BGP JUNOS

From Teknologisk videncenter
Revision as of 14:51, 4 November 2014 by Rael (talk | contribs) (Route filtrering)
Jump to: navigation, search

Konfiguration

interfaces {
    ge-0/0/15 {
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
    lo0 {
        unit 5 {
            family inet {
                address 10.99.99.1/32;
                address 10.99.99.2/32;
                address 10.99.212.1/24;
                address 10.99.199.1/24;
                address 10.99.62.1/24;
                address 10.99.114.1/24;
                address 10.99.152.1/24;
                address 10.99.31.1/24;
                address 10.99.6.1/24;
                address 10.99.20.1/24;
                address 10.99.207.1/24;
                address 10.50.0.1/16;
            }
            family inet6 {
                address 2001:db8:ded0:2000::1/64;
            }
        }
    }
}
routing-options {
    autonomous-system 65099;
}
protocols {
    bgp {
        group as_65010 {
            type external;
            family inet {
                unicast;
            }
            family inet6 {
                unicast;
            }
            authentication-key "$9$LZCNdwoJDmPQVwoGUH5TCtu1hrKMXbs4"; ## SECRET-DATA
            export EBGP-EXPORT;
            peer-as 65010;
            neighbor 192.168.146.110;
            neighbor 192.168.146.109;
        }
        group as_65020 {
            type external;
            export EBGP-EXPORT;
            peer-as 65020;
            neighbor 192.168.146.4;
            neighbor 192.168.146.5;
        }
    }
}
policy-options {
    policy-statement EBGP-EXPORT {
        term 1 {
            from {
                protocol direct;
                route-filter 10.0.0.0/8 orlonger;
            }
            then accept;
        }
    }
    policy-statement OSPF-EXPORT {
        term 1 {
            from protocol direct;
            then accept;
        }
    }
    policy-statement RIP-EXPORT {
        term 1 {
            from protocol [ direct rip ];
            then accept;
        }
    }
}
security {
    forwarding-options {
        family {
            inet6 {
                mode packet-based;
            }
            mpls {
                mode packet-based;
            }
        }
    }
}

Fejlfinding

BGP Neighbours

Cisco command
show ip bgp summary
Juniper command
show bgp summary
root@SRX240# <input>run show bgp summary</input>
Groups: 6 Peers: 11 Down peers: 8
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0                 1          1          0          0          0          0
inet6.0                0          0          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
<notice>192.168.146.4         65020        127        325       0       0     1:02:41 Establ
  inet.0: 0/0/0/0</notice>
192.168.146.5         65020          0          0       0       0     1:03:01 Connect
<notice>192.168.146.50        65050        127        324       0       0     1:02:41 Establ
  inet.0: 0/0/0/0</notice>
192.168.146.51        65050          0          0       0       0     1:03:01 Active
192.168.146.60        65060          0          0       0       0     1:03:01 Active
192.168.146.106       65030          0          0       0       0     1:03:01 Connect
192.168.146.109       65010          0          0       0       0     1:03:01 Connect
<notice>192.168.146.110       65010         17        196       0       1        6:14 Establ
  inet.0: 1/1/1/0
  inet6.0: 0/0/0/0</notice>
192.168.146.112       65040          0          0       0       0     1:03:01 Connect
192.168.146.113       65030          0          0       0       0     1:03:01 Connect
192.168.146.128       65040          0          0       0       0     1:03:01 Connect
[edit]
root@SRX240# <input>run show bgp neighbor 192.168.146.110</input>
Peer: <notice>192.168.146.110+35006 AS 65010</notice> Local: <notice>192.168.146.101+179 AS 65099</notice>
  Type: External    State: Established    Flags: <Sync>
  Last State: OpenConfirm   Last Event: RecvKeepAlive
  Last Error: None
  <notice>Export: [ EBGP-EXPORT ]</notice>
  Options: <Preference AuthKey AddressFamily PeerAS Refresh>
  Authentication key is configured
  Address families configured: inet-unicast inet6-unicast
  Holdtime: 90 Preference: 170
  Number of flaps: 1
  Last flap event: Closed
  Peer ID: 192.168.146.110 Local ID: 10.50.0.1         Active Holdtime: 90
  Keepalive Interval: 30         Peer index: 0
  BFD: disabled, down
  Local Interface: ge-0/0/15.0
  NLRI for restart configured on peer: inet-unicast inet6-unicast
  NLRI advertised by peer: inet-unicast inet6-unicast
  NLRI for this session: inet-unicast inet6-unicast
  Peer supports Refresh capability (2)
  Stale routes from peer are kept for: 300
  Peer does not support Restarter functionality
  Peer does not support Receiver functionality
  Peer does not support 4 byte AS extension
  Peer does not support Addpath
  Table inet.0 Bit: 10000
    RIB State: BGP restart is complete
    Send state: in sync
    Active prefixes:              1
    Received prefixes:            1
    Accepted prefixes:            1
    Suppressed due to damping:    0
    <notice>Advertised prefixes:          12</notice>
  Table inet6.0 Bit: 60000
    RIB State: BGP restart is complete
    Send state: in sync
    Active prefixes:              0
    Received prefixes:            0
    Accepted prefixes:            0
    Suppressed due to damping:    0
    Advertised prefixes:          0
  Last traffic (seconds): Received 29   Sent 22   Checked 59
  Input messages:  Total 36     Updates 2       Refreshes 0     Octets 843
  Output messages: Total 217    Updates 180     Refreshes 0     Octets 24442
  Output Queue[0]: 0
  Output Queue[5]: 0

BGP Networks

[edit]
root@SRX240# <input>run show route protocol bgp detail</input>

inet.0: 26 destinations, 26 routes (26 active, 0 holddown, 0 hidden)
<notice>10.10.0.0/16</notice> (1 entry, 1 announced)
        *BGP    Preference: 170/-101
                Next hop type: Router, Next hop index: 4292
                Address: 0x15b418c
                Next-hop reference count: 3
                Source: 192.168.146.110
                Next hop: 192.168.146.110 via ge-0/0/15.0, selected
                State: <Active Ext>
                Local AS: 65099 Peer AS: 65010
                Age: 24:37      Metric: 10
                Task: BGP_65010.192.168.146.110+35006
                Announcement bits (3): 0-KRT 1-Resolve tree 1 2-BGP_RT_Background
                <notice>AS path: 65010 I (Atomic) Aggregator: 65010 192.168.146.110</notice>
                Accepted
                Localpref: 100
                Router ID: 192.168.146.110

inet6.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
[edit]
root@SRX240# <input>run show route protocol bgp terse</input>

inet.0: 26 destinations, 26 routes (26 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

A Destination        P Prf   Metric 1   Metric 2  Next hop         AS path
<notice>* 10.10.0.0/16       B 170        100         10 >192.168.146.110  65010 I</notice>

inet6.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

[edit]
root@SRX240#

Istedet for kun at sende en aggregate route fra 192.168.146.110 konfigureres den nu til at sende 10.10.0.0./16 plus de oprindelige netværk 10.10.10.0/24, 10.20.0.0./24, 10.50.0.0/24 & 10.10.100.0/24

root@SRX240# run show route protocol bgp

inet.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.0.0/16       *[BGP/170] 00:01:37, MED 10, localpref 100
                      AS path: 65010 I
                    > to 192.168.146.110 via ge-0/0/15.0
10.10.10.0/24      *[BGP/170] 00:00:09, MED 10, localpref 100
                      AS path: 65010 I
                    > to 192.168.146.110 via ge-0/0/15.0
10.10.20.0/24      *[BGP/170] 00:00:09, MED 10, localpref 100
                      AS path: 65010 I
                    > to 192.168.146.110 via ge-0/0/15.0
10.10.30.0/24      *[BGP/170] 00:00:09, MED 10, localpref 100
                      AS path: 65010 I
                    > to 192.168.146.110 via ge-0/0/15.0
10.10.50.0/24      *[BGP/170] 00:00:09, MED 10, localpref 100
                      AS path: 65010 I
                    > to 192.168.146.110 via ge-0/0/15.0
10.10.100.0/24     *[BGP/170] 00:00:09, MED 10, localpref 100
                      AS path: 65010 I
                    > to 192.168.146.110 via ge-0/0/15.0

inet6.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

[edit]
root@SRX240# run show route pr
                              ^
'pr' is ambiguous.
Possible completions:
  <destination>        IP address and optional prefix length of destination
  private              Show private table routes
  protocol             Name of protocol that is source for entries
[edit]
root@SRX240# <input>run show route protocol bgp detail</input>

inet.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden)
<notice>10.10.0.0/16 (1 entry, 1 announced)</notice>
        *BGP    Preference: 170/-101
                Next hop type: Router, Next hop index: 4292
                Address: 0x178405c
                Next-hop reference count: 18
                Source: 192.168.146.110
                Next hop: 192.168.146.110 via ge-0/0/15.0, selected
                State: <Active Ext>
                Local AS: 65099 Peer AS: 65010
                Age: 2:08       Metric: 10
                Task: BGP_65010.192.168.146.110+13363
                Announcement bits (3): 0-KRT 1-Resolve tree 1 2-BGP_RT_Background
                A<notice>S path: 65010 I (Atomic) Aggregator: 65010 192.168.146.110</notice>
                Accepted
                Localpref: 100
                Router ID: 192.168.146.110

<notice>10.10.10.0/24 (1 entry, 1 announced)</notice>
        *BGP    Preference: 170/-101
                Next hop type: Router, Next hop index: 4292
                Address: 0x178405c
                Next-hop reference count: 18
                Source: 192.168.146.110
                Next hop: 192.168.146.110 via ge-0/0/15.0, selected
                State: <Active Ext>
                Local AS: 65099 Peer AS: 65010
                Age: 40         Metric: 10
                Task: BGP_65010.192.168.146.110+13363
                Announcement bits (3): 0-KRT 1-Resolve tree 1 2-BGP_RT_Background
                <notice>AS path: 65010 I</notice>
                Accepted
                Localpref: 100
                Router ID: 192.168.146.110

10.10.20.0/24 (1 entry, 1 announced)
        *BGP    Preference: 170/-101
                Next hop type: Router, Next hop index: 4292
                Address: 0x178405c
                Next-hop reference count: 18
                Source: 192.168.146.110
                Next hop: 192.168.146.110 via ge-0/0/15.0, selected
                State: <Active Ext>
                Local AS: 65099 Peer AS: 65010
                Age: 40         Metric: 10
                Task: BGP_65010.192.168.146.110+13363
                Announcement bits (3): 0-KRT 1-Resolve tree 1 2-BGP_RT_Background
                AS path: 65010 I
                Accepted
                Localpref: 100
                Router ID: 192.168.146.110

10.10.30.0/24 (1 entry, 1 announced)
        *BGP    Preference: 170/-101
                Next hop type: Router, Next hop index: 4292
                Address: 0x178405c
                Next-hop reference count: 18
                Source: 192.168.146.110
                Next hop: 192.168.146.110 via ge-0/0/15.0, selected
                State: <Active Ext>
                Local AS: 65099 Peer AS: 65010
                Age: 40         Metric: 10
                Task: BGP_65010.192.168.146.110+13363
                Announcement bits (3): 0-KRT 1-Resolve tree 1 2-BGP_RT_Background
                AS path: 65010 I
                Accepted
                Localpref: 100
                Router ID: 192.168.146.110

10.10.50.0/24 (1 entry, 1 announced)
        *BGP    Preference: 170/-101
                Next hop type: Router, Next hop index: 4292
                Address: 0x178405c
                Next-hop reference count: 18
                Source: 192.168.146.110
                Next hop: 192.168.146.110 via ge-0/0/15.0, selected
                State: <Active Ext>
                Local AS: 65099 Peer AS: 65010
                Age: 40         Metric: 10
                Task: BGP_65010.192.168.146.110+13363
                Announcement bits (3): 0-KRT 1-Resolve tree 1 2-BGP_RT_Background
                AS path: 65010 I
                Accepted
                Localpref: 100
                Router ID: 192.168.146.110

10.10.100.0/24 (1 entry, 1 announced)
        *BGP    Preference: 170/-101
                Next hop type: Router, Next hop index: 4292
                Address: 0x178405c
                Next-hop reference count: 18
                Source: 192.168.146.110
                Next hop: 192.168.146.110 via ge-0/0/15.0, selected
                State: <Active Ext>
                Local AS: 65099 Peer AS: 65010
                Age: 40         Metric: 10
                Task: BGP_65010.192.168.146.110+13363
                Announcement bits (3): 0-KRT 1-Resolve tree 1 2-BGP_RT_Background
                AS path: 65010 I
                Accepted
                Localpref: 100
                Router ID: 192.168.146.110

inet6.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
[edit]
root@SRX240# <input>run show route protocol bgp terse</input>

inet.0: 31 destinations, 31 routes (31 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

A Destination        P Prf   Metric 1   Metric 2  Next hop         AS path
<notice>* 10.10.0.0/16       B 170        100         10 >192.168.146.110  65010 I
* 10.10.10.0/24      B 170        100         10 >192.168.146.110  65010 I
* 10.10.20.0/24      B 170        100         10 >192.168.146.110  65010 I
* 10.10.30.0/24      B 170        100         10 >192.168.146.110  65010 I
* 10.10.50.0/24      B 170        100         10 >192.168.146.110  65010 I
* 10.10.100.0/24     B 170        100         10 >192.168.146.110  65010 I</notice>

inet6.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

Route filtrering

Tillad kun 10.10.0.0/16 netværk

[edit policy-options policy-statement EBGP-AS65010-IMPORT]
root@SRX240# <input>show</input>
term 1 {
    from {
        route-filter 10.10.0.0/16 exact;
    }
    then accept;
}
term 2 {
    then reject;
}
[edit policy-options policy-statement EBGP-AS65010-IMPORT]           ^
root@SRX240# <input>top show protocols bgp group as_65010</input>
type external;
import EBGP-AS65010-IMPORT;

Kontroller om der kun kommer 1 route i inet.0

[edit policy-options policy-statement EBGP-AS65010-IMPORT]
root@SRX240# <input>run show route protocol bgp terse</input>

inet.0: 31 destinations, 31 routes (26 active, 0 holddown, 5 hidden)
+ = Active Route, - = Last Active, * = Both

A Destination        P Prf   Metric 1   Metric 2  Next hop         AS path
<notice>* 10.10.0.0/16       B 170        100         10 >192.168.146.110  65010 I</notice>

inet6.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
[edit policy-options policy-statement EBGP-AS65010-IMPORT]
root@SRX240# <input>run show bgp summary</input>
Groups: 6 Peers: 11 Down peers: 8
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0                 6          1          0          0          0          0
inet6.0                0          0          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
<notice><-- output omitted --></notice>
192.168.146.110       65010         38         36       0       6        7:05 Establ
  <notice>inet.0: 1/6/1/0</notice>

root@SRX240# <input>run show bgp neighbor 192.168.146.110</input>
Peer: 192.168.146.110+179 AS 65010 Local: 192.168.146.101+52670 AS 65099
  Type: External    State: Established    Flags: <Sync>
  Last State: OpenConfirm   Last Event: RecvKeepAlive
  Last Error: Cease
  Export: [ EBGP-EXPORT ] Import: [ EBGP-AS65010-IMPORT ]
  Options: <Preference AuthKey AddressFamily PeerAS Refresh>
  Authentication key is configured
  Address families configured: inet-unicast inet6-unicast
  Holdtime: 90 Preference: 170
  Number of flaps: 6
  Last flap event: Stop
  Error: 'Cease' Sent: 3 Recv: 0
  Peer ID: 192.168.146.110 Local ID: 10.50.0.1         Active Holdtime: 90
  Keepalive Interval: 30         Peer index: 0
  BFD: disabled, down
  Local Interface: ge-0/0/15.0
  NLRI for restart configured on peer: inet-unicast inet6-unicast
  NLRI advertised by peer: inet-unicast inet6-unicast
  NLRI for this session: inet-unicast inet6-unicast
  Peer supports Refresh capability (2)
  Stale routes from peer are kept for: 300
  Peer does not support Restarter functionality
  Peer does not support Receiver functionality
  Peer does not support 4 byte AS extension
  Peer does not support Addpath
  Table inet.0 Bit: 10002
    RIB State: BGP restart is complete
    Send state: in sync
    <notice>Active prefixes:              1
    Received prefixes:            6
    Accepted prefixes:            1</notice>
    Suppressed due to damping:    0
    Advertised prefixes:          12
  Table inet6.0 Bit: 60000
    RIB State: BGP restart is complete
    Send state: in sync
    Active prefixes:              0
    Received prefixes:            0
    Accepted prefixes:            0
    Suppressed due to damping:    0
    Advertised prefixes:          0
  Last traffic (seconds): Received 23   Sent 12   Checked 83
  Input messages:  Total 37     Updates 8       Refreshes 0     Octets 1285
  Output messages: Total 36     Updates 2       Refreshes 0     Octets 924
  Output Queue[0]: 0
  Output Queue[5]: 0