打印

[问题求助] 求助：JNCIP p512 bogon策略问题

雷风88

高级会员

精华: 0

积分: 586

帖子: 65

威望: 205 点

金钱: 143 币

贡献: 85 点

经验: 02级

阅读权限: 50

注册: 2007-8-17

状态:

发短消息加为好友

1^# 大中小发表于 2007-11-16 09:30 只看该作者

求助：JNCIP p512 bogon策略问题

按studyguide中写策略
[email=lab@r1]lab@r1[/email]# show policy-options policy-statement bogons
term 1 {
from {
      route-filter 0.0.0.0/0 through 0.0.0.0/7 reject;
      route-filter 0.0.0.0/1 prefix-length-range /1-/7 reject;
}
}
term 2 {
from {
      route-filter 0.0.0.0/0 prefix-length-range /25-/32 reject;
      route-filter 172.16.0.0/12 orlonger reject;
      route-filter 192.168.0.0/16 orlonger reject;
      route-filter 10.0.0.0/8 orlonger reject;
}
}
所有策略均生效

但是如果全部放到一个term中
[edit logical-routers r1 policy-options policy-statement bogons term 1]
[email=root@JNCIP]root@JNCIP[/email]# show
from {
route-filter 0.0.0.0/0 through 0.0.0.0/7;
route-filter 0.0.0.0/1 prefix-length-range /1-/7;
route-filter 172.16.0.0/12 orlonger;
route-filter 192.168.0.0/16 orlonger;
route-filter 10.0.0.0/8 orlonger;
route-filter 0.0.0.0/0 prefix-length-range /25-/32 ;
}
then reject;

[email=root@JNCIP]root@JNCIP[/email]# run show route logical-router r1 120/8
inet.0: 47 destinations, 55 routes (42 active, 0 holddown, 6 hidden)
+ = Active Route, - = Last Active, * = Both
120.120.0.0/24    *[BGP/170] 01:13:33, localpref 100
                  AS path: 65050 I
                  > to 10.0.5.254 via fxp1.12
120.120.1.0/24    *[BGP/170] 01:13:33, localpref 100
                  AS path: 65050 I
                  > to 10.0.5.254 via fxp1.12
。。。。。。。。。。。
120.120.7.0/24    *[BGP/170] 01:13:33, localpref 100
                  AS path: 65050 I
                  > to 10.0.5.254 via fxp1.12
120.120.69.128/25  *[BGP/170] 01:13:33, localpref 100
                  AS path: 65050 I
                  > to 10.0.5.254 via fxp1.12

   可见 route-filter 0.0.0.0/0 prefix-length-range /25-/32这条策略没有匹配上。

将此策略移入新建的term 2
term 1 {

from {

route-filter 0.0.0.0/0 through 0.0.0.0/7;

route-filter 0.0.0.0/1 prefix-length-range /1-/7;

route-filter 172.16.0.0/12 orlonger;

route-filter 192.168.0.0/16 orlonger;

route-filter 10.0.0.0/8 orlonger;

}

then reject;
}
term 2 {

from {
      route-filter 0.0.0.0/0 prefix-length-range /25-/32

}

then reject;
}

[email=root@JNCIP]root@JNCIP[/email]# run show route hidden logical-router r1 120/8
inet.0: 47 destinations, 55 routes (41 active, 0 holddown, 7 hidden)
+ = Active Route, - = Last Active, * = Both
120.120.69.128/25 [BGP ] 00:15:56, localpref 100
                  AS path: 65050 I
                  > to 10.0.5.254 via fxp1.12

可见策略立即重新生效。  疑惑不解期待解答

TOP

今天吃什么中级会员精华: 0 积分: 387 帖子: 50 威望: 136 点金钱: 90 币贡献: 54 点经验: 02级阅读权限: 30 注册: 2007-6-30 状态: 发短消息加为好友	2^# 大中小发表于 2007-11-16 09:31 只看该作者多个router-filte之间是'or'的关系，上面的已经匹配了
查看详细资料	TOP

donotcry 注册会员精华: 0 积分: 76 帖子: 5 威望: 27 点金钱: 19 币贡献: 10 点经验: 01级阅读权限: 20 注册: 2007-11-16 状态: 发短消息加为好友	3^# 大中小发表于 2007-11-16 14:22 只看该作者 I tried your config, configure in both situations works for me. There might be other reasons for inactive route
查看详细资料	TOP

好多的花中级会员精华: 0 积分: 254 帖子: 23 威望: 89 点金钱: 64 币贡献: 33 点经验: 02级阅读权限: 30 注册: 2007-11-20 状态: 发短消息加为好友	4^# 大中小发表于 2007-11-20 21:17 只看该作者看看~~~~~~~~~~~
查看详细资料	TOP

著名的人中级会员精华: 0 积分: 248 帖子: 21 威望: 87 点金钱: 63 币贡献: 33 点经验: 02级阅读权限: 30 注册: 2007-11-20 状态: 发短消息加为好友	5^# 大中小发表于 2007-11-20 22:22 只看该作者支持下~~~~~~~~~~
查看详细资料	TOP

黄金甲中级会员精华: 0 积分: 239 帖子: 20 威望: 84 点金钱: 61 币贡献: 32 点经验: 02级阅读权限: 30 注册: 2007-11-21 状态: 发短消息加为好友	6^# 大中小发表于 2007-11-21 13:19 只看该作者支持了~~~~~~~~~~~~~~~
查看详细资料	TOP