더보기
vMX image : vmxvfp-19.1R1.6-domestic-VFP , vmxvcp-19.1R1.6-domestic-VCP
EVE-NG : version 2.0.3-110
PE1- P - PE2 : OSPF, LDP ,MPLS
PE1 - PE2 : MP-BGP
CE - PE : EBGP
vMX trial licence가 필요함. 아래링크참조해서 라이센스 입력
www.juniper.net/kr/kr/dm/free-vmx-trial/
CE-A config
root@CE-A# show | display set
set version 20190319.203446_builder.r1013243
set system root-authentication encrypted-password "$6$uVQJh3a3$gyooY5wDjzk/K9aCGuRpzyMgE/Cl1rJMi"
set system host-name CE-A
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set chassis network-services enhanced-ip
set interfaces ge-0/0/2 unit 0 family inet address 10.0.10.2/24
set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM606ED64D1F
set interfaces lo0 unit 0 family inet address 192.168.11.1/32
# static 을 bgp로 redistribution 하기 위한 정책 적용
set policy-options policy-statement static-to-bgp term 10 from protocol static
set policy-options policy-statement static-to-bgp term 10 then accept
set policy-options policy-statement static-to-bgp term 20 then reject
set routing-options static route 11.11.11.0/24 discard
set routing-options router-id 192.168.11.1
set routing-options autonomous-system 65101
#PE와 BGP 설정
set protocols bgp group my-ext-group type external
set protocols bgp group my-ext-group peer-as 65512
set protocols bgp group my-ext-group neighbor 10.0.10.1
# static redistribution 정책 적용
set protocols bgp export static-to-bgp
CE-B config
root@CE-B# show | display set
set version 20190319.203446_builder.r1013243
set system root-authentication encrypted-password "$6$DKPBY8rA$PgT5FW/8LqOtFDOgXEefFkFwVNKzASvxE"
set system host-name CE-B
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set chassis network-services enhanced-ip
set interfaces ge-0/0/4 unit 0 family inet address 10.0.11.2/24
set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM606ED6634D
# static 을 bgp로 redistribution 하기 위한 정책 적용
set policy-options policy-statement static-to-bgp term 10 from protocol static
set policy-options policy-statement static-to-bgp term 10 then accept
set policy-options policy-statement static-to-bgp term 20 then reject
set routing-options static route 22.22.22.0/24 discard
set routing-options autonomous-system 65101
# PE와 bgp 설정
set protocols bgp group my-ext-group type external
set protocols bgp group my-ext-group peer-as 65512
set protocols bgp group my-ext-group neighbor 10.0.11.1
# static redistribution 설정
set protocols bgp export static-to-bgp
PE-1 config
root@PE-1# show | display set
set version 20190319.203446_builder.r1013243
set system root-authentication encrypted-password "$6$FeXrUQwk$3BJw3SM4ZI4WyDnaJmXHt.BigV25NqOkA"
set system host-name PE-1
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set chassis network-services enhanced-ip
set interfaces ge-0/0/1 unit 0 family inet address 10.0.10.1/24
set interfaces ge-0/0/3 unit 0 family inet address 172.22.210.1/24
set interfaces ge-0/0/3 unit 0 family mpls
set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM606ED678E3
set interfaces lo0 unit 0 family inet address 192.168.1.1/32
# import/export 적책 설정
set policy-options policy-statement export-vpn-a term 1 from protocol bgp
set policy-options policy-statement export-vpn-a term 1 then community add vpn-a
set policy-options policy-statement export-vpn-a term 1 then accept
set policy-options policy-statement export-vpn-a term 2 then reject
set policy-options policy-statement import-vpn-a term 1 from protocol bgp
set policy-options policy-statement import-vpn-a term 1 from community vpn-a
set policy-options policy-statement import-vpn-a term 1 then accept
set policy-options policy-statement import-vpn-a term 2 then reject
# RT 설정
set policy-options community vpn-a members target:65512:101
# CE용 VRF 설정
set routing-instances VPN-A instance-type vrf
set routing-instances VPN-A interface ge-0/0/1.0
set routing-instances VPN-A route-distinguisher 192.168.1.1:1
set routing-instances VPN-A vrf-import import-vpn-a ## import 정책적용
set routing-instances VPN-A vrf-export export-vpn-a ## export 정책적용
set routing-instances VPN-A vrf-target target:65512:101
# CE와 EBGP 설정, as-override
set routing-instances VPN-A protocols bgp group my-ext-group type external
set routing-instances VPN-A protocols bgp group my-ext-group peer-as 65101
set routing-instances VPN-A protocols bgp group my-ext-group as-override
set routing-instances VPN-A protocols bgp group my-ext-group neighbor 10.0.10.2
set routing-options router-id 192.168.1.1
set routing-options autonomous-system 65512
set protocols ldp interface ge-0/0/3.0
set protocols ldp interface lo0.0
# PE와 BGP 설정
set protocols bgp group PE-PE type internal
set protocols bgp group PE-PE local-address 192.168.1.1
set protocols bgp group PE-PE family inet unicast
set protocols bgp group PE-PE family inet-vpn unicast
set protocols bgp group PE-PE local-as 65512
set protocols bgp group PE-PE neighbor 192.168.1.3
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 interface-type p2p
set protocols mpls interface lo0.0
set protocols mpls interface ge-0/0/3.0
PE-2 config
root@PE-2# show | display set
set version 20190319.203446_builder.r1013243
set system root-authentication encrypted-password "$6$pzuS08KF$SevcYY3KewZraLtshsbGEPRFPXjjbmfXd"
set system host-name PE-2
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/3 unit 0 family inet address 172.22.212.1/24
set interfaces ge-0/0/3 unit 0 family mpls
set interfaces ge-0/0/5 unit 0 family inet address 10.0.11.1/24
set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM606ED63CAE
set interfaces lo0 unit 0 family inet address 192.168.1.3/32
# import/export 적책 설정
set policy-options policy-statement export-vpn-a term 1 from protocol bgp
set policy-options policy-statement export-vpn-a term 1 then community add vpn-a
set policy-options policy-statement export-vpn-a term 1 then accept
set policy-options policy-statement export-vpn-a term 2 then reject
set policy-options policy-statement import-vpn-a term 1 from protocol bgp
set policy-options policy-statement import-vpn-a term 1 from community vpn-a
set policy-options policy-statement import-vpn-a term 1 then accept
set policy-options policy-statement import-vpn-a term 2 then reject
# RT 설정
set policy-options community vpn-a members target:65512:101
# CE용 VRF 설정
set routing-instances VPN-A instance-type vrf
set routing-instances VPN-A interface ge-0/0/5.0
set routing-instances VPN-A route-distinguisher 192.168.1.1:1
set routing-instances VPN-A vrf-import import-vpn-a ## import 정책적용
set routing-instances VPN-A vrf-export export-vpn-a ## export 정책적용
set routing-instances VPN-A vrf-target target:65512:101
# CE와 EBGP 설정, as-override
set routing-instances VPN-A protocols bgp group my-ext-group type external
set routing-instances VPN-A protocols bgp group my-ext-group peer-as 65101
set routing-instances VPN-A protocols bgp group my-ext-group as-override
set routing-instances VPN-A protocols bgp group my-ext-group neighbor 10.0.11.2
set routing-options router-id 192.168.1.3
set routing-options autonomous-system 65512
set protocols ldp interface ge-0/0/3.0
set protocols ldp interface lo0.0
# PE와 BGP 설정
set protocols bgp group PE-PE type internal
set protocols bgp group PE-PE local-address 192.168.1.3
set protocols bgp group PE-PE family inet unicast
set protocols bgp group PE-PE family inet-vpn unicast
set protocols bgp group PE-PE local-as 65512
set protocols bgp group PE-PE neighbor 192.168.1.1
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/3.0 interface-type p2p
set protocols mpls interface lo0.0
set protocols mpls interface ge-0/0/3.0
P config
root@P# show | display set
set version 20190319.203446_builder.r1013243
set system root-authentication encrypted-password "$6$AMdZ8SMO$4Qo31czcjEstpN25WVnn49m14QV6JbkDR"
set system host-name P
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set chassis network-services ip
set interfaces ge-0/0/2 unit 0 family inet address 172.22.210.2/24
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces ge-0/0/4 unit 0 family inet address 172.22.212.2/24
set interfaces ge-0/0/4 unit 0 family mpls
set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM606ED66EC5
set interfaces lo0 unit 0 family inet address 192.168.1.2/32
set routing-options router-id 192.168.1.2
set routing-options autonomous-system 65512
set protocols ldp interface ge-0/0/2.0
set protocols ldp interface ge-0/0/4.0
set protocols ldp interface lo0.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/0/4.0 interface-type p2p
set protocols mpls interface lo0.0
set protocols mpls interface ge-0/0/2.0
set protocols mpls interface ge-0/0/4.0