Vyatta(VyOS)で、IPv4とIPv6のBGP設定をまとめます。最近は、パブリッククラウドやSDNのようなマルチキャスト非対応の環境での仕事が増えつつあるので、OSPFよりもBGPの方が難度が低い傾向が見られます。このページでは、最近、実務での対応が増えつつあるBFDと併用する設定例も紹介します。
設定まとめ
BGP設定
以下のコマンドでBGP neighborを定義できます。IPv6 neighborの場合は「address-family ipv6-unicast」という指定が必要というVyOS固有の慣れないルールがあるのに注意が必要です。
set protocols bgp neighbor <対向IPv4アドレス> remote-as <AS番号> set protocols bgp neighbor <対向IPv6アドレス> remote-as <AS番号> set protocols bgp neighbor <対向IPv6アドレス> address-family ipv6-unicast
以下のコマンドでadvertiseするprefixを指定します。
set protocols bgp address-family ipv4-unicast network <IPv4 prefix> set protocols bgp address-family ipv6-unicast network <IPv6 prefix>
以下のコマンドで自身のAS番号を指定します。
set protocols bgp local-as <AS番号>
以下のコマンドでkeepaliveとholdを変更する事ができます。
set protocols bgp timers keepalive <秒指定> set protocols bgp timers holdtime <秒指定>
BFD neighbor
以下のコマンドでBFD peerの定義が可能です。IPv6の場合は、送信元IPv6アドレスの明示指定が必要です。
set protocols bfd peer <対向IPv4アドレス> set protocols bfd peer <対向IPv6アドレス> source address <送信元IPv6アドレス>
デフォルト設定はecho-intervalが300ミリ秒で、multiplierは3回で、transmitは50ミリ秒です。このタイマーをチューニングするには以下コマンドを使います。
set protocols bfd peer <対向IPv4アドレス> interval echo-interval <ミリ秒指定> set protocols bfd peer <対向IPv4アドレス> interval multiplier <回数> set protocols bfd peer <対向IPv4アドレス> interval transmit <ミリ秒指定> set protocols bfd peer <対向IPv6アドレス> interval echo-interval <ミリ秒指定> set protocols bfd peer <対向IPv6アドレス> interval multiplier <回数> set protocols bfd peer <対向IPv6アドレス> interval transmit <ミリ秒指定>
BFD peerが確立されたかどうかは「show protocols bfd peer」で確認します。
vyos@vy002:~$ show protocols bfd peer
BFD Peers:
peer 2001:db8:23::3 local-address 2001:db8:23::2 vrf default
ID: 4248063379
Remote ID: 2410726544
Active mode
Status: up
Uptime: 1 hour(s), 36 minute(s), 48 second(s)
Diagnostics: ok
Remote diagnostics: ok
Peer Type: configured
Local timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 60ms
Echo transmission interval: 250ms
Remote timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 60ms
Echo transmission interval: 250ms
<omitted>
BFDとBGPの関連付け
BFDとBGPを紐づけるには以下の設定を使います。
set protocols bgp neighbor <対向IPv4アドレス> bfd set protocols bgp neighbor 192.168.12.2 remote-as '65002' set protocols bgp neighbor 2001:0DB8:12::2 address-family ipv6-unicast set protocols bgp neighbor <対向IPv6アドレス> bfd
「show bgp ipv4 neighbors」「show bgp ipv6 neighbors」を使用すると、BFDを併用しているか否かを確認できます。
vyos@vy002:~$ show bgp ipv4 neighbors 192.168.12.1
BGP neighbor is 192.168.12.1, remote AS 65001, local AS 65002, external link
Hostname: vy001
BGP version 4, remote router ID 10.1.1.1, local router ID 10.2.2.2
BGP state = Established, up for 00:15:26
Last read 00:00:06, Last write 00:00:06
Hold time is 30, keepalive interval is 10 seconds
Configured hold time is 30, keepalive interval is 10 seconds
<omitted>
BFD: Type: single hop
Detect Multiplier: 3, Min Rx interval: 300, Min Tx interval: 300
Status: Up, Last update: 0:00:15:26
vyos@vy002:~$
vyos@vy002:~$
vyos@vy002:~$ show bgp ipv6 neighbors 2001:0DB8:12::1
BGP neighbor is 2001:db8:12::1, remote AS 65001, local AS 65002, external link
Hostname: vy001
BGP version 4, remote router ID 10.1.1.1, local router ID 10.2.2.2
BGP state = Established, up for 00:16:26
Last read 00:00:06, Last write 00:00:06
Hold time is 30, keepalive interval is 10 seconds
Configured hold time is 30, keepalive interval is 10 seconds
<omitted>
BFD: Type: single hop
Detect Multiplier: 3, Min Rx interval: 300, Min Tx interval: 300
Status: Up, Last update: 0:00:16:25
vyos@vy002:~$
動作確認
動作確認の構成
以下の環境で動作確認を行います。
+-----------------------+
| vy001 |
| Lo:10.1.1.1/32 |
| Lo:2001:0DB8:1::1/128 |
+-----------+-----------+
eth0 | .1 ::1
|
| 192.168.12.0/24
| 2001:0DB8:12::/64
|
eth0 | .2 ::2
+-----------+-----------+
| vy002 |
| Lo:10.2.2.2/32 |
| Lo:2001:0DB8:2::2/128 |
+-----------+-----------+
eth1 | .2 ::2
|
| 192.168.23.0/24
| 2001:0DB8:23::/64
|
eth0 | .3 ::3
+-----------+-----------+
| vy003 |
| Lo:10.3.3.3/32 |
| Lo:2001:0DB8:3::3/128 |
+-----------------------+
初期設定
IPv4アドレスとIPv6アドレスは付与済の状態で動作確認をします。
動作確認 (1) BGP neighbor
IPv4とIPv6でBGP neighborを確立し、Loopback addressをadvertiseします。デフォルト設定ののkeepaliveは60秒で待ち時間が長いため、検証しやすいようにkeepaliveを短めに設定します。
[vy001:VyOS1.4] set protocols bgp address-family ipv4-unicast network 10.1.1.1/32 set protocols bgp address-family ipv6-unicast network 2001:0DB8:1::1/128 set protocols bgp local-as '65001' set protocols bgp neighbor 192.168.12.2 remote-as '65002' set protocols bgp neighbor 2001:0DB8:12::2 remote-as '65002' set protocols bgp neighbor 2001:0DB8:12::2 address-family ipv6-unicast set protocols bgp timers holdtime '30' set protocols bgp timers keepalive '10' [vy002:VyOS1.4] set protocols bgp address-family ipv4-unicast network 10.2.2.2/32 set protocols bgp address-family ipv6-unicast network 2001:0DB8:2::2/128 set protocols bgp local-as '65002' set protocols bgp neighbor 192.168.12.1 remote-as '65001' set protocols bgp neighbor 192.168.23.3 remote-as '65003' set protocols bgp neighbor 2001:0DB8:12::1 remote-as '65001' set protocols bgp neighbor 2001:0DB8:12::1 address-family ipv6-unicast set protocols bgp neighbor 2001:0DB8:23::3 remote-as '65003' set protocols bgp neighbor 2001:0DB8:23::3 address-family ipv6-unicast set protocols bgp timers holdtime '30' set protocols bgp timers keepalive '10' [vy003:VyOS1.4] set protocols bgp address-family ipv4-unicast network 10.3.3.3/32 set protocols bgp address-family ipv6-unicast network 2001:0DB8:3::3/128 set protocols bgp local-as '65003' set protocols bgp neighbor 192.168.23.2 remote-as '65002' set protocols bgp neighbor 2001:0DB8:23::2 remote-as '65002' set protocols bgp neighbor 2001:0DB8:23::2 address-family ipv6-unicast set protocols bgp timers holdtime '30' set protocols bgp timers keepalive '10'
BGP neighborが確立された事を確認します。
[vy001:VyOS1.4] vyos@vy001:~$ show bgp ipv4 summary IPv4 Unicast Summary: BGP router identifier 10.1.1.1, local AS number 65001 vrf-id 0 BGP table version 3 RIB entries 5, using 960 bytes of memory Peers 1, using 21 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt 192.168.12.2 4 65002 376 377 0 0 0 01:01:46 2 3 Total number of neighbors 1 vyos@vy001:~$ vyos@vy001:~$ vyos@vy001:~$ show bgp ipv6 summary IPv6 Unicast Summary: BGP router identifier 10.1.1.1, local AS number 65001 vrf-id 0 BGP table version 3 RIB entries 5, using 960 bytes of memory Peers 1, using 21 KiB of memory Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt 2001:db8:12::2 4 65002 377 378 0 0 0 01:01:51 2 3 Total number of neighbors 1 vyos@vy001:~$
ルーティングテーブルにBGPのprefixが載っている事を確認します。
[vy001:VyOS1.4]
vyos@vy001:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
C>* 10.1.1.1/32 is directly connected, lo, 02:27:00
B>* 10.2.2.2/32 [20/0] via 192.168.12.2, eth0, weight 1, 01:02:27
B>* 10.3.3.3/32 [20/0] via 192.168.12.2, eth0, weight 1, 01:02:27
C>* 192.168.12.0/24 is directly connected, eth0, 02:26:59
vyos@vy001:~$
vyos@vy001:~$
vyos@vy001:~$ show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
C>* 2001:db8:1::1/128 is directly connected, lo, 02:27:06
B>* 2001:db8:2::2/128 [20/0] via fe80::250:56ff:fe8e:455e, eth0, weight 1, 01:02:33
B>* 2001:db8:3::3/128 [20/0] via fe80::250:56ff:fe8e:455e, eth0, weight 1, 00:58:27
C>* 2001:db8:12::/64 is directly connected, eth0, 02:27:04
C * fe80::/64 is directly connected, eth0, 02:27:04
C>* fe80::/64 is directly connected, lo, 02:27:06
vyos@vy001:~$
vy001とvy003の間で疎通可能である事を確認します。
[vy001:VyOS1.4] vyos@vy001:~$ ping 10.3.3.3 interface 10.1.1.1 count 3 PING 10.3.3.3 (10.3.3.3) from 10.1.1.1 : 56(84) bytes of data. 64 bytes from 10.3.3.3: icmp_seq=1 ttl=63 time=0.851 ms 64 bytes from 10.3.3.3: icmp_seq=2 ttl=63 time=0.927 ms 64 bytes from 10.3.3.3: icmp_seq=3 ttl=63 time=0.559 ms --- 10.3.3.3 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 0.559/0.779/0.927/0.158 ms vyos@vy001:~$ vyos@vy001:~$ vyos@vy001:~$ ping 2001:db8:3::3 interface 2001:db8:1::1 count 3 PING 2001:db8:3::3(2001:db8:3::3) from 2001:db8:1::1 : 56 data bytes 64 bytes from 2001:db8:3::3: icmp_seq=1 ttl=63 time=0.817 ms 64 bytes from 2001:db8:3::3: icmp_seq=2 ttl=63 time=0.880 ms 64 bytes from 2001:db8:3::3: icmp_seq=3 ttl=63 time=0.795 ms --- 2001:db8:3::3 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2033ms rtt min/avg/max/mdev = 0.795/0.830/0.880/0.036 ms vyos@vy001:~$
動作確認 (2) BFD neighbor
BFD (Bidirectional Forwarding Detection) は双方向でトラフィックを流す事で早期の障害を検知する仕組みです。BGP helloよりも軽量のパケットを死活監視に用いる事で、ミリ秒単位での切り替えを実現する時に使用します。
まずはvy001, vy002, vy003の間で、IPv4とIPv6のBFD neighborを確立します。
[vy001:VyOS1.4] set protocols bfd peer 192.168.12.2 interval echo-interval '250' set protocols bfd peer 192.168.12.2 interval multiplier '3' set protocols bfd peer 192.168.12.2 interval transmit '60' set protocols bfd peer 2001:0DB8:12::2 interval echo-interval '250' set protocols bfd peer 2001:0DB8:12::2 interval multiplier '3' set protocols bfd peer 2001:0DB8:12::2 interval transmit '60' set protocols bfd peer 2001:0DB8:12::2 source address '2001:db8:12::1' [vy002:VyOS1.4] set protocols bfd peer 192.168.12.1 interval echo-interval '250' set protocols bfd peer 192.168.12.1 interval multiplier '3' set protocols bfd peer 192.168.12.1 interval transmit '60' set protocols bfd peer 192.168.23.3 interval echo-interval '250' set protocols bfd peer 192.168.23.3 interval multiplier '3' set protocols bfd peer 192.168.23.3 interval transmit '60' set protocols bfd peer 2001:0DB8:12::1 interval echo-interval '250' set protocols bfd peer 2001:0DB8:12::1 interval multiplier '3' set protocols bfd peer 2001:0DB8:12::1 interval transmit '60' set protocols bfd peer 2001:0DB8:12::1 source address '2001:db8:12::2' set protocols bfd peer 2001:0DB8:23::3 interval echo-interval '250' set protocols bfd peer 2001:0DB8:23::3 interval multiplier '3' set protocols bfd peer 2001:0DB8:23::3 interval transmit '60' set protocols bfd peer 2001:0DB8:23::3 source address '2001:db8:23::2' [vy003:VyOS1.4] set protocols bfd peer 192.168.23.2 interval echo-interval '250' set protocols bfd peer 192.168.23.2 interval multiplier '3' set protocols bfd peer 192.168.23.2 interval transmit '60' set protocols bfd peer 2001:0DB8:23::2 interval echo-interval '250' set protocols bfd peer 2001:0DB8:23::2 interval multiplier '3' set protocols bfd peer 2001:0DB8:23::2 interval transmit '60' set protocols bfd peer 2001:0DB8:23::2 source address '2001:db8:23::3'
BFD peerが確立された事を確認します。
[vy001:VyOS1.4]
vyos@vy001:~$ show protocols bfd peer
BFD Peers:
peer 2001:db8:12::2 local-address 2001:db8:12::1 vrf default
ID: 1936852405
Remote ID: 1121971534
Active mode
Status: up
Uptime: 6 second(s)
Diagnostics: ok
Remote diagnostics: ok
Peer Type: configured
Local timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 60ms
Echo transmission interval: 250ms
Remote timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 60ms
Echo transmission interval: 250ms
peer 192.168.12.2 vrf default
ID: 2602281489
Remote ID: 4021675383
Active mode
Status: up
Uptime: 6 second(s)
Diagnostics: ok
Remote diagnostics: ok
Peer Type: configured
Local timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 60ms
Echo transmission interval: 250ms
Remote timers:
Detect-multiplier: 3
Receive interval: 300ms
Transmission interval: 60ms
Echo transmission interval: 250ms
vyos@vy001:~$
250ミリ秒間隔でBFDのパケットが送受信されている事が分かります。
root@vy002:~# tcpdump -i eth0 ip and udp port 3784 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes 12:40:24.495843 IP 192.168.12.2.49152 > 192.168.12.1.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:24.551028 IP 192.168.12.1.49152 > 192.168.12.2.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:24.785201 IP 192.168.12.1.49152 > 192.168.12.2.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:24.789927 IP 192.168.12.2.49152 > 192.168.12.1.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:25.010296 IP 192.168.12.1.49152 > 192.168.12.2.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:25.083991 IP 192.168.12.2.49152 > 192.168.12.1.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:25.247397 IP 192.168.12.1.49152 > 192.168.12.2.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 ^C 7 packets captured 7 packets received by filter 0 packets dropped by kernel root@vy002:~# root@vy002:~# root@vy002:~# tcpdump -i eth0 ip6 and udp port 3784 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes 12:40:33.936091 IP6 2001:db8:12::1.49152 > 2001:db8:12::2.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:34.015316 IP6 2001:db8:12::2.49152 > 2001:db8:12::1.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:34.221135 IP6 2001:db8:12::1.49152 > 2001:db8:12::2.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:34.267464 IP6 2001:db8:12::2.49152 > 2001:db8:12::1.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:34.470248 IP6 2001:db8:12::1.49152 > 2001:db8:12::2.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:34.498594 IP6 2001:db8:12::2.49152 > 2001:db8:12::1.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:34.761298 IP6 2001:db8:12::1.49152 > 2001:db8:12::2.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 12:40:34.798810 IP6 2001:db8:12::2.49152 > 2001:db8:12::1.3784: BCM-LI-SHIM: direction unused, pkt-type unknown, pkt-subtype untagged, li-id 792 ^C 8 packets captured 8 packets received by filter 0 packets dropped by kernel root@vy002:~#
動作確認 (3) BFDとBGPの関連付け
BFDとBGPを関連付ける事によって、ミリ秒単位の切り替えを実現します。以下のような設定でBFDをBGPを紐づける事ができます。
[vy001:VyOS1.4] set protocols bgp neighbor 192.168.12.2 bfd set protocols bgp neighbor 2001:0DB8:12::2 bfd [vy002:VyOS1.4] set protocols bgp neighbor 192.168.12.1 bfd set protocols bgp neighbor 192.168.23.3 bfd set protocols bgp neighbor 2001:0DB8:12::1 bfd set protocols bgp neighbor 2001:0DB8:23::3 bfd [vy003:VyOS1.4] set protocols bgp neighbor 192.168.23.2 bfd set protocols bgp neighbor 2001:0DB8:23::2 bfd
「show bgp ipv4 neighbors」「show bgp ipv6 neighbors」を見ると、BFDによる障害検出が有効になっている事が読み取れます。
[vy001:VyOS1.4]
vyos@vy001:~$ show bgp ipv4 neighbors 192.168.12.2
BGP neighbor is 192.168.12.2, remote AS 65002, local AS 65001, external link
Hostname: vy002
BGP version 4, remote router ID 10.2.2.2, local router ID 10.1.1.1
BGP state = Established, up for 02:55:02
Last read 00:00:01, Last write 00:00:01
Hold time is 30, keepalive interval is 10 seconds
Configured hold time is 30, keepalive interval is 10 seconds
<omitted>
BFD: Type: single hop
Detect Multiplier: 3, Min Rx interval: 300, Min Tx interval: 300
Status: Up, Last update: 0:00:01:25
vyos@vy001:~$
vyos@vy001:~$
vyos@vy001:~$ show bgp ipv6 neighbors 2001:db8:12::2
BGP neighbor is 2001:db8:12::2, remote AS 65002, local AS 65001, external link
Hostname: vy002
BGP version 4, remote router ID 10.2.2.2, local router ID 10.1.1.1
BGP state = Established, up for 00:01:26
Last read 00:00:06, Last write 00:00:06
Hold time is 30, keepalive interval is 10 seconds
Configured hold time is 30, keepalive interval is 10 seconds
<omitted>
BFD: Type: single hop
Detect Multiplier: 3, Min Rx interval: 300, Min Tx interval: 300
Status: Up, Last update: 0:00:02:02
vyos@vy001:~$
これより擬似障害を発生させ、BFDによる切り替わりが発生するかどうかを確認します。擬似障害の前にBGP neighborのuptimeを確認します。以下出力の場合は約15分です。
vyos@vy001:~$ show bgp ipv4 neighbors | grep state BGP state = Established, up for 00:15:46 BGP state = Established, up for 00:15:43 vyos@vy001:~$ show bgp ipv6 neighbors | grep state BGP state = Established, up for 00:15:46 vyos@vy001:~$
vy002のリンクダウン/リンクアップを、10秒以内に操作します。
[vy002:VyOS1.4] vyos@vy002# set interfaces ethernet eth0 disable [edit] vyos@vy002# commit [edit] vyos@vy002# delete interfaces ethernet eth0 disable [edit] vyos@vy002# commit [edit] vyos@vy002#
uptimeがリセットされている事から障害によってBGP neighborが切断された事が分かります。hold timeが30秒なのでBGP helloのみでは検出できない障害ですが、BFDによってBGPが障害を検出した事が分かります。
[vy001:VyOS1.4] vyos@vy001:~$ show bgp ipv4 neighbors | grep state BGP state = Established, up for 00:00:04 BGP state = Established, up for 00:00:03 vyos@vy001:~$ show bgp ipv6 neighbors | grep state BGP state = Established, up for 00:00:07 vyos@vy001:~$
