网络设备常用排障命令——Juniper & vyatta & 大河SDN

JUNIPER设备

华为，思科是两种配置（运行配置+保存配置）
Juniper是三种配置（运行配置+保存配置1-49号+编辑中的配置）

juniper 设备BGP设备

#shell模式
    start shell

#对比配置，回退操作
    #status             //查看登录用户，进程号，当前状态等
    #show system users      //查看当前登录的用户
    #show configure | dis detail    //显示配置文件，这种会有描述的哦，教你怎么解读配置
    #show | compare         //查看当前修改的那些配置
    #show | compare rollback 2  //比较当前和历史哪个配置
    #show configuration | compare rollback 2
    #rollback           //恢复最近运行的配置
    #rollback 2         //恢复历史指定配置
    save /var/tmp/20190617.txt  //将配置保存在

>configure      //进入配置模式
>configure private  //进入私有配置模式，与其他用户不干扰，除非修改了同一文件，
#update         //当有人修改了配置，我们也要修改保存，可以使用update先更新，再保存

#commit confirmed   //提交配置并生效10分钟，10分钟后需再次确认，否则自动还原之前配置自动还原，若确认没问题，再次手动commit即可
#commit check       //提交命令前检查命令是否正确
#commit and-quit    //提交配置，并退出到>操作模式
#commit at 22:10    //在22:10分的时候，进行提交，这是一个时间计划任务，一旦指定，不能更改其他任何配置，只能清除clear
>clear system commit    //清除提交配置的计划任务
#commit comment "this is down　bgp"  //提交配置时，记录一个描述日志，以便查询

#接口类型
    ge-0/0/7    //接口类型-母版位置-子卡位置-模块位置
    fxp0        //带外管理口
    fxp1        //路由平面与转发平面互联接口，它不能被配置，但是它可以被配置
    物理口配置IP,必须使用unit0 而且只能配置一个unit,同一个unit支持多个IP,并且不会被覆盖

#查看运行配置（count统计，find 从什么开始，match 包含，except 排除）
    show configuration system login
    show configuration protocols bgp
    show configuration | display set | count | match ospf   //查看ospf配置有多少行
    show configuration | display set | except ospf          //排除ospf配置
    deactivate interface ge-0/0/6 unit 1        //注释某条命令，使其不生效
    activate interface ge-0/0/6 unit 1          //取消注释，让命令生效
    up      //返回上一级
    top     //返回到顶层
    copy interface ge-0/0/6 to ge-0/0/7     //将6口的配置复制到7口
    load set terminal               //批量粘贴录入配置，按Ctrl+D结束

#替换配置replace(进入em2的逻辑接口，将192.168.1.1/24替换成172.16.1.1/24)
    edit interfaces em2 unit 0
    replace pattern 192.168.1.1/24 with 172.16.1.1/24

#重命名rename(将em1改成em2)
    rename interfaces em1 to em2

#范围wildcard(删除8-11接口，将0-5还有7网口设置为全双工模式，)
    #wildcard delete interfaces em[8-11]
    #wildcard range set interfaces em[0-5,7] link-mode full-duplex

#配置root密码
    以明文的形式()
    set system root-authentication plain-test-password
    以密文的形式(加密后的密文，要注意哦)
    set system root-authentiaction encrypted-password "sadasdsdffsd"

#用户管理
    新增用户，设置安全级别，设置权限
    set system login user fnk class super-user
    set system login user fnk authentiaction plain-test-password
    查看用户登陆配置
    show system login | display set
    用户安全级别组、
    set system login user fnk class ?

注意：Junios可以在不插模块的情况下进行配置，不会出错，但是无法通过show configuration inter terse 进行查看到
提示：Junios中ospf宣告的是接口，而不是地址．

#查看光功率
    show interfaces diagnostics optics xe-7/0/0

#查看vlanif的配置
    show interfaces irb.3301

#使用特定vrf进行ping测试
    ping 1.1.1.1 routing-instance VRF-CN

#查看哪个peer发布了哪些网段
    show route protocol bgp advertising-protocol bgp 23.119.64.225

#查看那个peer接收了哪些网段
    show route protocol bgp receive-protocol bgp 23.119.64.225
    show route protocol bgp receive-protocol bgp 38.21.225.63 all       #查看未过滤的条目

#查看bgp路由，包含起源as号
    show route protocol bgp 9.9.9.9

#MX960上写静态路由
set routing-instances VRF-Highbandwith routing-options static route 211.37.191.26/32 next-hop 23.19.4.225

#SJ优化段添加网关
+++++++
10008-1

set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.125/25 virtual-gateway-address 45.1.230.1
set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.253/25 virtual-gateway-address 45.1.230.129
set interfaces irb unit 2901 family inet address 45.1.230.125/25 virtual-gateway-address 45.61.230.1
set interfaces irb unit 2901 family inet address 45.1.230.253/25 virtual-gateway-address 45.61.230.129
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 tag 65002
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 tag 65002

10008-2
set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.126/25 virtual-gateway-address 45.1.230.1
set groups Gateway interfaces irb unit "<29??>" family inet address 45.1.230.254/25 virtual-gateway-address 45.1.230.129
set interfaces irb unit 2901 family inet address 45.1.230.126/25 virtual-gateway-address 45.1.230.1
set interfaces irb unit 2901 family inet address 45.1.230.254/25 virtual-gateway-address 45.1.230.129
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.0/25 tag 65002
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 discard
set routing-instances aggToMX960 routing-options static route 45.1.230.128/25 tag 65002

#SJ-10008上写32路由
    set routing-instances aggToMX960 routing-options static route 3.21.28.89/32 next-table CNCommunity.inet.0

#SJ接入交换机接口学不到mac，就这样操作
    delete interfaces ge-1/0/41 unit 0 family ethernet-switching vlan members CN
    commit
    set interfaces ge-1/0/41 disable
    commit
    set interfaces ge-1/0/41 unit 0 family ethernet-switching vlan members CN
    delete interfaces ge-1/0/41 disable
    commit

#SJ10008上监控vlanfi 2层数据统计
    monitor traffic interface irb.3301 no-resolve layer2-headers

#查看限速模板
    show configuration firewall

#查看接口是否存在丢包等
    show interfaces ge-1/0/6 extensive

#配置限速模板
    set firewall family ethernet-switching filter P350M interface-specific
    set firewall family ethernet-switching filter P350M term all then policer P350M

    set firewall policer P350M if-exceeding bandwidth-limit 350m
    set firewall policer P350M if-exceeding burst-size-limit 35m
    set firewall policer P350M then discard

#接口应用限速模板
    set interfaces xe-0/0/5 unit 0 family ethernet-switching filter input P350M
    set interfaces xe-0/0/5 unit 0 family ethernet-switching filter output P350M

juniper查询路由信息

#显示某条 BGP 路由的详细信息
    show route protocol bgp 4.0.0.0/8 exact
    show route protocol bgp 45.61.230.0 exact detail

#查看向某 BGP 邻居宣告的路由
    show route advertising-protocol bgp 59.43.0.2 | match 58.30

#查看从某 BGP 邻居接收的路由,经过策略过滤的
    show route receive-protocol bgp 59.43.0.2 | match 64.114

#查看从某 BGP 邻居接收的路由,未经过策略过滤的
    show route receive-protocol bgp 59.43.0.2 all | match 64.114

#用 AS PATH 正则表达式来匹配察看 BGP 路由(以 AS-PATH 64523 开头的 BGP 路由)
    show route protocol bgp aspath-regex "^64523"

juniper限速模板

show configuration firewall 
show interfaces ge-1/0/6 extensive

带宽限速模板
set firewall family ethernet-switching filter P350M interface-specific  #这个表示独享模式，若不配这一句，那么所有应用这个策略的端口共享350Mbit/s
set firewall family ethernet-switching filter P350M term all then policer P350M

set firewall policer P350M if-exceeding bandwidth-limit 350m
set firewall policer P350M if-exceeding burst-size-limit 10m     #这是实打实的10MB，若是这样配置，突发带宽为 350mbit/s+10MB*8=430Mbit/s
set firewall policer P350M then discard

接口下应用
set interfaces xe-0/0/5 unit 0 family ethernet-switching filter input P350M
set interfaces xe-0/0/5 unit 0 family ethernet-switching filter output P350M

juniper 5200交换机如何做本地端口镜像

这里争对聚合口ae13的子接口ae13.3501的in，out方向数据，镜像到 xe-1/0/4:2.0口子
    set interfaces ae13 flexible-vlan-tagging
    set interfaces ae13 unit 3501 vlan-id 3501
    set interfaces ae13 unit 3501 family inet address 10.60.220.5/30
    set interfaces xe-1/0/4:2 unit 0 family ethernet-switching
    #关键是下面两行
    set forwarding-options analyzer mirror-mactest input egress interface ae13.3501
    set forwarding-options analyzer mirror-mactest output interface xe-1/0/4:2.0

vyatta基本操作

#查看操作的命令历史
    show history

#查看当前生效命令
    show configuration commands

#黑洞系统查询
    sh configuration commands | match bl

#写一条黑洞
    conf
    set protocols static route 23.252.1.90/32 'blackhole'
    commit    #保存

#删除黑洞
    delete protocols static route 1.1.1.1/32 blackhole

#BGP相关操作
    show ip bgp sum    #查看BGP邻居
    reset ip bgp all   #重置BGP邻居
    sh ip bgp neighbors 123.123.123.123 advertised-routes   #查看向某个peer发布了什么路由

大河SDN设备查看流表

#指定协议为openflow13  以及端口为eth-0-2
    ovs-ofctl dump-flows br0 -O openflow13 in_port=2