MPLS BGP Site-of-origin

雪餅

設定

・iosv-2,0,3がPE、フルメッシュ(AS100)
・iosv-4,5,6がCE、PEとはeBGP接続(AS200, allowas-in)
・各SiteではOSPF area 0を起動、CEがBGPとOSPFをそれぞれ再配送

検証

内容は理解したけど、実際に動作を確認したい。

正常動作

iosv-7#trace 9.9.9.9
Type escape sequence to abort.
Tracing the route to 9.9.9.9
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.47.4 12 msec 9 msec 9 msec
2 192.168.24.2 20 msec 11 msec 15 msec
3 192.168.123.1 [MPLS: Labels 16/23 Exp 0] 33 msec 24 msec 26 msec
4 192.168.60.10 [MPLS: Label 23 Exp 0] 13 msec 25 msec 30 msec
5 192.168.60.6 24 msec 20 msec 23 msec
6 192.168.69.9 27 msec 41 msec *

ループ!

iosv-7#trace 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.47.4 8 msec 5 msec 11 msec
2 192.168.45.5 18 msec 13 msec 20 msec
3 192.168.35.3 20 msec 19 msec 14 msec
4 192.168.24.2 [MPLS: Label 24 Exp 0] 14 msec 18 msec 17 msec
5 192.168.24.4 17 msec 19 msec 16 msec
6 192.168.45.5 27 msec 22 msec 23 msec
7 192.168.35.3 21 msec 29 msec 31 msec
8 192.168.24.2 [MPLS: Label 24 Exp 0] 27 msec 37 msec 33 msec
9 192.168.24.4 32 msec 27 msec 29 msec
10 192.168.45.5 37 msec 41 msec 31 msec

まんま参考サイト通りで笑う。ある意味美しい。

show ip bgp

iosv-5#sh ip bgp
BGP table version is 19, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   4.4.4.4/32       192.168.35.3                           0 100 200 i
 *>   5.5.5.5/32       0.0.0.0                  0         32768 i
 *>   6.6.6.6/32       192.168.35.3                           0 100 200 i
 *    7.7.7.7/32       192.168.35.3                           0 100 200 ?
 *>                    192.168.45.4             3         32768 ?
 *>   8.8.8.8/32       192.168.35.3                           0 100 200 ?
 *>   9.9.9.9/32       192.168.35.3                           0 100 200 ?
 *>   192.168.24.0     192.168.35.3                           0 100 200 i
 *>   192.168.45.0     0.0.0.0                  0         32768 ?
 *>   192.168.47.0     192.168.35.3                           0 100 200 ?
 *>   192.168.58.0     0.0.0.0                  0         32768 ?
 *>   192.168.60.0     192.168.35.3                           0 100 200 i
 *>   192.168.69.0     192.168.35.3                           0 100 200 ?

8.8.8.8/32をPE側から受信してる。

Site of Origin

iosv-2(config)#router bgp 100
iosv-2(config-router)#add ipv4 vrf A
iosv-2(config-router-af)#nei 192.168.24.4 soo 200:45

iosv-3(config)#router bgp 100
iosv-3(config-router)#add ipv4 vrf A
iosv-3(config-router-af)#nei 192.168.35.5 soo 200:45

iosv-0(config)#router bgp 100
iosv-0(config-router)#add ipv4 vrf A
iosv-0(config-router-af)#nei 192.168.60.6 soo 200:6
iosv-2#sh bgp vpnv4 uni all 8.8.8.8
BGP routing table entry for 1:1:8.8.8.8/32, version 0
Paths: (1 available, no best path)
  Not advertised to any peer
  Refresh Epoch 1
  200
    192.168.24.4 (inaccessible) (via vrf A) from 192.168.24.4 (4.4.4.4)
      Origin incomplete, metric 3, localpref 100, valid, external
      Extended Community: SoO:200:45 RT:1:1
      rx pathid: 0, tx pathid: 0

iosv-0#sh bgp vpnv4 uni all 8.8.8.8
BGP routing table entry for 1:1:8.8.8.8/32, version 52
Paths: (1 available, best #1, table A)
  Advertised to update-groups:
     6         
  Refresh Epoch 1
  200
    3.3.3.3 (metric 3) (via default) from 3.3.3.3 (3.3.3.3)
      Origin incomplete, metric 2, localpref 100, valid, internal, best
      Extended Community: SoO:200:45 RT:1:1
      mpls labels in/out nolabel/26
      rx pathid: 0, tx pathid: 0x0

SoOはExtended communityなので、VRF route-targetとお仲間なのかと気づく。

iosv-5#sh ip bgp
BGP table version is 33, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   5.5.5.5/32       0.0.0.0                  0         32768 i
 *>   6.6.6.6/32       192.168.35.3                           0 100 200 i
 *>   7.7.7.7/32       192.168.45.4             3         32768 ?
 *>   8.8.8.8/32       192.168.58.8             2         32768 ?
 *>   9.9.9.9/32       192.168.35.3                           0 100 200 ?
 *>   192.168.45.0     0.0.0.0                  0         32768 ?
 *>   192.168.47.0     192.168.45.4             2         32768 ?
 *>   192.168.58.0     0.0.0.0                  0         32768 ?
 *>   192.168.60.0     192.168.35.3                           0 100 200 i
 *>   192.168.69.0     192.168.35.3                           0 100 200 ?

8.8.8.8/32のネクストホップが正しくなっている。

iosv-7#trace 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.47.4 8 msec 7 msec 6 msec
2 192.168.45.5 13 msec 9 msec 13 msec
3 192.168.58.8 17 msec 12 msec *

OK

マルチホーム

iosv-4(config)#int gi0/0
iosv-4(config-if)#shut

iosv-7#trace 9.9.9.9
Type escape sequence to abort.
Tracing the route to 9.9.9.9
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.47.4 3 msec 7 msec 6 msec
  2 192.168.45.5 9 msec 10 msec 22 msec
  3 192.168.35.3 22 msec 18 msec 18 msec
  4 192.168.123.1 [MPLS: Labels 16/23 Exp 0] 26 msec 36 msec 48 msec
  5 192.168.60.10 [MPLS: Label 23 Exp 0] 30 msec 42 msec 29 msec
  6 192.168.60.6 42 msec 35 msec 32 msec
  7 192.168.69.9 30 msec 42 msec *

いや~美しい。

因みにCCO

CE間接続をBGPで行ってる(今回はOSPFで接続した)
まあ結局、AD値eBGP>iBGPなので結果は同じ。

参考

BGPのSoOを真面目に考えてみる

Chapter: BGP per Neighbor SoO Configuration


いいなと思ったら応援しよう!