bgp dual-homing PE-CE con gestione loc-prefer + MED tra coppie di router cisco (CE) e router juniper (PE) con annuncio della default-route e verifica tabelle bgp

31.01 2020 | by massimiliano

bgp dual-homing PE-CE con gestione loc-prefer + MED tra coppie di router cisco (CE) e router juniper (PE) con annuncio […]

https://www.ingegnerianetworking.com/wp-content/uploads/2020/01/ebgp-dualhoming-PE-CE-cisco-juniper-lab1-631.png

bgp dual-homing PE-CE con gestione loc-prefer + MED tra coppie di router cisco (CE) e router juniper (PE) con annuncio della default-route from PE to CE

ARCHITETTURA DI RIFERIMENTO:

ebgp dualhoming PE CE cisco juniper lab1

L’architettura di riferimento evidenzia gli aspetti fisici e logici della configurazione proposta di cui si evidenzia di seguito:

Configurazione CE1 (ios cisco)

Configurazione CE2 (ios cisco)

interface Loopback0
description RID
ip address 192.168.1.1 255.255.255.255

interface GigabitEthernet0/0.10
description LAN-sinistra
encapsulation dot1Q 10
ip address 172.16.1.2 255.255.255.0
standby 10 ip 172.16.1.1
standby 10 priority 150
standby 10 preempt
!

interface GigabitEthernet0/2
description to-PE1
ip address 10.2.2.1 255.255.255.252
duplex auto
speed auto
media-type rj45
!

interface GigabitEthernet0/3
description to-PE2
ip address 10.2.2.13 255.255.255.252
duplex auto
speed auto
media-type rj45
!

router bgp 65001
bgp log-neighbor-changes
neighbor 10.2.2.2 remote-as 100
neighbor 10.2.2.14 remote-as 100
neighbor 192.168.1.2 remote-as 65001
neighbor 192.168.1.2 update-source Loopback0
!
address-family ipv4
redistribute connected
neighbor 10.2.2.2 activate
neighbor 10.2.2.2 route-map LOC-PREF in
neighbor 10.2.2.14 activate
neighbor 10.2.2.14 route-map MED-OUT out
neighbor 192.168.1.2 activate
neighbor 192.168.1.2 next-hop-self
exit-address-family
!

ip route 192.168.1.2 255.255.255.255 172.16.1.3

ip prefix-list MED-OUT seq 5 permit 172.16.1.0/24
!
route-map MED-OUT permit 10
match ip address prefix-list MED-OUT
set metric 200
!
route-map LOC-PREF permit 10
set local-preference 150
!

interface Loopback0
description RID
ip address 192.168.1.2 255.255.255.255

interface GigabitEthernet0/0.10
description LAN-sinistra
encapsulation dot1Q 10
ip address 172.16.1.3 255.255.255.0
standby 10 ip 172.16.1.1
standby 10 preempt
!

interface GigabitEthernet0/2
description to-PE2
ip address 10.2.2.5 255.255.255.252
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/3
description to-PE1
ip address 10.2.2.9 255.255.255.252
duplex auto
speed auto
media-type rj45
!

router bgp 65001
bgp log-neighbor-changes
neighbor 10.2.2.6 remote-as 100
neighbor 10.2.2.10 remote-as 100
neighbor 192.168.1.1 remote-as 65001
neighbor 192.168.1.1 update-source Loopback0
!
address-family ipv4
redistribute connected
neighbor 10.2.2.6 activate
neighbor 10.2.2.10 activate
neighbor 10.2.2.10 route-map MED-OUT out
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
exit-address-family
!

ip route 192.168.1.1 255.255.255.255 172.16.1.2

ip prefix-list MED-OUT seq 5 permit 172.16.1.0/24
!
route-map MED-OUT permit 10
match ip address prefix-list MED-OUT
set metric 200
!

Configurazione PE1 (Junos)

Configurazione PE2 (Junos)

interfaces {

em0 {
unit 0 {
description to-PE2;
family inet {
address 10.1.1.17/30;
}
em1 {
unit 0 {
description to_P1;
family inet {
address 10.1.1.1/30;
}
em2 {
unit 0 {
description to-CE1;
family inet {
address 10.2.2.2/30;
}
em3 {
unit 0 {
description to-CE2;
family inet {
address 10.2.2.10/30;
}
lo0 {
unit 0 {
description RID;
family inet {
address 10.255.255.1/32;
}
routing-options {
static {
route 0.0.0.0/0 discard;
}
router-id 10.255.255.1;
autonomous-system 100;
}
protocols {
bgp {
group ebgp {
type external;
peer-as 65001;
neighbor 10.2.2.1 {
export DEF-OUT;
peer-as 65001;
}
neighbor 10.2.2.9 {
export MED-OUT;
peer-as 65001;
}
ospf {
area 0.0.0.0 {
interface lo0.0;
interface em0.0;
interface em1.0;
}

policy-options {
policy-statement DEF-OUT {
term 1 {
from {
protocol static;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
}
policy-statement MED-OUT {
term med {
from {
protocol static;
route-filter 0.0.0.0/0 exact;
}
then {
metric 200;
accept;
}

interfaces {
em0 {
unit 0 {
description to-PE1;
family inet {
address 10.1.1.18/30;
}
em1 {
unit 0 {
description to-P2;
family inet {
address 10.1.1.9/30;
}
em2 {
unit 0 {
description to-CE2;
family inet {
address 10.2.2.6/30;
}
em3 {
unit 0 {
description to-CE1;
family inet {
address 10.2.2.14/30;
}
lo0 {
unit 0 {
description RID;
family inet {
address 10.255.255.2/32;
}

routing-options {
static {
route 0.0.0.0/0 discard;
}
router-id 10.255.255.2;
autonomous-system 100;
}
protocols {
bgp {
group ebgp {
type external;
peer-as 65001;
neighbor 10.2.2.5 {
export DEF-OUT;
peer-as 65001;
}
neighbor 10.2.2.13 {
export MED-OUT;
peer-as 65001;
}
ospf {
area 0.0.0.0 {
interface lo0.0;
interface em0.0;
interface em1.0;
}
policy-options {
policy-statement DEF-OUT {
term 1 {
from {
protocol static;
route-filter 0.0.0.0/0 exact;
}
then accept;
}
}
policy-statement MED-OUT {
term med {
from {
protocol static;
route-filter 0.0.0.0/0 exact;
}
then {
metric 200;
accept;
}

VERIFICA TABELLA DI ROUTING e BGP DEI ROUTER CISCO CE:

CE1#show ip route

Gateway of last resort is 10.2.2.2 to network 0.0.0.0

B* 0.0.0.0/0 [20/0] via 10.2.2.2, 01:31:22

10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.2.2.0/30 is directly connected, GigabitEthernet0/2
L 10.2.2.1/32 is directly connected, GigabitEthernet0/2

B 10.2.2.4/30 [200/0] via 192.168.1.2, 01:37:07
B 10.2.2.8/30 [200/0] via 192.168.1.2, 01:37:07

C 10.2.2.12/30 is directly connected, GigabitEthernet0/3
L 10.2.2.13/32 is directly connected, GigabitEthernet0/3
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.1.0/24 is directly connected, GigabitEthernet0/0.10
L 172.16.1.2/32 is directly connected, GigabitEthernet0/0.10
192.168.1.0/32 is subnetted, 2 subnets
C 192.168.1.1 is directly connected, Loopback0
S 192.168.1.2 [1/0] via 172.16.1.3

Con LP = 150 settata sul CE1

CE1#show ip bgp
BGP table version is 15, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i – IGP, e – EGP, ? – incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
* 0.0.0.0 10.2.2.14 200 0 100 i
*> 10.2.2.2 150 0 100 i # best-path per la default route

*> 10.2.2.0/30 0.0.0.0 0 32768 ?
*>i 10.2.2.4/30 192.168.1.2 0 100 0 ?
*>i 10.2.2.8/30 192.168.1.2 0 100 0 ?
*> 10.2.2.12/30 0.0.0.0 0 32768 ?
* i 172.16.1.0/24 192.168.1.2 0 100 0 ?

*> 0.0.0.0 0 32768 ? # best-path per la LAN interna
*> 192.168.1.1/32 0.0.0.0 0 32768 ?
r>i 192.168.1.2/32 192.168.1.2 0 100 0 ?

NOTA

Il router CE1 correttamente riceve la default-route dal nodo bgp peer PE1 (Junos) con NH 10.2.2.2 via EBGP e la inserisce nella sua RIB; nella tabella BGP si vede come CE1 riceva la default-route da entrambi i due nodi PE di cui quella ricevuta dal nodo con NH 10.2.2.14 arriva com metrica superiore MED = 200

La scelta del best-path per la default route, quindi viene fatta su base Local-Preference = 150, annunciata all’interno del proprio AS in cui partecipano CE1 e CE2

In ogni caso anche se tolgo il valore di LP = 150 al peering CE1 – PE1, poichè è configurato sui link a X un valore di MED = 200 sia lato CE che lato PE per la gestione del traffico inbound (in ingresso rispetto ai propri AS); per il CE1 la scelta del best-path ricade sempre sul nodo peer PE1 (Junos) con NH 10.2.2.2 e questa volta non vediamo più il valore di Loc-Pref settato

Per il CE2 vedi nota sotto.

Con LP = assente:

CE1#show ip bgp
BGP table version is 10, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i – IGP, e – EGP, ? – incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
* 0.0.0.0 10.2.2.14 200 0 100 i
*> 10.2.2.2 0 100 i # best path

* i 192.168.1.2 0 100 0 100 i

Con LP = 150 settata su CE1:

CE2#show ip bgp
BGP table version is 15, local router ID is 192.168.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i – IGP, e – EGP, ? – incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
* 0.0.0.0 10.2.2.6 0 100 i
* 10.2.2.10 200 0 100 i
*>i 192.168.1.1 0 150 0 100 i # best path per la default-route
*>i 10.2.2.0/30 192.168.1.1 0 100 0 ?
*> 10.2.2.4/30 0.0.0.0 0 32768 ?
*> 10.2.2.8/30 0.0.0.0 0 32768 ?
*>i 10.2.2.12/30 192.168.1.1 0 100 0 ?
* i 172.16.1.0/24 192.168.1.1 0 100 0 ?
*> 0.0.0.0 0 32768 ? # best path per la LAN interna

r>i 192.168.1.1/32 192.168.1.1 0 100 0 ?
*> 192.168.1.2/32 0.0.0.0 0 32768 ?

NOTA:

Il node CE2 (con LP di default = 100) riceve correttamente la default-route tre volte e seleziona il best-path per il nodo internal-bgp con NH 192.168.1.1 avendo un valore di LP = 150 (superiore al suo); inoltre riceve sempre la default-route dai due PE Junos con metrica = 0 (quando non configuriamo un valore di MED i router cisco assegnano di default un valore pari a zero) dal PE2 con NH 10.2.2.6 e con metrica (MED) = 200 dal PE1 con NH 10.2.2.10

Senza il valore di LP settato, questa volta il nodo CE2 sceglie come best path per la default route il diretto bgp peer PE2 con NH 10.2.2.6 in quanto entrambi i router CE hanno identico valore di LP = 100 (default) e pertanto il loro puntoi di egress sono i rispettivi peer diretti.

Con LP = assente:

CE2#show ip bgp
BGP table version is 22, local router ID is 192.168.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i – IGP, e – EGP, ? – incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
* i 0.0.0.0 192.168.1.1 0 100 0 100 i
*> 10.2.2.6 0 100 i
* 10.2.2.10 200 0 100 i

NOTA:

sempre senza un preferenza di LP per il traffico outbound, la configurazione del MED su entrambi i link a X settato a 200 con un valore superiore (e quindi sfavorito) a quello dei link diretti tra PE-CE garantisce una ridondanza in HA.

In caso di fault del link CE1 – PE1 ad esempio:

CE1#show ip bgp summary
BGP router identifier 192.168.1.1, local AS number 65001
BGP table version is 12, main routing table version 12
7 network entries using 1008 bytes of memory
9 path entries using 720 bytes of memory
4/3 BGP path/bestpath attribute entries using 608 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2360 total bytes of memory
BGP activity 19/12 prefixes, 24/15 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.2.2.2 4 100 0 0 1 0 0 00:05:20 Idle
10.2.2.14 4 100 100 142 12 0 0 01:02:46 1
192.168.1.2 4 65001 74 76 12 0 0 01:02:46 5
CE1#

La tabella BGP dei due router CE cisco diventa:

CE1#show ip bgp

Network Next Hop Metric LocPrf Weight Path
* 0.0.0.0 10.2.2.14 200 0 100 i
*>i 192.168.1.2 0 100 0 100 i

CE2#show ip bgp

Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 10.2.2.6 0 100 i
* 10.2.2.10 200 0 100 i

NOTA:

con il link CE1 – PE1 in fault il nodo CE1 seleziona come best-path l’internal-bgp con NH 192.168.1.2 (e non il link diretto con il PE2 ma avente metrica = 200); mentre il nodo CE2 correttamente seleziona il best path sul suo link diretto con il PE2 e mantiene come link di backup il link diretto con il PE1 avente metrica = 200.

VERIFICA TABELLA DI ROUTING e BGP DEI ROUTER JUNIPER PE:

Andiamo a verificare come la subnet 172.16.1.0/24 annunciata da entrambi i router CE cisco è vista dai router PE Juniper.

From PE1:

root@PE1>; show route

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both

0.0.0.0/0 *[Static/5] 02:29:56
Discard

172.16.1.0/24 *[BGP/170] 00:04:03, MED 0, localpref 100

AS path: 65001 ?
> to 10.2.2.1 via em2.0

[BGP/170] 02:27:34, MED 200, localpref 100

AS path: 65001 ?
> to 10.2.2.9 via em3.0

root@PE1>; show bgp group ebg

Group Type: External Local AS: 100
Name: ebgp Index: 0 Flags: <>
Export: [ DEF-OUT ]
Holdtime: 0
Total peers: 1 Established: 1
10.2.2.1+30357
inet.0: 5/7/7/0

Group Type: External Local AS: 100
Name: ebgp Index: 1 Flags: <Export Eval>
Export: [ MED-OUT ]
Holdtime: 0
Total peers: 1 Established: 1
10.2.2.9+41079
inet.0: 0/1/1/0

root@PE1>; show route advertising-protocol bgp 10.2.2.1 0.0.0.0

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)

Prefix Nexthop MED Lclpref AS path
* 0.0.0.0/0 Self I

root@PE1>; show route advertising-protocol bgp 10.2.2.9 0.0.0.0

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 0.0.0.0/0 Self 200 I

root@PE1>; show route receive-protocol bgp 10.2.2.1 172.16.1.0

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 172.16.1.0/24 10.2.2.1 0 65001 ?

root@PE1>; show route receive-protocol bgp 10.2.2.9 172.16.1.0

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
172.16.1.0/24 10.2.2.9 200 65001 ?

From PE2:

root@PE2>; show route

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both

0.0.0.0/0 *[Static/5] 02:37:56
Discard

172.16.1.0/24 *[BGP/170] 02:46:36, MED 0, localpref 100
AS path: 65001 ?
> to 10.2.2.5 via em2.0

[BGP/170] 01:40:52, MED 200, localpref 100
AS path: 65001 ?

> to 10.2.2.13 via em3.0

root@PE2>; show bgp group ebg

Group Type: External Local AS: 100
Name: ebgp Index: 0 Flags: <>
Export: [ DEF-OUT ]
Holdtime: 0
Total peers: 1 Established: 1
10.2.2.5+179
inet.0: 5/7/7/0

Group Type: External Local AS: 100
Name: ebgp Index: 1 Flags: <>
Export: [ MED-OUT ]
Holdtime: 0
Total peers: 1 Established: 1
10.2.2.13+21349
inet.0: 0/1/1/0

root@PE2>; show route advertising-protocol bgp 10.2.2.5 0.0.0.0

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 0.0.0.0/0 Self I

root@PE2>; show route advertising-protocol bgp 10.2.2.13 0.0.0.0

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 0.0.0.0/0 Self 200 I

root@PE2>; show route receive-protocol bgp 10.2.2.5 172.16.1.0

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 172.16.1.0/24 10.2.2.5 0 65001 ?

root@PE2>; show route receive-protocol bgp 10.2.2.13 172.16.1.0

inet.0: 18 destinations, 21 routes (18 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
172.16.1.0/24 10.2.2.13 200 65001 ?