EBGP JUNOS Projekt
Prøv at konfigurer følgende setup på en Juniper SRX: BGP Demo Setup
Contents
Opgave
Grundlæggende forbindelser
- Konfigurer IP Adresser på alle Logical Tunnel interfaces
- De skal ligge i 10.255.0.X/30 netværkene
- LT interfacet skal have samme unit nummer som .4 oktet i op adressen(10.255.0.2 = lt-0/0/0.2)
- Configurer lo så de passer med <routernummer>x10. og en management adresse(PE1 = Lo0.10:10.255.255.1/32)
Konfiguration
Konfigurer de logiske interfaces og forbind dem
root@SRX240> <input>show configuration interfaces lt-0/0/0.2</input>
<notice>encapsulation ethernet;
peer-unit 1;</notice>
family inet {
address 10.255.0.2/30;
}
root@SRX240> <input>show configuration interfaces lt-0/0/0.1</input>
<notice>encapsulation ethernet;
peer-unit 2;</notice>
family inet {
address 10.255.0.1/30;
}
root@SRX240> <input>show configuration interfaces lo0.10</input>
family inet {
address 10.255.255.1/32;
}
Opret en virtual router instance og forbind lt interfaces til instancen.
root@SRX240> <input>show configuration routing-instances PE2</input>
instance-type virtual-router;
<notice>interface lt-0/0/0.2;
interface lt-0/0/0.5;
interface lt-0/0/0.22;
interface lo0.20;</notice>
Verificering
Kontroller at routerne har sat alle interfaces og IP adresser
root@SRX240> <input>show interfaces routing-instance PE2 terse</input>
Interface Admin Link Proto Local Remote
<notice>lt-0/0/0.2 up up inet 10.255.0.2/30
lt-0/0/0.5 up up inet 10.255.0.5/30
lt-0/0/0.22 up up inet 10.255.0.22/30
lo0.20 up up inet 10.255.255.2 --> 0/0</notice>
Kontroller at de virtuelle routere kan pinge hinanden.
root@SRX240> <input>ping 10.255.0.2 routing-instance PE5</input>
PING 10.255.0.2 (10.255.0.2): 56 data bytes
<notice>64 bytes from 10.255.0.2: icmp_seq=0 ttl=64 time=1.132 ms
64 bytes from 10.255.0.2: icmp_seq=1 ttl=64 time=1.068 ms
64 bytes from 10.255.0.2: icmp_seq=2 ttl=64 time=1.012 ms</notice>
^C
--- 10.255.0.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.012/1.071/1.132/0.049 ms
BGP opsætning
- Lav en export regl til bgp
- Konfigurer lo0 interfacets ip adresse som router-id
- konfigurer eBGP imellem alle routerne.
Konfiguration
Lav en export regl i global routing instance
root@SRX240> <input>show configuration policy-options policy-statement VR-EBGP-EXPORT</input>
term 1 {
from {
protocol direct;
}
then accept;
}
Konfigurer router-id og ASN under den virtuelle router.
[edit routing-instances]
root@SRX240# <input>show</input>
PE1 {
routing-options {
<notice>router-id 10.255.255.1;
autonomous-system 65001;</notice>
}
}
Lav eBGP under den virtuelle router
[edit]
root@SRX240# <input>show routing-instances PE1 protocols bgp</input>
group EXT-PEERS {
type external;
export VR-EBGP-EXPORT;
neighbor 10.255.0.5 {
peer-as 65002;
}
neighbor 10.255.0.10 {
peer-as 65004;
}
}
Verificering
Kontroller BGP naboer kommer op i Established state og der bliver udvækslet routes
root@SRX240> <input>show bgp summary instance PE1</input>
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
PE1.inet.0 54 43 0 0 0 0
PE1.mdt.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.255.0.5 65002 127 128 0 0 54:27 <notice>Establ</notice>
<notice>PE1.inet.0: 25/36/36/0</notice>
10.255.0.10 65004 124 126 0 0 54:19 <notice>Establ</notice>
<notice>PE1.inet.0: 18/18/18/0</notice>
root@SRX240> <input>show bgp neighbor 10.255.0.5</input>
Peer: 10.255.0.5+64085 AS 65002 Local: 10.255.0.6+179 AS 65001
Type: External State: <notice>Established</notice> Flags: <Sync>
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Export: <notice>[ VR-EBGP-EXPORT ]</notice>
Options: <Preference PeerAS Refresh>
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 10.255.255.2 Local ID: 10.255.255.1 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 0
BFD: disabled, down
Local Interface: lt-0/0/0.6
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Stale routes from peer are kept for: 300
Peer does not support Restarter functionality
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 65002)
Peer does not support Addpath
Table PE1.inet.0 Bit: 30000
RIB State: BGP restart is complete
RIB State: VPN restart is complete
Send state: in sync
<notice>Active prefixes: 25
Received prefixes: 36
Accepted prefixes: 36
Suppressed due to damping: 0
Advertised prefixes: 32</notice>
Last traffic (seconds): Received 27 Sent 2 Checked 48
<notice>Input messages: Total 140 Updates 9 Refreshes 0 Octets 3107
Output messages: Total 142 Updates 8 Refreshes 0 Octets 3133</notice>
Output Queue[2]: 0
Kontroller der bliver modtaget routes
root@SRX240> <input>show route receive-protocol bgp 10.255.0.10</input>
inet.0: 65 destinations, 65 routes (65 active, 0 holddown, 0 hidden)
PE1.inet.0: <notice>63 destinations, 74 routes (63 active, 0 holddown, 0 hidden)</notice>
Prefix Nexthop MED Lclpref AS path
* 10.202.0.0/16 10.255.0.10 65004 65003 I
* 10.202.0.0/24 10.255.0.10 65004 65003 I
* 10.202.1.0/24 10.255.0.10 65004 65003 I
* 10.202.2.0/24 10.255.0.10 65004 65003 I
* 10.202.10.0/24 10.255.0.10 65004 65003 I
* 10.202.20.0/24 10.255.0.10 65004 65003 I
* 10.204.0.0/16 10.255.0.10 65004 I
* 10.204.0.0/24 10.255.0.10 65004 I
* 10.204.1.0/24 10.255.0.10 65004 I
* 10.204.2.0/24 10.255.0.10 65004 I
* 10.204.10.0/24 10.255.0.10 65004 I
* 10.204.20.0/24 10.255.0.10 65004 I
* 10.205.0.0/16 10.255.0.10 65004 65006 I
* 10.205.0.0/24 10.255.0.10 65004 65006 I
* 10.205.1.0/24 10.255.0.10 65004 65006 I
* 10.205.2.0/24 10.255.0.10 65004 65006 I
* 10.205.10.0/24 10.255.0.10 65004 65006 I
* 10.205.20.0/24 10.255.0.10 65004 65006 I
Og her kontrollerer vi en bestemt route i tabellen på PE1
root@SRX240> <input>show route table PE1.inet.0 protocol bgp detail 10.202.0.0/24</input>
PE1.inet.0: 63 destinations, 74 routes (63 active, 0 holddown, 0 hidden)
10.202.0.0/24 (2 entries, 1 announced)
*BGP Preference: 170/-101
Next hop type: Router, Next hop index: 820
Address: 0x15b9ac8
Next-hop reference count: 39
<notice>Source: 10.255.0.10</notice>
<notice>Next hop: 10.255.0.10 via lt-0/0/0.9, selected</notice>
State: <Active Ext>
Local AS: 65001 Peer AS: 65004
Age: 1:05:54
Task: BGP_65004_65001.10.255.0.10+179
<notice>Announcement bits (2): 1-KRT 3-BGP_RT_Background
AS path: 65004 65003 I</notice>
Accepted
Localpref: 100
Router ID: 10.255.255.4
BGP Preference: 170/-101
Next hop type: Router, Next hop index: 815
Address: 0x15b9a7c
Next-hop reference count: 64
Source: 10.255.0.5
Next hop: 10.255.0.5 via lt-0/0/0.6, selected
State: <Ext>
Inactive reason: Active preferred
Local AS: 65001 Peer AS: 65002
Age: 1:03:36
Task: BGP_65002_65001.10.255.0.5+64085
AS path: 65002 65003 I
Accepted
Localpref: 100
Router ID: 10.255.255.2
Se hvad vi sender til vores naboer:
root@SRX240> <input>show route advertising-protocol bgp 10.255.0.10</input>
PE1.inet.0: <notice>63 destinations, 74 routes</notice> (63 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 10.50.0.0/16 Self 65002 65005 65099 I
* 10.99.6.0/24 Self 65002 65005 65099 I
* 10.99.20.0/24 Self 65002 65005 65099 I
* 10.99.31.0/24 Self 65002 65005 65099 I
* 10.99.62.0/24 Self 65002 65005 65099 I
* 10.99.99.1/32 Self 65002 65005 65099 I
* 10.99.99.2/32 Self 65002 65005 65099 I
* 10.99.114.0/24 Self 65002 65005 65099 I
* 10.99.152.0/24 Self 65002 65005 65099 I
* 10.99.199.0/24 Self 65002 65005 65099 I
* 10.99.207.0/24 Self 65002 65005 65099 I
* 10.99.212.0/24 Self 65002 65005 65099 I
* 10.200.0.0/16 Self 65002 65005 I
* 10.200.0.0/24 Self 65002 65005 I
* 10.200.1.0/24 Self 65002 65005 I
* 10.200.2.0/24 Self 65002 65005 I
* 10.200.10.0/24 Self 65002 65005 I
* 10.200.20.0/24 Self 65002 65005 I
* 10.201.0.0/16 Self 65002 I
* 10.201.0.0/24 Self 65002 I
* 10.201.1.0/24 Self 65002 I
* 10.201.2.0/24 Self 65002 I
* 10.201.5.0/24 Self 65002 I
* 10.201.10.0/24 Self 65002 I
* 10.201.20.0/24 Self 65002 I
* 10.203.0.0/16 Self I
* 10.203.0.0/24 Self I
* 10.203.1.0/24 Self I
* 10.203.2.0/24 Self I
* 10.203.5.0/24 Self I
* 10.203.10.0/24 Self I
* 10.203.20.0/24 Self I
Kontroller om der er performance problemer på udstyret
root@SRX240> <input>show chassis routing-engine</input>
Routing Engine status:
<notice>Temperature 38 degrees C / 100 degrees F</notice>
CPU temperature 39 degrees C / 102 degrees F
Total memory 512 MB Max 410 MB used ( 80 percent)
Control plane memory 336 MB Max 302 MB used ( 90 percent)
Data plane memory 176 MB Max 107 MB used ( 61 percent)
CPU utilization:
User 3 percent
Background 0 percent
Kernel 1 percent
Interrupt 0 percent
Idle 96 percent
Model RE-SRX240B
Serial ID AAAF3940
Start time 2014-11-05 11:11:44 CET
Uptime 1 hour, 25 minutes, 7 seconds
Last reboot reason 0x1:power cycle/failure
<notice>Load averages: 1 minute 5 minute 15 minute
0.11 0.05 0.01</notice>
Route Summering
- Konfigurer de forskellige netværk på lo0 interfacet hvis de ikke allerede er konfigureret
- Konfigurer en aggregate route der dækker hele /16 netværket
- Tillad den i export politikken
Konfiguration
Her konfigurerer vi en aggregated route for at indskyde den i BGP opdateringerne, men alligevel smide alt trafik til summeringen væk, hvis der ikke findes en mere specifik route i den lokale routing tabel[1]
root@SRX240> <input>show configuration routing-instances PE1 routing-options</input>
aggregate {
route 10.203.0.0/16;
}
Exporter også aggregate routes
root@SRX240> <input>show configuration policy-options policy-statement VR-EBGP-EXPORT</input>
term 1 {
from {
protocol [ direct <notice>aggregate</notice> ];
route-filter 10.128.0.0/9 orlonger;
}
then accept;
}
De tidligere eksempler ovenfor viser at det virker.
Load Balancing
Default loadbalancer juniper pr. prefix, det vil sige at hvis en routes har flere next-hops med samme metric vælger den en forwarder ud fra hash af prefixen. Alle pakker til det samme prefix vil så løbe over det samme link.
Har man nok routes i sin routing tabel vil man opleve en loadbalancing, men fordelingen af trafik vil ikke altid blive ligeligt.
Ved at konfigurere routeren til "pr. pakke" loadbalancing vil den istedet lave en hash af hver pakke og balancere pr. flow istedet for destinations prefix
Prefix loadbalancing over næsten den samme next-hop 10.255.0.21
root@SRX240> <input>show route table PE2.inet.0 10.205.0.0/16</input>
PE2.inet.0: 66 destinations, 91 routes (66 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.205.0.0/16 *[BGP/170] 00:50:32, localpref 100
AS path: 65001 65004 65006 I
> to <notice>10.255.0.6</notice> via lt-0/0/0.5
[BGP/170] 00:50:32, localpref 100
AS path: 65003 65004 65006 I
> to 10.255.0.21 via lt-0/0/0.22
10.205.0.0/24 *[BGP/170] 00:50:32, localpref 100
AS path: 65003 65004 65006 I
> to <notice>10.255.0.21</notice> via lt-0/0/0.22
[BGP/170] 00:50:32, localpref 100
AS path: 65001 65004 65006 I
> to 10.255.0.6 via lt-0/0/0.5
10.205.1.0/24 *[BGP/170] 00:50:32, localpref 100
AS path: 65003 65004 65006 I
> to <notice>10.255.0.21</notice> via lt-0/0/0.22
[BGP/170] 00:50:32, localpref 100
AS path: 65001 65004 65006 I
> to 10.255.0.6 via lt-0/0/0.5
10.205.2.0/24 *[BGP/170] 00:50:32, localpref 100
AS path: 65003 65004 65006 I
> to <notice>10.255.0.21</notice> via lt-0/0/0.22
[BGP/170] 00:50:32, localpref 100
AS path: 65001 65004 65006 I
> to 10.255.0.6 via lt-0/0/0.5
10.205.10.0/24 *[BGP/170] 00:50:32, localpref 100
AS path: 65003 65004 65006 I
> to <notice>10.255.0.21</notice> via lt-0/0/0.22
[BGP/170] 00:50:32, localpref 100
AS path: 65001 65004 65006 I
> to 10.255.0.6 via lt-0/0/0.5
10.205.20.0/24 *[BGP/170] 00:50:32, localpref 100
AS path: 65003 65004 65006 I
> to <notice>10.255.0.21</notice> via lt-0/0/0.22
[BGP/170] 00:50:32, localpref 100
AS path: 65001 65004 65006 I
> to 10.255.0.6 via lt-0/0/0.5
Som vi ser her vil de fleste pakker tage den samme vej. For 10.204.0.0 netværkene vil 10.255.0.6 blive brugt istedet
root@SRX240> <input>show route table PE2.inet.0 10.204.0.0/16</input>
PE2.inet.0: 66 destinations, 91 routes (66 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.204.0.0/16 *[BGP/170] 01:47:43, localpref 100
AS path: 65001 65004 I
> to <notice>10.255.0.6</notice> via lt-0/0/0.5
[BGP/170] 01:45:25, localpref 100
AS path: 65003 65004 I
> to 10.255.0.21 via lt-0/0/0.22
10.204.0.0/24 *[BGP/170] 01:47:43, localpref 100
AS path: 65001 65004 I
> to <notice>10.255.0.6</notice> via lt-0/0/0.5
[BGP/170] 01:45:25, localpref 100
AS path: 65003 65004 I
> to 10.255.0.21 via lt-0/0/0.22
10.204.1.0/24 *[BGP/170] 01:47:43, localpref 100
AS path: 65001 65004 I
> to <notice>10.255.0.6</notice> via lt-0/0/0.5
[BGP/170] 01:45:25, localpref 100
AS path: 65003 65004 I
> to 10.255.0.21 via lt-0/0/0.22
10.204.2.0/24 *[BGP/170] 01:47:43, localpref 100
AS path: 65001 65004 I
> to <notice>10.255.0.6</notice> via lt-0/0/0.5
[BGP/170] 01:45:25, localpref 100
AS path: 65003 65004 I
> to 10.255.0.21 via lt-0/0/0.22
10.204.10.0/24 *[BGP/170] 01:47:43, localpref 100
AS path: 65001 65004 I
> to <notice>10.255.0.6</notice> via lt-0/0/0.5
[BGP/170] 01:45:25, localpref 100
AS path: 65003 65004 I
> to 10.255.0.21 via lt-0/0/0.22
10.204.20.0/24 *[BGP/170] 01:47:43, localpref 100
AS path: 65001 65004 I
> to <notice>10.255.0.6</notice> via lt-0/0/0.5
[BGP/170] 01:45:25, localpref 100
AS path: 65003 65004 I
> to 10.255.0.21 via lt-0/0/0.22