100 AS path: 64511 I, validation-state: unverified > to 10.1.0.6 via fe-1/2/3.0 172.16.41.128/25 *[BGP/170] 23:02:38, localpref 100 AS path: 64511 I, validation-state: unverified > to 10.1.0.6 via fe-1/2/3.0 172.16.44.0/26 *[BGP/170] 22:59:52, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.10 via fe-1/2/1.0 172.16.44.64/26 *[BGP/170] 22:59:52, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.10 via fe-1/2/1.0 172.16.44.128/26 *[BGP/170] 22:59:52, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.10 via fe-1/2/1.0 172.16.44.192/26 *[BGP/170] 22:59:52, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.10 via fe-1/2/1.0 192.168.0.1/32 *[OSPF/10] 23:53:03, metric 1 > to 10.0.0.2 via fe-1/2/0.0 192.168.0.2/32 *[OSPF/10] 23:53:03, metric 1 > to 10.0.0.6 via fe-1/2/2.0 192.168.0.3/32 *[Direct/0] 23:53:54 > via lo0.0 192.168.0.5/32 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2 AS path: 64516 I, validation-state: unverified > to 10.0.0.6 via fe-1/2/2.0 172.16.233.5/32 *[OSPF/10] 23:53:58, metric 1 MultiRecv
Vérification des routes sur Device Exchange-1
But
Sur Device Exchange-1, vérifiez les routes dans la table de routage.
Action
user@Exchange-1> show route inet.0: 23 destinations, 24 routes (23 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.0.0.20/30 *[BGP/170] 23:53:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 10.2.0.4/30 *[Direct/0] 23:54:23 > via fe-1/2/3.0 10.2.0.5/32 *[Local/0] 23:54:29 Local via fe-1/2/3.0 10.3.0.4/30 *[BGP/170] 23:53:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 10.3.0.40/30 *[Direct/0] 23:54:27 > via fe-1/2/2.0 10.3.0.42/32 *[Local/0] 23:54:29 Local via fe-1/2/2.0 10.3.0.44/30 *[Direct/0] 23:54:29 > via fe-1/2/1.0 10.3.0.45/32 *[Local/0] 23:54:29 Local via fe-1/2/1.0 172.16.8.0/21 *[Static/5] 00:13:31 Reject 172.16.16.0/21 *[BGP/170] 02:04:33, localpref 100 AS path: 64515 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.24.0/25 *[BGP/170] 23:08:56, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.24.128/25 *[BGP/170] 23:08:56, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.25.0/26 *[BGP/170] 23:08:56, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.25.64/26 *[BGP/170] 23:08:56, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.32.0/21 *[BGP/170] 22:46:49, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.6 via fe-1/2/3.0 [BGP/170] 22:41:43, localpref 100 AS path: 64515 64510 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.40.0/22 *[BGP/170] 22:46:49, localpref 100 AS path: 64510 64511 I, validation-state: unverified > to 10.2.0.6 via fe-1/2/3.0 172.16.44.0/23 *[BGP/170] 22:41:43, localpref 100 AS path: 64515 64510 64512 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.44.0/26 *[BGP/170] 23:00:24, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.44.64/26 *[BGP/170] 23:00:24, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.44.128/26 *[BGP/170] 23:00:24, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 172.16.44.192/26 *[BGP/170] 23:00:24, localpref 100 AS path: 64515 64516 64512 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 192.168.0.5/32 *[BGP/170] 23:53:51, localpref 100 AS path: 64515 64516 I, validation-state: unverified > to 10.3.0.41 via fe-1/2/2.0 192.168.0.6/32 *[Direct/0] 23:54:29 > via lo0.0
Vérification des routes sur Device Exchange-2
But
Sur Device Exchange-2, vérifiez les routes dans la table de routage.
Action
user@Exchange-2> show route inet.0: 24 destinations, 26 routes (23 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 10.0.0.20/30 *[BGP/170] 23:54:44, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 10.3.0.0/30 *[Direct/0] 23:54:57 > via fe-1/2/0.0 10.3.0.1/32 *[Local/0] 23:54:57 Local via fe-1/2/0.0 10.3.0.4/30 *[BGP/170] 23:54:44, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 10.3.0.40/30 *[Direct/0] 23:54:57 > via fe-1/2/2.0 10.3.0.41/32 *[Local/0] 23:54:57 Local via fe-1/2/2.0 10.3.0.48/30 *[Direct/0] 23:54:57 > via fe-1/2/1.0 [BGP/170] 23:54:44, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 10.3.0.49/32 *[Local/0] 23:54:57 Local via fe-1/2/1.0 172.16.8.0/21 *[BGP/170] 00:14:01, localpref 100 AS path: 64514 I, validation-state: unverified > to 10.3.0.42 via fe-1/2/2.0 172.16.16.0/21 *[Static/5] 02:05:03 Reject 172.16.24.0/25 *[BGP/170] 23:09:26, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.24.128/25 *[BGP/170] 23:09:26, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.25.0/26 *[BGP/170] 23:09:26, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.25.64/26 *[BGP/170] 23:09:26, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.32.0/21 *[BGP/170] 22:42:13, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.2 via fe-1/2/0.0 [BGP/170] 22:47:19, localpref 100 AS path: 64514 64510 I, validation-state: unverified > to 10.3.0.42 via fe-1/2/2.0 172.16.40.0/22 *[BGP/170] 22:47:19, localpref 100 AS path: 64514 64510 64511 I, validation-state: unverified > to 10.3.0.42 via fe-1/2/2.0 172.16.44.0/23 *[BGP/170] 22:42:13, localpref 100 AS path: 64510 64512 I, validation-state: unverified > to 10.3.0.2 via fe-1/2/0.0 172.16.44.0/26 *[BGP/170] 23:00:54, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.44.64/26 *[BGP/170] 23:00:54, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.44.128/26 *[BGP/170] 23:00:54, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 172.16.44.192/26 *[BGP/170] 23:00:54, localpref 100 AS path: 64516 64512 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 192.168.0.5/32 *[BGP/170] 23:54:44, localpref 100 AS path: 64516 I, validation-state: unverified > to 10.3.0.50 via fe-1/2/1.0 192.168.0.7/32 *[Direct/0] 23:54:57 > via lo0.0
Sens
Sur Device Exchange-2, la route par défaut 0/0 est masquée, car le tronçon suivant de la route est sa propre interface vers Device Private-Peer-2, à partir duquel la route a été reçue. L’itinéraire est caché pour éviter une boucle.
Vérification des routes sur l’appareil private-peer-1
But
Sur Device Private-Peer-1, vérifiez les routes dans la table de routage.
Action
user@Private-Peer-1> show route inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.2.0.0/30 *[Direct/0] 23:58:57 > via fe-1/2/2.0 10.2.0.1/32 *[Local/0] 5d 21:34:22 Local via fe-1/2/2.0 10.3.0.44/30 *[Direct/0] 23:59:02 > via fe-1/2/1.0 10.3.0.46/32 *[Local/0] 1d 03:19:52 Local via fe-1/2/1.0 172.16.32.0/24 *[BGP/170] 22:51:22, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.33.0/24 *[BGP/170] 22:51:22, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.34.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.35.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.36.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.37.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.38.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 172.16.39.0/24 *[BGP/170] 22:46:16, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.2.0.2 via fe-1/2/2.0 192.168.0.4/32 *[Direct/0] 5d 21:34:22 > via lo0.0
Vérification des routes sur l’appareil private-peer-2
But
Sur Device Private-Peer-2, vérifiez les routes dans la table de routage.
Action
user@Private-Peer-2> show route inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Aggregate/130] 1d 02:13:28 > to 10.3.0.49 via fe-1/2/1.0 10.0.0.20/30 *[Direct/0] 1d 00:00:53 > via fe-1/2/0.0 10.0.0.22/32 *[Local/0] 4d 23:51:14 Local via fe-1/2/0.0 10.3.0.4/30 *[Direct/0] 23:59:36 > via fe-1/2/3.0 10.3.0.5/32 *[Local/0] 5d 21:34:57 Local via fe-1/2/3.0 10.3.0.48/30 *[Direct/0] 23:59:35 > via fe-1/2/1.0 10.3.0.50/32 *[Local/0] 1d 03:20:27 Local via fe-1/2/1.0 172.16.8.0/21 *[BGP/170] 00:18:39, localpref 100 AS path: 64515 64514 I, validation-state: unverified > to 10.3.0.49 via fe-1/2/1.0 172.16.16.0/21 *[BGP/170] 02:09:41, localpref 100 AS path: 64515 I, validation-state: unverified > to 10.3.0.49 via fe-1/2/1.0 172.16.24.0/25 *[Static/5] 23:14:04 Reject 172.16.24.128/25 *[Static/5] 23:14:04 Reject 172.16.25.0/26 *[Static/5] 23:14:04 Reject 172.16.25.64/26 *[Static/5] 23:14:04 Reject 172.16.32.0/21 *[BGP/170] 22:46:51, localpref 100 AS path: 64515 64510 I, validation-state: unverified > to 10.3.0.49 via fe-1/2/1.0 172.16.32.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.33.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.34.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.35.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.36.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.37.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.38.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.39.0/24 *[BGP/170] 22:46:51, localpref 100 AS path: 64510 I, validation-state: unverified > to 10.3.0.6 via fe-1/2/3.0 172.16.40.0/22 *[BGP/170] 22:51:57, localpref 100 AS path: 64515 64514 64510 64511 I, validation-state: unverified > to 10.3.0.49 via fe-1/2/1.0 172.16.44.0/23 *[BGP/170] 22:46:51, localpref 100 AS path: 64515 64510 64512 I, validation-state: unverified > to 10.3.0.49 via fe-1/2/1.0 172.16.44.0/26 *[BGP/170] 23:05:32, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.21 via fe-1/2/0.0 172.16.44.64/26 *[BGP/170] 23:05:32, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.21 via fe-1/2/0.0 172.16.44.128/26 *[BGP/170] 23:05:32, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.21 via fe-1/2/0.0 172.16.44.192/26 *[BGP/170] 23:05:32, localpref 100 AS path: 64512 I, validation-state: unverified > to 10.0.0.21 via fe-1/2/0.0 192.168.0.5/32 *[Direct/0] 5d 21:34:57 > via lo0.0