Описание: В статье будет рассмотрена логика интерфейсов в ОС Junos и примеры конфигурации.
You can configure interfaces that are currently present in the router, as well as interfaces that are not currently present but that are expected to be added in the future. Junos OS detects the interface once the hardware has been installed and applies the pre-set configuration to it.
У Juniper существует следующая иерархия интерфейсов:
You can configure interfaces that are currently present in the router, as well as interfaces that are not currently present but that are expected to be added in the future. Junos OS detects the interface once the hardware has been installed and applies the pre-set configuration to it.
У Juniper существует следующая иерархия интерфейсов:
Interface Device (IFD) This represents the physical interface such as xe-0/0/0. This is the root of the hierarchy and all other components are defined and branched off at this point. Features such as maximum transmission unit (MTU), link speed, and IEEE 802.3ad are configured at this level.
Interface Logical (IFL) The IFL simply defines a unit number under the IFD such as xe-0/0/0.0 or xe-0/0/0.1. Regardless of the configuration, at least a single unit is required. A common example of multiple IFLs are VLAN ID when using IEEE 802.1Q.
Interface Family (IFF) Each IFL needs an address family associated with it, as Junos supports multiple protocols. Common examples include inet for IPv4, inet6 for IPv6, and iso when configuring the IS-IS routing protocol.
Interface Address (IFA) Finally, each IFF needs some sort of address depending on the type of IFF configured. For example, if the IFF was configured as inet, an address might look like 192.168.1.1/24, whereas if the IFF was configured as inet6, an address might look like 2001:DB8::1/128.
Примеры конфигурации интерфейсов SRX:
Обычный L3 интерфейс:
set interfaces ge-0/0/6 unit 0 description SIMPLY-L3
set interfaces ge-0/0/6 unit 0 family inet address 10.0.0.1/24
Интерфейс в режиме access:
set interfaces ge-0/0/0 description SIMPLY-ACCESS
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members v20
Интерфейс в режиме trunk:
set interfaces ge-0/0/1 description SIMPLY-TRANK
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members all
L3 интерфейс, который оконечен на VLAN:
set interfaces vlan unit 2 family inet address 192.168.1.1/2
set vlans SERVERS vlan-id 2
set vlans SERVERS l3-interface vlan.2
L3 интерфейс, который оконечен на VLAN (SRX1500, 15.1X49-D40):
set interfaces irb unit 8 family inet address 192.168.8.253/24
set vlans VL8 vlan-id 8
set vlans VL8 l3-interface irb.8
set interfaces ge-0/0/0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members VL8
set security zones security-zone trust interfaces ge-0/0/0.0
http://www.juniper.net/techpubs/en_US/junos15.1x49-d40/topics/example/security-mixed-mode-configuring.html
Отказоустойчивые интерфейсы, когда используется кластер:
set chassis cluster redundancy-group 1 node 0 priority 200
set chassis cluster redundancy-group 1 node 1 priority 100
set chassis cluster redundancy-group 1 preempt - чтоб главная нода выбиралась по приоритету
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/14 weight 255 - интерфейс мониторинг, чтоб RG автоматом переходила на другую ноду, когда падает линк
set chassis cluster redundancy-group 1 interface-monitor ge-7/0/14 weight 255
set interfaces ge-0/0/4 gigether-options redundant-parent reth1
set interfaces ge-7/0/4 gigether-options redundant-parent reth1
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 unit 0 family inet address 109.108.ххх.ххх/28
Если используется кластер, не забываем правильно конфигурировать LAG интерфейсы на оборудовании, которое подключено к кластеру: https://kb.juniper.net/InfoCenter/index?page=content&id=KB22474&actp=search
Если мы хотим использовать SRX в режиме Switching, есть FAQ: Configuring and Deploying Ethernet Switching on SRX3xx, SRX550M, and SRX1500 Services Gateways
Примеры конфигурации интерфейсов MX:
Описание возможных инкапсуляция интерфейса:
vlan-tagging - 802.1q VLAN tagging support
stacked-vlan-tagging - Stacked 802.1q VLAN tagging support
flexible-vlan-tagging - Support for no tagging, or single and double 802.1q VLAN tagging
set interfaces xe-0/0/0 description SIMPLY-VLAN-TAG
set interfaces xe-0/0/0 vlan-tagging
set interfaces xe-0/0/0 unit 7 vlan-id 7
set interfaces xe-0/0/0 unit 7 family inet address 7.7.7.7/28
set interfaces xe-0/0/1 description VLAN-TAG-Q-IN-Q
set interfaces xe-0/0/1 stacked-vlan-tagging
set interfaces xe-0/0/1 unit 0 vlan-tags outer 1133
set interfaces xe-0/0/1 unit 0 vlan-tags inner 651
set interfaces xe-0/0/1 unit 0 family inet address 37.26.3.1/29
Настройка агрегированого линка:
chassis aggregated-devices ethernet device-count 1
set interfaces ge-1/0/0 description uplink_L1
set interfaces ge-1/0/0 gigether-options 802.3ad ae0
set interfaces ge-1/1/0 description uplink_L2
set interfaces ge-1/1/0 gigether-options 802.3ad ae0
set interfaces ae0 vlan-tagging
set interfaces ae0 aggregated-ether-options load-balance per-packet
set interfaces ae0 aggregated-ether-options minimum-links 1
set interfaces ae0 aggregated-ether-options link-speed 1g
set interfaces ae0 unit 71 vlan-id 71
set interfaces ae0 unit 71 family inet address 194.44.202.218/30
set interfaces ae0 unit 3089 vlan-id 3089
set interfaces ae0 unit 3089 family inet address 77.88.248.18/30
set interfaces ae0 unit 3089 family inet6 address 2a01:758:fff6:1:0:0:0:3/64
Пробросить VLAN через MX:
set interfaces xe-0/0/0 flexible-vlan-tagging
set interfaces xe-0/0/0 encapsulation flexible-ethernet-services
set interfaces xe-0/0/0 unit 0 family bridge interface-mode trunk
set interfaces xe-0/0/0 unit 0 family bridge vlan-id-list 1815
set bridge-domains vlan1815 domain-type bridge
set bridge-domains vlan1815 vlan-id 1815
Пробросить VLAN через MX и вклиниться в него:
set interfaces xe-0/0/0 flexible-vlan-tagging
set interfaces xe-0/0/0 encapsulation flexible-ethernet-services
set interfaces xe-0/0/0 unit 0 family bridge interface-mode trunk
set interfaces xe-0/0/0 unit 0 family bridge vlan-id-list 333
set bridge-domains BD-1 vlan-id 333
set bridge-domains BD-1 routing-interface irb.0
set interfaces irb unit 0 family inet address 172.16.33.231/24
L3 интерфейс на IRB (УТК пример):
set interfaces ae0 unit 2389 encapsulation vlan-bridge
set interfaces ae0 unit 2389 vlan-tags outer 2
set interfaces ae0 unit 2389 vlan-tags inner 2389
set interfaces irb unit 2389 family inet address 10.36.0.9/30
set bridge-domains vlan-2389 domain-type bridge
set bridge-domains vlan-2389 vlan-id none
set bridge-domains vlan-2389 no-local-switching
set bridge-domains vlan-2389 interface ae0.2389
set bridge-domains vlan-2389 routing-interface irb.2389
Unnumbered на физических портах:
set interfaces xe-0/0/0 flexible-vlan-tagging
set interfaces xe-0/0/0 encapsulation flexible-ethernet-services
set interfaces xe-0/0/0 unit 10 proxy-arp restricted
set interfaces xe-0/0/0 unit 10 vlan-id 10
set interfaces xe-0/0/0 unit 10 family inet address 213.xxx.80.y/23
set interfaces xe-0/0/0 unit 2150 proxy-arp
set interfaces xe-0/0/0 unit 2150 vlan-id 2150
set interfaces xe-0/0/0 unit 2150 family inet unnumbered-address xe-0/0/0.10
MX subscriber access auto-configure:
set interfaces xe-0/0/1 flexible-vlan-tagging --- Один ВЛАН
set interfaces xe-0/0/1 auto-configure vlan-ranges dynamic-profile VLAN accept dhcp-v4
set interfaces xe-0/0/1 auto-configure vlan-ranges dynamic-profile VLAN ranges 2000-2238
set interfaces xe-0/0/1 stacked-vlan-tagging --- Q-In-Q
set interfaces xe-0/0/1 auto-configure stacked-vlan-ranges dynamic-profile 2_VLAN accept dhcp-v4
set interfaces xe-0/0/1 auto-configure stacked-vlan-ranges dynamic-profile 2_VLAN ranges 1200-1296,any
set interfaces ae1 flexible-vlan-tagging --- На агрегате
set interfaces ae1 auto-configure vlan-ranges dynamic-profile PPPOE-VLAN-1 accept pppoe
set interfaces ae1 auto-configure vlan-ranges dynamic-profile PPPOE-VLAN-1 ranges 402-402
set interfaces ae1 auto-configure remove-when-no-subscribers
set interfaces ae1 encapsulation flexible-ethernet-services
set interfaces ae1 aggregated-ether-options load-balance per-packet
set interfaces ae1 aggregated-ether-options minimum-links 1
set interfaces ae1 aggregated-ether-options link-speed 1g
set interfaces ae1 unit 10 vlan-id 10
set interfaces ae1 unit 10 family inet address 185.46.220.29/27
set interfaces ae1 unit 403 vlan-id 403
set interfaces ae1 unit 403 family inet6 address 2a01:89a0:4000:1::1/64
Поиграться с bridge domains - https://habrahabr.ru/post/322560/
Примеры конфигурации интерфейсов с использованием groups:
grp-intf-xe-p {
interfaces {
<xe-*> {
mtu 9100;
hold-time up 0 down 0;
gigether-options {
no-flow-control;
no-auto-negotiation;
}
unit 0 {
family mpls {
maximum-labels 5;
}
}
}
}
}
xe-2/0/0 {
apply-groups grp-intf-xe-p;
description "Link";
unit 0 {
family inet {
address 10.х.115.х/30;
}
family mpls;
}
}
groups {
PRODUCTION-VLANS {
interfaces {
"<xe-[2-5]/0/*>" {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 1 78 97 126-127 601-602 606 609 615 620 622-623 631 645 935 ];
}
}
}
}
}
}
Примеры конфигурации интерфейсов EX:
set interfaces ge-0/0/2 description ACC-PORT
set interfaces ge-0/0/2 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members 20
set interfaces ge-0/0/3 description TRUNK-PORT
set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members 5
set interfaces ge-0/0/1 description NATIVE-VLAN
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode trunk
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members 8-9
set interfaces ge-0/0/1 unit 0 family ethernet-switching native-vlan-id 2
set interfaces vlan unit 2 family inet address 192.168.1.14/24
set vlans vlan_2 vlan-id 2
set vlans vlan_2 l3-interface vlan.2
Использование interface-range:
set interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces interface-range clients member-range ge-0/0/0 to ge-0/0/21
set interfaces interface-range clients unit 0 family ethernet-switching port-mode trunk
set interfaces interface-range clients unit 0 family ethernet-switching vlan members 216
set interfaces interface-range clients unit 0 family ethernet-switching native-vlan-id 1
Настройка интерфейса EX в режиме Q-in-Q приведена по ссылке: juniper-ex-q-in-q
Дякую за статтю. Зібрані типові конфігурації одному місці.
ОтветитьУдалитьСпасибо за статьи
ОтветитьУдалитьДякую, зручні хінти.
ОтветитьУдалитьСпасибо!
ОтветитьУдалить