お疲れさまです~
暑いですね・・(^^;)
今回はBGPにおけるcommunity設定および確認をします(^^;)
お品書きです~
① communityとは??
② communityを使用したLocalPreferrence値の制御及び確認
では始めます~
① communityとは??
https://www.infraexpert.com/study/bgpz26.html
いつもながらのサイトです~
こちらもチラ見して勉強。。(なかなかBGPを実運用しないと生きたノウハウはつかないですね・・(^^;))
https://www.nic.ad.jp/ja/materials/iw/2016/proceedings/t06/t6-kojima.pdf
② communityを使用したLocalPreferrence値の制御及び確認
Juniperさんの以下のサイトを参考にさせていただきました!!
https://www.juniper.net/documentation/jp/ja/software/junos/routing-policy/topics/example/bgp-communities.html
今回はAS65100のCISCOルータからBGPで広報されてくる経路をCOREにおいてcommunity値を付与
→ POD5/6においてCOREから広報されたcommunityによりLocal-preference
を変更してみます!
ア 事前確認
POD5/6においてCISCOからのBGP経路の学習状況を確認します。
POD5
admin@SRX100H2> show route table VR2.inet.0 protocol bgp
VR2.inet.0: 19 destinations, 26 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[BGP/170] 00:06:37, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.5.1 via fe-0/0/0.0
[BGP/170] 00:06:11, localpref 100, from 50.6.1.1
AS path: 65000 I
> to 172.30.3.6 via fe-0/0/1.0
to 172.30.30.6 via fe-0/0/2.0
2.2.2.2/32 [BGP/170] 00:06:37, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.5.1 via fe-0/0/0.0
10.1.6.0/24 [BGP/170] 00:06:39, localpref 100, from 50.6.1.1
AS path: I
to 172.30.3.6 via fe-0/0/1.0
> to 172.30.30.6 via fe-0/0/2.0
172.16.200.0/24 *[BGP/170] 00:06:37, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.5.1 via fe-0/0/0.0
[BGP/170] 00:06:11, localpref 100, from 50.6.1.1
AS path: 65000 I
> to 172.30.3.6 via fe-0/0/1.0
to 172.30.30.6 via fe-0/0/2.0
200.200.200.0/24 *[BGP/170] 00:06:11, localpref 200, from 50.6.1.1
↑ POD6からのLP値は200
AS path: 65000 65100 I
to 172.30.3.6 via fe-0/0/1.0
> to 172.30.30.6 via fe-0/0/2.0
[BGP/170] 00:06:37, localpref 100, from 2.2.2.2
↑ COREからのLP値は100
AS path: 65000 65100 I
> to 172.16.5.1 via fe-0/0/0.0
210.210.210.0/24 *[BGP/170] 00:06:37, localpref 100, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.5.1 via fe-0/0/0.0
[BGP/170] 00:06:11, localpref 100, from 50.6.1.1
AS path: 65000 65100 I
> to 172.30.3.6 via fe-0/0/1.0
to 172.30.30.6 via fe-0/0/2.0
220.220.220.0/24 *[BGP/170] 00:06:37, localpref 100, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.5.1 via fe-0/0/0.0
[BGP/170] 00:06:11, localpref 100, from 50.6.1.1
AS path: 65000 65100 I
to 172.30.3.6 via fe-0/0/1.0
> to 172.30.30.6 via fe-0/0/2.0
admin@SRX100H2>
admin@SRX100H2> show route table VR1.inet.0 protocol bgp
VR1.inet.0: 19 destinations, 25 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[BGP/170] 00:16:05, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.6.1 via fe-0/0/4.0
[BGP/170] 00:16:31, localpref 100, from 50.5.1.1
AS path: 65000 I
> to 172.16.6.1 via fe-0/0/4.0
2.2.2.2/32 [BGP/170] 00:16:05, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.6.1 via fe-0/0/4.0
10.1.5.0/24 [BGP/170] 00:16:33, localpref 100, from 50.5.1.1
AS path: I
to 172.30.3.5 via fe-0/0/5.0
> to 172.30.30.5 via fe-0/0/6.0
172.16.200.0/24 *[BGP/170] 00:16:05, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.6.1 via fe-0/0/4.0
[BGP/170] 00:16:31, localpref 100, from 50.5.1.1
AS path: 65000 I
> to 172.16.6.1 via fe-0/0/4.0
200.200.200.0/24 *[BGP/170] 00:16:05, localpref 200, from 2.2.2.2
↑ COREからのLP値は200
AS path: 65000 65100 I
> to 172.16.6.1 via fe-0/0/4.0
210.210.210.0/24 *[BGP/170] 00:16:05, localpref 100, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.6.1 via fe-0/0/4.0
[BGP/170] 00:16:30, localpref 100, from 50.5.1.1
AS path: 65000 65100 I
> to 172.16.6.1 via fe-0/0/4.0
220.220.220.0/24 *[BGP/170] 00:16:05, localpref 100, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.6.1 via fe-0/0/4.0
[BGP/170] 00:16:30, localpref 100, from 50.5.1.1
AS path: 65000 65100 I
> to 172.16.6.1 via fe-0/0/4.0
前回のLocal-preference設定がついているようですね・・(^^;)
で現状の設定を確認しました~
POD5
admin@SRX100H2> show configuration routing-instances VR2 protocols bgp
group INTERNAL {
type internal;
local-address 50.5.1.1;
export INTERNAL-NETWORK-VR2;
peer-as 65001;
neighbor 50.6.1.1;
}
group EXTERNAL {
type external;
local-address 50.5.1.1;
inactive: import LOCAL-PREF; → LP値設定はInactive(無効化)
export [ ADV-ROUTE01 INTERNAL-NETWORK-VR2 INTERNAL-NETWORK-VR1 ];
peer-as 65000;
neighbor 2.2.2.2 {
multihop {
ttl 2;
}
}
}
admin@SRX100H2>
POD6
admin@SRX100H2> show configuration routing-instances VR1 protocols bgp
group INTERNAL {
type internal;
local-address 50.6.1.1;
export [ INTERNAL-NETWORK-VR1 NEXT-HOP ];
peer-as 65001;
neighbor 50.5.1.1;
}
group EXTERNAL {
type external;
local-address 50.6.1.1;
import LOCAL-PREF; → LP値設定はActivate(有効化)
export [ ADV-ROUTE06 INTERNAL-NETWORK-VR1 INTERNAL-NETWORK-VR2 ];
peer-as 65000;
neighbor 2.2.2.2 {
multihop {
ttl 2;
}
}
}
admin@SRX100H2>
LP値の設定Policy
admin@SRX100H2> show configuration policy-options policy-statement LOCAL-PREF | display set
set policy-options policy-statement LOCAL-PREF term 1 from route-filter 200.200.200.0/24 exact
set policy-options policy-statement LOCAL-PREF term 1 then local-preference 200
なので。。。以下でLP値設定を削除しておきます~(Policyは残したまま。。)
admin@SRX100H2# delete routing-instances VR1 protocols bgp group EXTERNAL import LOCAL-PREF
admin@SRX100H2# delete routing-instances VR2 protocols bgp group EXTERNAL import LOCAL-PREF
[edit]
admin@SRX100H2# show | compare
[edit routing-instances VR1 protocols bgp group EXTERNAL]
- import LOCAL-PREF;
[edit routing-instances VR2 protocols bgp group EXTERNAL]
- inactive: import LOCAL-PREF;
[edit]
admin@SRX100H2#
admin@SRX100H2> clear bgp neighbor soft-inbound instance VR1
admin@SRX100H2> clear bgp neighbor soft-inbound instance VR2
admin@SRX100H2>
admin@SRX100H2> show route table VR2.inet.0 protocol bgp 200.200.200.0/24
VR2.inet.0: 19 destinations, 26 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
200.200.200.0/24 *[BGP/170] 00:30:15, localpref 100, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.5.1 via fe-0/0/0.0
[BGP/170] 00:01:34, localpref 100, from 50.6.1.1
AS path: 65000 65100 I
to 172.30.3.6 via fe-0/0/1.0
> to 172.30.30.6 via fe-0/0/2.0
admin@SRX100H2> show route table VR1.inet.0 protocol bgp 200.200.200.0/24
VR1.inet.0: 19 destinations, 26 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
200.200.200.0/24 *[BGP/170] 00:29:53, localpref 100, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.6.1 via fe-0/0/4.0
[BGP/170] 00:01:38, localpref 100, from 50.5.1.1
AS path: 65000 65100 I
> to 172.16.6.1 via fe-0/0/4.0
admin@SRX100H2>
LP値がデフォルトに戻りました~
イ CORE及びPOD5/6にcommunity関連の設定を投入します。
【COREの設定】
AS65100のCISCOルータからBGPで広報されてくる経路をCOREにおいて
communityを付与
set policy-options policy-statement AS65100-Seg-control term 1 from route-filter 200.200.200.0/24 exact
set policy-options policy-statement AS65100-Seg-control term 1 then community add CISCO_SEG1
set policy-options policy-statement AS65100-Seg-control term 1 then accept
set policy-options policy-statement AS65100-Seg-control term 2 from route-filter 210.210.210.0/24 exact
set policy-options policy-statement AS65100-Seg-control term 2 from route-filter 220.220.220.0/24 exact
set policy-options policy-statement AS65100-Seg-control term 2 then community add CISCO_SEG10
set policy-options policy-statement AS65100-Seg-control term 2 then accept
set policy-options community CISCO_SEG1 members 65100:1
set policy-options community CISCO_SEG10 members 65100:10
set routing-instances VR2 protocols bgp group EXTERNAL-AS65100 import AS65100-Seg-control
〇 POD5/6においてcommunityの条件によりLocal-preferenceを変更する設定
【POD5の設定】
set policy-options policy-statement change-local-preference-POD5 term 1 from community CISCO_SEG1-LP
set policy-options policy-statement change-local-preference-POD5 term 1 then local-preference 200
set policy-options policy-statement change-local-preference-POD5 term 2 from community CISCO_SEG10-LP
set policy-options policy-statement change-local-preference-POD5 term 2 then local-preference 50
set policy-options community CISCO_SEG1-LP members 65100:1
set policy-options community CISCO_SEG10-LP members 65100:10
set routing-instance VR2 protocols bgp group EXTERNAL import change-local-preference-POD5
【POD6の設定】
set policy-options policy-statement change-local-preference-POD6 term 1 from community CISCO_SEG1-LP
set policy-options policy-statement change-local-preference-POD6 term 1 then local-preference 50
set policy-options policy-statement change-local-preference-POD6 term 2 from community CISCO_SEG10-LP
set policy-options policy-statement change-local-preference-POD6 term 2 then local-preference 200
set policy-options community CISCO_SEG1-LP members 65100:1
set policy-options community CISCO_SEG10-LP members 65100:10
set routing-instance VR1 protocols bgp group EXTERNAL import change-local-preference-POD6
〇 COREでBGPネイバーをリセットします。
admin@SRX100B> clear bgp neighbor soft-inbound instance VR1
admin@SRX100B> clear bgp neighbor soft-inbound instance VR2
エ communityによる制御が実施されているかを確認します。
ア) COREからcommunityを広報しているかを確認!
admin@SRX100B> show route advertising-protocol bgp 50.5.1.1 extensive
VR2.inet.0: 15 destinations, 18 routes (15 active, 0 holddown, 0 hidden)
* 1.1.1.1/32 (2 entries, 1 announced)
BGP group EXTERNAL type External
Nexthop: Self
AS path: [65000] I
* 2.2.2.2/32 (1 entry, 1 announced)
BGP group EXTERNAL type External
Nexthop: Self
AS path: [65000] I
* 172.16.200.0/24 (1 entry, 1 announced)
BGP group EXTERNAL type External
Nexthop: Self
AS path: [65000] I
* 200.200.200.0/24 (1 entry, 1 announced)
BGP group EXTERNAL type External
Nexthop: Self
AS path: [65000] 65100 I
Communities: 65100:1
* 210.210.210.0/24 (1 entry, 1 announced)
BGP group EXTERNAL type External
Nexthop: Self
AS path: [65000] 65100 I
Communities: 65100:10
* 220.220.220.0/24 (1 entry, 1 announced)
BGP group EXTERNAL type External
Nexthop: Self
AS path: [65000] 65100 I
Communities: 65100:10
200.200.200.0/24 ~ 220.220.220.0/24のサブネットに
Communitiesが付加されているのがわかりますね~
イ) POD5/6においてcommunity(タグ)の条件により
Local-preferenceが変更されているかを確認
admin@SRX100H2> show route table VR1.inet.0 protocol bgp
VR1.inet.0: 19 destinations, 24 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[BGP/170] 00:42:42, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.6.1 via fe-0/0/4.0
[BGP/170] 00:42:46, localpref 100, from 50.5.1.1
AS path: 65000 I
> to 172.16.6.1 via fe-0/0/4.0
2.2.2.2/32 [BGP/170] 00:42:42, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.6.1 via fe-0/0/4.0
10.1.5.0/24 [BGP/170] 00:42:46, localpref 100, from 50.5.1.1
AS path: I
to 172.30.3.5 via fe-0/0/5.0
> to 172.30.30.5 via fe-0/0/6.0
172.16.200.0/24 *[BGP/170] 00:42:42, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.6.1 via fe-0/0/4.0
[BGP/170] 00:42:46, localpref 100, from 50.5.1.1
AS path: 65000 I
> to 172.16.6.1 via fe-0/0/4.0
200.200.200.0/24 *[BGP/170] 00:09:26, localpref 200, from 50.5.1.1
AS path: 65000 65100 I
> to 172.16.6.1 via fe-0/0/4.0
[BGP/170] 00:30:13, localpref 50, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.6.1 via fe-0/0/4.0
210.210.210.0/24 *[BGP/170] 00:30:13, localpref 200, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.6.1 via fe-0/0/4.0
220.220.220.0/24 *[BGP/170] 00:30:13, localpref 200, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.6.1 via fe-0/0/4.0
admin@SRX100H2> admin@SRX100H2> show route table VR2.inet.0 protocol bgp
VR2.inet.0: 19 destinations, 25 routes (19 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[BGP/170] 00:43:15, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.5.1 via fe-0/0/0.0
[BGP/170] 00:43:00, localpref 100, from 50.6.1.1
AS path: 65000 I
> to 172.30.3.6 via fe-0/0/1.0
to 172.30.30.6 via fe-0/0/2.0
2.2.2.2/32 [BGP/170] 00:43:15, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.5.1 via fe-0/0/0.0
10.1.6.0/24 [BGP/170] 00:43:04, localpref 100, from 50.6.1.1
AS path: I
to 172.30.3.6 via fe-0/0/1.0
> to 172.30.30.6 via fe-0/0/2.0
172.16.200.0/24 *[BGP/170] 00:43:15, localpref 100, from 2.2.2.2
AS path: 65000 I
> to 172.16.5.1 via fe-0/0/0.0
[BGP/170] 00:43:00, localpref 100, from 50.6.1.1
AS path: 65000 I
> to 172.30.3.6 via fe-0/0/1.0
to 172.30.30.6 via fe-0/0/2.0
200.200.200.0/24 *[BGP/170] 00:30:31, localpref 200, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.5.1 via fe-0/0/0.0
210.210.210.0/24 *[BGP/170] 00:09:44, localpref 200, from 50.6.1.1
AS path: 65000 65100 I
> to 172.30.3.6 via fe-0/0/1.0
to 172.30.30.6 via fe-0/0/2.0
[BGP/170] 00:30:31, localpref 50, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.5.1 via fe-0/0/0.0
220.220.220.0/24 *[BGP/170] 00:09:44, localpref 200, from 50.6.1.1
AS path: 65000 65100 I
to 172.30.3.6 via fe-0/0/1.0
> to 172.30.30.6 via fe-0/0/2.0
[BGP/170] 00:30:31, localpref 50, from 2.2.2.2
AS path: 65000 65100 I
> to 172.16.5.1 via fe-0/0/0.0
★extensiveオプションをつけるとより詳細な情報がわかります!
admin@SRX100H2>show route table VR1.inet.0 protocol bgp 200.200.200.0/24 extensive | no-more
VR1.inet.0: 19 destinations, 24 routes (19 active, 0 holddown, 0 hidden)
210.210.210.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 210.210.210.0/24 -> {indirect(262144)}
Page 0 idx 0 Type 1 val 15ad570
Flags: Nexthop Change
Nexthop: Self
Localpref: 200
AS path: [65001] 65000 65100 I
Communities: 65100:10
Path 210.210.210.0 from 2.2.2.2 Vector len 4. Val: 0
*BGP Preference: 170/-201
Next hop type: Indirect
Address: 0x15b13a8
Next-hop reference count: 19
Source: 2.2.2.2
Next hop type: Router, Next hop index: 1404
Next hop: 172.16.6.1 via fe-0/0/4.0, selected
Protocol next hop: 2.2.2.2
Indirect next hop: 16802b8 262144
State: <Active Ext>
Local AS: 65001 Peer AS: 65000
Age: 29:08 Metric2: 0
Task: BGP_65000_65001.2.2.2.2+179
Announcement bits (3): 2-KRT 3-BGP_RT_Background 4-Resolve tree 2
AS path: 65000 65100 I
Communities: 65100:10
Accepted
Localpref: 200
Router ID: 1.1.1.1
Indirect next hops: 1
Protocol next hop: 2.2.2.2
Indirect next hop: 16802b8 262144
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 172.16.6.1 via fe-0/0/4.0
2.2.2.2/32 Originating RIB: VR1.inet.0
Node path count: 1
Forwarding nexthops: 1
Nexthop: 172.16.6.1 via fe-0/0/4.0
admin@SRX100H2> show route table VR1.inet.0 protocol bgp 210.210.210.0/24 extensive | no-more
VR1.inet.0: 19 destinations, 24 routes (19 active, 0 holddown, 0 hidden)
220.220.220.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 220.220.220.0/24 -> {indirect(262144)}
Page 0 idx 0 Type 1 val 15ad58c
Flags: Nexthop Change
Nexthop: Self
Localpref: 200
AS path: [65001] 65000 65100 I
Communities: 65100:10
Path 220.220.220.0 from 2.2.2.2 Vector len 4. Val: 0
*BGP Preference: 170/-201
Next hop type: Indirect
Address: 0x15b13a8
Next-hop reference count: 19
Source: 2.2.2.2
Next hop type: Router, Next hop index: 1404
Next hop: 172.16.6.1 via fe-0/0/4.0, selected
Protocol next hop: 2.2.2.2
Indirect next hop: 16802b8 262144
State: <Active Ext>
Local AS: 65001 Peer AS: 65000
Age: 29:18 Metric2: 0
Task: BGP_65000_65001.2.2.2.2+179
Announcement bits (3): 2-KRT 3-BGP_RT_Background 4-Resolve tree 2
AS path: 65000 65100 I
Communities: 65100:10
Accepted
Localpref: 200
Router ID: 1.1.1.1
Indirect next hops: 1
Protocol next hop: 2.2.2.2
Indirect next hop: 16802b8 262144
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 172.16.6.1 via fe-0/0/4.0
2.2.2.2/32 Originating RIB: VR1.inet.0
Node path count: 1
Forwarding nexthops: 1
Nexthop: 172.16.6.1 via fe-0/0/4.0
admin@SRX100H2> show route table VR1.inet.0 protocol bgp 220.220.220.0/24 extensive | no-more
VR2.inet.0: 19 destinations, 25 routes (19 active, 0 holddown, 0 hidden)
200.200.200.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 200.200.200.0/24 -> {indirect(262142)}
Page 0 idx 1 Type 1 val 15ad2d0
Nexthop: 2.2.2.2
Localpref: 200
AS path: [65001] 65000 65100 I
Communities: 65100:1
Path 200.200.200.0 from 2.2.2.2 Vector len 4. Val: 1
*BGP Preference: 170/-201
Next hop type: Indirect
Address: 0x15b1194
Next-hop reference count: 12
Source: 2.2.2.2
Next hop type: Router, Next hop index: 1403
Next hop: 172.16.5.1 via fe-0/0/0.0, selected
Protocol next hop: 2.2.2.2
Indirect next hop: 16803a0 262142
State: <Active Ext>
Local AS: 65001 Peer AS: 65000
Age: 29:35 Metric2: 0
Task: BGP_65000_65001.2.2.2.2+53582
Announcement bits (3): 2-KRT 3-BGP_RT_Background 4-Resolve tree 1
AS path: 65000 65100 I
Communities: 65100:1
Accepted
Localpref: 200
Router ID: 1.1.1.1
Indirect next hops: 1
Protocol next hop: 2.2.2.2
Indirect next hop: 16803a0 262142
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: 172.16.5.1 via fe-0/0/0.0
2.2.2.2/32 Originating RIB: VR2.inet.0
Node path count: 1
Forwarding nexthops: 1
Nexthop: 172.16.5.1 via fe-0/0/0.0
次回はBGPルートリフレクタ及びルートコンフィでレーションの設定と確認をしたいと思います(^^;)
→ 久しぶりにSRX240で実施してみようかな~
ではまたまた~(^^;)
