示例:配置虚拟通道
此示例演示如何在总部及其分支办事处之间创建虚拟通道。
要求
开始之前,请确保总部和分支办事处有一个网络连接,其中预计的聚合带宽比分支办事处高。随后,会设置总部的设备以限制发送到分支办事处的流量,以避免链路超额订阅。
概述
此示例将创建虚拟通道,作为 branch1 vc、branch2-vc、branch3-vc 和 default-vc。随后,可以将虚拟通道组定义为 wan-vc-group 以包含四个虚拟通道,并将调度器图分配为每个虚拟通道。三个虚拟通道整形为 1.5 Mbps。第四个虚拟通道为 default-vc,未整形,因此可使用完整接口带宽。
然后,作为选择 vc 在防火墙过滤器中将其应用于设备的接口 t3-1/0/0。接口上的输出过滤器将目标地址匹配 192.168.10.0/24 的所有流量发送到 branch1 vc,并且为 branch2 vc 和 Branch3 vc 设置类似配置。与任一地址不匹配的流量将进入默认、畸形虚拟通道。
配置
程序
CLI快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改详细信息,以匹配网络配置,将命令复制并粘贴到 层次结构级别的 CLI 中,然后从配置模式进入 。 [edit] commit
set class-of-service virtual-channels branch1-vc set class-of-service virtual-channels branch2-vc set class-of-service virtual-channels branch3-vc set class-of-service virtual-channels default-vc set class-of-service virtual-channel-groups wan-vc-group branch1-vc scheduler-map bestscheduler set class-of-service virtual-channel-groups wan-vc-group branch2-vc scheduler-map bestscheduler set class-of-service virtual-channel-groups wan-vc-group branch3-vc scheduler-map bestscheduler set class-of-service virtual-channel-groups wan-vc-group default-vc scheduler-map bestscheduler set class-of-service virtual-channel-groups wan-vc-group default-vc default set class-of-service virtual-channel-groups wan-vc-group branch1-vc shaping-rate 1500000 set class-of-service virtual-channel-groups wan-vc-group branch2-vc shaping-rate 1500000 set class-of-service virtual-channel-groups wan-vc-group branch3-vc shaping-rate 1500000 set class-of-service interfaces t3-1/0/0 unit 0 virtual-channel-group wan-vc-group set firewall family inet filter choose-vc term branch1 from destination-address 192.168.10.0/24 set firewall family inet filter choose-vc term branch1 then virtual-channel branch1-vc set firewall family inet filter choose-vc term branch1 then accept set firewall family inet filter choose-vc term branch2 from destination-address 192.168.20.0/24 set firewall family inet filter choose-vc term branch2 then virtual-channel branch2-vc set firewall family inet filter choose-vc term branch2 then accept set firewall family inet filter choose-vc term branch3 from destination-address 192.168.30.0/24 set firewall family inet filter choose-vc term branch3 then virtual-channel branch3-vc set firewall family inet filter choose-vc term branch3 then accept set firewall family inet filter choose-vc term default then virtual-channel default-vc set firewall family inet filter choose-vc term default then accept set interfaces t3-1/0/0 unit 0 family inet filter output choose-vc
逐步过程
以下示例要求您在配置层次结构中导航各个级别。有关如何操作的说明,请参阅 CLI 指南 中的 在配置模式下Junos OS CLI 编辑器。
要配置虚拟通道:
定义虚拟通道和默认虚拟通道。
[edit] user@host# edit class-of-service user@host# set virtual-channels branch1-vc user@host# set virtual-channels branch2-vc user@host# set virtual-channels branch3-vc user@host# set virtual-channels default-vc
定义虚拟通道组,并为每个虚拟通道分配一个时间表图。
[edit class-of-service] user@host# set virtual-channel-groups wan-vc-group branch1-vc scheduler-map bestscheduler user@host# set virtual-channel-groups wan-vc-group branch2-vc scheduler-map bestscheduler user@host# set virtual-channel-groups wan-vc-group branch3-vc scheduler-map bestscheduler user@host# set virtual-channel-groups wan-vc-group default-vc scheduler-map bestscheduler user@host# set virtual-channel-groups wan-vc-group default-vc default
指定整形速率。
[edit class-of-service] user@host# set virtual-channel-groups wan-vc-group branch1-vc shaping-rate 1.5m user@host# set virtual-channel-groups wan-vc-group branch2-vc shaping-rate 1.5m user@host# set virtual-channel-groups wan-vc-group branch3-vc shaping-rate 1.5m
将虚拟通道组应用于逻辑接口。
[edit class-of-service] user@host# set interfaces t3–1/0/0 unit 0 virtual-channel-group wan-vc-group
创建防火墙过滤器以选择流量。
[edit firewall] user@host# set firewall family inet filter choose-vc term branch1 from destination-address 192.168.10.0/24 user@host# set firewall family inet filter choose-vc term branch1 then virtual-channel branch1-vc user@host# set firewall family inet filter choose-vc term branch1 then accept user@host# set firewall family inet filter choose-vc term branch2 from destination-address 192.168.20.0/24 user@host# set firewall family inet filter choose-vc term branch2 then virtual-channel branch2-vc user@host# set firewall family inet filter choose-vc term branch2 then accept user@host# set firewall family inet filter choose-vc term branch3 from destination-address 192.168.30.0/24 user@host# set firewall family inet filter choose-vc term branch3 then virtual-channel branch3-vc user@host# set firewall family inet filter choose-vc term branch3 then accept user@host# set firewall family inet filter choose-vc term default then virtual-channel default-vc user@host# set firewall family inet filter choose-vc term default then accept
将防火墙过滤器应用于输出流量。
[edit interfaces] user@host# set t3–1/0/0 unit 0 family inet filter output choose-vc
结果
在配置模式下,输入 、 和 show class-of-service 命令 show firewall 以确认您的 show interfaces t3-1/0/0 配置。如果输出未显示预期的配置,请重复此示例中的配置说明进行更正。
user@host#show class-of-servicevirtual-channels { branch1-vc; branch2-vc; branch3-vc; default-vc; } virtual-channel-groups { wan-vc-group { branch1-vc { scheduler-map bestscheduler; shaping-rate 1500000; } branch2-vc { scheduler-map bestscheduler; shaping-rate 1500000; } branch3-vc { scheduler-map bestscheduler; shaping-rate 1500000; } default-vc { scheduler-map bestscheduler; default; } } } interfaces { t3-1/0/0 { unit 0 { virtual-channel-group wan-vc-group; } } } [edit] user@host#show firewallfamily inet { filter choose-vc { term branch1 { from { destination-address { 192.168.10.0/24; } } then { virtual-channel branch1-vc; accept; } } term branch2 { from { destination-address { 192.168.20.0/24; } } then { virtual-channel branch2-vc; accept; } } term branch3 { from { destination-address { 192.168.30.0/24; } } then { virtual-channel branch1-vc; accept; } } term branch2 { from { destination-address { 192.168.20.0/24; } } then { virtual-channel branch2-vc; accept; } } term branch3 { from { destination-address { 192.168.30.0/24; } } then { virtual-channel branch3-vc; accept; } } term default { then { virtual-channel default-vc; accept; } } } } [edit] user@host#show interfaces t3-1/0/0unit 0 { family inet { filter { output choose-vc; } } }
如果完成设备配置,请从配置 commit 模式输入 。