JUNIPER GRE OVER BGP

'''

   通过GRE接口建立BGP,会发现BGP一直起不来。咋肥事呢咋肥事?

   非常感谢大侠的指导,我们需要在BGP的策略里面把GRE接口的源目地址给deny掉。

'''

实验拓扑:

使用了两台SRX300防火墙和一台EX2200交换机。

SRX320----EX2200---SRX300


实验配置:

1.gre配置:

admin# show interfaces gr-0/0/0 

unit 0 {

    tunnel {

        source 220.220.220.1;

        destination 110.110.110.1;

    }

    family inet {

        address 172.16.101.2/24;  

    }

}

2.BGP配置:

admin# show protocols bgp 

group EBGP_1101 {

    type external;

    multihop {

        ttl 64;

    }

    import IMPORT-1101;

    export EXPORT-1101;

    neighbor 110.110.110.1 {

        peer-as 1101;

    }

}

3.policy-options配置:

policy-statement EXPORT-1101 {    #Export方向deny掉源地址的明细路由

    term 1 {

        from {

            route-filter 220.220.220.0/24 exact;

        }

        then reject;

    }

    term 2 {

        then accept;

    }

}

policy-statement IMPORT-1101 {    #ixport方向deny掉目的地址的明细路由

    term 1 {

        from {

            route-filter 110.110.0.0/16 exact;

        }

        then reject;

    }

    term 2 {

        then accept;

    }

}

4.如何选择这个明细路由:

admin# run show route 110.110.110.1    


inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both


110.110.0.0/16     *[Static/5] 02:20:13

                    > to 220.220.220.254 via ge-0/0/0.0




[edit]

admin# run show route 220.220.220.1/24 


inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both


220.220.220.0/24   *[Direct/0] 02:38:33

                    > via ge-0/0/0.0

220.220.220.1/32   *[Local/0] 02:38:37

                      Local via ge-0/0/0.0


[edit]

admin# 

5.检查BGP:

admin# run show bgp summary    

Groups: 1 Peers: 1 Down peers: 0

Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending

inet.0               

                       1          1          0          0          0          0

Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...

110.110.110.1          1101        262        262       0       0     1:55:46 1/1/1/0              0/0/0/0


[edit]

admin# run show route protocol bgp   


inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both


192.168.1.0/24     *[BGP/170] 01:54:44, localpref 100, from 110.110.110.1

                      AS path: 1101 I, validation-state: unverified

                    > to 220.220.220.254 via ge-0/0/0.0


[edit]



上一篇:VLAN,GRE,VXLAN


下一篇:linux搭建GRE隧道