Cisco IOS ルーティング – BGP Inject Mapの設定

スポンサーリンク

BGP peer groupとBGP templateについてまとめます。これら機能は同じ設定を2回投入しないで済むようにする機能で、保守性をあげるのが目的です。

概要

BGP peer groupとBGP templateについてまとめます。これら機能は同じ設定を2回投入しないで済むようにする機能で、保守性をあげるのが目的です。BGP templateはBGP peer groupの後継の機能で、BGP peer groupにおける以下の問題を解消しております。

  • 全てのpeer groupに同じ設定を適用してしまうので、peer group内で異なるoutbound policy routingを適用する事ができない。
  • 異なるaddress familyに対して同一のoutbound policyを適用する事ができない。

コマンド一覧

このシナリオで重要なコマンド一覧は以下の通りです。

Router(config)# router bgp <as>
Router(config-router)# neighbor <gruop_name> peer-group
Router(config-router)# neighbor <gruop_name> <session_configuration>
Router(config-router)# neighbor <gruop_name> <policy_configuration>
Router(config-router)# neighbor <addr> peer-group <gruop_name>

Router(config)# router bgp <as>
Router(config-router)# template { peer-policy | peer-session } <template_name>
Router(config-router-ptmp)# inherit { peer-policy | peer-session } <child_template> <seq>
Router(config-router-ptmp)# <configuration_command>
Router(config-router-ptmp)# exit
Router(config-router)# neighbor <addr> inherit peer-session <session_template>
Router(config-router)# address-family <address_family>
Router(config-router-ad)# neighbor <addr> inherit peer-policy <session_template>

構成図

以下構成にて動作確認を行います。

 [ipv4 diagram]
         e0/0    e0/1      e0/0    e0/1
 +--------+.1    .2+--------+.2    .3+--------+
 |   R1   +--------+   R2   +--------+   R3   |
 +--------+        +--------+        +--------+
       192.168.12.0/24   192.168.23.0/24

 R1 Loopback0      R2 Loopback0      R3 Loopback0
 10.1.1.1/32       10.2.2.2/32       10.3.3.3/32

 [ipv6 diagram]
         e0/0    e0/1      e0/0    e0/1
 +--------+:1    :2+--------+:2    :3+--------+
 |   R1   +--------+   R2   +--------+   R3   |
 +--------+        +--------+        +--------+
       FEC0::12:0/125    FEC0::23:0/125

 R1 Loopback0      R2 Loopback0      R3 Loopback0
 FEC0::1:1/125     FEC0::2:2/125     FEC0::3:3/125
 [R1]
interface Loopback0
 ip address 10.1.1.1 255.255.255.255
 ipv6 address FEC0::1:1/125
 ipv6 rip RIPng enable
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
 ipv6 address FEC0::12:1/125
 ipv6 rip RIPng enable
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.12.0
 no auto-summary

 [R2]
interface Loopback0
 ip address 10.2.2.2 255.255.255.255
 ipv6 address FEC0::2:2/125
 ipv6 rip RIPng enable
!
interface Ethernet0/0
 ip address 192.168.23.2 255.255.255.0
 ipv6 address FEC0::23:2/125
 ipv6 rip RIPng enable
!
interface Ethernet0/1
 ip address 192.168.12.2 255.255.255.0
 ipv6 address FEC0::12:2/125
 ipv6 rip RIPng enable
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.12.0
 network 192.168.23.0
 no auto-summary

 [R3]
interface Loopback0
 ip address 10.3.3.3 255.255.255.255
 ipv6 address FEC0::3:3/125
 ipv6 rip RIPng enable
!
interface Ethernet0/1
 ip address 192.168.23.3 255.255.255.0
 ipv6 address FEC0::23:3/125
 ipv6 rip RIPng enable
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.23.0
 no auto-summary

設定全文は下記ファイルです。詳細設定は下記を参照ください。

R1
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ipv6 unicast-routing
ipv6 multicast-routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.255
 ipv6 address FEC0::1:1/125
 ipv6 rip RIPng enable
!
interface Ethernet0/0
 ip address 192.168.12.1 255.255.255.0
 half-duplex
 ipv6 address FEC0::12:1/125
 ipv6 rip RIPng enable
!
interface Ethernet0/1
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.12.0
 no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
ipv6 router rip RIPng
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end
R2
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ipv6 unicast-routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.2.2.2 255.255.255.255
 ipv6 address FEC0::2:2/125
 ipv6 rip RIPng enable
!
interface Ethernet0/0
 ip address 192.168.23.2 255.255.255.0
 half-duplex
 ipv6 address FEC0::23:2/125
 ipv6 rip RIPng enable
!
interface Ethernet0/1
 ip address 192.168.12.2 255.255.255.0
 half-duplex
 ipv6 address FEC0::12:2/125
 ipv6 rip RIPng enable
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.12.0
 network 192.168.23.0
 no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
ipv6 router rip RIPng
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end
R3
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ipv6 unicast-routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 10.3.3.3 255.255.255.255
 ipv6 address FEC0::3:3/125
 ipv6 rip RIPng enable
!
interface Ethernet0/0
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.23.3 255.255.255.0
 half-duplex
 ipv6 address FEC0::23:3/125
 ipv6 rip RIPng enable
!
interface Ethernet0/2
 no ip address
 shutdown
 half-duplex
!
interface Ethernet0/3
 no ip address
 shutdown
 half-duplex
!
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.23.0
 no auto-summary
!
ip http server
ip forward-protocol nd
!
!
!
ipv6 router rip RIPng
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end

仕様説明

BGP peer group

以下のようなコマンドでBGP peer group名を定義し、その後にpeer groupに対する設定を投入します。

Router(config)# router bgp <as>
Router(config-router)# neighbor <gruop_name> peer-group
Router(config-router)# neighbor <gruop_name> <session_configuration>
Router(config-router)# neighbor <gruop_name> <policy_configuration>

設定したpeer groupを以下のようなコマンドでneighborに適用します。

Router(config)# router bgp <as>
Router(config-router)# neighbor <addr> peer-group <gruop_name>

BGP peer groupの制限

IPv4のみの場合は、全ての設定をpeer groupとして設定する事ができますが、複数address family混在環境の場合は、outbound policyに関する設定は注意が必要です。

IPv4のみの環境では特に違和感なく以下のような設定作業が可能です。

Router(config)# router bgp 100
Router(config-router)# neighbor IBGP peer-group
Router(config-router)# neighbor IBGP update-source Loopback 0
Router(config-router)# neighbor IBGP send-community both

一方、複数address family混在環境では以下のようなエラーが発生します。これはoutbound policyに関する設定はaddress familyを跨いで設定する事ができないためです。

Router(config)# router bgp 100
Router(config-router)# no bgp default ipv4-unicast
Router(config-router)# neighbor IBGP peer-group
Router(config-router)# neighbor IBGP update-source Loopback 0
Router(config-router)# neighbor IBGP send-community both
% Policy commands not allowed without an address family
Router(config-router)#

複数address family混在環境においては、outbound policyに関する設定はaddress family毎にpeer groupを作成する必要があります。

Router(config)# router bgp 100
Router(config-router)# no bgp default ipv4-unicast
Router(config-router)# neighbor IBGP peer-group
Router(config-router)# neighbor IBGP update-source Loopback 0
Router(config-router)# address-family ipv4 unicast
Router(config-router-af)# neighbor IBGP send-community both

BGP template

前述のようなBGP peer groupの制限を解消するのが、BGP templateという機能です。BGP templateには、neighborの確立方法を定義するsession templateとルーティングを制御するpolicy templateがあります。まずは以下のようなコマンドでtemplateを定義してください。

Router(config)# router bgp <as>
Router(config-router)# template { peer-policy | peer-session } <template_name>
Router(config-router-ptmp)# <configuration_command>

以下のようにtemplateは継承する事も可能です。

Router(config)# router bgp <as>
Router(config-router)# template { peer-policy | peer-session } <child_template>
Router(config-router-ptmp)# <configuration_command>
Router(config-router-ptmp)# exit
Router(config-router)# 
Router(config-router)# template { peer-policy | peer-session } <parent_template>
Router(config-router-ptmp)# <configuration_command>
Router(config-router-ptmp)# inherit { peer-policy | peer-session } <child_template> <seq>
Router(config-router-ptmp)# exit

作成したtemplateを以下のようなコマンドでneighborに割り当てます。なお、複数address family環境では、policy templateはaddress family毎に割り当ててください。

Router(config)# router bgp <as>
Router(config-router)# neighbor <addr> inherit peer-session <session_template>
Router(config-router)# address-family <address_family>
Router(config-router-ad)# neighbor <addr> inherit peer-policy <session_template>

peer group

設定投入

peer groupを用いて、R1, R2, R3間でeBGP neighborを確立します。R2はpeer groupを用いて設定を投入します。

RIPのdistance調整を行っているのはR1, R3 Loopback0をBGPにてadvertiseしているためです。デフォルト設定では、EBGPはdistance 20であるためRIPのprefixがルーティングテーブルから消えてしまいます。ルーティングテーブルから消えるとEBGP neighborが確立できなくなってしまうため、flappingが発生してしまいます。

 [R1]
ip bgp-community new-format
!
route-map RMAP_COMMUNITY permit 10
 set community 100:1
!
router rip
 distance 19
!
ipv6 router RIPng
 distance 19
!
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 10.2.2.2 remote-as 200
 neighbor 10.2.2.2 ebgp-multihop 255
 neighbor 10.2.2.2 update-source Loopback0
 neighbor FEC0::2:2 remote-as 200
 neighbor FEC0::2:2 ebgp-multihop 255
 neighbor FEC0::2:2 update-source Loopback0
 !
 address-family ipv4
  neighbor 10.2.2.2 activate
  neighbor 10.2.2.2 send-community both
  no auto-summary
  no synchronization
  network 10.1.1.1 mask 255.255.255.255 route-map RMAP_COMMUNITY
 exit-address-family
 !
 address-family ipv6
  neighbor FEC0::2:2 activate
  neighbor FEC0::2:2 send-community
  network FEC0::1:1/125 route-map RMAP_COMMUNITY
 exit-address-family

 [R2]
ip bgp-community new-format
!
router rip
 distance 19
!
ipv6 router RIPng
 distance 19
!
router bgp 200
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor EBGP peer-group
 neighbor EBGP ebgp-multihop 255
 neighbor EBGP update-source Loopback0
 neighbor EBGPv6 peer-group
 neighbor EBGPv6 ebgp-multihop 255
 neighbor EBGPv6 update-source Loopback0
 neighbor 10.1.1.1 remote-as 100
 neighbor 10.1.1.1 peer-group EBGP
 neighbor 10.3.3.3 remote-as 300
 neighbor 10.3.3.3 peer-group EBGP
 neighbor FEC0::1:1 remote-as 100
 neighbor FEC0::1:1 peer-group EBGPv6
 neighbor FEC0::3:3 remote-as 300
 neighbor FEC0::3:3 peer-group EBGPv6
 !
 address-family ipv4
  neighbor EBGP send-community both
  neighbor 10.1.1.1 activate
  neighbor 10.3.3.3 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family ipv6
  neighbor EBGPv6 send-community both
  neighbor FEC0::1:1 activate
  neighbor FEC0::3:3 activate
 exit-address-family

 [R3]
ip bgp-community new-format
!
route-map RMAP_COMMUNITY permit 10
 set community 300:3
!
router rip
 distance 19
!
ipv6 router RIPng
 distance 19
!
router bgp 300
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 10.2.2.2 remote-as 200
 neighbor 10.2.2.2 ebgp-multihop 255
 neighbor 10.2.2.2 update-source Loopback0
 neighbor FEC0::2:2 remote-as 200
 neighbor FEC0::2:2 ebgp-multihop 255
 neighbor FEC0::2:2 update-source Loopback0
 !
 address-family ipv4
  neighbor 10.2.2.2 activate
  neighbor 10.2.2.2 send-community both
  no auto-summary
  no synchronization
  network 10.3.3.3 mask 255.255.255.255 route-map RMAP_COMMUNITY
 exit-address-family
 !
 address-family ipv6
  neighbor FEC0::2:2 activate
  neighbor FEC0::2:2 send-community both
  network FEC0::3:3/125 route-map RMAP_COMMUNITY
 exit-address-family

動作確認

neighborが確立できているかを確認します。

 [R3]
R3#show ip bgp summary

 <omitted>

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.2.2.2        4   200      45      36       12    0    0 00:14:03        1
R3#
R3#
R3#show bgp ipv6 unicast summary

 <omitted>

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
FEC0::2:2       4   200      45      29       13    0    0 00:21:31        1
R3#

send-communityの設定が効いているかどうかを確認します。communityが伝播している事を確認します。

 [R3]
R3#show ip bgp 10.1.1.1
BGP routing table entry for 10.1.1.1/32, version 12
Paths: (1 available, best #1, table Default-IP-Routing-Table, RIB-failure(17))
  Not advertised to any peer
  200 100
    10.2.2.2 (metric 1) from 10.2.2.2 (10.2.2.2)
      Origin IGP, localpref 100, valid, external, best
      Community: 100:1
R3#
R3#
R3#show bgp ipv6 unicast FEC0::1:0/125
BGP routing table entry for FEC0::1:0/125, version 13
Paths: (1 available, best #1, table Global-IPv6-Table)
  Not advertised to any peer
  200 100
    FEC0::2:2 (metric 2) from FEC0::2:2 (10.2.2.2)
      Origin IGP, localpref 100, valid, external, best
      Community: 100:1
R3#

BGP template

設定投入

R2のBGP設定について、peer groupを使用した設定方法からtemplateを使用した設定方法に書き換えます。

 [R2]
no router bgp 200
router bgp 200
 template peer-policy POLICY
  send-community both
 exit-peer-policy
 !
 template peer-session SESSION
  ebgp-multihop 255
  update-source Loopback0
 exit-peer-session
 !
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 10.1.1.1 remote-as 100
 neighbor 10.1.1.1 inherit peer-session SESSION
 neighbor 10.3.3.3 remote-as 300
 neighbor 10.3.3.3 inherit peer-session SESSION
 neighbor FEC0::1:1 remote-as 100
 neighbor FEC0::1:1 inherit peer-session SESSION
 neighbor FEC0::3:3 remote-as 300
 neighbor FEC0::3:3 inherit peer-session SESSION
 !
 address-family ipv4
  neighbor 10.1.1.1 activate
  neighbor 10.1.1.1 inherit peer-policy POLICY
  neighbor 10.3.3.3 activate
  neighbor 10.3.3.3 inherit peer-policy POLICY
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family ipv6
  neighbor FEC0::1:1 activate
  neighbor FEC0::1:1 inherit peer-policy POLICY
  neighbor FEC0::3:3 activate
  neighbor FEC0::3:3 inherit peer-policy POLICY
 exit-address-family

動作確認

send-communityの設定が効いているかどうかを確認します。communityが伝播している事を確認します。

 [R3]
R3#show ip bgp 10.1.1.1
BGP routing table entry for 10.1.1.1/32, version 4
Paths: (1 available, best #1, table Default-IP-Routing-Table, RIB-failure(17))
Flag: 0x820
  Not advertised to any peer
  200 100
    10.2.2.2 (metric 1) from 10.2.2.2 (10.2.2.2)
      Origin IGP, localpref 100, valid, external, best
      Community: 100:1
R3#
R3#
R3#show bgp ipv6 unicast FEC0::1:0/125
BGP routing table entry for FEC0::1:0/125, version 3
Paths: (1 available, best #1, table Global-IPv6-Table)
  Not advertised to any peer
  200 100
    FEC0::2:2 (metric 2) from FEC0::2:2 (10.2.2.2)
      Origin IGP, localpref 100, valid, external, best
      Community: 100:1
R3#
タイトルとURLをコピーしました