Policy-chain实验

Policy-chain实验

Policy-chain 实验

实验拓扑

vMX-3的lo0.0接口上连接着以下网段192.168.1.0/24192.168.2.0/24192.168.3.0/2410.1.1.0/2410.2.1.0/24172.16.0.0/24

配置需求R3上面执行路由汇总：192.168.0.0/1610.0.0.0/8172.16.0.0/16

要求：R3只通告聚合路由192.168.0.0/16给R1R3通告聚合路由192.168.0.0/16和10.0.0.0/16给R2(拒绝其他的路由)

配置案列

vMX-1配置root@vMX-1# run show configuration version 14.1R1.10;system {root-authentication {encrypted-password "$1$a0zjPx7P$4Va9RcsxrIuHWJz.fhmrS0"; ## SECRET-DATA}interfaces {ge-0/0/2 {unit 0 {family inet {address 202.103.13.1/24;}}}}routing-options {autonomous-system 100;}protocols {bgp {group ebgp-peer {type external;log-updown;neighbor 202.103.13.3 {peer-as 300;}}}}

vMX-2配置[edit]root@vMX-2# run show configuration version 14.1R1.10;system {host-name vMX-2;root-authentication {encrypted-password "$1$QsSbO49u$DmMrWquAJ739RmUFn3CLo1"; ## SECRET-DATA}interfaces {ge-0/0/0 {unit 0 {family inet { address 202.103.23.2/24;}}}}routing-options {autonomous-system 200;}protocols {bgp {group ebgp-peer {type external;log-updown;neighbor 202.103.23.3 {peer-as 300;}}}}

vMX-3配置root@vMX-3# run show configuration version 14.1R1.10;system {host-name vMX-3;root-authentication {encrypted-password "$1$QYBXvplE$9SwS1OUd9MaGzBo0f3I760"; ## SECRET-DATA}interfaces {ge-0/0/0 {unit 0 {family inet { address 202.103.23.3/24;}}}ge-0/0/2 {unit 0 {family inet {address 202.103.13.3/24;}}}lo0 {unit 0 {family inet {address 192.168.1.3/24;address 192.168.2.3/24;address 192.168.3.3/24;address 10.1.1.3/24;address 10.2.1.3/24;address 172.16.0.3/24;}}} }routing-options {aggregate {route 192.168.0.0/16;route 10.0.0.0/8;route 172.16.0.0/16;}autonomous-system 300;}protocols {bgp {group ebgp-peer {type external;log-updown;neighbor 202.103.23.2 {export [ to-R1 to-R2 default-policy ];peer-as 200;}neighbor 202.103.13.1 {export [ to-R1 default-policy ];peer-as 100;}} }}policy-options {policy-statement default-policy {then reject;}policy-statement to-R1 {from {protocol aggregate;route-filter 192.168.0.0/16 exact;}then accept;}policy-statement to-R2 {from {protocol aggregate;route-filter 10.0.0.0/8 exact;}then accept;}}

查看vMX-1路由表[edit]root@vMX-1# run show route

inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

= Active Route, - = Last Active, * = Both

192.168.0.0/16 *[BGP/170] 00:33:02, localpref 100AS path: 300 I, validation-state: unverified

to 202.103.13.3 via ge-0/0/2.0202.103.13.0/24 [Direct/0] 00:56:38via ge-0/0/2.0202.103.13.1/32 [Local/0] 00:56:38Local via ge-0/0/2.0

查看vMX-2路由表[edit]root@vMX-2# run show route

inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)

= Active Route, - = Last Active, * = Both

10.0.0.0/8 *[BGP/170] 00:32:38, localpref 100AS path: 300 I, validation-state: unverified

to 202.103.23.3 via ge-0/0/0.0192.168.0.0/16 [BGP/170] 00:32:38, localpref 100AS path: 300 I, validation-state: unverifiedto 202.103.23.3 via ge-0/0/0.0202.103.23.0/24 [Direct/0] 00:52:45via ge-0/0/0.0202.103.23.2/32 *[Local/0] 00:52:45Local via ge-0/0/0.0

查看vMX-3路由表[edit]root@vMX-3# run show route

inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden)

= Active Route, - = Last Active, * = Both

10.0.0.0/8 [Aggregate/130] 00:33:39Reject10.1.1.0/24 [Direct/0] 00:39:47

via lo0.010.1.1.3/32 [Local/0] 00:39:47Local via lo0.010.2.1.0/24 [Direct/0] 00:39:47via lo0.010.2.1.3/32 [Local/0] 00:39:47Local via lo0.0172.16.0.0/16 [Aggregate/130] 00:33:39Reject172.16.0.0/24 [Direct/0] 00:39:47via lo0.0172.16.0.3/32 [Local/0] 00:39:47Local via lo0.0192.168.0.0/16 [Aggregate/130] 00:33:39Reject192.168.1.0/24 [Direct/0] 00:40:36via lo0.0 192.168.1.3/32 [Local/0] 00:40:36Local via lo0.0192.168.2.0/24 [Direct/0] 00:40:18via lo0.0192.168.2.3/32 [Local/0] 00:40:18Local via lo0.0192.168.3.0/24 [Direct/0] 00:39:47via lo0.0192.168.3.3/32 [Local/0] 00:39:47Local via lo0.0202.103.13.0/24 [Direct/0] 00:51:32via ge-0/0/2.0202.103.13.3/32 [Local/0] 00:51:32Local via ge-0/0/2.0202.103.23.0/24 [Direct/0] 00:51:32via ge-0/0/0.0202.103.23.3/32 *[Local/0] 00:51:32Local via ge-0/0/0.0

root@vMX-3# run show route protocol aggregate

inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden)

= Active Route, - = Last Active, * = Both

10.0.0.0/8 [Aggregate/130] 00:34:03Reject172.16.0.0/16 [Aggregate/130] 00:34:03Reject192.168.0.0/16 *[Aggregate/130] 00:34:03Reject

vMX-3将192.168.0.0/16的路由通告给vMX-1,下一跳自己[edit]root@vMX-3# run show route advertising-protocol bgp 202.103.13.1

inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden)Prefix Nexthop MED Lclpref AS path

192.168.0.0/16 Self I

vMX-3将192.168.0.0/16、10.0.0.0/8的路由通告给vMX-2,下一跳自己root@vMX-3# run show route advertising-protocol bgp 202.103.23.2

inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden)Prefix Nexthop MED Lclpref AS path

10.0.0.0/8 Self I 192.168.0.0/16 Self I

到此为止所有的需求已经实现。

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。