読者です 読者をやめる 読者になる 読者になる

らくがきちょう

なんとなく

Cisco(IOSv / CSR1000V / XRv / NX-OSv / ASAv)、Mikrotik、VyOS で eBGP 接続してみる

Cisco、Mikrotik、VyOS を eBGP 接続し、各々のコンフィグを比較してみました。具体的には以下の機器を用いました。

  1. Cisco IOSv
  2. Cisco CSR1000V
  3. Cisco XRv
  4. Cisco NX-OSv
  5. Cisco ASAv
  6. Mikrotik
  7. VyOS

構成 & OS バージョン

以下の構成で検証しました。

f:id:sig9:20150803011805p:plain

OS バージョンは各々、以下の通りです。

Loopback アドレス メーカー OS バージョン
10.0.0.1 Cisco IOSv IOS 15.5(2)T
10.0.0.2 Cisco CSR1000V IOS XE Version 03.14.00.S
10.0.0.3 Cisco XRv IOS XR 5.3.0
10.0.0.4 Cisco NX-OSv NX-OS 7.2(0)D1(1)
10.0.0.5 Cisco ASAv ASA 9.3(2)200
10.0.0.6 Mikrotik RouterOS RouterOS 6.30.2
10.0.0.7 VyOS VyOS VyOS 1.1.5

各ルータのコンフィグ

各ルータのコンフィグは以下の通りです。

IOSv のコンフィグ

hostname IOSv
!
interface Loopback0
 ip address 10.0.99.1 255.255.255.255
!
interface GigabitEthernet0/1
 ip address 10.0.0.1 255.255.255.0
 no shutdown
!
router bgp 65001
 bgp router-id 10.0.99.1
 neighbor 10.0.0.2 remote-as 65002
 neighbor 10.0.0.3 remote-as 65003
 neighbor 10.0.0.4 remote-as 65004
 neighbor 10.0.0.5 remote-as 65005
 neighbor 10.0.0.6 remote-as 65006
 neighbor 10.0.0.7 remote-as 65007
 network 10.0.99.1 mask 255.255.255.255
!
end

CSR1000V のコンフィグ

CSR1000V のコンフィグは IOSv のコンフィグと、ほぼ同じです。

hostname CSR1000V
!
interface Loopback0
 ip address 10.0.99.2 255.255.255.255
!
interface GigabitEthernet2
 ip address 10.0.0.2 255.255.255.0
 no shutdown
!
router bgp 65002
 bgp router-id 10.0.99.2
 network 10.0.99.2 mask 255.255.255.255
 neighbor 10.0.0.1 remote-as 65001
!
end

XRv のコンフィグ

XRv(IOS XR)のコンフィグや挙動は IOS とやや異なります。特に IOS XR の場合は rotue-policy が未定義な場合、経路を配信しません(drop します)。よって「経路を全部受信 / 全部送信したい」場合には pass だけ設定された route-policy を定義し、BGP ピアの In / Out 両方向に適用する必要があります。

hostname XRv
!
interface Loopback0
 ipv4 address 10.0.99.3 255.255.255.255
!
interface GigabitEthernet0/0/0/0
 ipv4 address 10.0.0.3 255.255.255.0
 no shutdown
!
route-policy PASS
  pass
end-policy
!
router bgp 65003
 bgp router-id 10.0.99.3
 address-family ipv4 unicast
  network 10.0.99.3/32
 !
 neighbor 10.0.0.1
  remote-as 65001
  address-family ipv4 unicast
   route-policy PASS in
   route-policy PASS out
  !
 !
!
end

NX-OSv のコンフィグ

NX-OSv を検証用に使う場合、各機能を有効にするに license grace-period を設定し、ライセンスの執行猶予期間を開始する必要があります。デフォルトでは 120 日間、ライセンスが有効化され、各機能を試せるようです。ライセンスを有効化したら feature bgp で BGP 機能を有効化した後、BGP の設定を行います。

license grace-period
!
hostname NX-OSv
!
feature bgp
!
interface Ethernet2/1
  no switchport
  ip address 10.0.0.4/24
  no shutdown
!
interface loopback0
  ip address 10.0.99.4/32
!
router bgp 65004
  router-id 10.0.99.4
  address-family ipv4 unicast
    network 10.0.99.4/32
  neighbor 10.0.0.1 remote-as 65001
    address-family ipv4 unicast
!
end

ASAv のコンフィグ

ASAv では Loopback インターフェイスを作成することが出来ない為、router-id をどのように採番するか?は検討が必要です。今回は検証環境ですので、router-id にしたいアドレスを Null0 に設定し、それを router-id や BGP での広報経路として利用しました。尚、Null0 に向ける経路の AD 値(Administrative Distance 値)を 255 にすると ASA の仕様でルーティングテーブル上にインストールされなくなり、結果として BGP にも広報されなくなります。よって、今回は AD 値を 254 に設定しています。

hostname ASAv
!
interface GigabitEthernet0/0
 nameif OUTSIDE
 security-level 0
 ip address 10.0.0.5 255.255.255.0
 no shutdown
!
router bgp 65005
 bgp router-id 10.0.99.5
 address-family ipv4 unicast
  neighbor 10.0.0.1 remote-as 65001
  neighbor 10.0.0.1 activate
  network 10.0.99.5 mask 255.255.255.255
!
route Null0 10.0.99.5 255.255.255.255 254
!
end

Mikrotik(RouterOS)のコンフィグ

Mikrotik のコンフィグはかなり簡素で、以下の通りです。Loopback という論理インターフェイス種別は存在しない為、「物理インターフェイスが紐付かないブリッジインターフェイス」を作成し、あたかも Loopback であるかのように利用しています。

/system identity set name=RoS

/interface bridge add name=loopback

/ip address add address=10.0.99.6/32 interface=loopback
/ip address add address=10.0.0.6/24 interface=ether2

/routing bgp instance set default as=65006 router-id=10.0.99.6
/routing bgp peer add remote-address=10.0.0.1 remote-as=65001
/routing bgp network add network=10.0.99.6/32

VyOS のコンフィグ

Mikrotik 同様、VyOS のコンフィグもかなり簡素です(Vyatta よりも簡単です)。

set system host-name VyOS

set interfaces loopback lo address 10.0.99.7/32
set interfaces ethernet eth2 address 10.0.0.7/24

set protocols bgp 65007 parameters router-id 10.0.99.7
set protocols bgp 65007 neighbor 10.0.0.1 remote-as 65001
set protocols bgp 65007 network 10.0.99.7/32

状態確認

IOSv での状態確認

show ip bgp summary の出力結果は以下の通りです。

IOSv# show ip bgp summary
BGP router identifier 10.0.99.1, local AS number 65001
BGP table version is 10, main routing table version 10
7 network entries using 1008 bytes of memory
7 path entries using 560 bytes of memory
7/7 BGP path/bestpath attribute entries using 1064 bytes of memory
6 BGP AS-PATH entries using 144 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2776 total bytes of memory
BGP activity 8/1 prefixes, 8/1 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.2        4        65002      43      46       10    0    0 00:34:51        1
10.0.0.3        4        65003      34      44       10    0    0 00:30:41        1
10.0.0.4        4        65004      39      46       10    0    0 00:34:08        1
10.0.0.5        4        65005      28      39       10    0    0 00:26:37        1
10.0.0.6        4        65006      41      43       10    0    0 00:31:22        1
10.0.0.7        4        65007      33      41       10    0    0 00:28:50        1

show ip bgp の出力結果は以下の通りです。NX-OSv と Mikrotik は MED(Metric)が無い状態で経路を広報しています。また、VyOS は MED 1 で経路を広報しています。

IOSv# show ip bgp
BGP table version is 10, local router ID is 10.0.99.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  10.0.99.1/32     0.0.0.0                  0         32768 i
 *>  10.0.99.2/32     10.0.0.2                 0             0 65002 i
 *>  10.0.99.3/32     10.0.0.3                 0             0 65003 i
 *>  10.0.99.4/32     10.0.0.4                               0 65004 i
 *>  10.0.99.5/32     10.0.0.5                 0             0 65005 i
 *>  10.0.99.6/32     10.0.0.6                               0 65006 i
 *>  10.0.99.7/32     10.0.0.7                 1             0 65007 i

CSR1000V での状態確認

show ip bgp summary の出力結果は以下の通りです。

CSR1000V# show ip bgp summary
BGP router identifier 10.0.99.2, local AS number 65002
BGP table version is 15, main routing table version 15
7 network entries using 1736 bytes of memory
7 path entries using 840 bytes of memory
7/7 BGP path/bestpath attribute entries using 1736 bytes of memory
6 BGP AS-PATH entries using 224 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 4536 total bytes of memory
BGP activity 8/1 prefixes, 8/1 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.1        4        65001      50      47       15    0    0 00:38:40        6

show ip bgp の出力結果は以下の通りです。

CSR1000V# show ip bgp
BGP table version is 15, local router ID is 10.0.99.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  10.0.99.1/32     10.0.0.1                 0             0 65001 i
 *>  10.0.99.2/32     0.0.0.0                  0         32768 i
 *>  10.0.99.3/32     10.0.0.3                               0 65001 65003 i
 *>  10.0.99.4/32     10.0.0.4                               0 65001 65004 i
 *>  10.0.99.5/32     10.0.0.5                               0 65001 65005 i
 *>  10.0.99.6/32     10.0.0.6                               0 65001 65006 i
 *>  10.0.99.7/32     10.0.0.7                               0 65001 65007 i

XRv での状態確認

show bgp summary の出力結果は以下の通りです。

RP/0/0/CPU0:XRv# show bgp summary
Sun Aug  2 16:44:04.806 UTC
BGP router identifier 10.0.99.3, local AS number 65003
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000   RD version: 11
BGP main routing table version 11
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

BGP is operating in STANDALONE mode.


Process       RcvTblVer   bRIB/RIB   LabelVer  ImportVer  SendTblVer  StandbyVer
Speaker              11         11         11         11          11           0

Neighbor        Spk    AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  St/PfxRcd
10.0.0.1          0 65001      50      39       11    0    0 00:35:34          6

show bgp の出力結果は以下の通りです。

RP/0/0/CPU0:XRv# show bgp
Sun Aug  2 16:44:37.144 UTC
BGP router identifier 10.0.99.3, local AS number 65003
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000   RD version: 11
BGP main routing table version 11
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network            Next Hop            Metric LocPrf Weight Path
*> 10.0.99.1/32       10.0.0.1                 0             0 65001 i
*> 10.0.99.2/32       10.0.0.2                               0 65001 65002 i
*> 10.0.99.3/32       0.0.0.0                  0         32768 i
*> 10.0.99.4/32       10.0.0.4                               0 65001 65004 i
*> 10.0.99.5/32       10.0.0.5                               0 65001 65005 i
*> 10.0.99.6/32       10.0.0.6                               0 65001 65006 i
*> 10.0.99.7/32       10.0.0.7                               0 65001 65007 i

Processed 7 prefixes, 7 paths

NX-OSv での状態確認

show ip bgp summary の出力結果は以下の通りです。

NX-OSv# show ip bgp summary
BGP summary information for VRF default, address family IPv4 Unicast
BGP router identifier 10.0.99.4, local AS number 65004
BGP table version is 12, IPv4 Unicast config peers 1, capable peers 1
7 network entries and 7 paths using 980 bytes of memory
BGP attribute entries [7/1008], BGP AS path entries [6/56]
BGP community entries [0/0], BGP clusterlist entries [0/0]

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.1        4 65001      53      45       12    0    0 00:40:12 6

show ip bgp の出力結果は以下の通りです。

NX-OSv# show ip bgp
BGP routing table information for VRF default, address family IPv4 Unicast
BGP table version is 12, local router ID is 10.0.99.4
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

   Network            Next Hop            Metric     LocPrf     Weight Path
*>e10.0.99.1/32       10.0.0.1                 0                     0 65001 i
*>e10.0.99.2/32       10.0.0.2                                       0 65001 65002 i
*>e10.0.99.3/32       10.0.0.3                                       0 65001 65003 i
*>l10.0.99.4/32       0.0.0.0                           100      32768 i
*>e10.0.99.5/32       10.0.0.5                                       0 65001 65005 i
*>e10.0.99.6/32       10.0.0.6                                       0 65001 65006 i
*>e10.0.99.7/32       10.0.0.7                                       0 65001 65007 i

ASAv での状態確認

show bgp summary の出力結果は以下の通りです。

ASAv# show bgp summary
BGP router identifier 10.0.99.5, local AS number 65005
BGP table version is 10, main routing table version 10
7 network entries using 1400 bytes of memory
7 path entries using 560 bytes of memory
7/7 BGP path/bestpath attribute entries using 1456 bytes of memory
6 BGP AS-PATH entries using 224 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3640 total bytes of memory
BGP activity 8/1 prefixes, 8/1 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.1        4        65001 47      34            10    0    0 00:33:59  6

show bgp の出力結果は以下の通りです。

ASAv# show bgp

BGP table version is 10, local router ID is 10.0.99.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop        Metric LocPrf Weight  Path
*> 10.0.99.1/32     10.0.0.1             0             0  65001 i
*> 10.0.99.2/32     10.0.0.2                           0  65001 65002 i
*> 10.0.99.3/32     10.0.0.3                           0  65001 65003 i
*> 10.0.99.4/32     10.0.0.4                           0  65001 65004 i
*> 10.0.99.5/32     0.0.0.0              0         32768  i
*> 10.0.99.6/32     10.0.0.6                           0  65001 65006 i
*> 10.0.99.7/32     10.0.0.7                           0  65001 65007 i

Mikrotik での状態確認

/routing bgp peer print status の出力結果は以下の通りです。

[admin@RoS] > /routing bgp peer print status
Flags: X - disabled, E - established
 0 E name="peer1" instance=default remote-address=10.0.0.1 remote-as=65001 tcp-md5-key="" nexthop-choice=default multihop=no
     route-reflect=no hold-time=3m ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never
     remove-private-as=no as-override=no passive=no use-bfd=no remote-id=10.0.99.1 local-address=10.0.0.6 uptime=41m5s
     prefix-count=6 updates-sent=1 updates-received=7 withdrawn-sent=0 withdrawn-received=2 remote-hold-time=3m
     used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established

/ip route print where bgp の出力結果は以下の通りです。

[admin@RoS] > /ip route print where bgp
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADb  10.0.99.1/32                       10.0.0.1                 20
 1 ADb  10.0.99.2/32                       10.0.0.2                 20
 2 ADb  10.0.99.3/32                       10.0.0.3                 20
 3 ADb  10.0.99.4/32                       10.0.0.4                 20
 4 ADb  10.0.99.5/32                       10.0.0.5                 20
 5 ADb  10.0.99.7/32                       10.0.0.7                 20

VyOS での状態確認

show ip bgp summary の出力結果は以下の通りです。

vyos@vyos:~$ show ip bgp summary
BGP router identifier 10.0.99.7, local AS number 65007
IPv4 Unicast - max multipaths: ebgp 1 ibgp 1
RIB entries 13, using 832 bytes of memory
Peers 1, using 2524 bytes of memory

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.1        4 65001      53      44        0    0    0 00:40:45        6

Total number of neighbors 1

show ip bgp の出力結果は以下の通りです。

vyos@vyos:~$ show ip bgp
BGP table version is 0, local router ID is 10.0.99.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.99.1/32     10.0.0.1                 0             0 65001 i
*> 10.0.99.2/32     10.0.0.2                               0 65001 65002 i
*> 10.0.99.3/32     10.0.0.3                               0 65001 65003 i
*> 10.0.99.4/32     10.0.0.4                               0 65001 65004 i
*> 10.0.99.5/32     10.0.0.5                               0 65001 65005 i
*> 10.0.99.6/32     10.0.0.6                               0 65001 65006 i
*> 10.0.99.7/32     0.0.0.0                  1         32768 i

Total number of prefixes 7