読者です 読者をやめる 読者になる 読者になる

らくがきちょう

なんとなく

Cisco, MikroTik, Juniper で eBGP Peer を設定してみる

BGP Cisco Juniper MikroTik Network VIRL

Cisco、Juniper、MikroTik で IPv6 を使った eBGP Peer を設定してみます。

試験環境と構成

検証は以下の構成で行いました。

f:id:sig9:20151129160820p:plain

検証は Cisco VIRL 上で実施し、OS のバージョンは以下を使いました。RouterOS は「CHR」(Cloud Hosted Router)を使いました。

メーカー OS バージョン
Cisco IOSv 15.5(3)M
MikroTik RouterOS 6.33.1 (stable)
Juniper Junos 14.1R1.10

MikroTik で IPv6 を有効化する

CHR のデフォルトでは IPv6 パッケージ自体はインストールされているものの、無効化されています(以下表示の 3 番が「X」表示)。

[admin@MikroTik] > /system package print
Flags: X - disabled
 #   NAME                                            VERSION                                            SCHEDULED
 0   routeros-x86                                    6.33.1
 1   system                                          6.33.1
 2 X wireless-cm2                                    6.33.1
 3 X ipv6                                            6.33.1
 4   ups                                             6.33.1
 5   wireless-fp                                     6.33.1
 6   hotspot                                         6.33.1
 7   dhcp                                            6.33.1
 8   mpls                                            6.33.1
 9   routing                                         6.33.1
10   ppp                                             6.33.1
11   security                                        6.33.1
12   advanced-tools                                  6.33.1

IPv6 パッケージを有効化します。

/system package enable 3

これで「次回の再起動時に有効化する処理」がスケジューリングされました。

[admin@MikroTik] > /system package print
Flags: X - disabled
 #   NAME                                            VERSION                                            SCHEDULED
 0   routeros-x86                                    6.33.1
 1   system                                          6.33.1
 2 X wireless-cm2                                    6.33.1
 3 X ipv6                                            6.33.1                                             scheduled for enable
 4   ups                                             6.33.1
 5   wireless-fp                                     6.33.1
 6   hotspot                                         6.33.1
 7   dhcp                                            6.33.1
 8   mpls                                            6.33.1
 9   routing                                         6.33.1
10   ppp                                             6.33.1
11   security                                        6.33.1
12   advanced-tools                                  6.33.1

再起動して、有効化処理を反映します。

[admin@MikroTik] > /system reboot
Reboot, yes? [y/N]:
y
system will reboot shortly

再起動後に再度、パッケージの状態を表示すると IPv6 パッケージが有効化されているのが分かります。

[admin@MikroTik] > /system package print
Flags: X - disabled
 #   NAME                                            VERSION                                            SCHEDULED
 0   routeros-x86                                    6.33.1
 1   system                                          6.33.1
 2 X wireless-cm2                                    6.33.1
 3   ipv6                                            6.33.1
 4   ups                                             6.33.1
 5   wireless-fp                                     6.33.1
 6   hotspot                                         6.33.1
 7   dhcp                                            6.33.1
 8   mpls                                            6.33.1
 9   routing                                         6.33.1
10   ppp                                             6.33.1
11   security                                        6.33.1
12   advanced-tools                                  6.33.1

コンフィグ

Cisco

hostname Cisco
!
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
!
interface GigabitEthernet0/1
 no shutdown
 ipv6 address 2001:DB8:12::1/64
!
router bgp 65001
 bgp router-id 10.0.0.1
 neighbor 2001:DB8:12::2 remote-as 65002
 !
 address-family ipv6
  network 2001:DB8:1:1::/64
  network 2001:DB8:1:2::/64
  network 2001:DB8:1:3::/64
  neighbor 2001:DB8:12::2 activate
 exit-address-family
!
ipv6 route 2001:DB8:1:1::/64 Null0
ipv6 route 2001:DB8:1:2::/64 Null0
ipv6 route 2001:DB8:1:3::/64 Null0
!
end

MikroTik

/interface bridge
add name=loopback0
/routing bgp instance
set default as=65002 router-id=10.0.0.2
/ip address
add address=10.0.0.2 interface=loopback0 network=10.0.0.2
/ipv6 address
add address=2001:db8:12::2/64 interface=ether2
add address=2001:db8:23::2/64 interface=ether3
/routing bgp peer
add address-families=ipv6 name=PEER-1 remote-address=2001:db8:12::1 remote-as=65001 ttl=1
add address-families=ipv6 name=PEER-3 remote-address=2001:db8:23::3 remote-as=65003 ttl=1

Juniper

set system host-name Juniper
set interfaces em1 unit 0 family inet6 address 2001:db8:23::3/64
set interfaces lo0 unit 0 family inet address 10.0.0.3/32
set routing-options router-id 10.0.0.3
set routing-options rib inet6.0 static route 2001:db8:3:1::/64 reject
set routing-options rib inet6.0 static route 2001:db8:3:2::/64 reject
set routing-options rib inet6.0 static route 2001:db8:3:3::/64 reject
set routing-options autonomous-system 65003
set protocols bgp group PEER-2 type external
set protocols bgp group PEER-2 peer-as 65002
set protocols bgp group PEER-2 neighbor 2001:db8:23::2

確認コマンドの比較

代表的な BGP の確認コマンドをメーカー毎の一覧にしてみました。MikroTik(RouterOS)は BGP の受信経路を確認するコマンドが無いようです??

目的 Cisco MikroTik Juniper
Peer の状態確認 show bgp ipv6 unicast summary /routing bgp peer print show bgp summary
送信経路の確認 show bgp ipv6 unicast neighbors ADDRESS advertised-routes /routing bgp advertisements print show route advertising-protocol bgp ADDRESS
受信経路の確認 show bgp ipv6 unicast neighbors ADDRESS received-routes (N/A) show route receive-protocol bgp ADDRESS

Peer の状態確認

Cisco

Cisco# show bgp ipv6 unicast summary
BGP router identifier 10.0.0.1, local AS number 65001
BGP table version is 61, main routing table version 61
6 network entries using 1008 bytes of memory
6 path entries using 624 bytes of memory
2/2 BGP path/bestpath attribute entries using 304 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1960 total bytes of memory
BGP activity 6/0 prefixes, 6/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2001:DB8:12::2  4        65002     507     488       61    0    0 07:18:06        3

MikroTik

[admin@MikroTik] > /routing bgp peer print
Flags: X - disabled, E - established
 #   INSTANCE                                REMOTE-ADDRESS                                                         REMOTE-AS
 0 E default                                 2001:db8:12::1                                                         65001
 1 E default                                 2001:db8:23::3                                                         65003

Juniper

root@Juniper> show bgp summary
Groups: 1 Peers: 1 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet6.0
                       3          3          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
2001:db8:23::2        65002        984        962       0       0     7:10:55 Establ
  inet6.0: 3/3/3/0

BGP テーブルの状態確認

Cisco

Cisco# show bgp ipv6 unicast
BGP table version is 61, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  2001:DB8:1:1::/64
                       ::                       0         32768 i
 *>  2001:DB8:1:2::/64
                       ::                       0         32768 i
 *>  2001:DB8:1:3::/64
                       ::                       0         32768 i
 *>  2001:DB8:3:1::/64
                       2001:DB8:12::2                         0 65002 65003 i
 *>  2001:DB8:3:2::/64
                       2001:DB8:12::2                         0 65002 65003 i
 *>  2001:DB8:3:3::/64
                       2001:DB8:12::2                         0 65002 65003 i

MikroTik

現時点の MikroTik(RouterOS)では BGP テーブルを確認することが出来ないようです? ですので、IPv6 のルーティングテーブルを確認します。Cisco からの受信経路は以下の通りです。

[admin@MikroTik] > /ipv6 route print detail where received-from=PEER-1
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
 0 ADb  dst-address=2001:db8:1:1::/64 gateway=fe80::f816:3eff:fe60:c959%ether2
        gateway-status=fe80::f816:3eff:fe60:c959%ether2 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65001"
        bgp-med=0 bgp-origin=igp received-from=PEER-1

 1 ADb  dst-address=2001:db8:1:2::/64 gateway=fe80::f816:3eff:fe60:c959%ether2
        gateway-status=fe80::f816:3eff:fe60:c959%ether2 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65001"
        bgp-med=0 bgp-origin=igp received-from=PEER-1

 2 ADb  dst-address=2001:db8:1:3::/64 gateway=fe80::f816:3eff:fe60:c959%ether2
        gateway-status=fe80::f816:3eff:fe60:c959%ether2 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65001"
        bgp-med=0 bgp-origin=igp received-from=PEER-1

Juniper からの受信経路は以下の通りです。

[admin@MikroTik] > /ipv6 route print detail where received-from=PEER-3
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
 0 ADb  dst-address=2001:db8:3:1::/64 gateway=fe80::fa16:3eff:fe79:6cb5%ether3
        gateway-status=fe80::fa16:3eff:fe79:6cb5%ether3 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65003"
        bgp-origin=igp received-from=PEER-3

 1 ADb  dst-address=2001:db8:3:2::/64 gateway=fe80::fa16:3eff:fe79:6cb5%ether3
        gateway-status=fe80::fa16:3eff:fe79:6cb5%ether3 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65003"
        bgp-origin=igp received-from=PEER-3

 2 ADb  dst-address=2001:db8:3:3::/64 gateway=fe80::fa16:3eff:fe79:6cb5%ether3
        gateway-status=fe80::fa16:3eff:fe79:6cb5%ether3 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65003"
        bgp-origin=igp received-from=PEER-3

 3  Db  dst-address=2001:db8:23::/64 gateway=fe80::fa16:3eff:fe79:6cb5%ether3
        gateway-status=fe80::fa16:3eff:fe79:6cb5%ether3 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65003"
        bgp-origin=igp received-from=PEER-3

Juniper

root@Juniper> show route receive-protocol bgp 2001:db8:23::2

inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

inet6.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
  Prefix		  Nexthop	       MED     Lclpref    AS path
* 2001:db8:1:1::/64       2001:db8:23::2                          65002 65001 I
* 2001:db8:1:2::/64       2001:db8:23::2                          65002 65001 I
* 2001:db8:1:3::/64       2001:db8:23::2                          65002 65001 I