Difference between revisions of "EBGP JUNOS Projekt"
m (→Konfiguration) |
m (→Links) |
||
Line 306: | Line 306: | ||
=Links= | =Links= | ||
+ | <references/> | ||
{{Source cli}} | {{Source cli}} |
Revision as of 12:55, 5 November 2014
Prøv at konfigurer følgende setup på en Juniper SRX: BGP Demo Setup
Opgave
Grundlæggende forbindelser
- Konfigurer IP Adresser på alle Logical Tunnel interfaces
- De skal ligge i 10.255.0.X/30 netværkene
- LT interfacet skal have samme unit nummer som .4 oktet i op adressen(10.255.0.2 = lt-0/0/0.2)
- Configurer lo så de passer med <routernummer>x10. og en management adresse(PE1 = Lo0.10:10.255.255.1/32)
Konfiguration
Konfigurer de logiske interfaces og forbind dem
root@SRX240> <input>show configuration interfaces lt-0/0/0.2</input>
<notice>encapsulation ethernet;
peer-unit 1;</notice>
family inet {
address 10.255.0.2/30;
}
root@SRX240> <input>show configuration interfaces lt-0/0/0.1</input>
<notice>encapsulation ethernet;
peer-unit 2;</notice>
family inet {
address 10.255.0.1/30;
}
root@SRX240> <input>show configuration interfaces lo0.10</input>
family inet {
address 10.255.255.1/32;
}
Opret en virtual router instance og forbind lt interfaces til instancen.
root@SRX240> <input>show configuration routing-instances PE2</input>
instance-type virtual-router;
<notice>interface lt-0/0/0.2;
interface lt-0/0/0.5;
interface lt-0/0/0.22;
interface lo0.20;</notice>
Verificering
Kontroller at routerne har sat alle interfaces og IP adresser
root@SRX240> <input>show interfaces routing-instance PE2 terse</input>
Interface Admin Link Proto Local Remote
<notice>lt-0/0/0.2 up up inet 10.255.0.2/30
lt-0/0/0.5 up up inet 10.255.0.5/30
lt-0/0/0.22 up up inet 10.255.0.22/30
lo0.20 up up inet 10.255.255.2 --> 0/0</notice>
Kontroller at de virtuelle routere kan pinge hinanden.
root@SRX240> <input>ping 10.255.0.2 routing-instance PE5</input>
PING 10.255.0.2 (10.255.0.2): 56 data bytes
<notice>64 bytes from 10.255.0.2: icmp_seq=0 ttl=64 time=1.132 ms
64 bytes from 10.255.0.2: icmp_seq=1 ttl=64 time=1.068 ms
64 bytes from 10.255.0.2: icmp_seq=2 ttl=64 time=1.012 ms</notice>
^C
--- 10.255.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.012/1.071/1.132/0.049 ms
BGP opsætning
- Lav en export regl til bgp
- Konfigurer lo0 interfacets ip adresse som router-id
- konfigurer eBGP imellem alle routerne.
Konfiguration
Lav en export regl i global routing instance
root@SRX240> <input>show configuration policy-options policy-statement VR-EBGP-EXPORT</input>
term 1 {
from {
protocol direct;
}
then accept;
}
Konfigurer router-id og ASN under den virtuelle router.
[edit routing-instances]
root@SRX240# <input>show</input>
PE1 {
routing-options {
<notice>router-id 10.255.255.1;
autonomous-system 65001;</notice>
}
}
Lav eBGP under den virtuelle router
[edit]
root@SRX240# <input>show routing-instances PE1 protocols bgp</input>
group EXT-PEERS {
type external;
export VR-EBGP-EXPORT;
neighbor 10.255.0.5 {
peer-as 65002;
}
neighbor 10.255.0.10 {
peer-as 65004;
}
}
Verificering
Kontroller BGP naboer kommer op i Established state og der bliver udvækslet routes
root@SRX240> <input>show bgp summary instance PE1</input>
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
PE1.inet.0 54 43 0 0 0 0
PE1.mdt.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.255.0.5 65002 127 128 0 0 54:27 <notice>Establ</notice>
<notice>PE1.inet.0: 25/36/36/0</notice>
10.255.0.10 65004 124 126 0 0 54:19 <notice>Establ</notice>
<notice>PE1.inet.0: 18/18/18/0</notice>
root@SRX240> <input>show bgp neighbor 10.255.0.5</input>
Peer: 10.255.0.5+64085 AS 65002 Local: 10.255.0.6+179 AS 65001
Type: External State: <notice>Established</notice> Flags: <Sync>
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Export: <notice>[ VR-EBGP-EXPORT ]</notice>
Options: <Preference PeerAS Refresh>
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 10.255.255.2 Local ID: 10.255.255.1 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 0
BFD: disabled, down
Local Interface: lt-0/0/0.6
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Stale routes from peer are kept for: 300
Peer does not support Restarter functionality
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 65002)
Peer does not support Addpath
Table PE1.inet.0 Bit: 30000
RIB State: BGP restart is complete
RIB State: VPN restart is complete
Send state: in sync
<notice>Active prefixes: 25
Received prefixes: 36
Accepted prefixes: 36
Suppressed due to damping: 0
Advertised prefixes: 32</notice>
Last traffic (seconds): Received 27 Sent 2 Checked 48
<notice>Input messages: Total 140 Updates 9 Refreshes 0 Octets 3107
Output messages: Total 142 Updates 8 Refreshes 0 Octets 3133</notice>
Output Queue[2]: 0
Kontroller der bliver modtaget routes
root@SRX240> <input>show route receive-protocol bgp 10.255.0.10</input>
inet.0: 65 destinations, 65 routes (65 active, 0 holddown, 0 hidden)
PE1.inet.0: <notice>63 destinations, 74 routes (63 active, 0 holddown, 0 hidden)</notice>
Prefix Nexthop MED Lclpref AS path
* 10.202.0.0/16 10.255.0.10 65004 65003 I
* 10.202.0.0/24 10.255.0.10 65004 65003 I
* 10.202.1.0/24 10.255.0.10 65004 65003 I
* 10.202.2.0/24 10.255.0.10 65004 65003 I
* 10.202.10.0/24 10.255.0.10 65004 65003 I
* 10.202.20.0/24 10.255.0.10 65004 65003 I
* 10.204.0.0/16 10.255.0.10 65004 I
* 10.204.0.0/24 10.255.0.10 65004 I
* 10.204.1.0/24 10.255.0.10 65004 I
* 10.204.2.0/24 10.255.0.10 65004 I
* 10.204.10.0/24 10.255.0.10 65004 I
* 10.204.20.0/24 10.255.0.10 65004 I
* 10.205.0.0/16 10.255.0.10 65004 65006 I
* 10.205.0.0/24 10.255.0.10 65004 65006 I
* 10.205.1.0/24 10.255.0.10 65004 65006 I
* 10.205.2.0/24 10.255.0.10 65004 65006 I
* 10.205.10.0/24 10.255.0.10 65004 65006 I
* 10.205.20.0/24 10.255.0.10 65004 65006 I
Og her kontrollerer vi en bestemt route i tabellen på PE1
root@SRX240> <input>show route table PE1.inet.0 protocol bgp detail 10.202.0.0/24</input>
PE1.inet.0: 63 destinations, 74 routes (63 active, 0 holddown, 0 hidden)
10.202.0.0/24 (2 entries, 1 announced)
*BGP Preference: 170/-101
Next hop type: Router, Next hop index: 820
Address: 0x15b9ac8
Next-hop reference count: 39
<notice>Source: 10.255.0.10</notice>
<notice>Next hop: 10.255.0.10 via lt-0/0/0.9, selected</notice>
State: <Active Ext>
Local AS: 65001 Peer AS: 65004
Age: 1:05:54
Task: BGP_65004_65001.10.255.0.10+179
<notice>Announcement bits (2): 1-KRT 3-BGP_RT_Background
AS path: 65004 65003 I</notice>
Accepted
Localpref: 100
Router ID: 10.255.255.4
BGP Preference: 170/-101
Next hop type: Router, Next hop index: 815
Address: 0x15b9a7c
Next-hop reference count: 64
Source: 10.255.0.5
Next hop: 10.255.0.5 via lt-0/0/0.6, selected
State: <Ext>
Inactive reason: Active preferred
Local AS: 65001 Peer AS: 65002
Age: 1:03:36
Task: BGP_65002_65001.10.255.0.5+64085
AS path: 65002 65003 I
Accepted
Localpref: 100
Router ID: 10.255.255.2
Se hvad vi sender til vores naboer:
root@SRX240> <input>show route advertising-protocol bgp 10.255.0.10</input>
PE1.inet.0: <notice>63 destinations, 74 routes</notice> (63 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 10.50.0.0/16 Self 65002 65005 65099 I
* 10.99.6.0/24 Self 65002 65005 65099 I
* 10.99.20.0/24 Self 65002 65005 65099 I
* 10.99.31.0/24 Self 65002 65005 65099 I
* 10.99.62.0/24 Self 65002 65005 65099 I
* 10.99.99.1/32 Self 65002 65005 65099 I
* 10.99.99.2/32 Self 65002 65005 65099 I
* 10.99.114.0/24 Self 65002 65005 65099 I
* 10.99.152.0/24 Self 65002 65005 65099 I
* 10.99.199.0/24 Self 65002 65005 65099 I
* 10.99.207.0/24 Self 65002 65005 65099 I
* 10.99.212.0/24 Self 65002 65005 65099 I
* 10.200.0.0/16 Self 65002 65005 I
* 10.200.0.0/24 Self 65002 65005 I
* 10.200.1.0/24 Self 65002 65005 I
* 10.200.2.0/24 Self 65002 65005 I
* 10.200.10.0/24 Self 65002 65005 I
* 10.200.20.0/24 Self 65002 65005 I
* 10.201.0.0/16 Self 65002 I
* 10.201.0.0/24 Self 65002 I
* 10.201.1.0/24 Self 65002 I
* 10.201.2.0/24 Self 65002 I
* 10.201.5.0/24 Self 65002 I
* 10.201.10.0/24 Self 65002 I
* 10.201.20.0/24 Self 65002 I
* 10.203.0.0/16 Self I
* 10.203.0.0/24 Self I
* 10.203.1.0/24 Self I
* 10.203.2.0/24 Self I
* 10.203.5.0/24 Self I
* 10.203.10.0/24 Self I
* 10.203.20.0/24 Self I
Kontroller om der er performance problemer på udstyret
root@SRX240> <input>show chassis routing-engine</input>
Routing Engine status:
<notice>Temperature 38 degrees C / 100 degrees F</notice>
CPU temperature 39 degrees C / 102 degrees F
Total memory 512 MB Max 410 MB used ( 80 percent)
Control plane memory 336 MB Max 302 MB used ( 90 percent)
Data plane memory 176 MB Max 107 MB used ( 61 percent)
CPU utilization:
User 3 percent
Background 0 percent
Kernel 1 percent
Interrupt 0 percent
Idle 96 percent
Model RE-SRX240B
Serial ID AAAF3940
Start time 2014-11-05 11:11:44 CET
Uptime 1 hour, 25 minutes, 7 seconds
Last reboot reason 0x1:power cycle/failure
<notice>Load averages: 1 minute 5 minute 15 minute
0.11 0.05 0.01</notice>
Route Summering
- Konfigurer de forskellige netværk på lo0 interfacet hvis de ikke allerede er konfigureret
- Konfigurer en aggregate route der dækker hele /16 netværket
- Tillad den i export politikken
Konfiguration
Her konfigurerer vi en aggregated route for at indskyde den i BGP opdateringerne, men alligevel smide alt trafik til summeringen væk, hvis der ikke findes en mere specifik route i den lokale routing tabel[1]
root@SRX240> <input>show configuration routing-instances PE1 routing-options</input>
aggregate {
route 10.203.0.0/16;
}
Exporter også aggregate routes
root@SRX240> <input>show configuration policy-options policy-statement VR-EBGP-EXPORT</input>
term 1 {
from {
protocol [ direct <notice>aggregate</notice> ];
route-filter 10.128.0.0/9 orlonger;
}
then accept;
}
De tidligere eksempler ovenfor viser at det virker.