分公司网络建设---Juniper 设备策略路由配置

分公司网络建设---Juniper网络设备策略路由配置
分公司的网络建设，内网通过ospf实现路由访问，防火墙连接外网和录音平台，流量访问要实现明细化，即访问平台的流量通过平台的专线，访问外网的流量通过单独的外网专线，网关启用在核心交换机上，要实现该需求，就要通过静态路由和策略路由来控制。
网络拓扑图如下：


在核心交换机上配置去往外网和录音平台的静态路由，流量防火墙后，通过静态路由分别访问各自的目的地址；但是在防火墙上回包流量需要通过策略来分流，如图红线为访问录音平台的流量，黑线为访问外网的流量。
在Juniper防火墙上配置策略路由，命令如下：

//创建路由实例
set routing-instances internet-to-inside instance-type forwarding
set routing-instances internet-to-inside routing-options static route 0.0.0.0/0 next-hop 10.128.31.157

set routing-instances qingniu-to-inside instance-type forwarding
set routing-instances qingniu-to-inside routing-options static route 0.0.0.0/0 next-hop 10.128.31.161

//通过ACL来控制流量
set firewall family inet filter qingniu-to-inside term 10 from source-address 10.128.31.64/28

set firewall family inet filter qingniu-to-inside term 10 from source-address 10.128.31.166/32
set firewall family inet filter qingniu-to-inside term 10 from destination-address 10.0.0.0/8
set firewall family inet filter qingniu-to-inside term 10 then routing-instance qingniu-to-inside
set firewall family inet filter qingniu-to-inside term 20 then accept
set firewall family inet filter Internet-to-inside term 10 from destination-address 10.0.0.0/8

set firewall family inet filter Internet-to-inside term 10 then routing-instance internet-to-inside

//关联路由表
set routing-options interface-routes rib-group inet FBF-Group
set routing-options rib-groups FBF-Group import-rib inet.0

set routing-options rib-groups FBF-Group import-rib qingniu-to-inside.inet.0
set routing-options rib-groups FBF-Group import-rib internet-to-inside.inet.0

//应用在流量的入口处
set interfaces ge-0/0/15 unit 0 family inet filter input internet-to-inside
set interfaces ge-0/0/14 unit 0 family inet filter input qingniu-to-inside

希望对读者有所帮助，如有问题，可以留言互动。