Cisco, MikroTik, Juniper を IPv6 で eBGP Peer を設定してみる
Cisco、Juniper、MikroTik で IPv6 を使った eBGP Peer を設定してみます。
試験環境と構成
検証は以下の構成で行いました。
検証は Cisco VIRL 上で実施し、OS のバージョンは以下を使いました。RouterOS は「CHR」(Cloud Hosted Router)を使いました。
| メーカー |
OS |
バージョン |
| Cisco |
IOSv |
15.5(3)M |
| MikroTik |
RouterOS |
6.33.1 (stable) |
| Juniper |
Junos |
14.1R1.10 |
MikroTik で IPv6 を有効化する
CHR のデフォルトでは IPv6 パッケージ自体はインストールされているものの、無効化されています(以下表示の 3 番が「X」表示)。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | [admin@MikroTik] > /system package print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 routeros-x86 6.33.1
1 system 6.33.1
2 X wireless-cm2 6.33.1
3 X ipv6 6.33.1
4 ups 6.33.1
5 wireless-fp 6.33.1
6 hotspot 6.33.1
7 dhcp 6.33.1
8 mpls 6.33.1
9 routing 6.33.1
10 ppp 6.33.1
11 security 6.33.1
12 advanced-tools 6.33.1
|
IPv6 パッケージを有効化します。
これで「次回の再起動時に有効化する処理」がスケジューリングされました。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | [admin@MikroTik] > /system package print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 routeros-x86 6.33.1
1 system 6.33.1
2 X wireless-cm2 6.33.1
3 X ipv6 6.33.1 scheduled for enable
4 ups 6.33.1
5 wireless-fp 6.33.1
6 hotspot 6.33.1
7 dhcp 6.33.1
8 mpls 6.33.1
9 routing 6.33.1
10 ppp 6.33.1
11 security 6.33.1
12 advanced-tools 6.33.1
|
再起動して、有効化処理を反映します。
| [admin@MikroTik] > /system reboot
Reboot, yes? [y/N]:
y
system will reboot shortly
|
再起動後に再度、パッケージの状態を表示すると IPv6 パッケージが有効化されているのが分かります。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 | [admin@MikroTik] > /system package print
Flags: X - disabled
# NAME VERSION SCHEDULED
0 routeros-x86 6.33.1
1 system 6.33.1
2 X wireless-cm2 6.33.1
3 ipv6 6.33.1
4 ups 6.33.1
5 wireless-fp 6.33.1
6 hotspot 6.33.1
7 dhcp 6.33.1
8 mpls 6.33.1
9 routing 6.33.1
10 ppp 6.33.1
11 security 6.33.1
12 advanced-tools 6.33.1
|
コンフィグ
Cisco
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 | hostname Cisco
!
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
ip address 10.0.0.1 255.255.255.255
!
interface GigabitEthernet0/1
no shutdown
ipv6 address 2001:DB8:12::1/64
!
router bgp 65001
bgp router-id 10.0.0.1
neighbor 2001:DB8:12::2 remote-as 65002
!
address-family ipv6
network 2001:DB8:1:1::/64
network 2001:DB8:1:2::/64
network 2001:DB8:1:3::/64
neighbor 2001:DB8:12::2 activate
exit-address-family
!
ipv6 route 2001:DB8:1:1::/64 Null0
ipv6 route 2001:DB8:1:2::/64 Null0
ipv6 route 2001:DB8:1:3::/64 Null0
!
end
|
MikroTik
1
2
3
4
5
6
7
8
9
10
11
12 | /interface bridge
add name=loopback0
/routing bgp instance
set default as=65002 router-id=10.0.0.2
/ip address
add address=10.0.0.2 interface=loopback0 network=10.0.0.2
/ipv6 address
add address=2001:db8:12::2/64 interface=ether2
add address=2001:db8:23::2/64 interface=ether3
/routing bgp peer
add address-families=ipv6 name=PEER-1 remote-address=2001:db8:12::1 remote-as=65001 ttl=1
add address-families=ipv6 name=PEER-3 remote-address=2001:db8:23::3 remote-as=65003 ttl=1
|
Juniper
| set system host-name Juniper
set interfaces em1 unit 0 family inet6 address 2001:db8:23::3/64
set interfaces lo0 unit 0 family inet address 10.0.0.3/32
set routing-options router-id 10.0.0.3
set routing-options rib inet6.0 static route 2001:db8:3:1::/64 reject
set routing-options rib inet6.0 static route 2001:db8:3:2::/64 reject
set routing-options rib inet6.0 static route 2001:db8:3:3::/64 reject
set routing-options autonomous-system 65003
set protocols bgp group PEER-2 type external
set protocols bgp group PEER-2 peer-as 65002
set protocols bgp group PEER-2 neighbor 2001:db8:23::2
|
確認コマンドの比較
代表的な BGP の確認コマンドをメーカー毎の一覧にしてみました。MikroTik(RouterOS)は BGP の受信経路を確認するコマンドが無いようです??
| 目的 |
Cisco |
MikroTik |
Juniper |
| Peer の状態確認 |
show bgp ipv6 unicast summary |
/routing bgp peer print |
show bgp summary |
| 送信経路の確認 |
show bgp ipv6 unicast neighbors ADDRESS advertised-routes |
/routing bgp advertisements print |
show route advertising-protocol bgp ADDRESS |
| 受信経路の確認 |
show bgp ipv6 unicast neighbors ADDRESS received-routes |
(N/A) |
show route receive-protocol bgp ADDRESS |
Peer の状態確認
Cisco
1
2
3
4
5
6
7
8
9
10
11
12
13
14 | Cisco# show bgp ipv6 unicast summary
BGP router identifier 10.0.0.1, local AS number 65001
BGP table version is 61, main routing table version 61
6 network entries using 1008 bytes of memory
6 path entries using 624 bytes of memory
2/2 BGP path/bestpath attribute entries using 304 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1960 total bytes of memory
BGP activity 6/0 prefixes, 6/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2001:DB8:12::2 4 65002 507 488 61 0 0 07:18:06 3
|
MikroTik
| [admin@MikroTik] > /routing bgp peer print
Flags: X - disabled, E - established
# INSTANCE REMOTE-ADDRESS REMOTE-AS
0 E default 2001:db8:12::1 65001
1 E default 2001:db8:23::3 65003
|
Juniper
| root@Juniper> show bgp summary
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet6.0
3 3 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
2001:db8:23::2 65002 984 962 0 0 7:10:55 Establ
inet6.0: 3/3/3/0
|
BGP テーブルの状態確認
Cisco
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 | Cisco# show bgp ipv6 unicast
BGP table version is 61, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 2001:DB8:1:1::/64
:: 0 32768 i
*> 2001:DB8:1:2::/64
:: 0 32768 i
*> 2001:DB8:1:3::/64
:: 0 32768 i
*> 2001:DB8:3:1::/64
2001:DB8:12::2 0 65002 65003 i
*> 2001:DB8:3:2::/64
2001:DB8:12::2 0 65002 65003 i
*> 2001:DB8:3:3::/64
2001:DB8:12::2 0 65002 65003 i
|
MikroTik
現時点の MikroTik(RouterOS)では BGP テーブルを確認することが出来ないようです? ですので、IPv6 のルーティングテーブルを確認します。Cisco からの受信経路は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13 | [admin@MikroTik] > /ipv6 route print detail where received-from=PEER-1
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
0 ADb dst-address=2001:db8:1:1::/64 gateway=fe80::f816:3eff:fe60:c959%ether2
gateway-status=fe80::f816:3eff:fe60:c959%ether2 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65001"
bgp-med=0 bgp-origin=igp received-from=PEER-1
1 ADb dst-address=2001:db8:1:2::/64 gateway=fe80::f816:3eff:fe60:c959%ether2
gateway-status=fe80::f816:3eff:fe60:c959%ether2 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65001"
bgp-med=0 bgp-origin=igp received-from=PEER-1
2 ADb dst-address=2001:db8:1:3::/64 gateway=fe80::f816:3eff:fe60:c959%ether2
gateway-status=fe80::f816:3eff:fe60:c959%ether2 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65001"
bgp-med=0 bgp-origin=igp received-from=PEER-1
|
Juniper からの受信経路は以下の通りです。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 | [admin@MikroTik] > /ipv6 route print detail where received-from=PEER-3
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
0 ADb dst-address=2001:db8:3:1::/64 gateway=fe80::fa16:3eff:fe79:6cb5%ether3
gateway-status=fe80::fa16:3eff:fe79:6cb5%ether3 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65003"
bgp-origin=igp received-from=PEER-3
1 ADb dst-address=2001:db8:3:2::/64 gateway=fe80::fa16:3eff:fe79:6cb5%ether3
gateway-status=fe80::fa16:3eff:fe79:6cb5%ether3 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65003"
bgp-origin=igp received-from=PEER-3
2 ADb dst-address=2001:db8:3:3::/64 gateway=fe80::fa16:3eff:fe79:6cb5%ether3
gateway-status=fe80::fa16:3eff:fe79:6cb5%ether3 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65003"
bgp-origin=igp received-from=PEER-3
3 Db dst-address=2001:db8:23::/64 gateway=fe80::fa16:3eff:fe79:6cb5%ether3
gateway-status=fe80::fa16:3eff:fe79:6cb5%ether3 reachable distance=20 scope=40 target-scope=10 bgp-as-path="65003"
bgp-origin=igp received-from=PEER-3
|
Juniper
| root@Juniper> show route receive-protocol bgp 2001:db8:23::2
inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
inet6.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 2001:db8:1:1::/64 2001:db8:23::2 65002 65001 I
* 2001:db8:1:2::/64 2001:db8:23::2 65002 65001 I
* 2001:db8:1:3::/64 2001:db8:23::2 65002 65001 I
|