お疲れさまです!!
Juniper~CISCO間のIBGP接続のログを確認してみます!
ついでにパケットも取得~
【BGP】ルータ間通信をキャプチャしてみた
https://hirotanoblog.com/bgp-message-capture/153/
を眺めてみて私もやってみよう! と思いやってみました!!
① SCP転送用NWの作成します
#delete interface fe-0/0/7 unit 0 family ethernet-switching
#set interface fe-0/0/7 unit 0 family address 192.168.1.254/24;
#set routing-instance VR1 interface fe-0/0/7
C:\Users\ユーザー>ssh admin@192.168.1.254
The authenticity of host '192.168.1.254 (192.168.1.254)' can't be established.
RSA key fingerprint is SHA256:3j1FPa0rIY6XVjIyEzJGYGc45cp+KTlm7iWrc65pvLg.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.1.254' (RSA) to the list of known hosts.
admin@192.168.1.254's password:
--- JUNOS 10.4R9.2 built 2012-02-02 08:09:42 UTC
admin@SRX100B>
② SRXでのBGPログ取得(traceoptions)の設定をします
admin@SRX100B# set routing-instances VR1 protocols bgp traceoptions file BGP-log
[edit]
admin@SRX100B# set routing-instances VR1 protocols bgp traceoptions flag ?
Possible completions:
4byte-as Trace 4 byte AS events
all Trace everything
bfd Trace BFD events
damping Trace BGP damping information
general Trace general events
graceful-restart Trace Graceful Restart events
keepalive Trace BGP keepalive packets
normal Trace normal events
nsr-synchronization Trace NSR synchronization events
open Trace BGP open packets
packets Trace all BGP protocol packets
policy Trace policy processing
refresh Trace BGP refresh packets
route Trace routing information
state Trace state transitions
task Trace routing protocol task processing
timer Trace routing protocol timer processing
update Trace BGP update packets
[edit]
admin@SRX100B# set routing-instances VR1 protocols bgp traceoptions flag keepalive
admin@SRX100B# set routing-instances VR1 protocols bgp traceoptions flag open
admin@SRX100B# set routing-instances VR1 protocols bgp traceoptions flag refresh
admin@SRX100B# set routing-instances VR1 protocols bgp traceoptions flag update
[edit]
admin@SRX100B#
〇 動かさないときはdeactivateしておく!
admin@SRX100B# deactivate routing-instances VR1 protocols bgp traceoptions
admin@SRX100B# commit
commit complete
admin@SRX100B# run show configuration routing-instances VR1 protocols
bgp {
inactive: traceoptions {
file BGP-log;
flag keepalive;
flag open;
flag refresh;
flag update;
}
group INTERNAL {
type internal;
local-address 1.1.1.1;
export INTERNAL-NETWORK-VR1;
peer-as 65100;
neighbor 200.200.200.1;
}
}
[edit]
admin@SRX100B#
〇 動かす場合はactivate!
admin@SRX100B# activate routing-instances VR1 protocols bgp traceoptions
admin@SRX100B# commit
commit complete
④ 以下の内容を実施し、パケット、ログを取得しました!!
ア KEEPALIVEメッセージの確認
ア) パケット取得
admin@SRX100H2>monitor traffic interface fe-0/0/5.0 size 100000 write-file BGP-1.pcap
イ) JUNIPER側のログを確認しました
admin@SRX100B> show log BGP-log
Apr 23 11:02:45 trace_on: Tracing to "/var/log/BGP-log" started
Apr 23 11:02:45.340138 bgp_send: sending 19 bytes to 200.200.200.1 (Internal AS 65100)
Apr 23 11:02:45.340341
Apr 23 11:02:45.340341 BGP SEND 1.1.1.1+59992 -> 200.200.200.1+179
Apr 23 11:02:45.340514 BGP SEND message type 4 (KeepAlive) length 19
Apr 23 11:02:54.110872
Apr 23 11:02:54.110872 BGP RECV 200.200.200.1+179 -> 1.1.1.1+59992
Apr 23 11:02:54.112107 BGP RECV message type 4 (KeepAlive) length 19
Apr 23 11:02:54.112230 bgp_read_v4_message: done with 200.200.200.1 (Internal AS 65100) received 19 octets 0 updates 0 routes
Apr 23 11:03:13.222085 bgp_send: sending 19 bytes to 200.200.200.1 (Internal AS 65100)
Apr 23 11:03:13.222288
Apr 23 11:03:13.222288 BGP SEND 1.1.1.1+59992 -> 200.200.200.1+179
Apr 23 11:03:13.222418 BGP SEND message type 4 (KeepAlive) length 19
Apr 23 11:03:21.751340
Apr 23 11:03:21.751340 BGP RECV 200.200.200.1+179 -> 1.1.1.1+59992
Apr 23 11:03:21.751593 BGP RECV message type 4 (KeepAlive) length 19
Apr 23 11:03:21.751710 bgp_read_v4_message: done with 200.200.200.1 (Internal AS 65100) received 19 octets 0 updates 0 routes
Apr 23 11:03:42.646044 bgp_send: sending 19 bytes to 200.200.200.1 (Internal AS 65100)
Apr 23 11:03:42.646248
Apr 23 11:03:42.646248 BGP SEND 1.1.1.1+59992 -> 200.200.200.1+179
Apr 23 11:03:42.646374 BGP SEND message type 4 (KeepAlive) length 19
Apr 23 11:03:50.427727
Apr 23 11:03:50.427727 BGP RECV 200.200.200.1+179 -> 1.1.1.1+59992
Apr 23 11:03:50.429016 BGP RECV message type 4 (KeepAlive) length 19
Apr 23 11:03:50.429141 bgp_read_v4_message: done with 200.200.200.1 (Internal AS 65100) received 19 octets 0 updates 0 routes
Apr 23 11:04:12.288011 bgp_send: sending 19 bytes to 200.200.200.1 (Internal AS 65100)
Apr 23 11:04:12.288225
Apr 23 11:04:12.288225 BGP SEND 1.1.1.1+59992 -> 200.200.200.1+179
Apr 23 11:04:12.288361 BGP SEND message type 4 (KeepAlive) length 19
Apr 23 11:04:17.044075
Apr 23 11:04:17.044075 BGP RECV 200.200.200.1+179 -> 1.1.1.1+59992
Apr 23 11:04:17.045462 BGP RECV message type 4 (KeepAlive) length 19
Apr 23 11:04:17.045789 bgp_read_v4_message: done with 200.200.200.1 (Internal AS 65100) received 19 octets 0 updates 0 routes
admin@SRX100B>
イ ハードリセットによるBGPパケットの作成(BGP-2.pcap)
ア) パケット取得
admin@SRX100H2>monitor traffic interface fe-0/0/5.0 size 100000 write-file BGP-2.pcap
イ)CISCO側で全てのBGPネイバーをハードリセットするコマンドを投入
IBGP-R# clear ip bgp *
ウ)CISCO側でログ確認確認をしました
IBGP-R#IBGP-R#show log
Syslog logging: enabled (0 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 52 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 52 messages logged, xml disabled,
filtering disabled
Exception Logging: size (8192 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
Trap logging: level informational, 56 message lines logged
Logging Source-Interface: VRF Name:
Log Buffer (8192 bytes):
*Feb 6 16:43:46.099: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Down User reset /ピアー切断
*Feb 6 16:43:46.099: %BGP_SESSION-5-ADJCHANGE: neighbor 1.1.1.1 IPv4 Unicast topology base removed from session User reset
*Feb 6 16:44:18.131: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up
エ)JUNIPER側でログ確認
admin@SRX100B> show log BGP-log
Apr 23 11:10:12 SRX100B clear-log[3053]: logfile cleared
Apr 23 11:10:15.517601 bgp_send: sending 19 bytes to 200.200.200.1 (Internal AS 65100)
Apr 23 11:10:15.517815
Apr 23 11:10:15.517815 BGP SEND 1.1.1.1+54896 -> 200.200.200.1+179
Apr 23 11:10:15.517949 BGP SEND message type 4 (KeepAlive) length 19
Apr 23 11:10:22.829790 bgp_recv: read from peer 200.200.200.1 (Internal AS 65100) failed: Connection reset by peer /ピアー切断
Apr 23 11:10:54.866042 advertising receiving-speaker only capabilty to neighbor 200.200.200.1 (Internal AS 65100)
Apr 23 11:10:54.866274 bgp_send: sending 59 bytes to 200.200.200.1 (Internal AS 65100)
Apr 23 11:10:54.866386
Apr 23 11:10:54.866386 BGP SEND 1.1.1.1+62573 -> 200.200.200.1+179
Apr 23 11:10:54.866507 BGP SEND message type 1 (Open) length 59
Apr 23 11:10:54.870316
Apr 23 11:10:54.870316 BGP RECV 200.200.200.1+179 -> 1.1.1.1+62573
Apr 23 11:10:54.870510 BGP RECV message type 1 (Open) length 57
Apr 23 11:10:54.870642 bgp_send: sending 19 bytes to 200.200.200.1 (Internal AS 65100)
Apr 23 11:10:54.870750
Apr 23 11:10:54.870750 BGP SEND 1.1.1.1+62573 -> 200.200.200.1+179
Apr 23 11:10:54.871347 BGP SEND message type 4 (KeepAlive) length 19
Apr 23 11:10:54.871791
Apr 23 11:10:54.871791 BGP RECV 200.200.200.1+179 -> 1.1.1.1+62573
Apr 23 11:10:54.871999 BGP RECV message type 4 (KeepAlive) length 19
Apr 23 11:10:54.872881 bgp_send: sending 19 bytes to 200.200.200.1 (Internal AS 65100)
Apr 23 11:10:54.875141
Apr 23 11:10:54.875141 BGP SEND 1.1.1.1+62573 -> 200.200.200.1+179
Apr 23 11:10:54.875315 BGP SEND message type 4 (KeepAlive) length 19
Apr 23 11:10:54.878595 bgp_send: sending 49 bytes to 200.200.200.1 (Internal AS 65100)
Apr 23 11:10:54.878771
Apr 23 11:10:54.878771 BGP SEND 1.1.1.1+62573 -> 200.200.200.1+179
Apr 23 11:10:54.878897 BGP SEND message type 2 (Update) length 49
admin@SRX100B>
ウ NOTIFICATIONメッセージの確認(BGP-3.pcap)
ア) パケット取得
monitor traffic interface fe-0/0/5.0 size 100000 write-file BGP-3.pcap
イ) CISCO側で対向AS番号の変更します
IBGP-R(config)#router bgp 65100
IBGP-R(config-router)#neighbor 1.1.1.1 remote-as 65222
IBGP-R(config-router)#
ウ)変更後のJUNIPERの状態を確認します
admin@SRX100B> show bgp neighbor
Peer: 200.200.200.1 AS 65100 Local: 1.1.1.1 AS 65100
Type: Internal State: Active Flags: <>
Last State: Idle Last Event: Start
Last Error: Hold Timer Expired Error
Export: [ INTERNAL-NETWORK-VR1 ]
Options: <Preference LocalAddress PeerAS Refresh>
Local Address: 1.1.1.1 Holdtime: 90 Preference: 170
Number of flaps: 44
Last flap event: Closed
Error: 'Hold Timer Expired Error' Sent: 37 Recv: 0
Error: 'Cease' Sent: 1 Recv: 0
Trace options: open, update, keepalive, refresh
Trace file: /var/log/BGP-log size 0 files 10
エ)変更後のJUNIPERログを確認します
admin@SRX100B> show log BGP-log
Apr 29 09:11:06 SRX100B clear-log[2273]: logfile cleared
Apr 29 09:11:10.819205
Apr 29 09:11:10.819205 BGP RECV 200.200.200.1+179 -> 1.1.1.1+55962
Apr 29 09:11:10.819464 BGP RECV message type 4 (KeepAlive) length 19
Apr 29 09:11:10.819579 bgp_read_v4_message: done with 200.200.200.1 (Internal AS 65100) received 19 octets 0 updates 0 routes
Apr 29 09:11:15.822873 bgp_recv: peer 200.200.200.1 (Internal AS 65100): received unexpected EOF
Apr 29 09:12:17.719765 bgp_connect_complete: error connecting to 200.200.200.1 (Internal AS 65100): Socket is not connected
admin@SRX100B>
オ) CISCO側の設定を元に戻します
IBGP-R(config)#router bgp 65100
IBGP-R(config-router)#ne
IBGP-R(config-router)#neighbor 1.1.1.1 remote-as 65100
IBGP-R(config-router)#
カ) Juniper側でBGPセッションをクリア!
dmin@SRX100B> clear bgp neighbor soft-inbound
キ) JUNIPER側のログを確認します
admin@SRX100B> show log BGP-log
Apr 29 09:11:06 SRX100B clear-log[2273]: logfile cleared
Apr 29 09:11:10.819205
Apr 29 09:11:10.819205 BGP RECV 200.200.200.1+179 -> 1.1.1.1+55962
Apr 29 09:11:10.819464 BGP RECV message type 4 (KeepAlive) length 19
Apr 29 09:11:10.819579 bgp_read_v4_message: done with 200.200.200.1 (Internal AS 65100) received 19 octets 0 updates 0 routes
Apr 29 09:11:15.822873 bgp_recv: peer 200.200.200.1 (Internal AS 65100): received unexpected EOF
Apr 29 09:12:17.719765 bgp_connect_complete: error connecting to 200.200.200.1 (Internal AS 65100): Socket is not connected
Apr 29 09:12:49.725745 bgp_connect_complete: error connecting to 200.200.200.1 (Internal AS 65100): Socket is not connected
Apr 29 09:13:21.762685 bgp_connect_complete: error connecting to 200.200.200.1 (Internal AS 65100): Socket is not connected
Apr 29 09:13:53.766738 bgp_connect_complete: error connecting to 200.200.200.1 (Internal AS 65100): Socket is not connected
Apr 29 09:14:57.816328 bgp_connect_complete: error connecting to 200.200.200.1 (Internal AS 65100): Socket is not connected
Apr 29 09:16:01.850438 bgp_connect_complete: error connecting to 200.200.200.1 (Internal AS 65100): Socket is not connected
Apr 29 09:17:05.868724 advertising receiving-speaker only capabilty to neighbor 200.200.200.1 (Internal AS 65100) → ネイバー確立できた~
Apr 29 09:17:05.869057 bgp_send: sending 59 bytes to 200.200.200.1 (Internal AS 65100)
Apr 29 09:17:05.869194
Apr 29 09:17:05.869194 BGP SEND 1.1.1.1+60916 -> 200.200.200.1+179
Apr 29 09:17:05.869326 BGP SEND message type 1 (Open) length 59
Apr 29 09:17:05.872432
Apr 29 09:17:05.872432 BGP RECV 200.200.200.1+179 -> 1.1.1.1+60916
Apr 29 09:17:05.872613 BGP RECV message type 1 (Open) length 57
Apr 29 09:17:05.872744 bgp_send: sending 19 bytes to 200.200.200.1 (Internal AS 65100)
Apr 29 09:17:05.872856
Apr 29 09:17:05.872856 BGP SEND 1.1.1.1+60916 -> 200.200.200.1+179
Apr 29 09:17:05.872985 BGP SEND message type 4 (KeepAlive) length 19
Apr 29 09:17:05.874870
Apr 29 09:17:05.874870 BGP RECV 200.200.200.1+179 -> 1.1.1.1+60916
Apr 29 09:17:05.875079 BGP RECV message type 4 (KeepAlive) length 19
Apr 29 09:17:05.876120 bgp_send: sending 19 bytes to 200.200.200.1 (Internal AS 65100)
Apr 29 09:17:05.877470
Apr 29 09:17:05.877470 BGP SEND 1.1.1.1+60916 -> 200.200.200.1+179
Apr 29 09:17:05.877607 BGP SEND message type 4 (KeepAlive) length 19
Apr 29 09:17:05.880936 bgp_send: sending 49 bytes to 200.200.200.1 (Internal AS 65100)
Apr 29 09:17:05.881095
Apr 29 09:17:05.881095 BGP SEND 1.1.1.1+60916 -> 200.200.200.1+179
Apr 29 09:17:05.881226 BGP SEND message type 2 (Update) length 49
Apr 29 09:17:05.883340
Apr 29 09:17:05.883340 BGP RECV 200.200.200.1+179 -> 1.1.1.1+60916
Apr 29 09:17:05.884082 BGP RECV message type 4 (KeepAlive) length 19
Apr 29 09:17:05.884200 bgp_read_v4_message: done with 200.200.200.1 (Internal AS 65100) received 19 octets 0 updates 0 routes
Apr 29 09:17:05.885794
Apr 29 09:17:05.885794 BGP RECV 200.200.200.1+179 -> 1.1.1.1+60916
Apr 29 09:17:05.885980 BGP RECV message type 2 (Update) length 55
Apr 29 09:17:05.886312 bgp_rcv_nlri: 210.210.210.0/24
Apr 29 09:17:05.887063
Apr 29 09:17:05.887063 BGP RECV 200.200.200.1+179 -> 1.1.1.1+60916
Apr 29 09:17:05.887251 BGP RECV message type 2 (Update) length 59
Apr 29 09:17:05.887807 bgp_rcv_nlri: 200.200.200.0/24
Apr 29 09:17:05.888445 bgp_rcv_nlri: 220.220.220.0/24
Apr 29 09:17:05.889106
Apr 29 09:17:05.889106 BGP RECV 200.200.200.1+179 -> 1.1.1.1+60916
Apr 29 09:17:05.889302 BGP RECV message type 2 (Update) length 23
Apr 29 09:17:05.889481 bgp_read_v4_message: done with 200.200.200.1 (Internal AS 65100) received 137 octets 3 updates 3 routes
Apr 29 09:17:32.333508 bgp_send: sending 19 bytes to 200.200.200.1 (Internal AS 65100)
Apr 29 09:17:32.333728
Apr 29 09:17:32.333728 BGP SEND 1.1.1.1+60916 -> 200.200.200.1+179
Apr 29 09:17:32.333869 BGP SEND message type 4 (KeepAlive) length 19
Apr 29 09:17:32.744333
Apr 29 09:17:32.744333 BGP RECV 200.200.200.1+179 -> 1.1.1.1+60916
Apr 29 09:17:32.744544 BGP RECV message type 4 (KeepAlive) length 19
Apr 29 09:17:32.744663 bgp_read_v4_message: done with 200.200.200.1 (Internal AS 65100) received 19 octets 0 updates 0 routes
Apr 29 09:18:01.799180 bgp_send: sending 19 bytes to 200.200.200.1 (Internal AS 65100)
Apr 29 09:18:01.799399
実際にパケットを見たのですが。。 対向のAS番号を違うものにしたら。。
BGP Notificationメッセージが出てくると想定していたんですが。。見当たりません。。でした(^^;)
なんでだろ。。
やり方が悪いのかな。。
SRXでパケットを取りこぼしているような気が。。
(ホントはSPANしてパケット取りたいですよね~)
時間があれば再チャレンジ~
