お疲れさまです!
今回はAS65000のSRX(VR2)とAS65001のSRX(VR2)でEBGPピアを張って経路広告をしてみます
・条件は
お互いのループバックアドレスに対してpeerをはる
対向のループバックに対してはStaticルートを記述する
です!
構成図は以下の通りです。
では始めます~
【SRX100H2:VR2(AS65001)の設定】
〇EBGPの設定
set routing-instances VR2 routing-options router-id 5.5.5.5
set routing-instances VR2 protocols bgp group EXTERNAL peer-as 65000
set routing-instances VR2 protocols bgp group EXTERNAL type external
set routing-instances VR2 protocols bgp group EXTERNAL neighbor 2.2.2.2
set routing-instances VR2 protocols bgp group EXTERNAL local-address 50.5.1.1
set policy-options prefix-list ADV-ROUTE 10.1.5.0/24
set policy-options policy-statement ADV-ROUTE01 term 1 from prefix-list ADV-ROUTE
set policy-options policy-statement ADV-ROUTE01 term 1 then accept
set routing-instances VR2 protocols bgp group EXTERNAL export ADV-ROUTE01
〇対向ループバックアドレスに対するStaticルート
set routing-instance VR2 routing-options static route 2.2.2.2 next-hop 172.16.5.1
【SRX100B:VR2(AS65000)の設定】
〇EBGPの設定
set routing-instances VR2 routing-options router-id 1.1.1.1
set routing-instances VR2 protocols bgp group EXTERNAL peer-as 65001
set routing-instances VR2 protocols bgp group EXTERNAL type external
set routing-instances VR2 protocols bgp group EXTERNAL neighbor 50.5.1.1
set routing-instances VR2 protocols bgp group EXTERNAL local-address 2.2.2.2
set policy-options prefix-list ADV-ROUTE 172.16.200.0/24
set policy-options policy-statement ADV-ROUTE01 term 1 from prefix-list ADV-ROUTE
set policy-options policy-statement ADV-ROUTE01 term 1 then accept
set routing-instances VR2 protocols bgp group EXTERNAL export ADV-ROUTE01
〇対向ループバックアドレスに対するStaticルート
set routing-instances VR2 routing-options static route 50.5.1.1 next-hop 172.16.5.254
〇SRX100B(VR2)をcommitしようとしたら怒られました。。
[edit routing-instances VR2 protocols]
'bgp'
Error in neighbor 50.5.1.1 of group EXTERNAL:
must define local autonomous system when enabling BGP
→ 自分のAS番号設定してなかった。。
error: configuration check-out failed
ので設定追加!!
[edit routing-instances VR2]
admin@SRX100B# top
admin@SRX100B# set routing-instances VR2 routing-options autonomous-system 65000
[edit]
admin@SRX100B# commit check
configuration check succeeds
【SRX100B:VR2(AS65000)でのBGPログ取得(traceoptions)の設定】
admin@SRX100B# set routing-instances VR2 protocols bgp traceoptions file BGP-log
[edit]
admin@SRX100B# set routing-instances VR2 protocols bgp traceoptions flag ?
Possible completions:
4byte-as Trace 4 byte AS events
all Trace everything
bfd Trace BFD events
damping Trace BGP damping information
general Trace general events
graceful-restart Trace Graceful Restart events
keepalive Trace BGP keepalive packets
normal Trace normal events
nsr-synchronization Trace NSR synchronization events
open Trace BGP open packets
packets Trace all BGP protocol packets
policy Trace policy processing
refresh Trace BGP refresh packets
route Trace routing information
state Trace state transitions
task Trace routing protocol task processing
timer Trace routing protocol timer processing
update Trace BGP update packets
[edit]
admin@SRX100B# set routing-instances VR2 protocols bgp traceoptions flag keepalive
[edit]
admin@SRX100B# set routing-instances VR2 protocols bgp traceoptions flag open
[edit]
admin@SRX100B# set routing-instances VR2 protocols bgp traceoptions flag update
[edit]
admin@SRX100B#
[edit]
admin@SRX100B# commit check
configuration check succeeds
[edit]
admin@SRX100B#
★ちなみに。。今回はPolicy-optionsの使い方を変えてみました(^^;)
(前回まで。。)
〇 Policy-Statement上のroute-filterにより広告するNWを指定
#set policy-options policy-statement INTERNAL-NETWORK-VR1 term 1 from route-filter 1.1.1.1/32 exact
#set policy-options policy-statement INTERNAL-NETWORK-VR1 term 1 then accept
(今回は!!)
〇 prefix-listで広告するNWを指定したのちにPolicy-Statementに割り当て
set policy-options prefix-list ADV-ROUTE 172.16.200.0/24
set policy-options policy-statement ADV-ROUTE01 term 1 from prefix-list ADV-ROUTE
set policy-options policy-statement ADV-ROUTE01 term 1 then accept
set protocols bgp group EXTERNAL export ADV-ROUTE01
【EBGPが確立されているか確認してみましょう!!】
admin@SRX100B> show bgp summary
Groups: 2 Peers: 2 Down peers: 1
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
50.5.1.1 65001 0 0 0 0 9:41 Idle
→ アイドルのまま。。。
200.200.200.1 65100 199 294 0 23 1 Establ
VR1.inet.0: 0/3/3/0
admin@SRX100B> show bgp group
Group Type: Internal AS: 65100 Local AS: 65100
Name: INTERNAL Index: 0 Flags: <>
Export: [ INTERNAL-NETWORK-VR1 ]
Holdtime: 0
Total peers: 1 Established: 1
200.200.200.1+179
VR1.inet.0: 0/3/3/0
Group Type: External Local AS: 65000
Name: EXTERNAL Index: 1 Flags: <>
Export: [ ADV-ROUTE01 ]
Holdtime: 0
Total peers: 1 Established: 0
50.5.1.1
Trace options: open, update, keepalive
Trace file: /var/log/BGP-log size 0 files 10
Groups: 2 Peers: 2 External: 1 Internal: 1 Down peers: 1 Flaps: 23
Table Tot Paths Act Paths Suppressed History Damp State Pending
VR1.inet.0 3 0 0 0 0 0
VR1.mdt.0 0 0 0 0 0 0
VR2.mdt.0 0 0 0 0 0 0
VR2.inet.0 0 0 0 0 0 0
admin@SRX100B>
admin@SRX100B> show bgp neighbor 50.5.1.1
Peer: 50.5.1.1 AS 65001 Local: 2.2.2.2 AS 65000
Type: External State: Idle Flags: <PeerInterfaceError ImportEval>
→ アイドルのまま。。。
Last State: NoState Last Event: NoEvent
Last Error: None
Export: [ ADV-ROUTE01 ]
Options: <Preference LocalAddress PeerAS Refresh>
Local Address: 2.2.2.2 Holdtime: 90 Preference: 170
Number of flaps: 0
Trace options: open, update, keepalive
Trace file: /var/log/BGP-log size 0 files 10
admin@SRX100B>
ピアが確立されませんね・・(^^;)
Traceoptiで指定したログを見てみましょう!
admin@SRX100B> show log BGP-log
May 1 23:45:00 SRX100B clear-log[1292]: logfile cleared
May 2 00:30:30 trace_on: Tracing to "/var/log/BGP-log" started
→ ログがない~ 悲
**********************************************************************************************
ネイバーが確立されない理由かここにあります~
〇参考サイト
https://www.infraexpert.com/infra/junosb03.html
EBGPピアにおけるBGPメッセージのTTLは「1」であることから、EBGPネイバー接続で loopback I/F を
使用する場合、TTL値の「1」をmultihop ttlコマンドを使用して「1」より大きな値にする必要があります。
使用するコマンドは以下の5つです。
・ set routing-options autonomous-system as-number
・ set protocols bgp group name type external
・ set protocols bgp group name neighbor ip-address multihop ttl ttl
→ ここ入れてませんね~
・ set protocols bgp group name neighbor ip-address local-address ip-address
・ set protocols bgp group name neighbor ip-address peer-as as-number
〇 追加で投入
【SRX100H2:VR2(AS65001)の追加設定】
#set routing-instance VR2 protocols bgp neighbor 50.5.1.1 multihop ttl 2
【SRX100B:VR2(AS65000)の追加設定】
[edit routing-instances VR2]
#set routing-instance VR2 protocols bgp group EXTERNAL neighbor 50.5.1.1 multihop ttl 2
〇では気を取り直してEBGPが確立されているか確認してみましょう~!!
admin@SRX100B> show bgp summary
Groups: 2 Peers: 2 Down peers: 1
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
50.5.1.1 65001 0 0 0 0 3:22 Idle → まだアイドル。。
200.200.200.1 65100 216 319 0 25 4:19 Establ
VR1.inet.0: 0/3/3/0
〇 ログ見てみると。。。 私のポカミスが・・(^^;)
admin@SRX100B> show log BGP-log
May 1 23:45:00 SRX100B clear-log[1292]: logfile cleared
May 2 00:30:30 trace_on: Tracing to "/var/log/BGP-log" started
May 2 00:35:46.013246 bgp_peer_init: BGP peer 50.5.1.1 (External AS 65001) local address 2.2.2.2 not found. Leaving peer idled
admin@SRX100B> show log BGP-log
May 1 23:45:00 SRX100B clear-log[1292]: logfile cleared
May 2 00:30:30 trace_on: Tracing to "/var/log/BGP-log" started
May 2 00:35:46.013246 bgp_peer_init: BGP peer 50.5.1.1 (External AS 65001) local address 2.2.2.2 not found. Leaving peer idled
→ ローカルアドレスの2.2.2.2がない~!!!
そんなバカな。。。
admin@SRX100B> show route 2.2.2.2
→ ない。。設定忘れ。。
さっそく追加(^^;)・・
admin@SRX100B# set interfaces lo0 unit 0 family inet address 2.2.2.2/32
admin@SRX100B# set routing-instances VR2 interface lo0
[edit]
admin@SRX100B# commit
〇 またまた再確認~
【SRX100B:VR2(AS65000)の確認】
admin@SRX100B# run show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
50.5.1.1 65001 4 5 0 0 31 Establ
VR2.inet.0: 1/1/1/0
200.200.200.1 65100 223 326 0 25 7:35 Establ
VR1.inet.0: 0/3/3/0
[edit]
admin@SRX100B# show bgp
^
syntax error.
admin@SRX100B# run show bgp group
Group Type: Internal AS: 65100 Local AS: 65100
Name: INTERNAL Index: 0 Flags: <>
Export: [ INTERNAL-NETWORK-VR1 ]
Holdtime: 0
Total peers: 1 Established: 1
200.200.200.1+179
VR1.inet.0: 0/3/3/0
Group Type: External Local AS: 65000
Name: EXTERNAL Index: 2 Flags: <>
Export: [ ADV-ROUTE01 ]
Options: <Multihop>
Holdtime: 0
Total peers: 1 Established: 1
50.5.1.1+179
Trace options: open, update, keepalive
Trace file: /var/log/BGP-log size 0 files 10
VR2.inet.0: 1/1/1/0
Groups: 2 Peers: 2 External: 1 Internal: 1 Down peers: 0 Flaps: 25
Table Tot Paths Act Paths Suppressed History Damp State Pending
VR1.inet.0 3 0 0 0 0 0
VR1.mdt.0 0 0 0 0 0 0
VR2.mdt.0 0 0 0 0 0 0
VR2.inet.0 1 1 0 0 0 0
[edit]
admin@SRX100B#
[edit]
admin@SRX100B# run show route protocol bgp
inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
VR1.inet.0: 10 destinations, 13 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
200.200.200.0/24 [BGP/170] 00:08:27, MED 0, localpref 100, from 200.200.200.1
AS path: ?
> to 172.16.210.1 via fe-0/0/5.0
210.210.210.0/24 [BGP/170] 00:08:27, MED 0, localpref 100, from 200.200.200.1
AS path: I
> to 172.16.210.1 via fe-0/0/5.0
220.220.220.0/24 [BGP/170] 00:08:27, MED 0, localpref 100, from 200.200.200.1
AS path: ?
> to 172.16.210.1 via fe-0/0/5.0
VR2.inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.1.5.0/24 *[BGP/170] 00:01:23, localpref 100, from 50.5.1.1
AS path: 65001 I
> to 172.16.5.254 via fe-0/0/1.0
[edit]
admin@SRX100B#
admin@SRX100B> show log BGP-log
May 1 23:45:00 SRX100B clear-log[1292]: logfile cleared
May 2 00:30:30 trace_on: Tracing to "/var/log/BGP-log" started
May 2 00:35:46.013246 bgp_peer_init: BGP peer 50.5.1.1 (External AS 65001) local address 2.2.2.2 not found. Leaving peer idled
May 2 00:41:52.950764 advertising receiving-speaker only capabilty to neighbor 50.5.1.1 (External AS 65001)
May 2 00:41:52.952174 bgp_send: sending 59 bytes to 50.5.1.1 (External AS 65001)
May 2 00:41:52.952306
May 2 00:41:52.952306 BGP SEND 2.2.2.2+52811 -> 50.5.1.1+179
May 2 00:41:52.952482 BGP SEND message type 1 (Open) length 59
May 2 00:41:52.960302
May 2 00:41:52.960302 BGP RECV 50.5.1.1+179 -> 2.2.2.2+52811
May 2 00:41:52.960546 BGP RECV message type 1 (Open) length 59
May 2 00:41:52.960718 bgp_send: sending 19 bytes to 50.5.1.1 (External AS 65001)
May 2 00:41:52.960847
May 2 00:41:52.960847 BGP SEND 2.2.2.2+52811 -> 50.5.1.1+179
May 2 00:41:52.961043 BGP SEND message type 4 (KeepAlive) length 19
May 2 00:41:52.961569 bgp_read_message: 50.5.1.1 (External AS 65001): 0 bytes buffered
May 2 00:41:52.972348
May 2 00:41:52.972348 BGP RECV 50.5.1.1+179 -> 2.2.2.2+52811
May 2 00:41:52.972602 BGP RECV message type 4 (KeepAlive) length 19
May 2 00:41:52.975832 bgp_send: sending 19 bytes to 50.5.1.1 (External AS 65001)
May 2 00:41:52.976036
May 2 00:41:52.976036 BGP SEND 2.2.2.2+52811 -> 50.5.1.1+179
May 2 00:41:52.976220 BGP SEND message type 4 (KeepAlive) length 19
May 2 00:41:52.979216 bgp_send: sending 47 bytes to 50.5.1.1 (External AS 65001)
May 2 00:41:52.979426
May 2 00:41:52.979426 BGP SEND 2.2.2.2+52811 -> 50.5.1.1+179
May 2 00:41:52.979573 BGP SEND message type 2 (Update) length 47
May 2 00:41:52.979838 bgp_send: sending 23 bytes to 50.5.1.1 (External AS 65001)
May 2 00:41:52.980036
May 2 00:41:52.980036 BGP SEND 2.2.2.2+52811 -> 50.5.1.1+179
May 2 00:41:52.980207 BGP SEND message type 2 (Update) length 23
May 2 00:41:52.985766
May 2 00:41:52.985766 BGP RECV 50.5.1.1+179 -> 2.2.2.2+52811
May 2 00:41:52.986106 BGP RECV message type 4 (KeepAlive) length 19
May 2 00:41:52.986470
May 2 00:41:52.986470 BGP RECV 50.5.1.1+179 -> 2.2.2.2+52811
May 2 00:41:52.986675 BGP RECV message type 2 (Update) length 47
May 2 00:41:52.987188 bgp_rcv_nlri: 10.1.5.0/24
May 2 00:41:52.988066
May 2 00:41:52.98806
[abort]
【SRX100H2:VR2(AS65001)の確認】
admin@SRX100H2> show bgp summary
Groups: 3 Peers: 3 Down peers: 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
2.2.2.2 65000 9 8 0 0 2:16 Establ
VR2.inet.0: 1/1/1/0
50.5.1.1 65001 236 236 0 0 1:45:06 Establ
VR1.inet.0: 0/2/2/0
50.6.1.1 65001 236 237 0 0 1:45:06 Establ
VR2.inet.0: 0/1/1/0
admin@SRX100H2> show bgp group
Group Type: Internal AS: 65001 Local AS: 65001
Name: INTERNAL Index: 0 Flags: <>
Export: [ INTERNAL-NETWORK-VR1 ]
Holdtime: 0
Total peers: 1 Established: 1
50.5.1.1+179
VR1.inet.0: 0/2/2/0
Group Type: Internal AS: 65001 Local AS: 65001
Name: INTERNAL Index: 1 Flags: <>
Export: [ INTERNAL-NETWORK-VR2 ]
Holdtime: 0
Total peers: 1 Established: 1
50.6.1.1+49182
VR2.inet.0: 0/1/1/0
Group Type: External Local AS: 65001
Name: EXTERNAL Index: 3 Flags: <>
Export: [ ADV-ROUTE01 ]
Options: <Multihop>
Holdtime: 0
Total peers: 1 Established: 1
2.2.2.2+52811
VR2.inet.0: 1/1/1/0
Groups: 3 Peers: 3 External: 1 Internal: 2 Down peers: 0 Flaps: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
VR1.inet.0 2 0 0 0 0 0
VR2.inet.0 2 1 0 0 0 0
VR1.mdt.0 0 0 0 0 0 0
VR2.mdt.0 0 0 0 0 0 0
admin@SRX100H2>
admin@SRX100H2>
admin@SRX100H2> show route protocol bgp
inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
VR1.inet.0: 13 destinations, 14 routes (12 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
10.1.5.0/24 [BGP/170] 01:45:18, localpref 100, from 50.5.1.1
AS path: I
to 172.30.3.5 via fe-0/0/5.0
> to 172.30.30.5 via fe-0/0/6.0
VR2.inet.0: 14 destinations, 15 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.1.6.0/24 [BGP/170] 01:45:18, localpref 100, from 50.6.1.1
AS path: I
to 172.30.3.6 via fe-0/0/1.0
> to 172.30.30.6 via fe-0/0/2.0
172.16.200.0/24 *[BGP/170] 00:02:28, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.5.1 via fe-0/0/0.0
admin@SRX100H2>
最終configは以下のようになりました~
★EBGPによりピアが確立してBGPで経路が確立されました~
今回は私のポカミスが多かった~(^^;)
