SRX240> show security flow session protocol icmp
Session ID: 3113, Policy name: permit-all/20, Timeout: 12, Valid
In: 10.15.xxx.yyy/52 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/52;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 3405, Policy name: permit-all/20, Timeout: 8, Valid
In: 10.15.xxx.yyy/47 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/47;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 3472, Policy name: permit-all/20, Timeout: 16, Valid
In: 10.15.xxx.yyy/56 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/56;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 9686, Policy name: permit-all/20, Timeout: 6, Valid
In: 10.15.xxx.yyy/46 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/46;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 14669, Policy name: permit-all/20, Timeout: 2, Valid
In: 10.15.xxx.yyy/41 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/41;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 314937, Policy name: permit-all/20, Timeout: 12, Valid
In: 10.15.xxx.yyy/51 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/51;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 373059, Policy name: permit-all/20, Timeout: 8, Valid
In: 10.15.xxx.yyy/48 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/48;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 383689, Policy name: permit-all/20, Timeout: 10, Valid
In: 10.15.xxx.yyy/49 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/49;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 385963, Policy name: permit-all/20, Timeout: 2, Valid
In: 10.15.xxx.yyy/98 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 193.2xx.yyy.zzz/17893;icmp, If: ae0.800, Pkts: 1, Bytes: 84
Session ID: 386801, Policy name: permit-all/20, Timeout: 2, Valid
In: 10.15.xxx.yyy/97 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 193.2xx.yyy.zzz/20913;icmp, If: ae0.800, Pkts: 1, Bytes: 84
Session ID: 389309, Policy name: permit-all/20, Timeout: 4, Valid
In: 10.15.xxx.yyy/44 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/44;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 394381, Policy name: permit-all/20, Timeout: 10, Valid
In: 10.15.xxx.yyy/50 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/50;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 398577, Policy name: permit-all/20, Timeout: 16, Valid
In: 10.15.xxx.yyy/55 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/55;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 398598, Policy name: permit-all/20, Timeout: 6, Valid
In: 10.15.xxx.yyy/45 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/45;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 403482, Policy name: permit-all/20, Timeout: 14, Valid
In: 10.15.xxx.yyy/53 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/53;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 406854, Policy name: permit-all/20, Timeout: 2, Valid
In: 10.15.xxx.yyy/42 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/42;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 408620, Policy name: permit-all/20, Timeout: 4, Valid
In: 10.15.xxx.yyy/43 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/43;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Session ID: 408766, Policy name: permit-all/20, Timeout: 14, Valid
In: 10.15.xxx.yyy/54 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/54;icmp, If: ae0.800, Pkts: 0, Bytes: 0
Total sessions: 18
$ netstat -rn
UNIXC:\>route print
WINDOWS show security flow session protocol icmp
Session ID: 408620, Policy name: permit-all/20, Timeout: 4, Valid
In: 10.15.xxx.yyy/43 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/43;icmp, If: ae0.0, Pkts: 0, Bytes: 0
Session ID: 408766, Policy name: permit-all/20, Timeout: 14, Valid
In: 10.15.xxx.yyy/54 --> 8.8.4.4/13382;icmp, If: ge-0/0/2.0, Pkts: 1, Bytes: 84
Out: 8.8.4.4/13382 --> 10.15.xxx.yyy/54;icmp, If: ae0.0, Pkts: 0, Bytes: 0
Total sessions: 18
SRX650> ping 8.8.8.8 source 192.168.16.4
dhcp {
pool 192.168.16.0/24 {
address-range low 192.168.16.186 high 192.168.16.254;
router {
192.168.16.1;
}
propagate-settings ge-0/0/1.0;
}
Вообще странное поведение, т.к. команда
network n.n.n.n w.w.w.w
ничего кроме того, на каких интерфейсах "искать" соседей ничего другого не делает.
Другими словами за редистрибьюцию отвечает строчка
Может быть начать с прорисовки топологии ;)