iBGPピア確立の設定¶
| 動作確認バージョン: | vSRX Version22.4R1 |
|---|
ファイアウォール(vSRX) は、BGPの設定が可能です。ここでは、iBGPの設定例を紹介します。
AS内部のBGPピアと隣接関係確立¶
サンプル設定のシナリオ
vSRX-03とvSRX-01,vSRX-02がiBGPピアを確立し経路交換できる状態にしたい
注釈
通常iBGPでピアの設定をする際には、自身と対向の機器のLoopbackアドレスを利用してピア確立します。そのためIGP(Static/OSPF)などによりLoopbackアドレスへの到達性が必要になりますが説明では省略しています。
複数のiBGPピアが存在する場合には、ピアを各装置間でフルメッシュに設定する必要があります。
シナリオにおける設定のながれ
1.BGP設定するために必要である自AS番号を 65100 で設定
2.ピア間で利用する自身のルーターIDを 10.3.3.3 で設定
3.BGP設定でグループ IBGP を設定し接続タイプをinternalとして設定
4.iBGPでピア確立する対向のLoopbackアドレスを 10.1.1.1 , 10.2.2.2 として設定
5.ピア確立に自身のLoopbackアドレスを利用するためlocal-address に自身のLoopbackアドレス( 10.3.3.3 )を設定
6.同様の設定をvSRX-01,vSRX-02で設定
CLIにて入力するコマンド
[vSRX-03]
user01@vSRX-03# set routing-options autonomous-system 65100
user01@vSRX-03# set routing-options router-id 10.3.3.3
user01@vSRX-03# set protocols bgp group IBGP type internal
user01@vSRX-03# set protocols bgp group IBGP local-address 10.3.3.3
user01@vSRX-03# set protocols bgp group IBGP neighbor 10.1.1.1
user01@vSRX-03# set protocols bgp group IBGP neighbor 10.2.2.2
[vSRX-01]
user01@vSRX-01# set routing-options autonomous-system 65100
user01@vSRX-01# set routing-options router-id 10.1.1.1
user01@vSRX-01# set protocols bgp group IBGP type internal
user01@vSRX-01# set protocols bgp group IBGP local-address 10.1.1.1
user01@vSRX-01# set protocols bgp group IBGP neighbor 10.2.2.2
user01@vSRX-01# set protocols bgp group IBGP neighbor 10.3.3.3
[vSRX-02]
user01@vSRX-02# set routing-options autonomous-system 65100
user01@vSRX-02# set routing-options router-id 10.2.2.2
user01@vSRX-02# set protocols bgp group IBGP type internal
user01@vSRX-02# set protocols bgp group IBGP local-address 10.2.2.2
user01@vSRX-02# set protocols bgp group IBGP neighbor 10.1.1.1
user01@vSRX-02# set protocols bgp group IBGP neighbor 10.3.3.3
正しく設定が完了したときのコンフィグレーションは次のとおりです。
[vSRX-03]
routing-options {
router-id 10.3.3.3;
autonomous-system 65100;
}
protocols {
bgp {
group IBGP {
type internal;
local-address 10.3.3.3;
neighbor 10.1.1.1;
neighbor 10.2.2.2;
}
}
}
[vSRX-01]
routing-options {
router-id 10.1.1.1;
autonomous-system 65100;
}
protocols {
bgp {
group ibgp {
type internal;
local-address 10.1.1.1;
neighbor 10.2.2.2;
neighbor 10.3.3.3;
}
}
}
[vSRX-02]
routing-options {
router-id 10.2.2.2;
autonomous-system 65100;
}
protocols {
bgp {
group ibgp {
type internal;
local-address 10.2.2.2;
neighbor 10.1.1.1;
neighbor 10.3.3.3;
}
}
}
動作確認結果
show bgp neighborコマンドによりピアに対して( Established )でありピアが確立できていることが確認できたためiBGPピア確立が成功していることが確認できました。
vSRX-03 での show bgp neighborコマンド出力結果
user01@vSRX-03> show bgp neighbor
Peer: 10.1.1.1+179 AS 65100 Local: 10.3.3.3+61415 AS 65100
Type: Internal State: Established Flags: <Sync>
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: Cease
Export: [ nh-self ]
Options: <Preference LocalAddress Refresh>
Local Address: 10.3.3.3 Holdtime: 90 Preference: 170
Number of flaps: 2
Last flap event: Stop
Error: 'Cease' Sent: 2 Recv: 0
Peer ID: 10.1.1.1 Local ID: 10.3.3.3 Active Holdtime: 90
Keepalive Interval: 30 Group index: 1 Peer index: 0
BFD: disabled, down
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Stale routes from peer are kept for: 300
Peer does not support Restarter functionality
Restart flag received from the peer: Notification
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer does not support LLGR Restarter functionality
Peer supports 4 byte AS extension (peer-as 65100)
Peer does not support Addpath
Table inet.0 Bit: 10001
RIB State: BGP restart is complete
Send state: in sync
Active prefixes: 0
Received prefixes: 0
Accepted prefixes: 0
Suppressed due to damping: 0
Advertised prefixes: 3
Last traffic (seconds): Received 19 Sent 3 Checked 63
Input messages: Total 213 Updates 1 Refreshes 0 Octets 4051
Output messages: Total 221 Updates 8 Refreshes 0 Octets 4603
Output Queue[0]: 0 (inet.0, inet-unicast)
Peer: 10.2.2.2+179 AS 65100 Local: 10.3.3.3+64397 AS 65100
Type: Internal State: Established Flags: <Sync>
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: Cease
Export: [ nh-self ]
Options: <Preference LocalAddress Refresh>
Local Address: 10.3.3.3 Holdtime: 90 Preference: 170
Number of flaps: 4
Last flap event: RecvNotify
Error: 'Cease' Sent: 3 Recv: 1
Peer ID: 10.2.2.2 Local ID: 10.3.3.3 Active Holdtime: 90
Keepalive Interval: 30 Group index: 1 Peer index: 1
BFD: disabled, down
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Stale routes from peer are kept for: 300
Peer does not support Restarter functionality
Restart flag received from the peer: Notification
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer does not support LLGR Restarter functionality
Peer supports 4 byte AS extension (peer-as 65100)
Peer does not support Addpath
Table inet.0 Bit: 10001
RIB State: BGP restart is complete
Send state: in sync
Active prefixes: 0
Received prefixes: 0
Accepted prefixes: 0
Suppressed due to damping: 0
Advertised prefixes: 3
Last traffic (seconds): Received 10 Sent 11 Checked 54
Input messages: Total 210 Updates 1 Refreshes 0 Octets 3994
Output messages: Total 216 Updates 8 Refreshes 0 Octets 4508
Output Queue[0]: 0 (inet.0, inet-unicast)