Subscribe via RSS Feed Connect on Google Plus Connect on LinkedIn
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5,00 out of 5)
Loading...Loading...

Como criar uma VRF e importar rotas da Tabela de Roteamento Global no Juniper

24 de setembro de 2013 0 Comments
ShareTweet about this on TwitterShare on TumblrShare on LinkedInShare on Google+Share on FacebookPin on PinterestEmail this to someonePrint this page

 

Por default, todas as rotas são colocadas na tabela de roteamento inet.0. As vezes, por questões de segurança pode ser interessante criarmos uma nova tabela de roteamento para isolamento das tabelas ou para podermos duplicar de endereços ips. O Virtual Router é equivalente ao VRF-Lite (virtual router and forward) da Cisco.

No Juniper é necessário criar uma routing-instance e inserir as interfaces, SVIs, rotas estáticas e dinâmicas.

 

set routing-instances NETADM-TABELA2 instance-type virtual-router
set routing-instances NETADM-TABELA2 interface vlan.998
set routing-instances NETADM-TABELA2 interface vlan.2003
set routing-instances NETADM-TABELA2 routing-options static route 10.154.1.144/28 next-hop 200.97.28.253
set routing-instances NETADM-TABELA2 routing-options static route 10.137.246.0/24 next-hop 200.97.28.253

 

root@netadm> show configuration routing-instances 
NETADM-TABELA2 {
    instance-type virtual-router;
    interface vlan.998;
    interface vlan.2003;
    routing-options {
        static {
            route 10.154.1.144/28 next-hop 200.97.28.253;
            route 10.137.246.0/24 next-hop 200.97.28.253;
        }
    }
}

{master:0}

 

Com a configuração acima ficamos com as seguintes tabelas de roteamento:

root@netadm> show route 

inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.2.3.0/24         *[Direct/0] 04:01:27
                    > via vlan.999
1.2.3.254/32       *[Local/0] 6d 06:17:01
                      Local via vlan.999
10.137.244.0/24    *[Static/5] 05:23:44
                    > to 200.97.28.213 via vlan.2002
10.137.245.0/24    *[Static/5] 05:23:44
                    > to 200.97.28.213 via vlan.2002

10.200.200.0/24    *[Direct/0] 04:03:01
                    > via vlan.1666
10.200.200.10/32   *[Local/0] 7w4d 05:37:03
                      Local via vlan.1666
10.255.255.0/24    *[Direct/0] 11w3d 10:47:20
                    > via me0.0
10.255.255.9/32    *[Local/0] 11w3d 10:47:20
                      Local via me0.0
172.22.0.0/15      *[Static/5] 05:23:44
                    > to 10.255.255.1 via me0.0
172.24.0.0/16      *[Static/5] 05:23:44
                    > to 10.255.255.1 via me0.0
150.55.40.0/24     *[Direct/0] 11w3d 10:46:56
                    > via vlan.60
150.55.40.1/32     *[Local/0] 11w3d 10:46:51
                      Local via vlan.60
150.55.40.2/32     *[Local/0] 11w3d 10:47:15
                      Local via vlan.60
192.168.248.0/24   *[Direct/0] 04:01:27
                    > via vlan.999
192.168.248.254/32 *[Local/0] 3d 03:43:42
                      Local via vlan.999
198.36.40.0/24     *[Direct/0] 11w3d 10:46:56
                    > via vlan.61
198.36.40.1/32     *[Local/0] 11w3d 10:46:49
                      Local via vlan.61
198.36.40.2/32     *[Local/0] 11w3d 10:47:15
                      Local via vlan.61
200.97.28.208/29  *[Direct/0] 3d 07:37:31
                    > via vlan.2002     
200.97.28.211/32  *[Local/0] 3d 07:37:31
                      Local via vlan.2002

NETADM-TABELA2.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.137.246.0/24    *[Static/5] 3d 06:28:31
                    > to 200.97.28.253 via vlan.2003
10.154.1.144/28    *[Static/5] 3d 06:28:31
                    > to 200.97.28.253 via vlan.2003
192.168.248.0/24   *[Direct/0] 04:01:27
                    > via vlan.998
192.168.248.254/32 *[Local/0] 3d 03:46:06
                      Local via vlan.998
200.97.28.248/29  *[Direct/0] 3d 06:28:31
                    > via vlan.2003
200.97.28.251/32  *[Local/0] 3d 07:24:52
                      Local via vlan.2003

{master:0}

Notem que duplicamos a rede 192.168.248.0/24 nas duas tabelas de roteamento através das SVIs vlan 999 e vlan 998.

 

 

Importando Rotas da Tabela de Roteamento Global

 

Primeiro criamos uma rib-group chamada de COPYTOVRF com as tabelas de roteamento no qual queremos compartilhar as rotas:

set routing-options rib-groups COPYTOVRF import-rib inet.0
set routing-options rib-groups COPYTOVRF import-rib NETADM-TABELA2.inet.0

 

Depois configuramos o que queremos nessas tabelas de roteamento. Nesse exemplo, na primeira linha, rotas de interfaces diretamente conectadas e a segunda linha rotas estáticas:

set routing-options interface-routes rib-group inet COPYTOVRF
set routing-options static rib-group COPYTOVRF

 

Mas não queremos compartilhar todas as rotas diretamente conectadas e nem todas as rotas estáticas. Para controlarmos as rotas que podem ser compartilhadas na VRF NETADM-TABELA2 criamos a seguinte policy permitindo apenas que as redes 10.137.244.0/24 e 200.36.40.0/24 sejam compartilhadas:

root@netadm> show configuration policy-options policy-statement ROTAS-TABELA2 | display set 
set policy-options policy-statement ROTAS-TABELA2 term ROTAS-TABELA2 from route-filter 10.137.244.0/24 exact
set policy-options policy-statement ROTAS-TABELA2 term ROTAS-TABELA2 from route-filter 200.36.40.0/24 exact
set policy-options policy-statement ROTAS-TABELA2 term ROTAS-TABELA2 then accept
set policy-options policy-statement ROTAS-TABELA2 term REJECT then reject

root@netadm> show configuration policy-options policy-statement ROTAS-TABELA2 
term ROTAS-TABELA2 {
    from {
        route-filter 10.137.244.0/24 exact;
        route-filter 200.36.40.0/24 exact;
    }
    then accept;
}
term REJECT {
    then reject;
}

{master:0}

 

E aplicamos na rib-group. O comando abaixo terá efeito apenas na tabela de roteamento NETADM-TABELA2.

set routing-options rib-groups COPYTOVRF import-policy ROTAS-TABELA2

 

Veja como ficou a configuração:

root@netadm> show configuration routing-options 
interface-routes {
    rib-group inet COPYTOVRF;
}
static {
    rib-group COPYTOVRF;
    route 172.22.0.0/15 next-hop 10.255.255.1;
    route 172.24.0.0/16 next-hop 10.255.255.1;
    route 10.137.244.0/24 next-hop 200.97.28.213;
    route 10.137.245.0/24 next-hop 200.97.28.213;
}
rib-groups {
    COPYTOVRF {
        import-rib [ inet.0 NETADM-TABELA2.inet.0 ];
        import-policy ROTAS-TABELA2;
    }
}

{master:0}

 

Após todas essas mudanças, vamos verificar como ficou as tabelas de roteamento:

 

root@netadm> show route 

inet.0: 22 destinations, 22 routes (22 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.2.3.0/24         *[Direct/0] 02:23:11
                    > via vlan.999
1.2.3.254/32       *[Local/0] 6d 22:03:11
                      Local via vlan.999
10.137.244.0/24    *[Static/5] 14:29:20
                    > to 200.97.28.213 via vlan.2002
10.137.245.0/24    *[Static/5] 14:29:20
                    > to 200.97.28.213 via vlan.2002
10.154.1.144/28    *[Direct/0] 19:43:17
                    > via vlan.410
10.154.1.146/32    *[Local/0] 19:43:17
                      Local via vlan.410
10.200.200.0/24    *[Direct/0] 19:49:11
                    > via vlan.1666
10.200.200.10/32   *[Local/0] 7w4d 21:23:13
                      Local via vlan.1666
10.255.255.0/24    *[Direct/0] 11w4d 02:33:30
                    > via me0.0
10.255.255.9/32    *[Local/0] 11w4d 02:33:30
                      Local via me0.0
172.22.0.0/15      *[Static/5] 14:29:20
                    > to 10.255.255.1 via me0.0
172.24.0.0/16      *[Static/5] 14:29:20
                    > to 10.255.255.1 via me0.0
198.36.40.0/24     *[Direct/0] 11w4d 02:33:06
                    > via vlan.60
198.36.40.1/32     *[Local/0] 11w4d 02:33:01
                      Local via vlan.60
198.36.40.2/32     *[Local/0] 11w4d 02:33:25
                      Local via vlan.60
192.168.248.0/24   *[Direct/0] 02:23:11
                    > via vlan.999
192.168.248.254/32 *[Local/0] 3d 19:29:52
                      Local via vlan.999
200.36.40.0/24     *[Direct/0] 11w4d 02:33:06
                    > via vlan.61
200.36.40.1/32     *[Local/0] 11w4d 02:32:59
                      Local via vlan.61
200.36.40.2/32     *[Local/0] 11w4d 02:33:25
                      Local via vlan.61
200.97.28.208/29  *[Direct/0] 3d 23:23:41
                    > via vlan.2002     
200.97.28.211/32  *[Local/0] 3d 23:23:41
                      Local via vlan.2002

NETADM-TABELA2.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.137.244.0/24    *[Static/5] 14:29:20
                    > to 200.97.28.213 via vlan.2002
10.137.246.0/24    *[Static/5] 3d 22:14:41
                    > to 200.97.28.253 via vlan.2003
10.154.1.144/28    *[Static/5] 3d 22:14:41
                    > to 200.97.28.253 via vlan.2003
192.168.248.0/24   *[Direct/0] 02:23:11
                    > via vlan.998
192.168.248.254/32 *[Local/0] 3d 19:32:16
                      Local via vlan.998
200.36.40.0/24     *[Direct/0] 14:35:22
                    > via vlan.61
200.97.28.248/29  *[Direct/0] 3d 22:14:41
                    > via vlan.2003
200.97.28.251/32  *[Local/0] 3d 23:11:02
                      Local via vlan.2003

{master:0}

 

 

 

Seu ip é:
54.81.88.93

ShareTweet about this on TwitterShare on TumblrShare on LinkedInShare on Google+Share on FacebookPin on PinterestEmail this to someonePrint this page
Filed in: Juniper, Roteamento • Tags: , , ,

About the Author:

O autor trabalha com tecnologia de redes há 13 anos, participa de congressos no Brasil e no mundo, e contribui para melhoria de protocolos e sistemas com fabricantes de equipamentos de rede.