귀하의 경험을 개선할 수 있도록 도와주십시오.

귀하의 의견을 알려주십시오.

2분이 소요되는 설문 조사에 시간을 내주시겠습니까?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS 라우팅 정책, 방화벽 필터 및 트래픽 폴리서 사용자 가이드 Junos 라우팅 정책 이해 및 구성 소스 클래스 사용량 및 대상 클래스 사용 작업으로 트래픽 사용량 추적

라우팅 정책, 방화벽 필터 및 트래픽 폴리서 사용자 가이드

keyboard_arrow_up
close
keyboard_arrow_left
라우팅 정책, 방화벽 필터 및 트래픽 폴리서 사용자 가이드
Table of Contents Expand all
list Table of Contents
이 페이지에서
keyboard_arrow_right

이 기계 번역이 도움이 되었습니까?

starstarstarstarstar
Go to English page
면책 조항:

이 페이지는 타사 기계 번역 소프트웨어를 사용해 번역됩니다. 주니퍼 네트웍스에서는 우수한 품질의 번역을 제공하기 위한 합리적인 수준의 노력을 기울이지만 해당 컨텐츠의 정확성을 보장할 수 없습니다. 본 번역에 포함된 정보의 정확성과 관련해 의문이 있는 경우 영문 버전을 참조하시기 바랍니다. 다운로드 가능한 PDF는 영어로만 제공됩니다.

SCU(레이어 3 VPN 구성 포함)

date_range 19-Jan-25
arrow_backward
arrow_forward

레이어 3 VPN에서 SCU 구성

그림 1: 레이어 3 VPN 토폴로지 다이어그램의 SCU레이어 3 VPN 토폴로지 다이어그램의 SCU

그림 1 은(는) 레이어 3 VPN 토폴로지를 표시합니다. CE1 및 CE2는 프로바이더 라우터 PE1, P0 및 PE2를 통해 VPN으로 연결된 고객 에지(CE) 라우터입니다. EBGP는 라우터 CE1과 PE1 사이에 설정되고, IBGP는 IS-IS/MPLS/LDP 코어를 통해 라우터 PE1과 PE2를 연결하며, 라우터 PE2와 CE2 사이에 두 번째 EBGP 연결이 흐릅니다.

라우터 CE1에서 PE1에 대한 EBGP 연결을 설정하여 VPN을 시작합니다. 의 정적 경로를 10.114.1.0/24 설치하고 이 경로를 EBGP neighbor에 보급합니다.

라우터 CE1

content_copy zoom_out_map
[edit]
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 10.20.250.1/30;
            }
        }
    }
}
routing-options {
    static {
        route 10.114.1.0/24 reject;
    }
    autonomous-system 100;
}
protocols {
    bgp {
        group to-pe1 {
            local-address 10.20.250.1;
            export inject-direct;
            peer-as 300;
            neighbor 10.20.250.2;
        }
    }
}
policy-options {
    policy-statement inject-direct {
        term 1 {
            from {
                protocol static;
                route-filter 10.114.1.0/24 exact;
            }
            then accept;
        }
        term 2 {
            from protocol direct;
            then accept;
        }
    }
}

PE1에서 VRF 라우팅 인스턴스를 통해 CE1에 대한 EBGP 연결을 완료합니다. BGP 트래픽을 커뮤니티에 넣는 VRF 인스턴스에 대한 내보내기 정책과 VPN 인접 라우터의 커뮤니티 트래픽과 같은 것을 수락하는 가져오기 정책을 설정합니다. 마지막으로, IS-IS, MPLS 및 LDP 코어를 통해 실행되는 라우터 PE2에 대한 IBGP 관계를 구성합니다.

라우터 PE1

content_copy zoom_out_map
[edit]
interfaces {
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 10.20.250.2/30;
            }
        }
    }
    so-0/2/1 {
        unit 0 {
            family inet {
                address 10.20.251.1/30;
            }
            family iso;
            family mpls;
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 10.250.245.245/32;
            }
            family iso;
            family mpls;
        }
    }
}
routing-options {
    autonomous-system 300;
}
protocols {
    mpls {
        interface so-0/2/1;
    }
    bgp {
        group ibgp {
            type internal;
            local-address 10.250.245.245;
            family inet-vpn {
                unicast;
            }
            neighbor 10.250.71.14;
        }
    }
    isis {
        interface so-0/2/1;
    }
    ldp {
        interface so-0/2/1;
    }
}
policy-options {
    policy-statement red-import {
        from {
            protocol bgp;
            community red-com;
        }
        then accept;
    }
    policy-statement red-export {
        from protocol bgp;
        then {
            community add red-com;
            accept;
        }
    }
    community red-com members target:20:20;
}
routing-instances {
    red {
        instance-type vrf;
        interface ge-0/0/1.0;
        route-distinguisher 10.250.245.245:100;
        vrf-import red-import;
        vrf-export red-export;
        protocols {
            bgp {
                group to-ce1 {
                    local-address 10.20.250.2;
                    peer-as 100;
                    neighbor 10.20.250.1;
                }
            }
        }
    }
}

P0에서 PE1 및 PE2에 있는 IBGP neighbor를 연결합니다. 모든 인터페이스에 VPN 관련 프로토콜(MPLS, LDP 및 IGP)을 포함해야 합니다.

라우터 P0

content_copy zoom_out_map
[edit]
interfaces {
    so-0/1/0 {
        unit 0 {
            family inet {
                address 10.20.252.1/30;
            }
            family iso;
            family mpls;
        }
    }
    so-0/2/0 {
        unit 0 {
            family inet {
                address 10.20.251.2/30;
            }
            family iso;
            family mpls;
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 10.250.245.246/32;
            }
            family iso;
            family mpls;
        }
    }
}
routing-options {
    autonomous-system 300;
}
protocols {
    mpls {
        interface so-0/1/0;
        interface so-0/2/0;
    }
    isis {
        interface all;
    }
    ldp {
        interface all;
    }
}

PE2에서 라우터 PE1과의 IBGP 관계를 완료합니다. VRF 라우팅 인스턴스를 통해 CE2에 대한 EBGP 연결을 설정합니다. BGP 트래픽을 커뮤니티에 배치하는 VRF 인스턴스에 대한 내보내기 정책과 VPN 인접 라우터에서 커뮤니티 트래픽과 같은 것을 수락하는 가져오기 정책을 설정합니다. 그런 다음 CE1의 고정 경로를 라는 소스 클래스에 GOLD1추가하는 정책을 설정합니다. 또한 이 SCU 정책을 포워딩 테이블로 내보냅니다. 마지막으로, 인터페이스를 SCU 입력 인터페이스로 설정하고 vt CE 대면 인터페이스를 so-0/0/0 SCU 출력 인터페이스로 설정합니다.

라우터 PE2

content_copy zoom_out_map
[edit]
interfaces {
    so-0/1/1 {
        unit 0 {
            family inet {
                address 10.20.252.2/30;
            }
            family iso;
            family mpls;
        }
    }
    so-0/0/0 {
        unit 0 {
            family inet {
                accounting {
                    source-class-usage {
                        output;
                    }
                }
                address 10.20.253.1/30;
            }
        }
    }
    vt-4/1/0 {
        unit 0 {
            family inet {
                accounting {
                    source-class-usage {
                        input;
                    }
                }
                address 10.250.71.14/32;
            }
            family iso;
            family mpls;
        }
    }
}
routing-options {
    autonomous-system 300;
    forwarding-table {
        export inject-customer2-dest-class;
    }
}
protocols {
    mpls {
        interface so-0/1/1;
        interface vt-4/1/0;
    }
    bgp {
        group ibgp {
            type internal;
            local-address 10.250.71.14;
            family inet-vpn {
                unicast;
            }
            neighbor 10.250.245.245;
        }
    }
    isis {
        interface so-0/1/1;
    }
    ldp {
        interface so-0/1/1;
    }
}
routing-instances {
    red {
        instance-type vrf;
        interface so-0/0/0.0;
        interface vt-4/1/0.0;
        route-distinguisher 10.250.71.14:100;
        vrf-import red-import;
        vrf-export red-export;
        protocols {
            bgp {
                group to-ce2 {
                    local-address 10.20.253.1;
                    peer-as 400;
                    neighbor 10.20.253.2;
                }
            }
        }
    }
}
policy-options {
    policy-statement red-import {
        from {
            protocol bgp;
            community red-com;
        }
        then accept;
    }
    policy-statement red-export {
        from protocol bgp;
        then {
            community add red-com;
            accept;
        }
    }
    policy-statement inject-customer2-dest-class {
        term term-gold1-traffic {
            from {
                route-filter 10.114.1.0/24 exact;
            }
            then source-class GOLD1;
        }
    }
    community red-com members target:20:20;
}

라우터 CE2에서 PE2에 대한 EBGP 연결을 완료하여 VPN 경로를 완료합니다.

라우터 CE2

content_copy zoom_out_map
[edit]
interfaces {
    so-0/0/1 {
        unit 0 {
            family inet {
                address 10.20.253.2/30;
            }
        }
    }
}
routing-options {
    autonomous-system 400;
}
protocols {
    bgp {
        group to-pe2 {
            local-address 10.20.253.2;
            export inject-direct;
            peer-as 300;
            neighbor 10.20.253.1;
        }
    }
}
policy-options {
    policy-statement inject-direct {
        from {
            protocol direct;
        }
        then accept;
    }
}

상태 확인

SCU가 레이어 3 VPN에서 제대로 작동하는지 확인하려면 다음 명령을 사용합니다.

  • show interfaces interface-name statistics

  • show interfaces source-class source-class-name interface-name

  • show interfaces interface-name extensive ( | detail)

  • show route extensive ( | detail)

  • clear interface interface-name statistics

문을 구성한 아웃바운드 SCU 인터페이스에서 SCU 통계를 output 항상 확인해야 합니다. SCU 기능을 확인하려면 다음 단계를 수행합니다.

  1. SCU가 활성화된 라우터의 모든 카운터를 지우고 카운터가 비어 있는지 확인합니다.

  2. 수신 CE 라우터에서 두 번째 CE 라우터로 핑을 전송하여 SCU 지원 VPN 경로를 통해 SCU 트래픽을 생성합니다.

  3. 아웃바운드 인터페이스에서 카운터가 올바르게 증가하고 있는지 확인합니다.

다음 섹션에서는 구성 예제와 함께 사용된 이러한 명령의 출력을 보여 줍니다.

content_copy zoom_out_map
user@pe2> clear interfaces statistics all

	user@pe2> show interfaces so-0/0/0.0 statistics
  	Logical interface so-0/0/0.0 (Index 6) (SNMP ifIndex 113) 
    Flags: Point-To-Point SNMP-Traps Encapsulation: PPP
    Protocol inet, MTU: 4470
      Source class                             Packets                Bytes
 GOLD1                          0                    0
      Addresses, Flags: Is-Preferred Is-Primary

	user@pe2> show interfaces source-class GOLD1 so-0/0/0.0    
    Protocol inet
      Source class                             Packets                Bytes
GOLD1                          0                    0

user@ce1> ping 10.20.253.2 source 10.114.1.1 rapid count 10000

user@scu>  show interfaces source-class GOLD1 so-0/0/0.0
    Protocol inet
      Source class                             Packets                Bytes
GOLD1                      20000              1680000

user@scu>  show interfaces so-0/0/0.0 statistics
  Logical interface so-0/0/0.0 (Index 6) (SNMP ifIndex 113) 
    Flags: Point-To-Point SNMP-Traps Encapsulation: PPP
    Protocol inet, MTU: 4470
      Source class                             Packets                Bytes
GOLD1                      20000              1680000
      Addresses, Flags: Is-Preferred Is-Primary
         Destination: 10.20.253/24, Local: 10.20.253.1

관련 항목

arrow_backward PREVIOUS SCU 구성
NEXT arrow_forward 예: 소스 및 대상 접두사를 포워딩 클래스로 그룹화
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top