'''
通过GRE接口建立BGP,会发现BGP一直起不来。咋肥事呢咋肥事?
非常感谢大侠的指导,我们需要在BGP的策略里面把GRE接口的源目地址给deny掉。
'''
实验拓扑:
使用了两台SRX300防火墙和一台EX2200交换机。
SRX320----EX2200---SRX300
实验配置:
1.gre配置:
admin# show interfaces gr-0/0/0
unit 0 {
tunnel {
source 220.220.220.1;
destination 110.110.110.1;
}
family inet {
address 172.16.101.2/24;
}
}
2.BGP配置:
admin# show protocols bgp
group EBGP_1101 {
type external;
multihop {
ttl 64;
}
import IMPORT-1101;
export EXPORT-1101;
neighbor 110.110.110.1 {
peer-as 1101;
}
}
3.policy-options配置:
policy-statement EXPORT-1101 { #Export方向deny掉源地址的明细路由
term 1 {
from {
route-filter 220.220.220.0/24 exact;
}
then reject;
}
term 2 {
then accept;
}
}
policy-statement IMPORT-1101 { #ixport方向deny掉目的地址的明细路由
term 1 {
from {
route-filter 110.110.0.0/16 exact;
}
then reject;
}
term 2 {
then accept;
}
}
4.如何选择这个明细路由:
admin# run show route 110.110.110.1
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
110.110.0.0/16 *[Static/5] 02:20:13
> to 220.220.220.254 via ge-0/0/0.0
[edit]
admin# run show route 220.220.220.1/24
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
220.220.220.0/24 *[Direct/0] 02:38:33
> via ge-0/0/0.0
220.220.220.1/32 *[Local/0] 02:38:37
Local via ge-0/0/0.0
[edit]
admin#
5.检查BGP:
admin# run show bgp summary
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
1 1 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
110.110.110.1 1101 262 262 0 0 1:55:46 1/1/1/0 0/0/0/0
[edit]
admin# run show route protocol bgp
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.0/24 *[BGP/170] 01:54:44, localpref 100, from 110.110.110.1
AS path: 1101 I, validation-state: unverified
> to 220.220.220.254 via ge-0/0/0.0
[edit]
