网络工程 - 两个 SRX210 之间的 BGP？ - 吾爱随笔录

我一直在研究瞻博网络 SRX210 防火墙/路由器，并且在了解操作系统的来龙去脉方面取得了进展，但我在使用 BGP 时遇到了一些问题。

我目前通过连接了两个 SRX ge-0/0/0，它们都配置为10.0.0.0/24子网上的inet 。我还创建了一个静态路由（这里没有必要），以防万一。我可以在两个方向 ping。我还在其中一个 SRX（我们称之为 SRX2）上创建了一些环回地址。我想通过 BGP 将这些地址导出到另一个 SRX (SRX1)。

为了避免混淆，我创建了我的安全区域和策略设置，基本上都是全部允许设置，因为我还不想引入安全性。

我的问题是我卡在 BGP 连接状态（偶尔进入活动状态），我似乎无法建立它。我想知道是否有一些我留在那里的安全设置会阻止我？

version 11.4R5.5;
system {
    host-name SRX210Bottom;
    root-authentication {
        encrypted-password "$1$P1EoZ8l8$kDeaHpuxfNAhza8Z.5jsz/"; ## SECRET-DATA
    }
    name-server {
        208.67.222.222;
        208.67.220.220;
    }
    services {
        ssh;
        telnet;
        xnm-clear-text;
        web-management {
            http {
                interface vlan.0;
            }
            https {
                system-generated-certificate;
                interface vlan.0;
            }
        }
    }
    syslog {
        archive size 100k files 3;
        user * {
            any emergency;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0;
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 10.0.0.2/24;
            }
        }
    }
    fe-0/0/2 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/2 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/3 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/4 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/5 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/6 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/7 {
        unit 0 {
            family ethernet-switching;
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 20.0.0.2/24;
                address 30.0.0.1/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 10.0.0.1;
    }
    aggregate {
        route 30.0.0.0/16;
    }
    router-id 10.0.0.2;
    autonomous-system 65503;
}
protocols {
    bgp {
        group external-peers {
            type external;
            local-address 10.0.0.2;
            import bgp-import-all;
            export bgp-export-local;
            peer-as 65501;
            local-as 65503;
            neighbor 10.0.0.1;
        }
    }
}
policy-options {
    policy-statement bgp-export-local {
        term 1 {
            from {
                route-filter 20.0.0.0/24 exact;
            }
            then accept;
        }
        term 2 {
            from protocol aggregate;
            then accept;
        }
    }
    policy-statement bgp-import-all {
        term 1 {
            from {
                protocol bgp;
                route-filter 0.0.0.0/0 orlonger;
            }
            then accept;
        }
    }
}
security {
    policies {
        from-zone internal to-zone internal {
            policy allow-all {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
    zones {
        security-zone internal {
            address-book {
                address network_mine 10.0.0.0/24;
                address network_loopback 20.0.0.0/24;
            }
            interfaces {
                ge-0/0/1.0 {
                    host-inbound-traffic {
                        system-services {
                            ping;
                            ssh;
                            all;
                        }
                    }
                }
                lo0.0 {
                    host-inbound-traffic {
                        system-services {
                            ping;
                            ssh;
                            all;
                        }
                    }
                }
            }
        }
    }
}

version 10.4R3.4;
system {
    host-name SRX210Top;
    root-authentication {
        encrypted-password "$1$P1EoZ8l8$kDeaHpuxfNAhza8Z.5jsz/"; ## SECRET-DATA
    }
    name-server {
        208.67.222.222;
        208.67.220.220;
    }
    services {
        ssh;
        telnet;
        xnm-clear-text;
        web-management {
            http {
                interface vlan.0;
            }
            https {
                system-generated-certificate;
                interface vlan.0;
            }
        }
    }
    syslog {
        archive size 100k files 3;
        user * {
            any emergency;
        }
        file messages {
            any critical;
            authorization info;
        }
        file interactive-commands {
            interactive-commands error;
        }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
        autoupdate {
            url https://ae1.juniper.net/junos/key_retrieval;
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0;
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 10.0.0.1/24;
            }
        }
    }
    fe-0/0/2 {
        unit 0 {
            family ethernet-switching;
        }
    }
    ge-0/0/2 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/3 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/4 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/5 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/6 {
        unit 0 {
            family ethernet-switching;
        }
    }
    fe-0/0/7 {
        unit 0 {
            family ethernet-switching;
        }
    }
}
routing-options {
    static {
        route 20.0.0.0/24 next-hop 10.0.0.2;
    }
    router-id 10.0.0.1;
    autonomous-system 65501;
}
protocols {
    bgp {
        group external-peers {
            type external;
            local-address 10.0.0.1;
            import bgp-import-all;
            export bgp-export-all;
            peer-as 65503;
            local-as 65501;
            neighbor 10.0.0.2;
        }
    }
}
policy-options {
    policy-statement bgp-export-all {
        term 1 {
            from {
                route-filter 0.0.0.0/0 orlonger;
            }
            then accept;
        }
        term 2 {
            then accept;
        }
    }
    policy-statement bgp-import-all {
        term 1 {
            from {
                protocol bgp;
                route-filter 0.0.0.0/0 orlonger;
            }
            then accept;
        }
    }
}
security {
    zones {
        security-zone internal {
            address-book {
                address network_mine 10.0.0.0/24;
                address network_loopback 20.0.0.0/24;
            }
            interfaces {
                ge-0/0/1.0 {
                    host-inbound-traffic {
                        system-services {
                            ping;
                            ssh;
                            all;
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone internal to-zone internal {
            policy allow-all {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
    }
}