ネットワーク備忘録

アラフォーエンジニアのネットワーク系の備忘録。twitter:@deigo25374582

JUNOS_OSPF_import_policy

CSR1kv--area10--vSRX01--area0--vSRX02

 前回のarea-range はLSA Type3のフィルタ
今回は再配信した経路のフィルタ

CSR1kvで2.2.2.0/24 と 3.3.3.0/24 の経路をredistributeで配信
vSRX02で確認

 vSRX02> show ospf database
~略~
Type  ID    Adv Rtr   Seq  Age Opt Cksum Len
Extern 2.2.2.0   10.1.2.2   0x80000002 508 0x20 0x2169 36
Extern 3.3.3.0   10.1.2.2   0x80000001 1440 0x20 0xfe89 36

2.2.2.0/24     *[OSPF/150] 00:00:07, metric 20, tag 0
          > to 10.1.1.2 via ge-0/0/0.0
3.3.3.0/24     *[OSPF/150] 00:31:20, metric 20, tag 0
          > to 10.1.1.2 via ge-0/0/0.0

 →外部として載ってる。

ここでvSRX02を以下に設定

 set protocols ospf import to_srx
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0

set policy-options policy-statement to_srx term 1 from route-filter 2.2.2.0/24 exact
set policy-options policy-statement to_srx term 1 then reject

 routing確認

vSRX02# run show ospf database

Type  ID    Adv Rtr   Seq  Age Opt Cksum Len
Extern 2.2.2.0   10.1.2.2   0x80000002 1001 0x20 0x2169 36
Extern 3.3.3.0   10.1.2.2   0x80000001 1933 0x20 0xfe89 36

vSRX02# run show route protocol ospf


3.3.3.0/24     *[OSPF/150] 00:32:41, metric 20, tag 0
          > to 10.1.1.2 via ge-0/0/0.0

 2.2.2.0/24が消えた

 

JUNOS_OSPF_area-range

どわすれしてたので反省

 

CSR1kv--area10--vSRX01--area0--vSRX02

 

vSRX02のlo0(172.16.1.0/24)をCSR1kvへ広告したくない場合

まずは何もしない状態のvSRX01

set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.10 interface ge-0/0/0.0

この状態でのCSR1kvのroute

csr1kv02#show ip route 172.16.1.0
Routing entry for 172.16.1.0/24
 Known via "ospf 1", distance 110, metric 2, type inter area
 Last update from 10.1.2.1 on GigabitEthernet2, 00:01:13 ago
 Routing Descriptor Blocks:
 * 10.1.2.1, from 10.1.1.2, 00:01:13 ago, via GigabitEthernet2
   Route metric is 2, traffic share count is 1

 

vSRX01を以下に編集

set protocols ospf area 0.0.0.0 area-range 172.16.1.0/24 restrict
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.10 interface ge-0/0/0.0

 

 再度確認

csr1kv02#show ip route 172.16.1.0
% Network not in table

 

area-rangeの設定するAreaを勘違いしてた。

JUNOS_MCLAG_1

JUNOSのMC-LAG

f:id:klock_3rd:20190121034154p:plain

Ciscoで言うところのvPC
JUNOSでは経験無かったのでメモ

 
L2でのMC-LAGを適当に構成

vQFX01

set chassis aggregated-devices ethernet device-count 10
set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 100
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members vlan200
set interfaces xe-0/0/1 ether-options 802.3ad ae1

set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp system-id 00:00:00:00:ae:01
set interfaces ae1 aggregated-ether-options lacp admin-key 1
set interfaces ae1 aggregated-ether-options mc-ae mc-ae-id 1
set interfaces ae1 aggregated-ether-options mc-ae chassis-id 0
set interfaces ae1 aggregated-ether-options mc-ae mode active-active
set interfaces ae1 aggregated-ether-options mc-ae status-control active
set interfaces ae1 unit 0 family ethernet-switching interface-mode access
set interfaces ae1 unit 0 family ethernet-switching vlan members vlan200

set interfaces irb unit 100 family inet address 10.1.1.1/24
set multi-chassis multi-chassis-protection 10.1.1.3 interface xe-0/0/1set protocols iccp local-ip-addr 10.1.1.1
set protocols iccp peer 10.1.1.3 redundancy-group-id-list 1
set protocols iccp peer 10.1.1.3 liveness-detection minimum-interval 500
set protocols iccp peer 10.1.1.3 liveness-detection multiplier 3

set switch-options service-id 1

set vlans vlan100 vlan-id 100
set vlans vlan100 l3-interface irb.100
set vlans vlan200 vlan-id 200
set vlans vlan200 l3-interface irb.200

vQFX03

set chassis aggregated-devices ethernet device-count 10
set interfaces xe-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members 100
set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members vlan200

set interfaces xe-0/0/1 ether-options 802.3ad ae1

set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 aggregated-ether-options lacp system-id 00:00:00:00:ae:01
set interfaces ae1 aggregated-ether-options lacp admin-key 1
set interfaces ae1 aggregated-ether-options mc-ae mc-ae-id 1
set interfaces ae1 aggregated-ether-options mc-ae chassis-id 1
set interfaces ae1 aggregated-ether-options mc-ae mode active-active
set interfaces ae1 aggregated-ether-options mc-ae status-control standby
set interfaces ae1 unit 0 family ethernet-switching interface-mode access
set interfaces ae1 unit 0 family ethernet-switching vlan members vlan200

set interfaces irb unit 100 family inet address 10.1.1.3/24
set multi-chassis multi-chassis-protection 10.1.1.1 interface xe-0/0/1

set protocols iccp local-ip-addr 10.1.1.3
set protocols iccp peer 10.1.1.1 redundancy-group-id-list 1
set protocols iccp peer 10.1.1.1 liveness-detection minimum-interval 500
set protocols iccp peer 10.1.1.1 liveness-detection multiplier 3

set switch-options service-id 1

set vlans default vlan-id 1
set vlans vlan100 vlan-id 100
set vlans vlan100 l3-interface irb.100
set vlans vlan200 vlan-id 200
set vlans vlan200 l3-interface irb.200

 

vQFX02

set chassis aggregated-devices ethernet device-count 10

set interfaces xe-0/0/1 ether-options 802.3ad ae1
set interfaces xe-0/0/2 ether-options 802.3ad ae1

set interfaces ae1 aggregated-ether-options lacp active
set interfaces ae1 unit 0 family ethernet-switching interface-mode access
set interfaces ae1 unit 0 family ethernet-switching vlan members vlan200

set vlans vlan200 vlan-id 200

 

状態確認

vQFX01

 

admin@vQFX01-RE# run show iccp brief

Redundancy Group Information for peer 10.1.1.3
 TCP Connection    : Established
 Liveliness Detection : Up
 Redundancy Group ID     Status
  1              Up

Client Application: MCSNOOPD
 Redundancy Group IDs Joined: None

Client Application: l2ald_iccpd_client
 Redundancy Group IDs Joined: 1

Client Application: lacpd
 Redundancy Group IDs Joined: 1

 

admin@vQFX01-RE# run show interfaces mc-ae id 1
Member Link         : ae1
Current State Machine's State: mcae active state
Local Status         : active
Local State         : up
Peer Status         : active
Peer State          : up
   Logical Interface    : ae1.0
   Topology Type      : bridge
   Local State       : up
   Peer State        : up
   Peer Ip/MCP/State    : 10.1.1.3 xe-0/0/1.0 up

 

admin@vQFX01-RE# run show lacp interfaces
Aggregated interface: ae1
  LACP state:    Role  Exp  Def Dist Col Syn Aggr Timeout Activity
   xe-0/0/1    Actor  No  No  Yes Yes Yes  Yes   Fast  Active
   xe-0/0/1   Partner  No  No  Yes Yes Yes  Yes   Fast  Active
  LACP protocol:    Receive State Transmit State     Mux State
   xe-0/0/1         Current  Fast periodic Collecting distributing

 

 一旦ここまで
最近、忙しすぎて検証に時間が取れないからまずい。