close
keyboard_arrow_left
Table of Contents
- play_arrow 配置防火墙过滤器
- play_arrow 了解防火墙过滤器如何保护您的网络
- play_arrow 防火墙过滤器匹配条件和操作
- 防火墙过滤器概述(OCX 系列)
- ACX 系列路由器上的防火墙过滤器配置文件概述(Junos OS 演化版)
- 了解防火墙过滤器匹配条件
- 了解防火墙过滤器规划
- 了解如何评估防火墙过滤器
- 了解防火墙过滤器匹配条件
- 防火墙过滤器灵活匹配条件
- 防火墙过滤器非终止操作
- 防火墙过滤器终止操作
- 防火墙过滤器匹配条件和操作(ACX 系列路由器)
- ACX 系列路由器中的防火墙过滤器匹配条件和操作 (Junos OS 演化版)
- 与协议无关的流量的防火墙过滤器匹配条件
- IPv4 流量的防火墙过滤器匹配条件
- IPv6 流量的防火墙过滤器匹配条件
- 基于数字或文本别名的防火墙过滤器匹配条件
- 基于位字段值的防火墙过滤器匹配条件
- 基于地址字段的防火墙过滤器匹配条件
- 基于地址类的防火墙过滤器匹配条件
- 了解 MPLS 流量的基于 IP 的过滤和选择性端口镜像
- MPLS 流量的防火墙过滤器匹配条件
- MPLS 标记的 IPv4 或 IPv6 流量的防火墙过滤器匹配条件
- VPLS 流量的防火墙过滤器匹配条件
- 第 2 层 CCC 流量的防火墙过滤器匹配条件
- 第 2 层桥接流量的防火墙过滤器匹配条件
- 环路接口上的防火墙过滤器支持
- play_arrow 将防火墙过滤器应用于路由引擎流量
- 在第 3 层 VPN 中的路由实例的环路接口上配置逻辑单元
- 示例:配置过滤器以根据前缀列表限制对端口的 TCP 访问
- 示例:配置无状态防火墙过滤器以接受来自可信源的流量
- 示例:配置过滤器以阻止 Telnet 和 SSH 访问
- 示例:配置过滤器以阻止 TFTP 访问
- 示例:配置过滤器以接受基于 IPv6 TCP 标志的数据包
- 示例:配置过滤器以阻止对端口的 TCP 访问(来自指定 BGP 对等方除外)
- 示例:配置无状态防火墙过滤器以防止 TCP 和 ICMP 泛滥
- 示例:使用每秒数据包数速率限制过滤器保护路由引擎
- 示例:配置过滤器以排除 LAC 订阅者的 DHCPv6 和 ICMPv6 控制流量
- DHCP 防火墙过滤器的端口号要求
- 示例:配置 DHCP 防火墙过滤器以保护路由引擎
- play_arrow 将防火墙过滤器应用于传输流量
- 示例:配置过滤器以用作入口队列过滤器
- 示例:配置过滤器以匹配 IPv6 标志
- 示例:配置过滤器以匹配端口和协议字段
- 示例:配置过滤器以计算接受和拒绝的数据包
- 示例:配置过滤器以计数和丢弃 IP 选项数据包
- 示例:配置过滤器以对 IP 选项数据包进行计数
- 示例:配置过滤器以对接受的数据包进行计数和采样
- 示例:配置过滤器以将 DSCP 位设置为零
- 示例:配置过滤器以将 DSCP 位设置为零
- 示例:将筛选器配置为匹配两个不相关的条件
- 示例:将过滤器配置为基于地址接受 DHCP 数据包
- 示例:配置过滤器以接受来自前缀的 OSPF 数据包
- 示例:配置无状态防火墙过滤器以处理片段
- 配置防火墙过滤器以防止或允许 IPv4 数据包分段
- 配置防火墙过滤器以丢弃带有移动扩展标头的入口 IPv6 数据包
- 示例:基于 IPv6 源或目标 IP 地址配置出口过滤器
- 示例:基于目标类配置速率限制过滤器
- play_arrow 在逻辑系统中配置防火墙过滤器
- play_arrow 配置防火墙过滤器记帐和日志记录
- play_arrow 将多个防火墙过滤器连接到单个接口
- play_arrow 将单个防火墙过滤器连接到多个接口
- play_arrow 配置跨 IP 网络的基于过滤器的隧道
- play_arrow 配置服务过滤器
- play_arrow 配置简单筛选器
- play_arrow 配置第 2 层防火墙过滤器
- play_arrow 为转发、分段和监管配置防火墙过滤器
- play_arrow 配置防火墙过滤器(EX 系列交换机)
- EX 系列交换机的防火墙过滤器概述
- 了解防火墙过滤器的规划
- 了解防火墙过滤器匹配条件
- 了解防火墙过滤器如何控制数据包流
- 了解如何评估防火墙过滤器
- 了解 EX 系列交换机上桥接数据包和路由数据包的防火墙过滤器处理点
- EX 系列交换机的防火墙过滤器匹配条件、操作和操作修改符
- EX 系列交换机上防火墙过滤器匹配条件、操作和操作修饰符的平台支持
- 支持交换机上环路防火墙过滤器的匹配条件和操作
- 配置防火墙过滤器(CLI 过程)
- 了解防火墙过滤器如何测试数据包的协议
- 了解 EX 系列交换机基于过滤器的转发
- 示例:为 EX 系列交换机上的端口、VLAN 和路由器流量配置防火墙过滤器
- 示例:在 EX 系列交换机的管理接口上配置防火墙过滤器
- 示例:使用基于过滤器的转发将应用程序流量路由到安全设备
- 示例:将防火墙过滤器应用于启用了 802.1X 或 MAC RADIUS 身份验证的接口上的多个请求方
- 验证监管器是否正常运行
- 防火墙过滤器故障排除
- play_arrow 配置防火墙过滤器(QFX 系列交换机、EX4600 交换机、PTX 系列路由器)
- 防火墙过滤器概述(QFX 系列)
- 了解防火墙过滤器规划
- 规划要创建的防火墙过滤器数量
- 防火墙过滤器匹配条件和操作(QFX 和 EX 系列交换机)
- 防火墙过滤器匹配条件和操作(QFX10000交换机)
- 防火墙过滤器匹配条件和操作(PTX 系列路由器)
- PTX 系列数据包传输路由器和 T 系列矩阵路由器之间的防火墙和监管差异
- 配置防火墙过滤器
- 将防火墙过滤器应用于接口
- 环路接口上的 MPLS 防火墙过滤器概述
- 在交换机上配置 MPLS 防火墙过滤器和监管器
- 在路由器上配置 MPLS 防火墙过滤器和监管器
- 配置 MPLS 防火墙过滤器和监管器
- 了解防火墙过滤器如何测试协议
- 了解桥接和路由数据包的防火墙过滤器处理点
- 了解基于过滤器的转发
- 示例:使用基于过滤器的转发将应用程序流量路由到安全设备
- 配置防火墙过滤器以解封装 GRE 或 IPIP 流量
- 验证防火墙过滤器是否正常运行
- 监控防火墙过滤器流量
- 防火墙过滤器配置疑难解答
- play_arrow 配置防火墙过滤器计费和日志记录(EX9200 交换机)
-
- play_arrow 配置流量监管器
- play_arrow 了解流量监管器
- 监管器实施概述
- ARP 监管器概述
- 示例:配置 ARP 监管器
- 了解监管器和令牌桶算法的优势
- 确定流量监管器的适当突发大小
- 使用流量监管控制网络访问概述
- 流量监管器类型
- 监管器和防火墙过滤器操作的顺序
- 了解监管数据包的帧长度
- 支持的监管标准
- 分层监管器配置概述
- 了解增强型分层监管器
- 基于每秒数据包数 (pps) 的监管器概述
- 应用流量监管器的准则
- 聚合以太网接口的监管器支持概述
- 示例:为物理接口上的聚合流量配置物理接口监管器
- PTX 系列数据包传输路由器和 T 系列矩阵路由器之间的防火墙和监管差异
- ACX 系列路由器上的分层监管器概述
- 在 ACX 系列路由器上配置分层监管器的准则
- ACX 系列路由器上的分层监管器模式
- 处理 ACX 系列路由器上的分层监管器
- 对 ACX 系列路由器上的分层监管器执行的操作
- 在 ACX 系列路由器上配置聚合父监管器和子监管器
- play_arrow 配置监管器速率限制和操作
- play_arrow 配置第 2 层监管器
- play_arrow 在第 3 层配置双色和三色流量监管器
- play_arrow 在第 3 层配置逻辑和物理接口流量监管器
- play_arrow 在交换机上配置监管器
-
- play_arrow 配置语句和操作命令
- play_arrow 故障排除
- play_arrow 知识库
-
list Table of Contents
keyboard_arrow_right
示例:在 ISP 网络中使用路由策略
date_range
18-Jan-25
此示例是一个案例研究,说明如何在典型的 Internet 服务提供商 (ISP) 网络中使用路由策略。
概述
在此网络示例中,ISP 的 AS 编号为 64510。ISP 有两个传输对等方(AS 64514 和 AS 64515),它在交换点连接到这两个对等方。ISP 还连接到两个专用对等方(AS 64513 和 AS 64516),并与之交换特定的客户路由。ISP 有两个客户(AS 64511 和 AS 64512)。
ISP 策略是按出站方向配置的。也就是说,该示例侧重于 ISP 向其对等方和客户通告的路由,并包括以下内容:
已为 ISP 分配 AS 64510,路由空间为 172.16.32.0/21。除两个客户网络外,所有其他客户路由都使用静态路由进行模拟。
交换对等方用于将服务传输到互联网的其他部分。这意味着 ISP 正在接受来自这些 BGP 对等方的所有路由(完整的互联网路由表)。为了帮助维护优化的互联网路由表,ISP 配置为仅向中转对等方播发两个聚合路由。
ISP 管理员希望所有发往专用对等方的数据都使用直接链接。因此,来自 ISP 的所有客户路由都会播发到这些专用对等方。然后,这些对等方将其所有客户路由通告给 ISP。
最后,每个客户都有一组不同的要求。客户 1 需要单个默认路由。客户 2 需要特定路由。
为拓扑中的所有设备设置命令
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改与您的网络配置匹配所需的任何详细信息,然后将命令复制并粘贴到层次结构级别的 CLI [edit] 中。
设备客户-1
content_copy zoom_out_map
set interfaces fe-1/2/3 unit 0 description to_ISP-3 set interfaces fe-1/2/3 unit 0 family inet address 10.1.0.6/30 set interfaces lo0 unit 0 family inet address 192.168.0.8/32 set protocols bgp group ext type external set protocols bgp group ext export send-statics set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.1.0.5 set policy-options policy-statement send-statics term static-routes from protocol static set policy-options policy-statement send-statics term static-routes then accept set routing-options static route 172.16.40.0/25 reject set routing-options static route 172.16.40.128/25 reject set routing-options static route 172.16.41.0/25 reject set routing-options static route 172.16.41.128/25 reject set routing-options autonomous-system 64511
设备客户-2
content_copy zoom_out_map
set interfaces fe-1/2/1 unit 0 description to_ISP-3 set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.10/30 set interfaces fe-1/2/0 unit 0 description to-Private-Peer-2 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.21/30 set interfaces lo0 unit 0 family inet address 192.168.0.9/32 set protocols bgp group ext type external set protocols bgp group ext import inbound-routes set protocols bgp group ext export outbound-routes set protocols bgp group ext neighbor 10.0.0.9 peer-as 64510 set protocols bgp group ext neighbor 10.0.0.22 peer-as 64516 set policy-options policy-statement inbound-routes term AS64510-primary from protocol bgp set policy-options policy-statement inbound-routes term AS64510-primary from as-path AS64510-routes set policy-options policy-statement inbound-routes term AS64510-primary then local-preference 200 set policy-options policy-statement inbound-routes term AS64510-primary then accept set policy-options policy-statement inbound-routes term AS64516-backup from protocol bgp set policy-options policy-statement inbound-routes term AS64516-backup from as-path AS64516-routes set policy-options policy-statement inbound-routes term AS64516-backup then local-preference 50 set policy-options policy-statement inbound-routes term AS64516-backup then accept set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set policy-options policy-statement outbound-routes term internal-bgp-routes from protocol bgp set policy-options policy-statement outbound-routes term internal-bgp-routes from as-path my-own-routes set policy-options policy-statement outbound-routes term internal-bgp-routes then accept set policy-options policy-statement outbound-routes term no-transit then reject set policy-options as-path my-own-routes "()" set policy-options as-path AS64510-routes "64510 .*" set policy-options as-path AS64516-routes "64516 .*" set routing-options static route 172.16.44.0/26 reject set routing-options static route 172.16.44.64/26 reject set routing-options static route 172.16.44.128/26 reject set routing-options static route 172.16.44.192/26 reject set routing-options autonomous-system 64512
设备 ISP-1
content_copy zoom_out_map
set interfaces fe-1/2/0 unit 0 description to_ISP-3 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.2/30 set interfaces fe-1/2/1 unit 0 description to_ISP-2 set interfaces fe-1/2/1 unit 0 family inet address 10.1.0.2/30 set interfaces fe-1/2/2 unit 0 description to_Private-Peer-1 set interfaces fe-1/2/2 unit 0 family inet address 10.2.0.2/30 set interfaces fe-1/2/3 unit 0 description to_Exchange-1 set interfaces fe-1/2/3 unit 0 family inet address 10.2.0.6/30 set interfaces lo0 unit 0 family inet address 192.168.0.1/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.1 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.2 set protocols bgp group int neighbor 192.168.0.3 set protocols bgp group to_64513 type external set protocols bgp group to_64513 export private-peer set protocols bgp group to_64513 peer-as 64513 set protocols bgp group to_64513 neighbor 10.2.0.1 set protocols bgp group to_64514 type external set protocols bgp group to_64514 export exchange-peer set protocols bgp group to_64514 peer-as 64514 set protocols bgp group to_64514 neighbor 10.2.0.5 set protocols ospf area 0.0.0.0 interface fe-1/2/0.0 set protocols ospf area 0.0.0.0 interface fe-1/2/1.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement exchange-peer term AS64510-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term AS64510-Aggregate from route-filter 172.16.32.0/21 exact set policy-options policy-statement exchange-peer term AS64510-Aggregate then accept set policy-options policy-statement exchange-peer term Customer-2-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term Customer-2-Aggregate from route-filter 172.16.40.0/22 exact set policy-options policy-statement exchange-peer term Customer-2-Aggregate then accept set policy-options policy-statement exchange-peer term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next-hop-self then next-hop self set policy-options policy-statement private-peer term statics from protocol static set policy-options policy-statement private-peer term statics then accept set policy-options policy-statement private-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement private-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement private-peer term isp-and-customer-routes then accept set policy-options policy-statement private-peer term reject-all then reject set routing-options static route 172.16.32.0/24 reject set routing-options static route 172.16.33.0/24 reject set routing-options aggregate route 172.16.32.0/21 set routing-options aggregate route 172.16.40.0/22 set routing-options router-id 192.168.0.1 set routing-options autonomous-system 64510
设备 ISP-2
content_copy zoom_out_map
set interfaces fe-1/2/1 unit 0 description to_ISP-1 set interfaces fe-1/2/1 unit 0 family inet address 10.1.0.1/30 set interfaces fe-1/2/2 unit 0 description to_ISP-3 set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.6/30 set interfaces fe-1/2/3 unit 0 description to_Private-Peer-2 set interfaces fe-1/2/3 unit 0 family inet address 10.3.0.6/30 set interfaces fe-1/2/0 unit 0 description to_Exchange-2 set interfaces fe-1/2/0 unit 0 family inet address 10.3.0.2/30 set interfaces lo0 unit 0 family inet address 192.168.0.2/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.2 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.1 set protocols bgp group int neighbor 192.168.0.3 set protocols bgp group AS-64516 type external set protocols bgp group AS-64516 export private-peer set protocols bgp group AS-64516 peer-as 64516 set protocols bgp group AS-64516 neighbor 10.3.0.5 set protocols bgp group AS-64515 type external set protocols bgp group AS-64515 export exchange-peer set protocols bgp group AS-64515 peer-as 64515 set protocols bgp group AS-64515 neighbor 10.3.0.1 set protocols ospf area 0.0.0.0 interface fe-1/2/2.0 set protocols ospf area 0.0.0.0 interface fe-1/2/1.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement exchange-peer term AS64510-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term AS64510-Aggregate from route-filter 172.16.32.0/21 exact set policy-options policy-statement exchange-peer term AS64510-Aggregate then accept set policy-options policy-statement exchange-peer term Customer-2-Aggregate from protocol aggregate set policy-options policy-statement exchange-peer term Customer-2-Aggregate from route-filter 172.16.44.0/23 exact set policy-options policy-statement exchange-peer term Customer-2-Aggregate then accept set policy-options policy-statement exchange-peer term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next-hop-self then next-hop self set policy-options policy-statement private-peer term statics from protocol static set policy-options policy-statement private-peer term statics then accept set policy-options policy-statement private-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement private-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement private-peer term isp-and-customer-routes then accept set policy-options policy-statement private-peer term reject-all then reject set routing-options static route 172.16.34.0/24 reject set routing-options static route 172.16.35.0/24 reject set routing-options aggregate route 172.16.44.0/23 set routing-options aggregate route 172.16.32.0/21 set routing-options router-id 192.168.0.2 set routing-options autonomous-system 64510
设备 ISP-3
content_copy zoom_out_map
set interfaces fe-1/2/0 unit 0 description to_ISP-1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.1/30 set interfaces fe-1/2/2 unit 0 description to_ISP-2 set interfaces fe-1/2/2 unit 0 family inet address 10.0.0.5/30 set interfaces fe-1/2/3 unit 0 description to_Customer-1 set interfaces fe-1/2/3 unit 0 family inet address 10.1.0.5/30 set interfaces fe-1/2/1 unit 0 description to_Customer-2 set interfaces fe-1/2/1 unit 0 family inet address 10.0.0.9/30 set interfaces lo0 unit 0 family inet address 192.168.0.3/32 set protocols bgp group int type internal set protocols bgp group int local-address 192.168.0.3 set protocols bgp group int export internal-peers set protocols bgp group int neighbor 192.168.0.1 set protocols bgp group int neighbor 192.168.0.2 set protocols bgp group to_64511 type external set protocols bgp group to_64511 export customer-1-peer set protocols bgp group to_64511 neighbor 10.1.0.6 peer-as 64511 set protocols bgp group to_64512 type external set protocols bgp group to_64512 export customer-2-peer set protocols bgp group to_64512 neighbor 10.0.0.10 peer-as 64512 set protocols ospf area 0.0.0.0 interface fe-1/2/0.0 set protocols ospf area 0.0.0.0 interface fe-1/2/2.0 set protocols ospf area 0.0.0.0 interface lo0.0 passive set policy-options policy-statement customer-1-peer term defaut-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement customer-1-peer term defaut-route then accept set policy-options policy-statement customer-1-peer term reject-all-other-routes then reject set policy-options policy-statement customer-2-peer term statics from protocol static set policy-options policy-statement customer-2-peer term statics then accept set policy-options policy-statement customer-2-peer term isp-and-customer-routes from protocol bgp set policy-options policy-statement customer-2-peer term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger set policy-options policy-statement customer-2-peer term isp-and-customer-routes then accept set policy-options policy-statement customer-2-peer term default-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement customer-2-peer term default-route then accept set policy-options policy-statement customer-2-peer term reject-all-other-routes then reject set policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes from route-filter 172.16.8.0/21 exact set policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes then accept set policy-options policy-statement if-upstream-routes-exist term reject-all-other-routes then reject set policy-options policy-statement internal-peers term statics from protocol static set policy-options policy-statement internal-peers term statics then accept set policy-options policy-statement internal-peers term next then next-hop self set routing-options static route 172.16.36.0/24 reject set routing-options static route 172.16.37.0/24 reject set routing-options static route 172.16.38.0/24 reject set routing-options static route 172.16.39.0/24 reject set routing-options generate route 0.0.0.0/0 policy if-upstream-routes-exist set routing-options router-id 192.168.0.3 set routing-options autonomous-system 64510
设备更换-1
content_copy zoom_out_map
set interfaces fe-1/2/3 unit 0 description to_ISP-1 set interfaces fe-1/2/3 unit 0 family inet address 10.2.0.5/30 set interfaces fe-1/2/2 unit 0 description to_Exchange-2 set interfaces fe-1/2/2 unit 0 family inet address 10.3.0.42/30 set interfaces fe-1/2/1 unit 0 description to_Private-Peer-1 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.45/30 set interfaces lo0 unit 0 family inet address 192.168.0.6/32 set protocols bgp group ext type external set protocols bgp group ext export send-static set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.2.0.6 set protocols bgp group ext neighbor 10.3.0.41 peer-as 64515 set policy-options policy-statement send-static from protocol static set policy-options policy-statement send-static then accept set routing-options static route 172.16.8.0/21 reject set routing-options autonomous-system 64514
设备更换-2
content_copy zoom_out_map
set interfaces fe-1/2/0 unit 0 description to_ISP-2 set interfaces fe-1/2/0 unit 0 family inet address 10.3.0.1/30 set interfaces fe-1/2/2 unit 0 description to_Exchange-1 set interfaces fe-1/2/2 unit 0 family inet address 10.3.0.41/30 set interfaces fe-1/2/1 unit 0 description to_Private-Peer-2 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.49/30 set interfaces lo0 unit 0 family inet address 192.168.0.7/32 set protocols bgp group ext type external set protocols bgp group ext export outbound-routes set protocols bgp group ext neighbor 10.3.0.2 peer-as 64510 set protocols bgp group ext neighbor 10.3.0.50 peer-as 64516 set protocols bgp group ext neighbor 10.3.0.42 peer-as 64514 set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set routing-options autonomous-system 64515 set routing-options static route 172.16.16.0/21 reject
设备专用-对等-1
content_copy zoom_out_map
set interfaces fe-1/2/2 unit 0 description to_ISP-1 set interfaces fe-1/2/2 unit 0 family inet address 10.2.0.1/30 set interfaces fe-1/2/1 unit 0 description to_Exchange-1 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.46/30 set interfaces lo0 unit 0 family inet address 192.168.0.4/32 set protocols bgp group ext type external set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.2.0.2 set routing-options autonomous-system 64513
设备专用对等-2
content_copy zoom_out_map
set interfaces fe-1/2/3 unit 0 description to_ISP-2 set interfaces fe-1/2/3 unit 0 family inet address 10.3.0.5/30 set interfaces fe-1/2/0 unit 0 description to_Customer-1 set interfaces fe-1/2/0 unit 0 family inet address 10.0.0.22/30 set interfaces fe-1/2/1 unit 0 description to_Exchange-2 set interfaces fe-1/2/1 unit 0 family inet address 10.3.0.50/30 set interfaces lo0 unit 0 family inet address 192.168.0.5/32 set protocols bgp group ext type external set protocols bgp group ext export outbound-routes set protocols bgp group ext peer-as 64510 set protocols bgp group ext neighbor 10.3.0.6 set protocols bgp group to-64512 type external set protocols bgp group to-64512 peer-as 64512 set protocols bgp group to-64512 neighbor 10.0.0.21 set protocols bgp group to-64512 export internal-routes set protocols bgp group to-64515 type external set protocols bgp group to-64515 export outbound-routes set protocols bgp group to-64515 peer-as 64515 set protocols bgp group to-64515 neighbor 10.3.0.49 set policy-options policy-statement if-upstream-routes-exist term as-64515-routes from route-filter 172.16.16.0/21 exact set policy-options policy-statement if-upstream-routes-exist term as-64515-routes then accept set policy-options policy-statement if-upstream-routes-exist term reject-all-other-routes then reject set policy-options policy-statement internal-routes term statics from protocol static set policy-options policy-statement internal-routes term statics then accept set policy-options policy-statement internal-routes term default-route from route-filter 0.0.0.0/0 exact set policy-options policy-statement internal-routes term default-route then accept set policy-options policy-statement internal-routes term reject-all-other-routes then reject set policy-options policy-statement outbound-routes term statics from protocol static set policy-options policy-statement outbound-routes term statics then accept set policy-options policy-statement outbound-routes term allowed-bgp-routes from as-path my-own-routes set policy-options policy-statement outbound-routes term allowed-bgp-routes from as-path AS64512-routes set policy-options policy-statement outbound-routes term allowed-bgp-routes then accept set policy-options policy-statement outbound-routes term no-transit then reject set policy-options as-path my-own-routes "()" set policy-options as-path AS64512-routes 64512 set routing-options static route 172.16.24.0/25 reject set routing-options static route 172.16.24.128/25 reject set routing-options static route 172.16.25.0/26 reject set routing-options static route 172.16.25.64/26 reject set routing-options generate route 0.0.0.0/0 policy if-upstream-routes-exist set routing-options autonomous-system 64516
配置设备客户-1
程序
分步过程
以下示例要求您在配置层次结构中导航各个级别。有关导航 CLI 的信息,请参阅 在配置模式下使用 CLI 编辑器Junos OS CLI 用户指南。
设备 Customer-1 配置了多个静态路由来模拟客户路由。这些路由将发送到 ISP。
要配置设备 Customer-1,请执行以下操作:
配置设备接口。
content_copy zoom_out_map[edit interfaces] user@Customer-1# set fe-1/2/3 unit 0 description to_ISP-3 user@Customer-1# set fe-1/2/3 unit 0 family inet address 10.1.0.6/30 user@Customer-1# set lo0 unit 0 family inet address 192.168.0.8/32
配置静态路由。
content_copy zoom_out_map[edit routing-options static] user@Customer-1# set route 172.16.40.0/25 reject user@Customer-1# set route 172.16.40.128/25 reject user@Customer-1# set route 172.16.41.0/25 reject user@Customer-1# set route 172.16.41.128/25 reject
配置策略以发送静态路由。
content_copy zoom_out_map[edit policy-options policy-statement send-statics term static-routes] user@Customer-1# set from protocol static user@Customer-1# set then accept
配置到 ISP 的外部 BGP (EBGP) 连接。
content_copy zoom_out_map[edit protocols bgp group ext] user@Customer-1# set type external user@Customer-1# set export send-statics user@Customer-1# set peer-as 64510 user@Customer-1# set neighbor 10.1.0.5
配置自治系统 (AS) 编号。
content_copy zoom_out_map[edit routing-options] user@Customer-1# set autonomous-system 64511
结果
在配置模式下,输入 show interfaces 、show protocols、show policy-options 和 show routing-options 命令,以确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明,以便进行更正。
content_copy zoom_out_map
user@Customer-1# show interfaces
fe-1/2/1 {
unit 0 {
description to_ISP-3;
family inet {
address 10.1.0.6/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.8/32;
}
}
}
content_copy zoom_out_map
user@Customer-1# show protocols
bgp {
group ext {
type external;
export send-statics;
peer-as 64510;
neighbor 10.1.0.5;
}
}
content_copy zoom_out_map
user@Customer-1# show policy-options
policy-statement send-statics {
term static-routes {
from protocol static;
then accept;
}
}
content_copy zoom_out_map
user@Customer-1# show routing-options
static {
route 172.16.40.0/25 reject;
route 172.16.40.128/25 reject;
route 172.16.41.0/25 reject;
route 172.16.41.128/25 reject;
}
autonomous-system 64511;
如果完成设备配置,请从配置模式输入 commit。
配置设备客户-2
程序
分步过程
以下示例要求您在配置层次结构中导航各个级别。有关导航 CLI 的信息,请参阅 在配置模式下使用 CLI 编辑器Junos OS CLI 用户指南。
设备 Customer-2 配置了两个静态路由来模拟客户路由。这些路由将发送到 ISP。客户 2 有一个指向 ISP 的链路以及一个指向 AS 8000 的链路。此客户已从 ISP 以及 AS 64516 请求特定客户路由。客户 2 希望使用 ISP 提供到互联网的传输服务,并已向 ISP 请求默认路由。
要配置设备 Customer-2,请执行以下操作:
配置设备接口。
content_copy zoom_out_map[edit interfaces] user@Customer-2# set fe-1/2/1 unit 0 description to_ISP-3 user@Customer-2# set fe-1/2/1 unit 0 family inet address 10.0.0.10/30 user@Customer-2# set fe-1/2/0 unit 0 description to-Private-Peer-2 user@Customer-2# set fe-1/2/0 unit 0 family inet address 10.0.0.21/30 user@Customer-2# set lo0 unit 0 family inet address 192.168.0.9/32
配置静态路由。
content_copy zoom_out_map[edit routing-options static] user@Customer-2# set route 172.16.44.0/26 reject user@Customer-2# set route 172.16.44.64/26 reject user@Customer-2# set route 172.16.44.128/26 reject user@Customer-2# set route 172.16.44.192/26 reject
配置导入路由策略。
首选具有最高本地优先级值的路由。来自 ISP 的路由优先于来自设备 Private-Peer-2 的相同路由
content_copy zoom_out_map[edit policy-options policy-statement inbound-routes] user@Customer-2# set term AS64510-primary from protocol bgp user@Customer-2# set term AS64510-primary from as-path AS64510-routes user@Customer-2# set term AS64510-primary then local-preference 200 user@Customer-2# set term AS64510-primary then accept [edit policy-options policy-statement inbound-routes] user@Customer-2# set term AS64516-backup from protocol bgp user@Customer-2# set term AS64516-backup from as-path AS64516-routes user@Customer-2# set term AS64516-backup then local-preference 50 user@Customer-2# set term AS64516-backup then accept [edit policy-options] user@Customer-2# set as-path AS64510-routes "64510 .*" user@Customer-2# set as-path AS64516-routes "64516 .*"
配置导出路由策略。
content_copy zoom_out_map[edit policy-options policy-statement outbound-routes] user@Customer-2# set term statics from protocol static user@Customer-2# set term statics then accept user@Customer-2# set term internal-bgp-routes from protocol bgp user@Customer-2# set term internal-bgp-routes from as-path my-own-routes user@Customer-2# set term internal-bgp-routes then accept user@Customer-2# set term no-transit then reject [edit policy-options] user@Customer-2# set as-path my-own-routes "()"
配置到 ISP 和设备 Private-Peer-2 的外部 BGP (EBGP) 连接。
content_copy zoom_out_map[edit protocols bgp group ext] user@Customer-2# set type external user@Customer-2# set import inbound-routes user@Customer-2# set export outbound-routes user@Customer-2# set neighbor 10.0.0.9 peer-as 64510 user@Customer-2# set neighbor 10.0.0.22 peer-as 64516
配置自治系统 (AS) 编号。
content_copy zoom_out_map[edit routing-options] user@Customer-2# set autonomous-system 64512
结果
在配置模式下,输入 show interfaces 、show protocols、show policy-options 和 show routing-options 命令,以确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明,以便进行更正。
content_copy zoom_out_map
user@Customer-2# show interfaces
fe-1/2/1 {
unit 0 {
description to_ISP-3;
family inet {
address 10.0.0.10/30;
}
}
}
fe-1/2/0 {
unit 0 {
description to-Private-Peer-2;
family inet {
address 10.0.0.21/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.9/32;
}
}
}
content_copy zoom_out_map
user@Customer-2# show protocols
bgp {
group ext {
type external;
import inbound-routes;
export outbound-routes;
neighbor 10.0.0.9 {
peer-as 64510;
}
neighbor 10.0.0.22 {
peer-as 64516;
}
}
}
content_copy zoom_out_map
user@Customer-2# show policy-options
policy-statement inbound-routes {
term AS64510-primary {
from {
protocol bgp;
as-path AS64510-routes;
}
then {
local-preference 200;
accept;
}
}
term AS64516-backup {
from {
protocol bgp;
as-path AS64516-routes;
}
then {
local-preference 50;
accept;
}
}
}
policy-statement outbound-routes {
term statics {
from protocol static;
then accept;
}
term internal-bgp-routes {
from {
protocol bgp;
as-path my-own-routes;
}
then accept;
}
term no-transit {
then reject;
}
}
as-path my-own-routes "()";
as-path AS64510-routes "64510 .*";
as-path AS64516-routes "64516 .*";
content_copy zoom_out_map
user@Customer-2# show routing-options
static {
route 172.16.44.0/26 reject;
route 172.16.44.64/26 reject;
route 172.16.44.128/26 reject;
route 172.16.44.192/26 reject;
}
autonomous-system 64512;
如果完成设备配置,请从配置模式输入 commit。
配置设备 ISP-1 和 ISP-2
程序
分步过程
以下示例要求您在配置层次结构中导航各个级别。有关导航 CLI 的信息,请参阅 在配置模式下使用 CLI 编辑器Junos OS CLI 用户指南。
设备 ISP-1 和设备 ISP-2 各配置了两个策略:策略 private-peer 和 exchange-peer 策略。由于它们的配置相似,此示例仅显示设备 ISP-2 的分步配置。
在设备 ISP-2 上,专用对等方策略将 ISP 客户路由发送到设备 Private-Peer-2。该策略接受 172.16.32.0/21 范围内的所有本地静态路由(本地设备 ISP-2 客户)和所有 BGP 路由(由其他 ISP 路由器通告)。这两个策略术语表示 ISP 客户路由。最终的策略术语拒绝所有其他路由,其中包括交换对等方发送的整个互联网路由表。这些路由不需要发送到设备 Private-Peer-2,原因有两个:
在我们的示例中,对等方已保持与设备 Exchange-2 的连接,因此路由是冗余的。
专用对等方只需要客户路由。该
private-peer策略实现了这一目标。该策略将exchange-peer路由发送到设备 Exchange-2。
在此示例中,只需将两个路由发送到设备 Exchange-2:
聚合路由,表示 172.16.32.0/21 的 AS 64510 路由空间。此路由在本地配置为聚合路由,并由策略播
exchange-peer发。分配给客户 2 的地址空间 172.16.44.0/23。这个较小的聚合路由需要发送至设备 Exchange-2,因为客户也连接到了 AS 64516 对等方(设备 Private-Peer-2)。
将这两条路由发送到设备 Exchange-2 允许互联网中的其他网络通过 ISP 或专用对等方联系客户。如果仅由专用对等方播发 /23 网络,而 ISP 仅维护其 /21 聚合,则向客户发送的所有流量只会通过 AS 64516。由于客户还需要来自 ISP 的路由,因此设备 ISP-2 会通告 172.16.44.0/23 路由。与较大的聚合路由一样,172.16.44.0/23 路由在本地配置,并由交换对等策略播发。该策略的最后一个术语拒绝所有路由,包括 ISP 的特定客户网络、来自设备 Private-Peer-1 的客户路由、来自设备 Private-Peer-2 的客户路由以及来自设备 Exchange-1 的路由表。从本质上讲,这个最终期限阻止了ISP为整个互联网执行传输服务。
要配置设备 ISP-2:
配置设备接口。
content_copy zoom_out_map[edit interfaces] user@ISP-2# set fe-1/2/1 unit 0 description to_ISP-1 user@ISP-2# set fe-1/2/1 unit 0 family inet address 10.1.0.1/30 user@ISP-2# set fe-1/2/2 unit 0 description to_ISP-3 user@ISP-2# set fe-1/2/2 unit 0 family inet address 10.0.0.6/30 user@ISP-2# set fe-1/2/3 unit 0 description to_Private-Peer-2 user@ISP-2# set fe-1/2/3 unit 0 family inet address 10.3.0.6/30 user@ISP-2# set fe-1/2/0 unit 0 description to_Exchange-2 user@ISP-2# set fe-1/2/0 unit 0 family inet address 10.3.0.2/30 user@ISP-2# set lo0 unit 0 family inet address 192.168.0.2/32
配置内部网关协议 (IGP)。
content_copy zoom_out_map[edit protocols ospf area 0.0.0.0] user@ISP-2# set interface fe-1/2/2.0 user@ISP-2# set interface fe-1/2/1.0 user@ISP-2# set interface lo0.0 passive
配置静态路由和聚合路由。
content_copy zoom_out_map[edit routing-options static] user@ISP-2# set route 172.16.34.0/24 reject user@ISP-2# set route 172.16.35.0/24 reject [edit routing-options aggregate] user@ISP-2# set route 172.16.44.0/23 user@ISP-2# set route 172.16.32.0/21
为交换对等方配置路由策略。
content_copy zoom_out_map[edit policy-options policy-statement exchange-peer] user@ISP-2# set term AS64510-Aggregate from protocol aggregate user@ISP-2# set term AS64510-Aggregate from route-filter 172.16.32.0/21 exact user@ISP-2# set term AS64510-Aggregate then accept user@ISP-2# set term Customer-2-Aggregate from protocol aggregate user@ISP-2# set term Customer-2-Aggregate from route-filter 172.16.44.0/23 exact user@ISP-2# set term Customer-2-Aggregate then accept user@ISP-2# set term reject-all-other-routes then reject
为内部对等方配置路由策略。
content_copy zoom_out_map[edit policy-options policy-statement internal-peers] user@ISP-2# set term statics from protocol static user@ISP-2# set term statics then accept user@ISP-2# set term next-hop-self then next-hop self
为专用对等方配置路由策略。
content_copy zoom_out_map[edit policy-options policy-statement private-peer] user@ISP-2# set term statics from protocol static user@ISP-2# set term statics then accept user@ISP-2# set term isp-and-customer-routes from protocol bgp user@ISP-2# set term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger user@ISP-2# set term isp-and-customer-routes then accept user@ISP-2# set term reject-all then reject
配置与其他 ISP 设备的内部 BGP (IBGP) 连接。
content_copy zoom_out_map[edit protocols bgp group int] user@ISP-2# set type internal user@ISP-2# set local-address 192.168.0.2 user@ISP-2# set export internal-peers user@ISP-2# set neighbor 192.168.0.1 user@ISP-2# set neighbor 192.168.0.3
配置到交换对等方和专用对等方的 EBGP 连接。
content_copy zoom_out_map[edit protocols bgp group AS-64516] user@ISP-2# set type external user@ISP-2# set export private-peer user@ISP-2# set peer-as 64516 user@ISP-2# set neighbor 10.3.0.5 [edit protocols bgp group AS-64515] user@ISP-2# set type external user@ISP-2# set export exchange-peer user@ISP-2# set peer-as 64515 user@ISP-2# set neighbor 10.3.0.1
配置自治系统 (AS) 编号和路由器 ID。
content_copy zoom_out_map[edit routing-options] user@ISP-2# set router-id 192.168.0.2 user@ISP-2# set autonomous-system 64510
结果
在配置模式下,输入 show interfaces 、show protocols、show policy-options 和 show routing-options 命令,以确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明,以便进行更正。
content_copy zoom_out_map
user@ISP-2# show interfaces
fe-1/2/0 {
unit 0{
description to_Exchange-2;
family inet {
address 10.3.0.2/30;
}
}
}
fe-1/2/1 {
unit 0{
description to_ISP-1;
family inet {
address 10.1.0.1/30;
}
}
}
fe-1/2/2 {
unit 0 {
description to_ISP-3;
family inet {
address 10.0.0.6/30;
}
}
}
fe-1/2/3 {
unit 0 {
description to_Private-Peer-2;
family inet {
address 10.3.0.6/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.2/32;
}
}
}
content_copy zoom_out_map
user@ISP-2# show protocols
bgp {
group int {
type internal;
local-address 192.168.0.2;
export internal-peers;
neighbor 192.168.0.1;
neighbor 192.168.0.3;
}
group AS-64516 {
type external;
export private-peer;
peer-as 64516;
neighbor 10.3.0.5;
}
group AS-64515 {
type external;
export exchange-peer;
peer-as 64515;
neighbor 10.3.0.1;
}
}
ospf {
area 0.0.0.0 {
interface fe-1/2/2.0;
interface fe-1/2/1.0;
interface lo0.0 {
passive;
}
}
}
content_copy zoom_out_map
user@ISP-2# show policy-options
policy-statement exchange-peer {
term AS64510-Aggregate {
from {
protocol aggregate;
route-filter 172.16.32.0/21 exact;
}
then accept;
}
term Customer-2-Aggregate {
from {
protocol aggregate;
route-filter 172.16.44.0/23 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement internal-peers {
term statics {
from protocol static;
then accept;
}
term next-hop-self {
then {
next-hop self;
}
}
}
policy-statement private-peer {
term statics {
from protocol static;
then accept;
}
term isp-and-customer-routes {
from {
protocol bgp;
route-filter 172.16.32.0/21 orlonger;
}
then accept;
}
term reject-all {
then reject;
}
}
content_copy zoom_out_map
user@ISP-2# show routing-options
static {
route 172.16.34.0/24 reject;
route 172.16.35.0/24 reject;
}
aggregate {
route 172.16.44.0/23;
route 172.16.32.0/21;
}
router-id 192.168.0.2;
autonomous-system 64510;
如果完成设备配置,请从配置模式输入 commit。
配置设备 ISP-3
程序
分步过程
以下示例要求您在配置层次结构中导航各个级别。有关导航 CLI 的信息,请参阅 在配置模式下使用 CLI 编辑器Junos OS CLI 用户指南。
在设备 ISP-3 上,为每个客户制定了单独的策略。客户 1 的默认路由由策略发送 customer-1-peer 。此策略在 inet.0 中查找 0.0.0.0/0 默认路由并接受它。该策略还会拒绝所有其他路由,从而不会在 ISP 路由器上发送所有 BGP 路由。该 customer-2-peer 策略适用于客户 2,包含相同的策略条款,这些条款也会发送默认路由,而不发送其他传输 BGP 路由。策略中的 customer-2-peer 附加条款将 ISP 客户路由发送到客户 2。由于设备 ISP-3 上存在代表本地客户的本地静态路由,因此将发送这些路由以及其他 ISP 路由器向本地路由器通告的所有其他内部路由。
如果存在来自设备 Exchange-1 (172.16.8.0/21) 的上游路由,则设备 ISP-3 将生成默认路由。
要配置设备 ISP-3:
配置设备接口。
content_copy zoom_out_map[edit interfaces] user@ISP-3# set fe-1/2/0 unit 0 description to_ISP-1 user@ISP-3# set fe-1/2/0 unit 0 family inet address 10.0.0.1/30 user@ISP-3# set fe-1/2/2 unit 0 description to_ISP-2 user@ISP-3# set fe-1/2/2 unit 0 family inet address 10.0.0.5/30 user@ISP-3# set fe-1/2/3 unit 0 description to_Customer-1 user@ISP-3# set fe-1/2/3 unit 0 family inet address 10.1.0.5/30 user@ISP-3# set fe-1/2/1 unit 0 description to_Customer-2 user@ISP-3# set fe-1/2/1 unit 0 family inet address 10.0.0.9/30 user@ISP-3# set lo0 unit 0 family inet address 192.168.0.3/32
配置内部网关协议 (IGP)。
content_copy zoom_out_map[edit protocols ospf area 0.0.0.0] user@ISP-3# set interface fe-1/2/0.0 user@ISP-3# set interface fe-1/2/2.0 user@ISP-3# set interface lo0.0 passive
配置静态路由。
content_copy zoom_out_map[edit routing-options static] user@ISP-3# set route 172.16.36.0/24 reject user@ISP-3# set route 172.16.37.0/24 reject user@ISP-3# set route 172.16.38.0/24 reject user@ISP-3# set route 172.16.39.0/24 reject
配置路由策略,仅当存在特定上游路由时,才会生成默认静态路由。
content_copy zoom_out_map[edit policy-options policy-statement if-upstream-routes-exist term only-certain-contributing-routes] user@ISP-3# set from route-filter 172.16.8.0/21 exact user@ISP-3# set then accept [edit policy-options policy-statement if-upstream-routes-exist] user@ISP-3# set term reject-all-other-routes then reject [edit routing-options generate route 0.0.0.0/0] user@ISP-3# set policy if-upstream-routes-exist
为客户 1 配置路由策略。
content_copy zoom_out_map[edit policy-options policy-statement customer-1-peer] user@ISP-3# set term defaut-route from route-filter 0.0.0.0/0 exact user@ISP-3# set term defaut-route then accept user@ISP-3# set term reject-all-other-routes then reject
为客户 2 配置路由策略。
content_copy zoom_out_map[edit policy-options policy-statement customer-2-peer] user@ISP-3# set term statics from protocol static user@ISP-3# set term statics then accept user@ISP-3# set term isp-and-customer-routes from protocol bgp user@ISP-3# set term isp-and-customer-routes from route-filter 172.16.32.0/21 orlonger user@ISP-3# set term isp-and-customer-routes then accept user@ISP-3# set term default-route from route-filter 0.0.0.0/0 exact user@ISP-3# set term default-route then accept user@ISP-3# set term reject-all-other-routes then reject
为内部对等方配置路由策略。
content_copy zoom_out_map[edit policy-options policy-statement internal-peers] user@ISP-3# set term statics from protocol static user@ISP-3# set term statics then accept user@ISP-3# set term next then next-hop self
配置与其他 ISP 设备的内部 BGP (IBGP) 连接。
content_copy zoom_out_map[edit protocols bgp group int] user@ISP-3# set type internal user@ISP-3# set local-address 192.168.0.3 user@ISP-3# set export internal-peers user@ISP-3# set neighbor 192.168.0.1 user@ISP-3# set neighbor 192.168.0.2
配置与客户对等方的 EBGP 连接。
content_copy zoom_out_map[edit protocols bgp group to_64511] user@ISP-3# set type external user@ISP-3# set export customer-1-peer user@ISP-3# set neighbor 10.1.0.6 peer-as 64511 [edit protocols bgp group to_64512] user@ISP-3# set type external user@ISP-3# set export customer-2-peer user@ISP-3# set neighbor 10.0.0.10 peer-as 64512
配置自治系统 (AS) 编号和路由器 ID。
content_copy zoom_out_map[edit routing-options] user@ISP-3# set router-id 192.168.0.3 user@ISP-3# set autonomous-system 64510
结果
在配置模式下,输入 show interfaces 、show protocols、show policy-options 和 show routing-options 命令,以确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明,以便进行更正。
content_copy zoom_out_map
user@ISP-3# show interfaces
fe-1/2/0 {
unit 0 {
description to_ISP-1;
family inet {
address 10.0.0.1/30;
}
}
}
fe-1/2/1 {
unit 0 {
description to_Customer-2;
family inet {
address 10.0.0.9/30;
}
}
}
fe-1/2/2 {
unit 0 {
description to_ISP-2;
family inet {
address 10.0.0.5/30;
}
}
}
fe-1/2/3 {
unit 0 {
description to_Customer-1;
family inet {
address 10.1.0.5/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.3/32;
}
}
}
content_copy zoom_out_map
user@ISP-3# show protocols
bgp {
group int {
type internal;
local-address 192.168.0.3;
export internal-peers;
neighbor 192.168.0.1;
neighbor 192.168.0.2;
}
group to_64511 {
type external;
export customer-1-peer;
neighbor 10.1.0.6 {
peer-as 64511;
}
}
group to_64512 {
type external;
export customer-2-peer;
neighbor 10.0.0.10 {
peer-as 64512;
}
}
}
ospf {
area 0.0.0.0 {
interface fe-1/2/0.0;
interface fe-1/2/2.0;
interface lo0.0 {
passive;
}
}
}
content_copy zoom_out_map
user@ISP-3# show policy-options
policy-statement customer-1-peer {
term defaut-route {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement customer-2-peer {
term statics {
from protocol static;
then accept;
}
term isp-and-customer-routes {
from {
protocol bgp;
route-filter 172.16.32.0/21 orlonger;
}
then accept;
}
term default-route {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement if-upstream-routes-exist {
term only-certain-contributing-routes {
from {
route-filter 172.16.8.0/21 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement internal-peers {
term statics {
from protocol static;
then accept;
}
term next {
then {
next-hop self;
}
}
}
content_copy zoom_out_map
user@ISP-3# show routing-options
static {
route 172.16.36.0/24 reject;
route 172.16.37.0/24 reject;
route 172.16.38.0/24 reject;
route 172.16.39.0/24 reject;
}
generate {
route 0.0.0.0/0 policy if-upstream-routes-exist;
}
router-id 192.168.0.3;
autonomous-system 64510;
如果完成设备配置,请从配置模式输入 commit。
配置设备交换-2
程序
分步过程
以下示例要求您在配置层次结构中导航各个级别。有关导航 CLI 的信息,请参阅 在配置模式下使用 CLI 编辑器Junos OS CLI 用户指南。
设备交换-2 将所有 BGP 路由交换给所有 BGP 对等方。设备 Exchange-2 的出站路由策略使用 BGP 通告本地定义的静态路由。排除最终 then reject 术语会导致默认 BGP 导出策略生效,即将所有 BGP 路由发送到所有外部 BGP 对等方。
要配置设备交换-2:
配置设备接口。
content_copy zoom_out_map[edit interfaces] user@Exchange-2# set fe-1/2/0 unit 0 description to_ISP-2 user@Exchange-2# set fe-1/2/0 unit 0 family inet address 10.3.0.1/30 user@Exchange-2# set fe-1/2/2 unit 0 description to_Exchange-1 user@Exchange-2# set fe-1/2/2 unit 0 family inet address 10.3.0.41/30 user@Exchange-2# set fe-1/2/1 unit 0 description to_Private-Peer-2 user@Exchange-2# set fe-1/2/1 unit 0 family inet address 10.3.0.49/30 user@Exchange-2# set lo0 unit 0 family inet address 192.168.0.7/32
配置静态路由。
content_copy zoom_out_map[edit routing-options static] set route 172.16.16.0/21 reject
配置路由策略,仅当存在某些内部路由时,才会生成默认静态路由。
content_copy zoom_out_map[edit policy-options policy-statement outbound-routes term statics] user@Exchange-2# set from protocol static user@Exchange-2# set then accept
配置与客户对等方的 EBGP 连接。
content_copy zoom_out_map[edit protocols bgp group ext] user@Exchange-2# set type external user@Exchange-2# set export outbound-routes user@Exchange-2# set neighbor 10.3.0.2 peer-as 64510 user@Exchange-2# set neighbor 10.3.0.50 peer-as 64516 user@Exchange-2# set neighbor 10.3.0.42 peer-as 64514
配置自治系统 (AS) 编号。
content_copy zoom_out_map[edit routing-options] user@Exchange-2# set autonomous-system 64515
结果
在配置模式下,输入 show interfaces 、show protocols、show policy-options 和 show routing-options 命令,以确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明,以便进行更正。
content_copy zoom_out_map
user@Exchange-2 show interfaces
fe-1/2/0 {
unit 0 {
description to_ISP-2;
family inet {
address 10.3.0.1/30;
}
}
}
fe-1/2/1 {
unit 0 {
description to_Private-Peer-2;
family inet {
address 10.3.0.49/30;
}
}
}
fe-1/2/2 {
unit 0 {
description to_Exchange-1;
family inet {
address 10.3.0.41/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.7/32;
}
}
}
content_copy zoom_out_map
user@Exchange-2# show protocols
bgp {
group ext {
type external;
export outbound-routes;
neighbor 10.3.0.2 {
peer-as 64510;
}
neighbor 10.3.0.50 {
peer-as 64516;
}
neighbor 10.3.0.42 {
peer-as 64514;
}
}
}
content_copy zoom_out_map
user@Exchange-2# show policy-options
policy-statement outbound-routes {
term statics {
from protocol static;
then accept;
}
}
content_copy zoom_out_map
user@Exchange-2# show routing-options
static {
route 172.16.16.0/21 reject;
}
autonomous-system 64515;
如果完成设备配置,请从配置模式输入 commit。
配置设备 Private-Peer-2
程序
分步过程
以下示例要求您在配置层次结构中导航各个级别。有关导航 CLI 的信息,请参阅 在配置模式下使用 CLI 编辑器Junos OS CLI 用户指南。
设备 Private-Peer-2 执行两个主要功能:
将 AS 64516 本地路由播发至交换对等方和 ISP 路由器。该
outbound-routes策略播发路由器上的本地静态路由(即客户),还会播发 BGP 获知的源自 AS 64516 或 AS 64512 的所有路由。除 AS 64512 客户外,这些路由还包括其他 AS 64516 客户路由。AS 路由通过策略中的 AS 路径正则表达式匹配标准来识别。将 0.0.0.0/0 默认路由播发至 AS 64512 客户路由器。为此,专用对等方在路由器本地为 0.0.0.0/0 创建生成的路由。此生成的路由进一步分配了一个名为
if-upstream-routes-exist的策略,该策略仅允许某些路由为生成的路由做出贡献,使其成为路由表中的活动路由。路由处于活动状态后,即可使用 BGP 和配置的策略将其发送至 AS 64512 路由器。该if-upstream-routes-exist策略仅接受来自设备 Exchange-2 的 172.16.32.0/21 路由,并拒绝所有其他路由。如果 172.16.32.0/21 路由被交换对等方撤回,则专用对等方将丢失 0.0.0.0/0 默认路由,并从 AS 64512 客户路由器撤回默认路由。
要配置设备 Private-Peer-2,请执行以下操作:
配置设备接口。
content_copy zoom_out_map[edit interfaces] user@Private-Peer-2# set fe-1/2/3 unit 0 description to_ISP-2 user@Private-Peer-2# set fe-1/2/3 unit 0 family inet address 10.3.0.5/30 user@Private-Peer-2# set fe-1/2/0 unit 0 description to_Customer-1 user@Private-Peer-2# set fe-1/2/0 unit 0 family inet address 10.0.0.22/30 user@Private-Peer-2# set fe-1/2/1 unit 0 description to_Exchange-2 user@Private-Peer-2# set fe-1/2/1 unit 0 family inet address 10.3.0.50/30 user@Private-Peer-2# set lo0 unit 0 family inet address 192.168.0.5/32
配置静态路由。
content_copy zoom_out_map[edit routing-options static] user@Private-Peer-2# set route 172.16.24.0/25 reject user@Private-Peer-2# set route 172.16.24.128/25 reject user@Private-Peer-2# set route 172.16.25.0/26 reject user@Private-Peer-2# set route 172.16.25.64/26 reject
配置路由策略,仅当存在某些内部路由时,才会生成默认静态路由。
content_copy zoom_out_map[edit policy-options policy-statement if-upstream-routes-exist] user@Private-Peer-2# set term as-64515-routes from route-filter 172.16.16.0/21 exact user@Private-Peer-2# set term as-64515-routes then accept user@Private-Peer-2# set term reject-all-other-routes then reject [edit routing-options generate route 0.0.0.0/0] user@Private-Peer-2# set policy if-upstream-routes-exist
配置通告本地静态路由和默认路由的路由策略。
content_copy zoom_out_map[edit policy-options policy-statement internal-routes] user@Private-Peer-2# set term statics from protocol static user@Private-Peer-2# set term statics then accept user@Private-Peer-2# set term default-route from route-filter 0.0.0.0/0 exact user@Private-Peer-2# set term default-route then accept user@Private-Peer-2# set term reject-all-other-routes then reject
配置播发本地客户路由的路由策略。
content_copy zoom_out_map[edit policy-options policy-statement outbound-routes] user@Private-Peer-2# set term statics from protocol static user@Private-Peer-2# set term statics then accept user@Private-Peer-2# set term allowed-bgp-routes from as-path my-own-routes user@Private-Peer-2# set term allowed-bgp-routes from as-path AS64512-routes user@Private-Peer-2# set term allowed-bgp-routes then accept user@Private-Peer-2# set term no-transit then reject [edit policy-options] user@Private-Peer-2# set as-path my-own-routes "()" user@Private-Peer-2# set as-path AS64512-routes 64512
配置与客户 2 的 EBGP 连接。
content_copy zoom_out_map[edit protocols bgp group to-64512] user@Private-Peer-2# set type external user@Private-Peer-2# set export internal-routes user@Private-Peer-2# set peer-as 64512 user@Private-Peer-2# set neighbor 10.0.0.21
配置与设备交换 2 的 EBGP 连接。
content_copy zoom_out_map[edit protocols bgp group to-64515] user@Private-Peer-2# set type external user@Private-Peer-2# set export outbound-routes user@Private-Peer-2# set peer-as 64515 user@Private-Peer-2# set neighbor 10.3.0.49
配置到 ISP 的 EBGP 连接。
content_copy zoom_out_map[edit protocols bgp group ext] user@Private-Peer-2# set type external user@Private-Peer-2# set export outbound-routes user@Private-Peer-2# set peer-as 64510 user@Private-Peer-2# set neighbor 10.3.0.6
配置自治系统 (AS) 编号。
content_copy zoom_out_map[edit routing-options] user@Private-Peer-2# set autonomous-system 64516
结果
在配置模式下,输入 show interfaces 、show protocols、show policy-options 和 show routing-options 命令,以确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明,以便进行更正。
content_copy zoom_out_map
user@Private-Peer-2# show interfaces
fe-1/2/0 {
unit 0 {
description to_Customer-1;
family inet {
address 10.0.0.22/30;
}
}
}
fe-1/2/1 {
unit 0 {
description to_Exchange-2;
family inet {
address 10.3.0.50/30;
}
}
}
fe-1/2/3 {
unit 0 {
description to_ISP-2;
family inet {
address 10.3.0.5/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.5/32;
}
}
}
content_copy zoom_out_map
user@Private-Peer-2# show protocols
bgp {
group ext {
type external;
export outbound-routes;
peer-as 64510;
neighbor 10.3.0.6;
}
group to-64512 {
type external;
export internal-routes;
peer-as 64512;
neighbor 10.0.0.21;
}
group to-64515 {
type external;
export outbound-routes;
peer-as 64515;
neighbor 10.3.0.49;
}
}
content_copy zoom_out_map
user@Private-Peer-2# show policy-options
policy-statement if-upstream-routes-exist {
term as-64515-routes {
from {
route-filter 172.16.16.0/21 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement internal-routes {
term statics {
from protocol static;
then accept;
}
term default-route {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
term reject-all-other-routes {
then reject;
}
}
policy-statement outbound-routes {
term statics {
from protocol static;
then accept;
}
term allowed-bgp-routes {
from as-path [ my-own-routes AS64512-routes ];
then accept;
}
term no-transit {
then reject;
}
}
as-path my-own-routes "()";
as-path AS64512-routes 64512;
content_copy zoom_out_map
user@Private-Peer-2# show routing-options
static {
route 172.16.24.0/25 reject;
route 172.16.24.128/25 reject;
route 172.16.25.0/26 reject;
route 172.16.25.64/26 reject;
}
generate {
route 0.0.0.0/0 policy if-upstream-routes-exist;
}
autonomous-system 64516;
如果完成设备配置,请从配置模式输入 commit。
验证
确认配置工作正常。
- 验证设备 customer-1 上的路由
- 验证设备 Customer-2 上的路由
- 验证设备 ISP-1 上的路由
- 验证设备 ISP-2 上的路由
- 验证设备 ISP-3 上的路由
- 验证设备 Exchange-1 上的路由
- 验证设备 Exchange-2 上的路由
- 验证设备 Private-Peer-1 上的路由
- 验证设备 Private-Peer-2 上的路由
验证设备 customer-1 上的路由
目的
在设备 Customer-1 上,检查路由表中的路由。
操作
content_copy zoom_out_map
user@Customer-1> show route
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[BGP/170] 00:09:25, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.1.0.5 via fe-1/2/3.0
10.1.0.4/30 *[Direct/0] 23:50:20
> via fe-1/2/3.0
10.1.0.6/32 *[Local/0] 5d 21:56:47
Local via fe-1/2/3.0
172.16.40.0/25 *[Static/5] 22:59:04
Reject
172.16.40.128/25 *[Static/5] 22:59:04
Reject
172.16.41.0/25 *[Static/5] 22:59:04
Reject
172.16.41.128/25 *[Static/5] 22:59:04
Reject
192.168.0.8/32 *[Direct/0] 5d 21:25:45
> via lo0.0意义
设备 Customer-1 有其四个静态路由,并且已通过 BGP 学习默认路由。
验证设备 Customer-2 上的路由
目的
在设备 Customer-2 上,检查路由表中的路由。
操作
content_copy zoom_out_map
user@Customer-2> show route
inet.0: 22 destinations, 23 routes (22 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[BGP/170] 00:10:35, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
[BGP/170] 04:58:09, localpref 50
AS path: 64516 I, validation-state: unverified
> to 10.0.0.22 via fe-1/2/0.0
10.0.0.8/30 *[Direct/0] 23:51:29
> via fe-1/2/0.10
10.0.0.10/32 *[Local/0] 23:52:49
Local via fe-1/2/0.10
10.0.0.20/30 *[Direct/0] 23:52:49
> via fe-1/2/0.0
10.0.0.21/32 *[Local/0] 23:52:49
Local via fe-1/2/0.0
172.16.24.0/25 *[BGP/170] 04:58:09, localpref 50
AS path: 64516 I, validation-state: unverified
> to 10.0.0.22 via fe-1/2/0.0
172.16.24.128/25 *[BGP/170] 04:58:09, localpref 50
AS path: 64516 I, validation-state: unverified
> to 10.0.0.22 via fe-1/2/0.0
172.16.25.0/26 *[BGP/170] 04:58:09, localpref 50
AS path: 64516 I, validation-state: unverified
> to 10.0.0.22 via fe-1/2/0.0
172.16.25.64/26 *[BGP/170] 04:58:09, localpref 50
AS path: 64516 I, validation-state: unverified
> to 10.0.0.22 via fe-1/2/0.0
172.16.32.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.33.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.34.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.35.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.36.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.37.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.38.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.39.0/24 *[BGP/170] 22:38:47, localpref 200
AS path: 64510 I, validation-state: unverified
> to 10.0.0.9 via fe-1/2/0.10
172.16.44.0/26 *[Static/5] 22:57:28
Reject
172.16.44.64/26 *[Static/5] 22:57:28
Reject
172.16.44.128/26 *[Static/5] 22:57:28
Reject
172.16.44.192/26 *[Static/5] 22:57:28
Reject
192.168.0.9/32 *[Direct/0] 23:52:49
> via lo0.0意义
设备 Customer-2 已通过与 ISP 的会话以及与专用对等方的会话获知默认路由。首选从 ISP 获知的路由,因为它具有更高的本地优先级。
验证设备 ISP-1 上的路由
目的
在设备 ISP-1 上,检查路由表中的路由。
操作
content_copy zoom_out_map
user@ISP-1> show route
inet.0: 42 destinations, 53 routes (42 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[BGP/170] 22:44:26, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
10.0.0.0/30 *[Direct/0] 23:52:01
> via fe-1/2/0.0
10.0.0.2/32 *[Local/0] 23:52:01
Local via fe-1/2/0.0
10.0.0.4/30 *[OSPF/10] 23:51:06, metric 2
to 10.1.0.1 via fe-1/2/1.0
> to 10.0.0.1 via fe-1/2/0.0
10.0.0.20/30 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:51:28, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
10.1.0.0/30 *[Direct/0] 23:52:01
> via fe-1/2/1.0
10.1.0.2/32 *[Local/0] 23:52:01
Local via fe-1/2/1.0
10.2.0.0/30 *[Direct/0] 23:52:01
> via fe-1/2/2.0
10.2.0.2/32 *[Local/0] 23:52:01
Local via fe-1/2/2.0
10.2.0.4/30 *[Direct/0] 23:52:00
> via fe-1/2/3.0
10.2.0.6/32 *[Local/0] 23:52:00
Local via fe-1/2/3.0
10.3.0.4/30 *[BGP/170] 23:51:28, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
10.3.0.48/30 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
172.16.8.0/21 *[BGP/170] 00:11:08, localpref 100
AS path: 64514 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.16.0/21 *[BGP/170] 02:02:10, localpref 100, from 192.168.0.2
AS path: 64515 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 02:02:10, localpref 100
AS path: 64514 64515 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.24.0/25 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:06:33, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.24.128/25 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:06:33, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.25.0/26 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:06:33, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.25.64/26 *[BGP/170] 23:06:33, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:06:33, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.32.0/21 *[Aggregate/130] 22:44:27
Reject
172.16.32.0/24 *[Static/5] 22:44:27
Reject
172.16.33.0/24 *[Static/5] 22:44:27
Reject
172.16.34.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.2
AS path: I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
172.16.35.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.2
AS path: I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
172.16.36.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.37.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.38.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.39.0/24 *[BGP/170] 22:39:20, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.40.0/22 *[Aggregate/130] 22:44:27
Reject
172.16.40.0/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.40.128/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.41.0/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.41.128/25 *[BGP/170] 23:00:47, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
172.16.44.0/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
[BGP/170] 22:58:01, localpref 100
AS path: 64514 64515 64516 64512 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.44.64/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
[BGP/170] 22:58:01, localpref 100
AS path: 64514 64515 64516 64512 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.44.128/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
[BGP/170] 22:58:01, localpref 100
AS path: 64514 64515 64516 64512 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.44.192/26 *[BGP/170] 22:58:01, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.1 via fe-1/2/0.0
[BGP/170] 22:58:01, localpref 100
AS path: 64514 64515 64516 64512 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
192.168.0.1/32 *[Direct/0] 23:52:01
> via lo0.0
192.168.0.2/32 *[OSPF/10] 23:51:06, metric 1
> to 10.1.0.1 via fe-1/2/1.0
192.168.0.3/32 *[OSPF/10] 23:51:06, metric 1
> to 10.0.0.1 via fe-1/2/0.0
192.168.0.5/32 *[BGP/170] 23:50:55, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.1.0.1 via fe-1/2/1.0
[BGP/170] 23:51:28, localpref 100
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.2.0.5 via fe-1/2/3.0
172.16.233.5/32 *[OSPF/10] 23:52:07, metric 1
MultiRecv验证设备 ISP-2 上的路由
目的
在设备 ISP-2 上,检查路由表中的路由。
操作
content_copy zoom_out_map
user@ISP-2> show route
inet.0: 41 destinations, 59 routes (41 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[BGP/170] 22:45:44, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
10.0.0.0/30 *[OSPF/10] 23:52:25, metric 2
to 10.0.0.5 via fe-1/2/2.0
> to 10.1.0.2 via fe-1/2/1.0
10.0.0.4/30 *[Direct/0] 23:53:21
> via fe-1/2/2.0
10.0.0.6/32 *[Local/0] 23:53:23
Local via fe-1/2/2.0
10.0.0.20/30 *[BGP/170] 23:53:11, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:53:09, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
10.1.0.0/30 *[Direct/0] 23:53:19
> via fe-1/2/1.0
10.1.0.1/32 *[Local/0] 23:53:23
Local via fe-1/2/1.0
10.3.0.0/30 *[Direct/0] 23:53:22
> via fe-1/2/0.0
10.3.0.2/32 *[Local/0] 23:53:23
Local via fe-1/2/0.0
10.3.0.4/30 *[Direct/0] 23:53:23
> via fe-1/2/3.0
[BGP/170] 23:53:11, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:53:09, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
[BGP/170] 23:52:13, localpref 100, from 192.168.0.1
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.1.0.2 via fe-1/2/1.0
10.3.0.6/32 *[Local/0] 23:53:23
Local via fe-1/2/3.0
10.3.0.48/30 *[BGP/170] 23:53:11, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
172.16.8.0/21 *[BGP/170] 00:12:26, localpref 100, from 192.168.0.1
AS path: 64514 I, validation-state: unverified
> to 10.1.0.2 via fe-1/2/1.0
[BGP/170] 00:12:26, localpref 100
AS path: 64515 64514 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.16.0/21 *[BGP/170] 02:03:28, localpref 100
AS path: 64515 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.24.0/25 *[BGP/170] 23:07:51, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:07:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.24.128/25 *[BGP/170] 23:07:51, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:07:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.25.0/26 *[BGP/170] 23:07:51, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:07:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.25.64/26 *[BGP/170] 23:07:51, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:07:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.32.0/21 *[Aggregate/130] 22:40:38
Reject
172.16.32.0/24 *[BGP/170] 22:45:44, localpref 100, from 192.168.0.1
AS path: I, validation-state: unverified
> to 10.1.0.2 via fe-1/2/1.0
172.16.33.0/24 *[BGP/170] 22:45:44, localpref 100, from 192.168.0.1
AS path: I, validation-state: unverified
> to 10.1.0.2 via fe-1/2/1.0
172.16.34.0/24 *[Static/5] 22:40:38
Reject
172.16.35.0/24 *[Static/5] 22:40:38
Reject
172.16.36.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.37.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.38.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.39.0/24 *[BGP/170] 22:40:38, localpref 100, from 192.168.0.3
AS path: I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.40.0/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.40.128/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.41.0/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.41.128/25 *[BGP/170] 23:02:05, localpref 100, from 192.168.0.3
AS path: 64511 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
172.16.44.0/23 *[Aggregate/130] 22:40:38
Reject
172.16.44.0/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
[BGP/170] 22:59:19, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 22:59:19, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.44.64/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
[BGP/170] 22:59:19, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 22:59:19, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.44.128/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
[BGP/170] 22:59:19, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 22:59:19, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.44.192/26 *[BGP/170] 22:59:19, localpref 100, from 192.168.0.3
AS path: 64512 I, validation-state: unverified
> to 10.0.0.5 via fe-1/2/2.0
[BGP/170] 22:59:19, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 22:59:19, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
192.168.0.1/32 *[OSPF/10] 23:52:25, metric 1
> to 10.1.0.2 via fe-1/2/1.0
192.168.0.2/32 *[Direct/0] 23:53:23
> via lo0.0
192.168.0.3/32 *[OSPF/10] 23:52:30, metric 1
> to 10.0.0.5 via fe-1/2/2.0
192.168.0.5/32 *[BGP/170] 23:53:11, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.5 via fe-1/2/3.0
[BGP/170] 23:53:09, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.1 via fe-1/2/0.0
172.16.233.5/32 *[OSPF/10] 23:53:25, metric 1
MultiRecv验证设备 ISP-3 上的路由
目的
在设备 ISP-3 上,检查路由表中的路由。
操作
content_copy zoom_out_map
user@ISP-3> show route
inet.0: 40 destinations, 41 routes (40 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Aggregate/130] 23:53:57, metric2 1
> to 10.0.0.2 via fe-1/2/0.0
[BGP/170] 22:46:17, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
10.0.0.0/30 *[Direct/0] 23:53:52
> via fe-1/2/0.0
10.0.0.1/32 *[Local/0] 23:53:53
Local via fe-1/2/0.0
10.0.0.4/30 *[Direct/0] 23:53:54
> via fe-1/2/2.0
10.0.0.5/32 *[Local/0] 23:53:54
Local via fe-1/2/2.0
10.0.0.8/30 *[Direct/0] 23:53:53
> via fe-1/2/1.0
10.0.0.9/32 *[Local/0] 23:53:53
Local via fe-1/2/1.0
10.0.0.20/30 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
10.1.0.0/30 *[OSPF/10] 23:53:03, metric 2
> to 10.0.0.6 via fe-1/2/2.0
to 10.0.0.2 via fe-1/2/0.0
10.1.0.4/30 *[Direct/0] 23:53:54
> via fe-1/2/3.0
10.1.0.5/32 *[Local/0] 23:53:54
Local via fe-1/2/3.0
10.3.0.4/30 *[BGP/170] 23:52:46, localpref 100, from 192.168.0.1
AS path: 64514 64515 64516 I, validation-state: unverified
> to 10.0.0.2 via fe-1/2/0.0
10.3.0.48/30 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.8.0/21 *[BGP/170] 00:12:59, localpref 100, from 192.168.0.1
AS path: 64514 I, validation-state: unverified
> to 10.0.0.2 via fe-1/2/0.0
172.16.16.0/21 *[BGP/170] 02:04:01, localpref 100, from 192.168.0.2
AS path: 64515 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.24.0/25 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.24.128/25 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.25.0/26 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.25.64/26 *[BGP/170] 23:08:24, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.32.0/24 *[BGP/170] 22:46:17, localpref 100, from 192.168.0.1
AS path: I, validation-state: unverified
> to 10.0.0.2 via fe-1/2/0.0
172.16.33.0/24 *[BGP/170] 22:46:17, localpref 100, from 192.168.0.1
AS path: I, validation-state: unverified
> to 10.0.0.2 via fe-1/2/0.0
172.16.34.0/24 *[BGP/170] 22:41:11, localpref 100, from 192.168.0.2
AS path: I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.35.0/24 *[BGP/170] 22:41:11, localpref 100, from 192.168.0.2
AS path: I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.36.0/24 *[Static/5] 22:41:11
Reject
172.16.37.0/24 *[Static/5] 22:41:11
Reject
172.16.38.0/24 *[Static/5] 22:41:11
Reject
172.16.39.0/24 *[Static/5] 22:41:11
Reject
172.16.40.0/25 *[BGP/170] 23:02:38, localpref 100
AS path: 64511 I, validation-state: unverified
> to 10.1.0.6 via fe-1/2/3.0
172.16.40.128/25 *[BGP/170] 23:02:38, localpref 100
AS path: 64511 I, validation-state: unverified
> to 10.1.0.6 via fe-1/2/3.0
172.16.41.0/25 *[BGP/170] 23:02:38, localpref 100
AS path: 64511 I, validation-state: unverified
> to 10.1.0.6 via fe-1/2/3.0
172.16.41.128/25 *[BGP/170] 23:02:38, localpref 100
AS path: 64511 I, validation-state: unverified
> to 10.1.0.6 via fe-1/2/3.0
172.16.44.0/26 *[BGP/170] 22:59:52, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.10 via fe-1/2/1.0
172.16.44.64/26 *[BGP/170] 22:59:52, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.10 via fe-1/2/1.0
172.16.44.128/26 *[BGP/170] 22:59:52, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.10 via fe-1/2/1.0
172.16.44.192/26 *[BGP/170] 22:59:52, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.10 via fe-1/2/1.0
192.168.0.1/32 *[OSPF/10] 23:53:03, metric 1
> to 10.0.0.2 via fe-1/2/0.0
192.168.0.2/32 *[OSPF/10] 23:53:03, metric 1
> to 10.0.0.6 via fe-1/2/2.0
192.168.0.3/32 *[Direct/0] 23:53:54
> via lo0.0
192.168.0.5/32 *[BGP/170] 23:53:02, localpref 100, from 192.168.0.2
AS path: 64516 I, validation-state: unverified
> to 10.0.0.6 via fe-1/2/2.0
172.16.233.5/32 *[OSPF/10] 23:53:58, metric 1
MultiRecv验证设备 Exchange-1 上的路由
目的
在设备 Exchange-1 上,检查路由表中的路由。
操作
content_copy zoom_out_map
user@Exchange-1> show route
inet.0: 23 destinations, 24 routes (23 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.20/30 *[BGP/170] 23:53:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
10.2.0.4/30 *[Direct/0] 23:54:23
> via fe-1/2/3.0
10.2.0.5/32 *[Local/0] 23:54:29
Local via fe-1/2/3.0
10.3.0.4/30 *[BGP/170] 23:53:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
10.3.0.40/30 *[Direct/0] 23:54:27
> via fe-1/2/2.0
10.3.0.42/32 *[Local/0] 23:54:29
Local via fe-1/2/2.0
10.3.0.44/30 *[Direct/0] 23:54:29
> via fe-1/2/1.0
10.3.0.45/32 *[Local/0] 23:54:29
Local via fe-1/2/1.0
172.16.8.0/21 *[Static/5] 00:13:31
Reject
172.16.16.0/21 *[BGP/170] 02:04:33, localpref 100
AS path: 64515 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.24.0/25 *[BGP/170] 23:08:56, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.24.128/25 *[BGP/170] 23:08:56, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.25.0/26 *[BGP/170] 23:08:56, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.25.64/26 *[BGP/170] 23:08:56, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.32.0/21 *[BGP/170] 22:46:49, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.6 via fe-1/2/3.0
[BGP/170] 22:41:43, localpref 100
AS path: 64515 64510 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.40.0/22 *[BGP/170] 22:46:49, localpref 100
AS path: 64510 64511 I, validation-state: unverified
> to 10.2.0.6 via fe-1/2/3.0
172.16.44.0/23 *[BGP/170] 22:41:43, localpref 100
AS path: 64515 64510 64512 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.44.0/26 *[BGP/170] 23:00:24, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.44.64/26 *[BGP/170] 23:00:24, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.44.128/26 *[BGP/170] 23:00:24, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
172.16.44.192/26 *[BGP/170] 23:00:24, localpref 100
AS path: 64515 64516 64512 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
192.168.0.5/32 *[BGP/170] 23:53:51, localpref 100
AS path: 64515 64516 I, validation-state: unverified
> to 10.3.0.41 via fe-1/2/2.0
192.168.0.6/32 *[Direct/0] 23:54:29
> via lo0.0验证设备 Exchange-2 上的路由
目的
在设备 Exchange-2 上,检查路由表中的路由。
操作
content_copy zoom_out_map
user@Exchange-2> show route
inet.0: 24 destinations, 26 routes (23 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.20/30 *[BGP/170] 23:54:44, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
10.3.0.0/30 *[Direct/0] 23:54:57
> via fe-1/2/0.0
10.3.0.1/32 *[Local/0] 23:54:57
Local via fe-1/2/0.0
10.3.0.4/30 *[BGP/170] 23:54:44, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
10.3.0.40/30 *[Direct/0] 23:54:57
> via fe-1/2/2.0
10.3.0.41/32 *[Local/0] 23:54:57
Local via fe-1/2/2.0
10.3.0.48/30 *[Direct/0] 23:54:57
> via fe-1/2/1.0
[BGP/170] 23:54:44, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
10.3.0.49/32 *[Local/0] 23:54:57
Local via fe-1/2/1.0
172.16.8.0/21 *[BGP/170] 00:14:01, localpref 100
AS path: 64514 I, validation-state: unverified
> to 10.3.0.42 via fe-1/2/2.0
172.16.16.0/21 *[Static/5] 02:05:03
Reject
172.16.24.0/25 *[BGP/170] 23:09:26, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.24.128/25 *[BGP/170] 23:09:26, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.25.0/26 *[BGP/170] 23:09:26, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.25.64/26 *[BGP/170] 23:09:26, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.32.0/21 *[BGP/170] 22:42:13, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.2 via fe-1/2/0.0
[BGP/170] 22:47:19, localpref 100
AS path: 64514 64510 I, validation-state: unverified
> to 10.3.0.42 via fe-1/2/2.0
172.16.40.0/22 *[BGP/170] 22:47:19, localpref 100
AS path: 64514 64510 64511 I, validation-state: unverified
> to 10.3.0.42 via fe-1/2/2.0
172.16.44.0/23 *[BGP/170] 22:42:13, localpref 100
AS path: 64510 64512 I, validation-state: unverified
> to 10.3.0.2 via fe-1/2/0.0
172.16.44.0/26 *[BGP/170] 23:00:54, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.44.64/26 *[BGP/170] 23:00:54, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.44.128/26 *[BGP/170] 23:00:54, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
172.16.44.192/26 *[BGP/170] 23:00:54, localpref 100
AS path: 64516 64512 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
192.168.0.5/32 *[BGP/170] 23:54:44, localpref 100
AS path: 64516 I, validation-state: unverified
> to 10.3.0.50 via fe-1/2/1.0
192.168.0.7/32 *[Direct/0] 23:54:57
> via lo0.0意义
在设备 Exchange-2 上,默认路由 0/0 处于隐藏状态,因为路由的下一跃点是其自己的到 Device Private-Peer-2 的接口,路由是从中接收路由的。路由处于隐藏状态以避免循环。
验证设备 Private-Peer-1 上的路由
目的
在设备 Private-Peer-1 上,检查路由表中的路由。
操作
content_copy zoom_out_map
user@Private-Peer-1> show route
inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.2.0.0/30 *[Direct/0] 23:58:57
> via fe-1/2/2.0
10.2.0.1/32 *[Local/0] 5d 21:34:22
Local via fe-1/2/2.0
10.3.0.44/30 *[Direct/0] 23:59:02
> via fe-1/2/1.0
10.3.0.46/32 *[Local/0] 1d 03:19:52
Local via fe-1/2/1.0
172.16.32.0/24 *[BGP/170] 22:51:22, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.33.0/24 *[BGP/170] 22:51:22, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.34.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.35.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.36.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.37.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.38.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
172.16.39.0/24 *[BGP/170] 22:46:16, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.2.0.2 via fe-1/2/2.0
192.168.0.4/32 *[Direct/0] 5d 21:34:22
> via lo0.0验证设备 Private-Peer-2 上的路由
目的
在设备 Private-Peer-2 上,检查路由表中的路由。
操作
content_copy zoom_out_map
user@Private-Peer-2> show route
inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Aggregate/130] 1d 02:13:28
> to 10.3.0.49 via fe-1/2/1.0
10.0.0.20/30 *[Direct/0] 1d 00:00:53
> via fe-1/2/0.0
10.0.0.22/32 *[Local/0] 4d 23:51:14
Local via fe-1/2/0.0
10.3.0.4/30 *[Direct/0] 23:59:36
> via fe-1/2/3.0
10.3.0.5/32 *[Local/0] 5d 21:34:57
Local via fe-1/2/3.0
10.3.0.48/30 *[Direct/0] 23:59:35
> via fe-1/2/1.0
10.3.0.50/32 *[Local/0] 1d 03:20:27
Local via fe-1/2/1.0
172.16.8.0/21 *[BGP/170] 00:18:39, localpref 100
AS path: 64515 64514 I, validation-state: unverified
> to 10.3.0.49 via fe-1/2/1.0
172.16.16.0/21 *[BGP/170] 02:09:41, localpref 100
AS path: 64515 I, validation-state: unverified
> to 10.3.0.49 via fe-1/2/1.0
172.16.24.0/25 *[Static/5] 23:14:04
Reject
172.16.24.128/25 *[Static/5] 23:14:04
Reject
172.16.25.0/26 *[Static/5] 23:14:04
Reject
172.16.25.64/26 *[Static/5] 23:14:04
Reject
172.16.32.0/21 *[BGP/170] 22:46:51, localpref 100
AS path: 64515 64510 I, validation-state: unverified
> to 10.3.0.49 via fe-1/2/1.0
172.16.32.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.33.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.34.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.35.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.36.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.37.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.38.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.39.0/24 *[BGP/170] 22:46:51, localpref 100
AS path: 64510 I, validation-state: unverified
> to 10.3.0.6 via fe-1/2/3.0
172.16.40.0/22 *[BGP/170] 22:51:57, localpref 100
AS path: 64515 64514 64510 64511 I, validation-state: unverified
> to 10.3.0.49 via fe-1/2/1.0
172.16.44.0/23 *[BGP/170] 22:46:51, localpref 100
AS path: 64515 64510 64512 I, validation-state: unverified
> to 10.3.0.49 via fe-1/2/1.0
172.16.44.0/26 *[BGP/170] 23:05:32, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.21 via fe-1/2/0.0
172.16.44.64/26 *[BGP/170] 23:05:32, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.21 via fe-1/2/0.0
172.16.44.128/26 *[BGP/170] 23:05:32, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.21 via fe-1/2/0.0
172.16.44.192/26 *[BGP/170] 23:05:32, localpref 100
AS path: 64512 I, validation-state: unverified
> to 10.0.0.21 via fe-1/2/0.0
192.168.0.5/32 *[Direct/0] 5d 21:34:57
> via lo0.0