Cisco(IOSv / CSR1000V / XRv / NX-OSv / ASAv)、MikroTik、VyOS で eBGP 接続してみる
Cisco、Mikrotik、VyOS を eBGP 接続し、各々のコンフィグを比較してみました。具体的には以下の機器を用いました。
- Cisco IOSv
- Cisco CSR1000V
- Cisco XRv
- Cisco NX-OSv
- Cisco ASAv
- Mikrotik
- VyOS
構成 & OS バージョン
以下の構成で検証しました。
OS バージョンは各々、以下の通りです。
| Loopback アドレス |
メーカー |
OS |
バージョン |
| 10.0.0.1 |
Cisco |
IOSv |
IOS 15.5(2)T |
| 10.0.0.2 |
Cisco |
CSR1000V |
IOS XE Version 03.14.00.S |
| 10.0.0.3 |
Cisco |
XRv |
IOS XR 5.3.0 |
| 10.0.0.4 |
Cisco |
NX-OSv |
NX-OS 7.2(0)D1(1) |
| 10.0.0.5 |
Cisco |
ASAv |
ASA 9.3(2)200 |
| 10.0.0.6 |
Mikrotik |
RouterOS |
RouterOS 6.30.2 |
| 10.0.0.7 |
VyOS |
VyOS |
VyOS 1.1.5 |
各ルータのコンフィグ
各ルータのコンフィグは以下の通りです。
IOSv のコンフィグ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 | hostname IOSv
!
interface Loopback0
ip address 10.0.99.1 255.255.255.255
!
interface GigabitEthernet0/1
ip address 10.0.0.1 255.255.255.0
no shutdown
!
router bgp 65001
bgp router-id 10.0.99.1
neighbor 10.0.0.2 remote-as 65002
neighbor 10.0.0.3 remote-as 65003
neighbor 10.0.0.4 remote-as 65004
neighbor 10.0.0.5 remote-as 65005
neighbor 10.0.0.6 remote-as 65006
neighbor 10.0.0.7 remote-as 65007
network 10.0.99.1 mask 255.255.255.255
!
end
|
CSR1000V のコンフィグ
CSR1000V のコンフィグは IOSv のコンフィグと、ほぼ同じです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 | hostname CSR1000V
!
interface Loopback0
ip address 10.0.99.2 255.255.255.255
!
interface GigabitEthernet2
ip address 10.0.0.2 255.255.255.0
no shutdown
!
router bgp 65002
bgp router-id 10.0.99.2
network 10.0.99.2 mask 255.255.255.255
neighbor 10.0.0.1 remote-as 65001
!
end
|
XRv のコンフィグ
XRv(IOS XR)のコンフィグや挙動は IOS とやや異なります。特に IOS XR の場合は rotue-policy が未定義な場合、経路を配信しません(drop します)。よって「経路を全部受信 / 全部送信したい」場合には pass だけ設定された route-policy を定義し、BGP ピアの In / Out 両方向に適用する必要があります。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27 | hostname XRv
!
interface Loopback0
ipv4 address 10.0.99.3 255.255.255.255
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.0.0.3 255.255.255.0
no shutdown
!
route-policy PASS
pass
end-policy
!
router bgp 65003
bgp router-id 10.0.99.3
address-family ipv4 unicast
network 10.0.99.3/32
!
neighbor 10.0.0.1
remote-as 65001
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
!
end
|
NX-OSv のコンフィグ
NX-OSv を検証用に使う場合、各機能を有効にするに license grace-period を設定し、ライセンスの執行猶予期間を開始する必要があります。デフォルトでは 120 日間、ライセンスが有効化され、各機能を試せるようです。ライセンスを有効化したら feature bgp で BGP 機能を有効化した後、BGP の設定を行います。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 | license grace-period
!
hostname NX-OSv
!
feature bgp
!
interface Ethernet2/1
no switchport
ip address 10.0.0.4/24
no shutdown
!
interface loopback0
ip address 10.0.99.4/32
!
router bgp 65004
router-id 10.0.99.4
address-family ipv4 unicast
network 10.0.99.4/32
neighbor 10.0.0.1 remote-as 65001
address-family ipv4 unicast
!
end
|
ASAv のコンフィグ
ASAv では Loopback インターフェイスを作成することが出来ない為、router-id をどのように採番するか?は検討が必要です。今回は検証環境ですので、router-id にしたいアドレスを Null0 に設定し、それを router-id や BGP での広報経路として利用しました。尚、Null0 に向ける経路の AD 値(Administrative Distance 値)を 255 にすると ASA の仕様でルーティングテーブル上にインストールされなくなり、結果として BGP にも広報されなくなります。よって、今回は AD 値を 254 に設定しています。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 | hostname ASAv
!
interface GigabitEthernet0/0
nameif OUTSIDE
security-level 0
ip address 10.0.0.5 255.255.255.0
no shutdown
!
router bgp 65005
bgp router-id 10.0.99.5
address-family ipv4 unicast
neighbor 10.0.0.1 remote-as 65001
neighbor 10.0.0.1 activate
network 10.0.99.5 mask 255.255.255.255
!
route Null0 10.0.99.5 255.255.255.255 254
!
end
|
Mikrotik(RouterOS)のコンフィグ
Mikrotik のコンフィグはかなり簡素で、以下の通りです。Loopback という論理インターフェイス種別は存在しない為、「物理インターフェイスが紐付かないブリッジインターフェイス」を作成し、あたかも Loopback であるかのように利用しています。
| /system identity set name=RoS
/interface bridge add name=loopback
/ip address add address=10.0.99.6/32 interface=loopback
/ip address add address=10.0.0.6/24 interface=ether2
/routing bgp instance set default as=65006 router-id=10.0.99.6
/routing bgp peer add remote-address=10.0.0.1 remote-as=65001
/routing bgp network add network=10.0.99.6/32
|
VyOS のコンフィグ
Mikrotik 同様、VyOS のコンフィグもかなり簡素です(Vyatta よりも簡単です)。
| set system host-name VyOS
set interfaces loopback lo address 10.0.99.7/32
set interfaces ethernet eth2 address 10.0.0.7/24
set protocols bgp 65007 parameters router-id 10.0.99.7
set protocols bgp 65007 neighbor 10.0.0.1 remote-as 65001
set protocols bgp 65007 network 10.0.99.7/32
|
状態確認
IOSv での状態確認
show ip bgp summary の出力結果は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 | IOSv# show ip bgp summary
BGP router identifier 10.0.99.1, local AS number 65001
BGP table version is 10, main routing table version 10
7 network entries using 1008 bytes of memory
7 path entries using 560 bytes of memory
7/7 BGP path/bestpath attribute entries using 1064 bytes of memory
6 BGP AS-PATH entries using 144 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2776 total bytes of memory
BGP activity 8/1 prefixes, 8/1 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.2 4 65002 43 46 10 0 0 00:34:51 1
10.0.0.3 4 65003 34 44 10 0 0 00:30:41 1
10.0.0.4 4 65004 39 46 10 0 0 00:34:08 1
10.0.0.5 4 65005 28 39 10 0 0 00:26:37 1
10.0.0.6 4 65006 41 43 10 0 0 00:31:22 1
10.0.0.7 4 65007 33 41 10 0 0 00:28:50 1
|
show ip bgp の出力結果は以下の通りです。NX-OSv と Mikrotik は MED(Metric)が無い状態で経路を広報しています。また、VyOS は MED 1 で経路を広報しています。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | IOSv# show ip bgp
BGP table version is 10, local router ID is 10.0.99.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.0.99.1/32 0.0.0.0 0 32768 i
*> 10.0.99.2/32 10.0.0.2 0 0 65002 i
*> 10.0.99.3/32 10.0.0.3 0 0 65003 i
*> 10.0.99.4/32 10.0.0.4 0 65004 i
*> 10.0.99.5/32 10.0.0.5 0 0 65005 i
*> 10.0.99.6/32 10.0.0.6 0 65006 i
*> 10.0.99.7/32 10.0.0.7 1 0 65007 i
|
CSR1000V での状態確認
show ip bgp summary の出力結果は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14 | CSR1000V# show ip bgp summary
BGP router identifier 10.0.99.2, local AS number 65002
BGP table version is 15, main routing table version 15
7 network entries using 1736 bytes of memory
7 path entries using 840 bytes of memory
7/7 BGP path/bestpath attribute entries using 1736 bytes of memory
6 BGP AS-PATH entries using 224 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 4536 total bytes of memory
BGP activity 8/1 prefixes, 8/1 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.1 4 65001 50 47 15 0 0 00:38:40 6
|
show ip bgp の出力結果は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | CSR1000V# show ip bgp
BGP table version is 15, local router ID is 10.0.99.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.0.99.1/32 10.0.0.1 0 0 65001 i
*> 10.0.99.2/32 0.0.0.0 0 32768 i
*> 10.0.99.3/32 10.0.0.3 0 65001 65003 i
*> 10.0.99.4/32 10.0.0.4 0 65001 65004 i
*> 10.0.99.5/32 10.0.0.5 0 65001 65005 i
*> 10.0.99.6/32 10.0.0.6 0 65001 65006 i
*> 10.0.99.7/32 10.0.0.7 0 65001 65007 i
|
XRv での状態確認
show bgp summary の出力結果は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 | RP/0/0/CPU0:XRv# show bgp summary
Sun Aug 2 16:44:04.806 UTC
BGP router identifier 10.0.99.3, local AS number 65003
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 11
BGP main routing table version 11
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 11 11 11 11 11 0
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.0.0.1 0 65001 50 39 11 0 0 00:35:34 6
|
show bgp の出力結果は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25 | RP/0/0/CPU0:XRv# show bgp
Sun Aug 2 16:44:37.144 UTC
BGP router identifier 10.0.99.3, local AS number 65003
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 11
BGP main routing table version 11
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.99.1/32 10.0.0.1 0 0 65001 i
*> 10.0.99.2/32 10.0.0.2 0 65001 65002 i
*> 10.0.99.3/32 0.0.0.0 0 32768 i
*> 10.0.99.4/32 10.0.0.4 0 65001 65004 i
*> 10.0.99.5/32 10.0.0.5 0 65001 65005 i
*> 10.0.99.6/32 10.0.0.6 0 65001 65006 i
*> 10.0.99.7/32 10.0.0.7 0 65001 65007 i
Processed 7 prefixes, 7 paths
|
NX-OSv での状態確認
show ip bgp summary の出力結果は以下の通りです。
| NX-OSv# show ip bgp summary
BGP summary information for VRF default, address family IPv4 Unicast
BGP router identifier 10.0.99.4, local AS number 65004
BGP table version is 12, IPv4 Unicast config peers 1, capable peers 1
7 network entries and 7 paths using 980 bytes of memory
BGP attribute entries [7/1008], BGP AS path entries [6/56]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.1 4 65001 53 45 12 0 0 00:40:12 6
|
show ip bgp の出力結果は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | NX-OSv# show ip bgp
BGP routing table information for VRF default, address family IPv4 Unicast
BGP table version is 12, local router ID is 10.0.99.4
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
*>e10.0.99.1/32 10.0.0.1 0 0 65001 i
*>e10.0.99.2/32 10.0.0.2 0 65001 65002 i
*>e10.0.99.3/32 10.0.0.3 0 65001 65003 i
*>l10.0.99.4/32 0.0.0.0 100 32768 i
*>e10.0.99.5/32 10.0.0.5 0 65001 65005 i
*>e10.0.99.6/32 10.0.0.6 0 65001 65006 i
*>e10.0.99.7/32 10.0.0.7 0 65001 65007 i
|
ASAv での状態確認
show bgp summary の出力結果は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14 | ASAv# show bgp summary
BGP router identifier 10.0.99.5, local AS number 65005
BGP table version is 10, main routing table version 10
7 network entries using 1400 bytes of memory
7 path entries using 560 bytes of memory
7/7 BGP path/bestpath attribute entries using 1456 bytes of memory
6 BGP AS-PATH entries using 224 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3640 total bytes of memory
BGP activity 8/1 prefixes, 8/1 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.1 4 65001 47 34 10 0 0 00:33:59 6
|
show bgp の出力結果は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 | ASAv# show bgp
BGP table version is 10, local router ID is 10.0.99.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.99.1/32 10.0.0.1 0 0 65001 i
*> 10.0.99.2/32 10.0.0.2 0 65001 65002 i
*> 10.0.99.3/32 10.0.0.3 0 65001 65003 i
*> 10.0.99.4/32 10.0.0.4 0 65001 65004 i
*> 10.0.99.5/32 0.0.0.0 0 32768 i
*> 10.0.99.6/32 10.0.0.6 0 65001 65006 i
*> 10.0.99.7/32 10.0.0.7 0 65001 65007 i
|
Mikrotik での状態確認
/routing bgp peer print status の出力結果は以下の通りです。
| [admin@RoS] > /routing bgp peer print status
Flags: X - disabled, E - established
0 E name="peer1" instance=default remote-address=10.0.0.1 remote-as=65001 tcp-md5-key="" nexthop-choice=default multihop=no
route-reflect=no hold-time=3m ttl=255 in-filter="" out-filter="" address-families=ip default-originate=never
remove-private-as=no as-override=no passive=no use-bfd=no remote-id=10.0.99.1 local-address=10.0.0.6 uptime=41m5s
prefix-count=6 updates-sent=1 updates-received=7 withdrawn-sent=0 withdrawn-received=2 remote-hold-time=3m
used-hold-time=3m used-keepalive-time=1m refresh-capability=yes as4-capability=yes state=established
|
/ip route print where bgp の出力結果は以下の通りです。
| [admin@RoS] > /ip route print where bgp
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 ADb 10.0.99.1/32 10.0.0.1 20
1 ADb 10.0.99.2/32 10.0.0.2 20
2 ADb 10.0.99.3/32 10.0.0.3 20
3 ADb 10.0.99.4/32 10.0.0.4 20
4 ADb 10.0.99.5/32 10.0.0.5 20
5 ADb 10.0.99.7/32 10.0.0.7 20
|
VyOS での状態確認
show ip bgp summary の出力結果は以下の通りです。
| vyos@vyos:~$ show ip bgp summary
BGP router identifier 10.0.99.7, local AS number 65007
IPv4 Unicast - max multipaths: ebgp 1 ibgp 1
RIB entries 13, using 832 bytes of memory
Peers 1, using 2524 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.1 4 65001 53 44 0 0 0 00:40:45 6
Total number of neighbors 1
|
show ip bgp の出力結果は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | vyos@vyos:~$ show ip bgp
BGP table version is 0, local router ID is 10.0.99.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.0.99.1/32 10.0.0.1 0 0 65001 i
*> 10.0.99.2/32 10.0.0.2 0 65001 65002 i
*> 10.0.99.3/32 10.0.0.3 0 65001 65003 i
*> 10.0.99.4/32 10.0.0.4 0 65001 65004 i
*> 10.0.99.5/32 10.0.0.5 0 65001 65005 i
*> 10.0.99.6/32 10.0.0.6 0 65001 65006 i
*> 10.0.99.7/32 0.0.0.0 1 32768 i
Total number of prefixes 7
|
参考
- IOSv 関連
- XRv 関連
- NX-OSv 関連
- ASAv 関連