728x90

 

--Service Provider sytple--

set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
set interfaces ge-0/0/0 unit 100 vlan-id 100
set interfaces ge-0/0/0 unit 200 vlan-id 200


set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/2 encapsulation extended-vlan-bridge
set interfaces ge-0/0/2 unit 100 vlan-id 100
set interfaces ge-0/0/2 unit 200 vlan-id 200

 

set interfaces irb unit 100 family inet address 10.10.10.1/24
set interfaces irb unit 200 family inet address 20.20.20.1/24


set routing-options router-id 1.1.1.1
set protocols ospf area 0.0.0.0 interface irb.100 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface irb.200 passive

set interfaces ge-0/0/1 unit 0 family inet address 79.79.79.9/24 


set bridge-domains v100 vlan-id 100     
set bridge-domains v100 interface ge-0/0/0.100
set bridge-domains v100 interface ge-0/0/2.100
set bridge-domains v100 routing-interface irb.100


set bridge-domains v200 vlan-id 200
set bridge-domains v200 interface ge-0/0/0.200
set bridge-domains v200 interface ge-0/0/2.200
set bridge-domains v200 routing-interface irb.200

root@R9# run show bridge domain 

Routing instance        Bridge domain            VLAN ID     Interfaces
default-switch          v100                     100      
                                                             ge-0/0/0.100
                                                             ge-0/0/2.100
default-switch          v200                     200      
                                                             ge-0/0/0.200
                                                             ge-0/0/2.200

--Enterprise sytple--


set interfaces ge-0/0/0 unit 0 family bridge interface-mode trunk
set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 100
set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 200

set interfaces ge-0/0/2 unit 0 family bridge interface-mode trunk
set interfaces ge-0/0/2 unit 0 family bridge vlan-id-list 100
set interfaces ge-0/0/2 unit 0 family bridge vlan-id-list 200


set interfaces irb unit 100 family inet address 10.10.10.1/24
set interfaces irb unit 200 family inet address 20.20.20.1/24


set routing-options router-id 1.1.1.1
set protocols ospf area 0.0.0.0 interface irb.100 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface irb.200 passive

set interfaces ge-0/0/1 unit 0 family inet address 79.79.79.9/24 

 

set bridge-domains v100 vlan-id 100
set bridge-domains v100 routing-interface irb.100
set bridge-domains v200 vlan-id 200     
set bridge-domains v200 routing-interface irb.200
                                        
root@R9# run show bridge domain    

Routing instance        Bridge domain            VLAN ID     Interfaces
default-switch          v100                     100      
                                                             ge-0/0/0.0
                                                             ge-0/0/2.0
default-switch          v200                     200      
                                                             ge-0/0/0.0
                                                             ge-0/0/2.0

728x90

{master:0}[edit]

icraft@EX4300_1# run ssh 5.5.5.5                                                                                             

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ECDSA key sent by the remote host is

bf:1f:e9:9a:89:83:8c:e6:3c:83:ee:03:63:e2:d7:c8.

Please contact your system administrator.

Add correct host key in /var/home/icraft/.ssh/known_hosts to get rid of this message.

Offending ECDSA key in /var/home/icraft/.ssh/known_hosts:1

ECDSA host key for 5.5.5.5 has changed and you have requested strict checking.

Host key verification failed.




{master:0}[edit]

icraft@EX4300_1# run file delete /var/home/icraft/.ssh/known_hosts 


{master:0}[edit]

icraft@EX4300_1# run ssh 5.5.5.5 

The authenticity of host '5.5.5.5 (5.5.5.5)' can't be established.

ECDSA key fingerprint is bf:1f:e9:9a:89:83:8c:e6:3c:83:ee:03:63:e2:d7:c8.

Are you sure you want to continue connecting (yes/no)? yes



Warning: Permanently added '5.5.5.5' (ECDSA) to the list of known hosts.

==================================================================

  This system is the property of SK broadband.

  Disconnect IMMEDIATELY if you are an unauthorised user!

  Violators will be prosecuted both by civil and

  criminal law to the fullest extent.

==================================================================

Password:

저작자표시
728x90



bgp neighbor 설정에서 neighbor IP만 읽어와 prefiex-list에 적용함


set protocols bgp group test type internal

set protocols bgp group test local-address 1.1.1.2

set protocols bgp group test neighbor 1.1.1.1

set protocols bgp group test neighbor 2.2.2.2

set protocols bgp group test neighbor 3.3.3.3


set policy-options prefix-list configured-bgp-neighbors apply-path "protocols bgp <*> neighbor <*>"


set firewall family inet filter protect-re term BGP-allow from source-prefix-list configured-bgp-neighbors

set firewall family inet filter protect-re term BGP-allow from protocol tcp

set firewall family inet filter protect-re term BGP-allow from port bgp

set firewall family inet filter protect-re term BGP-allow then accept


set firewall family inet filter protect-re term discard-all then discard


set interfaces lo0 unit 0 family inet filter input protect-re


확인


icraft@R2# show policy-options prefix-list configured-bgp-neighbors | display inheritance 

##

## apply-path was expanded to:

##     1.1.1.1/32; 

##     2.2.2.2/32; 

##     3.3.3.3/32; 

##

apply-path "protocols bgp group <*> neighbor <*>";




저작자표시
728x90


A와 B가 12.12.12.0/24 대역을 CE_1에게 광고함.


    [A]--------------[CE]--------------[B]

    12.12.12.0/24-->          <--12.12.12.0/24



LB 설정

chano@CE_1# show | display set | match ECMP 

set routing-options forwarding-table export ECMP

set policy-options policy-statement ECMP then load-balance per-packet

set policy-options policy-statement ECMP then accept



BGP 설정

chano@CE_1# show protocols bgp | display set 


set protocols bgp group EBGP type external

set protocols bgp group EBGP peer-as 6619

set protocols bgp group EBGP local-as 65001

set protocols bgp group EBGP multipath

set protocols bgp group EBGP neighbor 10.10.1.1

set protocols bgp group EBGP neighbor 10.10.2.2


BGP 네이버 상태

chano@CE_1# run show bgp summary 

Groups: 1 Peers: 2 Down peers: 0

Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending

inet.0               

                       2          1          0          0          0          0

Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...

10.10.1.1              6619        865        864       0       0     1:05:07 1/1/1/0              0/0/0/0

10.10.2.2              6619        881        881       0       0     1:06:23 0/1/1/0              0/0/0/0



A와 B에게서 수신한 루트 확인

chano@CE_1# run show route receive-protocol bgp 10.10.1.1 


inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)

  Prefix                  Nexthop              MED     Lclpref    AS path

* 12.12.12.0/24           10.10.1.1                               6619 I


[edit]

chano@CE_1# run show route receive-protocol bgp 10.10.2.2    


inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)

  Prefix                  Nexthop              MED     Lclpref    AS path

  12.12.12.0/24           10.10.2.2                               6619 I



multipath 설정 전 라우팅 테이블 확인

chano@CE_1# run show route 12.12.12.0 


inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both


12.12.12.0/24      *[BGP/170] 00:20:35, localpref 100

                      AS path: 6619 I, validation-state: unverified

                    > to 10.10.1.1 via ge-0/0/2.0

                    [BGP/170] 00:19:11, localpref 100

                      AS path: 6619 I, validation-state: unverified

                    > to 10.10.2.2 via ge-0/0/1.0


multipath 설정 전 포워딩 테이블 확인

chano@CE_1# run show route forwarding-table destination 12.12.12.0    

Routing table: default.inet

Internet:

Destination        Type RtRef Next hop           Type Index    NhRef Netif

12.12.12.0/24      user     0 10.10.1.1          ucst      569     4 ge-0/0/2.0


Routing table: __master.anon__.inet

Internet:

Destination        Type RtRef Next hop           Type Index    NhRef Netif

default            perm     0                    rjct      521     1



multipath  설정

[edit]

chano@CE_1# set protocols bgp group EBGP multipath 


[edit]

chano@CE_1# commit 

commit complete



설정 후 테이블 확인
chano@CE_1# run show route 12.12.12.0 

inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

12.12.12.0/24      *[BGP/170] 00:21:25, localpref 100
                      AS path: 6619 I, validation-state: unverified
                      to 10.10.2.2 via ge-0/0/1.0
                    > to 10.10.1.1 via ge-0/0/2.0
                    [BGP/170] 00:20:01, localpref 100
                      AS path: 6619 I, validation-state: unverified
                    > to 10.10.2.2 via ge-0/0/1.0

[edit]
chano@CE_1# run show route 12.12.12.0 extensive                       

inet.0: 12 destinations, 13 routes (12 active, 0 holddown, 0 hidden)
12.12.12.0/24 (2 entries, 1 announced)
TSI:
KRT in-kernel 12.12.12.0/24 -> {10.10.2.2}
        *BGP    Preference: 170/-101
                Next hop type: Router
                Address: 0x965007c
                Next-hop reference count: 1
                Source: 10.10.1.1
                Next hop: 10.10.2.2 via ge-0/0/1.0, selected
                Session Id: 0x0
                Next hop: 10.10.1.1 via ge-0/0/2.0
                Session Id: 0x0
                State: <Active Ext>
                Local AS: 65001 Peer AS:  6619
                Age: 33:26 
                Validation State: unverified 
                Task: BGP_6619.10.10.1.1+60722
                Announcement bits (1): 0-KRT 
                AS path: 6619 I
                Accepted Multipath
                Localpref: 100
                Router ID: 1.1.1.5
         BGP    Preference: 170/-101
                Next hop type: Router, Next hop index: 568
                Address: 0x95b05b4
                Next-hop reference count: 2
                Source: 10.10.2.2
                Next hop: 10.10.2.2 via ge-0/0/1.0, selected
                Session Id: 0x140
                State: <NotBest Ext>
                Inactive reason: Not Best in its group - Active preferred
                Local AS: 65001 Peer AS:  6619
                Age: 32:02 
                Validation State: unverified 
                Task: BGP_6619.10.10.2.2+52071
                AS path: 6619 I
                Accepted MultipathContrib
                Localpref: 100
                Router ID: 1.1.1.6


설정 후 포워딩테이블 확인
chano@CE_1# run show route forwarding-table destination 12.12.12.0 
Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
12.12.12.0/24      user     0                    ulst  1048574     2
                              10.10.2.2          ucst      568     3 ge-0/0/1.0
                              10.10.1.1          ucst      569     3 ge-0/0/2.0

Routing table: __master.anon__.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    rjct      521     1




저작자표시

+ Recent posts

티스토리툴바