某局点使用我司ADCampus解决方案开局时,在设备配置evpn连接时,在防火墙上引入缺省路由,在SR8800-X上查看路由时可以查看到该vpn中防火墙引入的所有路由。同时将这些路由泄漏到另一个VPN中时,发现泄漏的路由条目数与在防火墙上引入的路由条目数不一致。仔细对比后发现,设备只泄漏了明细路由,没有泄漏缺省路由。
防火墙设备关键配置如下
#
ospf 1
default-route-advertise
import-route direct
import-route static
area 0.0.0.0
network x.1.1.0 0.0.0.255
network x.255.254.1 0.0.0.0
#
路由表信息如下
<FW-M9000>disp ip routing-table
Destinations : 153 Routes : 154
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 223.99.12.81 XGE2/0/31
223.99.25.201 XGE2/0/32
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
x.1.1.0/24 Direct 0 0 8.1.1.2 XGE2/0/1
10.255.100.0/24 O_INTRA 10 2 10.255.254.2 Vlan4000
对端设备S10508关键配置如下
#
ip vpn-instance vpn-default
route-distinguisher 1:1
vpn-target 1:1 1:3 import-extcommunity
vpn-target 1:1 export-extcommunity
#
address-family ipv4
#
address-family evpn
vpn-target 1:1 1:3 import-extcommunity
vpn-target 1:1 export-extcommunity
#
ip vpn-instance vpn1
route-distinguisher 1:3
vpn-target 1:1 1:3 import-extcommunity
vpn-target 1:3 export-extcommunity
#
address-family evpn
vpn-target 1:1 1:3 import-extcommunity
vpn-target 1:3 export-extcommunity
#
bgp 100
graceful-restart
router-id 4.0.0.1
group evpn internal
peer evpn connect-interface LoopBack0
peer 4.0.0.2 group evpn
peer 4.0.0.3 group evpn
peer 4.0.0.4 group evpn
peer 4.0.0.5 group evpn
peer 4.0.0.6 group evpn
peer 4.0.0.7 group evpn
peer 4.0.0.8 group evpn
peer 4.0.0.9 group evpn
peer 4.0.0.10 group evpn
peer 4.0.0.11 group evpn
peer 4.0.0.12 group evpn
peer 4.0.0.13 group evpn
peer 4.0.0.14 group evpn
#
address-family ipv4 unicast
import-route direct
network 110.0.0.0 255.255.255.0
peer evpn enable
#
address-family l2vpn
#
address-family l2vpn evpn
reflector cluster-id 4.0.0.1
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
#
ip vpn-instance vpn-default
#
address-family ipv4 unicast
undo advertise l2vpn evpn
import-route direct
import-route static
import-route ospf 2
#
S10508路由表信息
<S10508>disp ip routing-table vpn-instance vpn-default
Destinations : 153 Routes : 153
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 O_ASE2 150 1 8.1.1.2 Vlan8
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
8.1.1.0/24 Direct 0 0 8.1.1.1 Vlan8
8.1.1.255/32 Direct 0 0 8.1.1.1 Vlan8
10.12.16.2/32 BGP 255 0 4.0.0.2 Vsi3501
10.12.16.3/32 BGP 255 0 4.0.0.2 Vsi3501
路由泄漏的路由表信息
<S10508>disp ip routing-table vpn-instance vpn1
Destinations : 158 Routes : 158
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
8.1.1.0/24 BGP 130 0 8.1.1.1 Vlan8
8.1.1.1/32 BGP 130 0 127.0.0.1 InLoop0
10.12.16.0/21 Direct 0 0 10.12.16.1 Vsi3502
10.12.16.0/32 Direct 0 0 10.12.16.1 Vsi3502
通过确认,缺省情况下,BGP引入其他路由协议的路由时,或者BGP多实例之间引入时,不会引入该协议的缺省路由。用户可以通过配置,指定BGP引入IGP路由协议的路由时,允许将缺省路由引入到BGP路由表中。
在配置路由协议引入时,存在缺省路由的情况下通常需要特殊配置,对于缺省路由需要单独配置命令才能引入。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作