外部ASから見たBGP Confederation構成
こんにちは!
今回は、外部ASと接続したときのBGP Confederation構成を検証していきます。
◆第一回
shirase96476559.hatenablog.com
◆第二回
shirase96476559.hatenablog.com
1.検証構成
下記のような構成で検証しました。
AS1234はサブAS 65000とサブAS 65001によって構成されます。
また、外部ASとして、AS 500とAS 600と接続し、外部ASからのAS 1234の見え方を確認します。
※検証環境:Cisco DevNet Sandboxのiosvを使用
2.構築
コンフィグは下記の通りです。
※interfaceには特別な設定を入れていないので、省略します。
hostname RT1 ! router ospf 1 network 10.1.12.0 0.0.0.255 area 0 network 1.1.1.1 0.0.0.0 area 0 ! router bgp 65000 neighbor 2.2.2.2 remote-as 65000 neighbor 2.2.2.2 update-source loopback0 network 1.1.1.1 mask 255.255.255.255 bgp confederation identifier 1234
hostname RT2 ! router ospf 1 network 10.1.12.0 0.0.0.255 area 0 network 10.1.23.0 0.0.0.255 area 0 network 2.2.2.2 0.0.0.0 area 0 ! router bgp 65000 neighbor 1.1.1.1 remote-as 65000 neighbor 1.1.1.1 update-source loopback0 neighbor 1.1.1.1 next-hop-self neighbor 3.3.3.3 remote-as 65001 neighbor 3.3.3.3 next-hop-self neighbor 3.3.3.3 update-source loopback0 neighbor 3.3.3.3 ebgp-multihop neighbor 10.1.25.5 remote-as 500 neighbor 10.1.25.5 ebgp-multihop network 2.2.2.2 mask 255.255.255.255 bgp confederation identifier 1234 bgp confederation peers 65001
hostname RT3 ! router ospf 1 network 10.1.23.0 0.0.0.255 area 0 network 10.1.34.0 0.0.0.255 area 0 network 3.3.3.3 0.0.0.0 area 0 ! router bgp 65001 neighbor 4.4.4.4 remote-as 65001 neighbor 4.4.4.4 update-source loopback0 neighbor 4.4.4.4 next-hop-self neighbor 2.2.2.2 remote-as 65000 neighbor 2.2.2.2 next-hop-self neighbor 2.2.2.2 update-source loopback0 neighbor 2.2.2.2 ebgp-multihop network 3.3.3.3 mask 255.255.255.255 bgp confederation identifier 1234 bgp confederation peers 65000
hostname RT4 ! router ospf 1 network 10.1.34.0 0.0.0.255 area 0 network 4.4.4.4 0.0.0.0 area 0 ! router bgp 65001 neighbor 3.3.3.3 remote-as 65001 neighbor 3.3.3.3 update-source loopback0 neighbor 3.3.3.3 next-hop-self neighbor 10.1.46.6 remote-as 600 neighbor 10.1.46.6 ebgp-multihop network 4.4.4.4 mask 255.255.255.255 bgp confederation identifier 1234
hostname RT5 ! router bgp 500 neighbor 10.1.25.2 remote-as 1234 network 5.5.5.5 mask 255.255.255.255
hostname RT6 ! router bgp 600 neighbor 10.1.46.4 remote-as 1234 network 6.6.6.6 mask 255.255.255.255
3.BGPテーブルの確認
BGPテーブルは下記の通りです。
RT1#sh ip bgp
BGP table version is 7, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
r>i 2.2.2.2/32 2.2.2.2 0 100 0 i
r>i 3.3.3.3/32 2.2.2.2 0 100 0 (65001) i
r>i 4.4.4.4/32 2.2.2.2 0 100 0 (65001) i
*>i 5.5.5.5/32 2.2.2.2 0 100 0 500 i
*>i 6.6.6.6/32 2.2.2.2 0 100 0 (65001) 600 iRT2#sh ip bgp
BGP table version is 7, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
r>i 1.1.1.1/32 1.1.1.1 0 100 0 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
r> 3.3.3.3/32 3.3.3.3 0 100 0 (65001) i
r> 4.4.4.4/32 3.3.3.3 0 100 0 (65001) i
*> 5.5.5.5/32 10.1.25.5 0 0 500 i
*> 6.6.6.6/32 3.3.3.3 0 100 0 (65001) 600 iRT3#sh ip bgp
BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
r> 1.1.1.1/32 2.2.2.2 0 100 0 (65000) i
r> 2.2.2.2/32 2.2.2.2 0 100 0 (65000) i
*> 3.3.3.3/32 0.0.0.0 0 32768 i
r>i 4.4.4.4/32 4.4.4.4 0 100 0 i
*> 5.5.5.5/32 2.2.2.2 0 100 0 (65000) 500 i
*>i 6.6.6.6/32 4.4.4.4 0 100 0 600 iRT4#sh ip bgp
BGP table version is 7, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
r>i 1.1.1.1/32 3.3.3.3 0 100 0 (65000) i
r>i 2.2.2.2/32 3.3.3.3 0 100 0 (65000) i
r>i 3.3.3.3/32 3.3.3.3 0 100 0 i
*> 4.4.4.4/32 0.0.0.0 0 32768 i
*>i 5.5.5.5/32 3.3.3.3 0 100 0 (65000) 500 i
*> 6.6.6.6/32 10.1.46.6 0 0 600 iRT5#sh ip bgp
BGP table version is 7, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.1.25.2 0 1234 i
*> 2.2.2.2/32 10.1.25.2 0 0 1234 i
*> 3.3.3.3/32 10.1.25.2 0 1234 i
*> 4.4.4.4/32 10.1.25.2 0 1234 i
*> 5.5.5.5/32 0.0.0.0 0 32768 i
*> 6.6.6.6/32 10.1.25.2 0 1234 600 iRT6#sh ip bgp
BGP table version is 7, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.1.46.4 0 1234 i
*> 2.2.2.2/32 10.1.46.4 0 1234 i
*> 3.3.3.3/32 10.1.46.4 0 1234 i
*> 4.4.4.4/32 10.1.46.4 0 0 1234 i
*> 5.5.5.5/32 10.1.46.4 0 1234 500 i
*> 6.6.6.6/32 0.0.0.0 0 32768 iまず、Confederation内のRT1を例に見てみると、5.5.5.5/32や6.6.6.6/32といった外部ASから広告されている経路は、AS_PATH属性にAS情報が記載されており、6.6.6.6/32に関してはサブAS 65001を経由していることがわかります。
次に、外部AS 500に所属するRT5を見てみると、eBGPを構築した時と同様に、1.1.1.1/32、2.2.2.2/32、3.3.3.3/32、4.4.4.4/32は、AS 1234から広告された経路であることがわかりますが、サブAS 65000やサブAS 65001の表記がないため、どちらから広告されたかはわかりません。
また、AS600から広告されている6.6.6.6/32の経路も、AS 600→1234と経由してAS 500にやってきたことはわかりますが、同じくサブASの情報はありません。このことは、RT6でも同様のことが言えます。
したがって、外部ASからはサブASが見えない(=BGP Confederation構成であることを意識することなく接続している)ということがわかりました。
4.ルーティングテーブルの確認
ルーティングテーブルは下記の通り
RT1#sh ip route | b Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 10.1.12.2, 00:19:11, GigabitEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/3] via 10.1.12.2, 00:18:37, GigabitEthernet0/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/4] via 10.1.12.2, 00:18:10, GigabitEthernet0/0
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [200/0] via 2.2.2.2, 00:13:32
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [200/0] via 2.2.2.2, 00:12:23
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.12.0/24 is directly connected, GigabitEthernet0/0
L 10.1.12.1/32 is directly connected, GigabitEthernet0/0
O 10.1.23.0/24 [110/2] via 10.1.12.2, 00:18:47, GigabitEthernet0/0
O 10.1.34.0/24 [110/3] via 10.1.12.2, 00:18:20, GigabitEthernet0/0
RT1#RT2#sh ip route | b Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 10.1.12.1, 00:21:27, GigabitEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 10.1.23.3, 00:21:03, GigabitEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/3] via 10.1.23.3, 00:20:26, GigabitEthernet0/1
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [20/0] via 10.1.25.5, 00:15:48
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [200/0] via 3.3.3.3, 00:14:39
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
C 10.1.12.0/24 is directly connected, GigabitEthernet0/0
L 10.1.12.2/32 is directly connected, GigabitEthernet0/0
C 10.1.23.0/24 is directly connected, GigabitEthernet0/1
L 10.1.23.2/32 is directly connected, GigabitEthernet0/1
C 10.1.25.0/24 is directly connected, GigabitEthernet0/2
L 10.1.25.2/32 is directly connected, GigabitEthernet0/2
O 10.1.34.0/24 [110/2] via 10.1.23.3, 00:20:36, GigabitEthernet0/1
RT2#RT3#sh ip route | b Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/3] via 10.1.23.2, 00:22:26, GigabitEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 10.1.23.2, 00:22:26, GigabitEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2] via 10.1.34.4, 00:21:59, GigabitEthernet0/1
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [200/0] via 2.2.2.2, 00:17:11
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [200/0] via 4.4.4.4, 00:16:02
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O 10.1.12.0/24 [110/2] via 10.1.23.2, 00:22:26, GigabitEthernet0/0
C 10.1.23.0/24 is directly connected, GigabitEthernet0/0
L 10.1.23.3/32 is directly connected, GigabitEthernet0/0
C 10.1.34.0/24 is directly connected, GigabitEthernet0/1
L 10.1.34.3/32 is directly connected, GigabitEthernet0/1
RT3#RT4#sh ip route | b Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/4] via 10.1.34.3, 00:23:35, GigabitEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/3] via 10.1.34.3, 00:23:35, GigabitEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 10.1.34.3, 00:23:35, GigabitEthernet0/0
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [200/0] via 3.3.3.3, 00:18:47
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [20/0] via 10.1.46.6, 00:17:39
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O 10.1.12.0/24 [110/3] via 10.1.34.3, 00:23:35, GigabitEthernet0/0
O 10.1.23.0/24 [110/2] via 10.1.34.3, 00:23:35, GigabitEthernet0/0
C 10.1.34.0/24 is directly connected, GigabitEthernet0/0
L 10.1.34.4/32 is directly connected, GigabitEthernet0/0
C 10.1.46.0/24 is directly connected, GigabitEthernet0/1
L 10.1.46.4/32 is directly connected, GigabitEthernet0/1
RT4#RT5#sh ip route | b Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [20/0] via 10.1.25.2, 00:20:17
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [20/0] via 10.1.25.2, 00:20:17
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [20/0] via 10.1.25.2, 00:20:17
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [20/0] via 10.1.25.2, 00:20:17
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [20/0] via 10.1.25.2, 00:19:09
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.25.0/24 is directly connected, GigabitEthernet0/0
L 10.1.25.5/32 is directly connected, GigabitEthernet0/0
RT5#RT6#sh ip route | b Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [20/0] via 10.1.46.4, 00:21:10
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [20/0] via 10.1.46.4, 00:21:10
3.0.0.0/32 is subnetted, 1 subnets
B 3.3.3.3 [20/0] via 10.1.46.4, 00:21:10
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [20/0] via 10.1.46.4, 00:21:10
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [20/0] via 10.1.46.4, 00:21:10
6.0.0.0/32 is subnetted, 1 subnets
C 6.6.6.6 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.46.0/24 is directly connected, GigabitEthernet0/0
L 10.1.46.6/32 is directly connected, GigabitEthernet0/0
RT6#※上記構成の場合、pingで外部AS間の疎通確認をする際には、souce loopback 0がないとpingが通らないので注意
RT1#ping 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) RT1# RT1#ping 5.5.5.5 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms RT1#
