juniper 交换机实施策略路由
本人第一次写Blog,前端时间一直在研究juniper的策略路由,现在将相关配置分享下。Juniper交换机的策略路由器,与cisco、H3C的逻辑原理不太一样。
SRX支持原生的RPM触发路由倒换,类似Cisco IP SLA的功能。M/T/MX/EX/QFX没有这个功能,但可通过JUNOS内置的"event-options"这个通用的自动运维特性实现一样的效果。
其原理是通过RPM监控目标地址,当监控失败后RPM会在系统日志里生成"PING_TEST_FAILED”日志,可在event-options里定义"PING_TEST_FAILED"这一事件触发后续动作,后续动作定义为设备配置更改"change-configuration", 内容为删除原有静态路由,生成新路由,然后deactive自身这条policy,active新的policy以在后面当监控目标成功后重新恢复原配置。
注意级别必须在Info级别以下才能看见RPM Trap信息
# show system sysloguser * {any emergency;}file messages {any notice;authorization info; }
配置RPM:
# show servicesrpm { probe my-probe { test my-test { probe-type icmp-ping; target address 192.168.5.4; probe-count 3; probe-interval 1; test-interval 1; thresholds { successive-loss 3; } traps test-failure; } } }
配置event-options:
policy ping-fail { events PING_TEST_FAILED; attributes-match { PING_TEST_FAILED.test-owner matches my-probe; PING_TEST_FAILED.test-name matches my-test; } then { change-configuration { commands { "delete routing-options static route 23.1.1.0/24 next-hop 12.1.1.2"; "set routing-options static route 23.1.1.0/24 next-hop 12.1.1.3"; "deactivate event-options policy ping-fail"; "activate event-options policy ping-success"; } user-name lab; commit-options { log "ping fail change is succeful!"; } } }}inactive: policy ping-success { events PING_TEST_COMPLETED; attributes-match { PING_TEST_COMPLETED.test-name matches my-test; PING_TEST_COMPLETED.test-owner matches my-probe; } then { change-configuration { commands { "set routing-options static route 23.1.1.0/24 next-hop 12.1.1.2"; "delete routing-options static route 23.1.1.0/24 next-hop 12.1.1.3"; "deactivate event-options policy ping-success"; "activate event-options policy ping-fail"; } user-name lab; commit-options { log "ping ok change is succeful!"; } } }}
页:
[1]