JUNOSインターネットソフトウェアとIOSのコンフィグレーション変換

Size: px

Start display at page:

Download "JUNOSインターネットソフトウェアとIOSのコンフィグレーション変換"

えみかいじ
5 years ago
Views:

1 Juniper Networks, Inc North Mathilda Avenue Sunnyvale, CA USA or 888 JUNIPER

6 show Test Network Topology UNIX / /24.1 Lunkan M10.1 Lo /32 Null /16 Null /16 Lo /32 Lo /32 Lo /32 Lo /32 Access Lo / / /30 Lo /32 Ida.3 M20 Lo /32 Cisco_pop.5 Lo /32 Cisco_core_rr Lena M40 Lo / / /24 Cisco_border Lo /32 Pagent Dummy Null0 2.2/16 Plus Route Generation Null0 3.3/16 Plus Martians Null /24.6 Lo /32 6 Copyright 2001, Juniper Networks, Inc.

9 図 4: Connected Access and POP Route Reflector Routers UNIX Lunkan AS 1111 M10 Lena Pagent Access M20 M40 AS 2222 Ida Cisco_pop Cisco_border Dummy AS 3333 Cisco_core_rr Copyright 2001, Juniper Networks, Inc. 9

13 router isis redistribute isis ip level-2 into level-1 distribute-list 100 /* Leak policy from L2 db -> L1 db */ passive-interface Loopback0 net metric-style wide/* TLV 135 used for extended metrics, no TLV 128 */ max-lsp-lifetime lsp-refresh-interval spf-interval prc-interval lsp-gen-interval log-adjacency-changes router bgp 1111 no synchronization bgp router-id bgp log-neighbor-changes timers bgp neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor pop peer-group neighbor pop remote-as 1111 neighbor pop update-source Loopback0 neighbor pop_rr peer-group neighbor pop_rr remote-as 1111 neighbor pop_rr update-source Loopback0 neighbor pop_rr route-reflector-client neighbor peer-group internal neighbor peer-group internal neighbor peer-group pop_rr no auto-summary access-list 1 permit Copyright 2001, Juniper Networks, Inc. 13

14 routing-options { router-id ; autonomous-system 1111; protocols { bgp { traceoptions { file bgp; flag state detail; log-updown; group internal { type internal; local-address ; neighbor ; neighbor ; group pop_rr { type internal; local-address ; cluster ; neighbor ; group pop { type internal; local-address ; neighbor ; isis { traceoptions { file isis; flag state detail; export isis_leak;/* Leak policy */ lsp-lifetime 65535; /* Default 1200 seconds */ level 2 wide-metrics-only; /* TLV 135 used for extended metrics, default both TLV 128/135 used */ interface fxp0.0 { level 1 disable;/* Level 2 only to Core */ interface fxp1.0 { level 2 disable;/* Level 1 only to access stub area */ 14 Copyright 2001, Juniper Networks, Inc.

15 policy-options { policy-statement isis_leak { term one { from { protocol isis; level 2; route-filter /24 longer; /* Prefix where next hop for BGP are within lo0 */ to { protocol isis; /*To L1 area */ level 1; lunkan@ida> show isis adjacency IS-IS adjacency database: Interface System L State Hold (secs) SNPA fxp0.0 cisco_pop 2 Up 23 0:0:c:34:74:5b fxp0.0 cisco_border 2 Up 28 0:60:9:c4:23:18 fxp0.0 cisco_core_rr 2 Up 28 0:d0:ba:58:7e:4b fxp0.0 lena 2 Up 26 0:2:b3:22:38:63 fxp0.0 lunkan 2 Up 8 0:2:b3:22:38:61 fxp1.0 cisco_access 1 Up 7 0:d0:ba:58:81:dd lunkan@ida> show isis database detail IS-IS level 1 link-state database: ida Sequence: 0x1d, Checksum: 0x9774, Lifetime: secs IS neighbor: cisco_access.01 Metric: 10 IP prefix: /30 Metric: 20 Internal IP prefix: /32 Metric: 10 Internal IP prefix: /32 Metric: 10 Internal IP prefix: /32 Metric: 10 Internal IP prefix: /32 Metric: 10 Internal IP prefix: /32 Metric: 10 Internal IP prefix: /32 Metric: 0 Internal IP prefix: /30 Metric: 10 Internal cisco_access Sequence: 0x3, Checksum: 0xd715, Lifetime: secs IS neighbor: cisco_access.01 Metric: 10 IP prefix: /32 Metric: 0 Internal IP prefix: /30 Metric: 10 Internal cisco_access Sequence: 0x3, Checksum: 0x4b86, Lifetime: secs IS neighbor: ida.00 Metric: 0 IS neighbor: cisco_access.00 Metric: 0 IS-IS level 2 link-state database: lunkan Sequence: 0x16, Checksum: 0x3c69, Lifetime: secs IS neighbor: lunkan.02 Metric: 10 IP prefix: /24 Metric: 10 Internal Copyright 2001, Juniper Networks, Inc. 15

16 IP prefix: /32 Metric: 0 Internal lunkan Sequence: 0x6, Checksum: 0x920c, Lifetime: secs IS neighbor: cisco_pop.00 Metric: 0 IS neighbor: cisco_core_rr.00 Metric: 0 IS neighbor: cisco_border.00 Metric: 0 IS neighbor: ida.00 Metric: 0 IS neighbor: lena.00 Metric: 0 IS neighbor: lunkan.00 Metric: 0 lena Sequence: 0x13, Checksum: 0x815c, Lifetime: secs IS neighbor: lunkan.02 Metric: 10 IP prefix: /24 Metric: 10 Internal IP prefix: /24 Metric: 10 Internal IP prefix: /32 Metric: 0 Internal ida Sequence: 0x21, Checksum: 0x6128, Lifetime: secs IS neighbor: lunkan.02 Metric: 10 IP prefix: /32 Metric: 10 Internal IP prefix: /24 Metric: 10 Internal IP prefix: /30 Metric: 10 Internal IP prefix: /32 Metric: 0 Internal cisco_border Sequence: 0xb, Checksum: 0x71c8, Lifetime: secs IS neighbor: lunkan.02 Metric: 10 IP prefix: /24 Metric: 0 Internal IP prefix: /32 Metric: 0 Internal IP prefix: /24 Metric: 10 Internal cisco_pop Sequence: 0xd, Checksum: 0x20c2, Lifetime: secs IS neighbor: lunkan.02 Metric: 10 IP prefix: /30 Metric: 10 Internal IP prefix: /32 Metric: 0 Internal IP prefix: /24 Metric: 10 Internal cisco_core_rr Sequence: 0xc, Checksum: 0xb9b1, Lifetime: secs IS neighbor: lunkan.02 Metric: 10 IP prefix: /32 Metric: 0 Internal IP prefix: /24 Metric: 10 Internal cisco_access Sequence: 0x7, Checksum: 0x7373, Lifetime: secs IS neighbor: cisco_access.01 Metric: 10 IP prefix: /30 Metric: 10 Internal IP prefix: /32 Metric: 0 Internal cisco_access Sequence: 0x1, Checksum: 0x69f0, Lifetime: secs IS neighbor: ida.00 Metric: 0 IS neighbor: cisco_access.00 Metric: 0 lunkan@ida> show route inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both /24 *[Direct/0] 01:41:20 > via fxp /32 *[Local/0] 01:41:55 Local /32 *[IS-IS/18] 00:48:26, metric 10, tag 2 > to via fxp /32 *[IS-IS/18] 00:48:33, metric 10, tag 2 > to via fxp /32 *[Direct/0] 01:41:55 > via lo /32 *[IS-IS/18] 00:48:33, metric 10, tag 2 > to via fxp Copyright 2001, Juniper Networks, Inc.

17 /32 *[IS-IS/18] 00:48:33, metric 10, tag 2 > to via fxp /32 *[IS-IS/18] 00:48:33, metric 10, tag 2 > to via fxp /32 *[IS-IS/15] 00:26:14, metric 10, tag 1 > to via fxp /30 *[Direct/0] 01:41:55 > via fxp /32 *[Local/0] 01:41:55 Local /30 *[IS-IS/18] 00:27:52, metric 20, tag 2 > to via fxp /16 *[BGP/170] 00:18:56, MED 0, localpref 100, from AS path: 2222 I > to via fxp0.0 [BGP/170] 00:18:56, MED 0, localpref 100, from AS path: 2222 I > to via fxp /16 *[BGP/170] 00:48:09, MED 1, localpref 100, from AS path: 3333 I > to via fxp0.0 [BGP/170] 00:47:33, MED 1, localpref 100, from AS path: 3333 I > to via fxp /8 *[BGP/170] 00:48:09, MED 1, localpref 100, from AS path: 3333? > to via fxp0.0 [BGP/170] 00:47:33, MED 1, localpref 100, from AS path: 3333? > to via fxp /32 *[BGP/170] 00:22:11, MED 0, localpref 100, from AS path:? > to via fxp /32 *[BGP/170] 00:22:11, MED 0, localpref 100, from AS path:? > to via fxp /24 *[BGP/170] 00:48:20, localpref 100, from AS path: I > to via fxp0.0 [BGP/170] 00:48:26, localpref 100, from AS path: I > to via fxp /24 *[IS-IS/18] 00:48:33, metric 10, tag 2 > to via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both /80 *[Direct/0] 01:41:55 > via lo0.0 Copyright 2001, Juniper Networks, Inc. 17

18 router isis passive-interface Loopback0 net is-type level-1/* Pure L1 ISIS adjacency allowed */ metric-style wide/* TLV 135 used for extended metrics, no TLV 128 */ max-lsp-lifetime lsp-refresh-interval spf-interval prc-interval lsp-gen-interval log-adjacency-changes router bgp 1111 no synchronization bgp router-id bgp log-neighbor-changes timers bgp redistribute connected route-map access neighbor access peer-group neighbor access remote-as 1111 neighbor access update-source Loopback0 neighbor peer-group access neighbor peer-group access no auto-summary access-list 1 permit access-list 1 permit route-map access permit 10 match ip address 1 cisco_access#sh clns nei det System Id Interface SNPA State Holdtime Type Protocol ida Et b322.39c8 Up 25 L1 IS-IS Area Address(es): IP Address(es): * Uptime: 00:10:50 cisco_access# 18 Copyright 2001, Juniper Networks, Inc.

19 cisco_access#sh isis dat det IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL ida x D 0x /0/0 Area Address: NLPID: 0xCC Router ID: IP Address: Hostname: ida Metric: 10 IS cisco_access.01 Metric: 10 IS-Extended cisco_access.01 Metric: 10 IP Metric: 0 IP Metric: 74 IP Metric: 74 IP Metric: 74 IP Metric: 74 IP Metric: 74 IP Metric: 84 IP Metric: 10 IP /30 Metric: 0 IP /32 Metric: 10 IP-Interarea /32 Metric: 10 IP-Interarea /32 Metric: 10 IP-Interarea /32 Metric: 10 IP-Interarea /32 Metric: 10 IP-Interarea /32 Metric: 20 IP-Interarea /30 cisco_access * 0x xD /0/0 Area Address: NLPID: 0xCC Hostname: cisco_access IP Address: Metric: 10 IP /30 Metric: 0 IP /32 Metric: 10 IS-Extended cisco_access.01 cisco_access * 0x x4B /0/0 Metric: 0 IS-Extended cisco_access.00 Metric: 0 IS-Extended ida.00 cisco_access# Copyright 2001, Juniper Networks, Inc. 19

20 cisco_access#sh ip ro Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set /8 is variably subnetted, 9 subnets, 2 masks i ia /32 [115/20] via , Ethernet0 i L /32 [115/10] via , Ethernet0 i ia /32 [115/20] via , Ethernet0 i ia /32 [115/20] via , Ethernet0 i ia /32 [115/20] via , Ethernet0 C /32 is directly connected, Loopback0 i ia /32 [115/20] via , Ethernet0 C /30 is directly connected, Ethernet0 i ia /30 [115/30] via , Ethernet /16 is subnetted, 1 subnets B [200/0] via , 00:05: /32 is subnetted, 2 subnets C is directly connected, Loopback1 C is directly connected, Loopback /16 is subnetted, 1 subnets B [200/1] via , 00:08:49 B /8 [200/1] via , 00:08:49 B /24 [200/0] via , 00:08:49 cisco_access# 20 Copyright 2001, Juniper Networks, Inc.

21 cisco_access#sh ip bgp BGP table version is 14, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path * i / i *>i i * i / i *>i i * i / i *>i i *> / ? *> / ? * i / i *>i i *> / ? *> / ? *> / ? * i i *>i i * i i *>i i *> / ? cisco_access# Copyright 2001, Juniper Networks, Inc. 21

22 Multihomed Autonomous System AS / /12 border_ /16 AS /16 10/ /12 border_ /16 AS /16 Prevention of Internal Announcements with External Link Failures AS border_1 AS /16 border_2 AS / / / /16 22 Copyright 2001, Juniper Networks, Inc.

23 Prevention of External Announcements with External Link Failures AS border_1 AS /16 border_2 AS / / / /16 router bgp 1111 no synchronization aggregate-address summary-only # Aggregation of /16 and suppress of routes within prefix with longer mask timers bgp neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal next-hop-self neighbor peer-group internal neighbor peer-group internal neighbor remote-as 2222 neighbor remote-as 3333 no auto-summary Copyright 2001, Juniper Networks, Inc. 23

24 cisco_border#sh ip bgp nei adv BGP table version is 157, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> / i *> / i *>i i cisco_border# atomic-aggregate Origin igp cisco_border#sh ip bgp BGP routing table entry for /16, version 153 Paths: (1 available, best #1, table Default-IP-Routing-Table) Advertised to peer-groups: internal Advertised to non peer-group peers: Local, (aggregated by ) from ( ) Origin IGP, localpref 100, weight 32768, valid, aggregated, local, atomic-aggregate, best cisco_border# cisco_border#sh ip bgp BGP table version is 157, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path * i / i * i i *> i * i * i / i * i i * i *> i * i ? * i ? * ? *> ? *> / i s i / ? s>i ? s i / ? s>i ? *>i i Network Next Hop Metric LocPrf Weight Path * i i cisco_border# 24 Copyright 2001, Juniper Networks, Inc.

25 routing-options { aggregate { route /16;/* Aggregation of /16 if more specific exist in route-table */ router-id ; autonomous-system 1111; protocols { bgp { path-selection always-compare-med; traceoptions { file bgp; flag state; log-updown; group external { type external; local-address ; export ebgp; peer-as 2222; neighbor { peer-as 2222; neighbor { peer-as 3333; group internal { type internal; local-address ; export internal; neighbor ; neighbor ; policy-statement ebgp { term one { from { protocol aggregate; route-filter /16 exact; /* Aggregated route */ then accept; term two { from { route-filter /16 longer; /* Deny routes (suppress) with longer mask than /16 for prefix /16 */ then reject; Copyright 2001, Juniper Networks, Inc. 25

26 Originator run show route advertising-protocol bgp detail inet.0: 19 destinations, 19 routes (19 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path /16 (3 entries, 1 announced) BGP (External AS 3333) Nexthop: Self AS path:? <Originator> Cluster list: Originator ID: [edit] lunkan@lena# lunkan@lena> show route /16 detail all inet.0: 24 destinations, 24 routes (23 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both /16 (2 entries, 1 announced) *Aggregate Preference: 130 Next hop type: Reject State: <Active Int Ext> Age: 5d 0:42:08 Task: Aggregate Announcement bits (3): 0-KRT 4-BGP BGP_Sync_Any AS path:? <Originator> Cluster list: Originator ID: Flags: Depth: 0 Active AS path list: AS path:? <Originator> Cluster list: Originator ID: Refcount: 2 Contributing Routes (2): /32 proto BGP /32 proto BGP BGP Preference: 170/-101/* This route is from IOS border router and is ignored */ Source: Nexthop: via fxp0.0, selected State: <Int Ext> Inactive reason: Route Preference Local AS: 1111 Peer AS: 1111 Age: 46:30 Metric2: 10 Task: BGP_ AS path: I <Atomic Originator> Aggregator: Cluster list: Originator ID: /* IOS default change originate-id to itself */ BGP next hop: Localpref: 100 Router ID: Copyright 2001, Juniper Networks, Inc.

27 /32 (1 entry, 1 announced)/* This is the contributing route from IOS access router */ *BGP Preference: 170/-101 Source: Nexthop: via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 30:02 Metric: 0 Metric2: 20 Task: BGP_ Announcement bits (3): 0-KRT 3-Aggregate 5-BGP_Sync_Any AS path:? <Originator> /* Note IOS add Origin incomplete default for provision of routes*/ Cluster list: Originator ID: Communities: 1111:1 BGP next hop: Localpref: 100 Router ID: /32 (1 entry, 1 announced)/* This is the contributing route from IOS access router */ *BGP Preference: 170/-101 Source: Nexthop: via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 30:02 Metric: 0 Metric2: 20 Task: BGP_ Announcement bits (3): 0-KRT 3-Aggregate 5-BGP_Sync_Any AS path:? <Originator> /* Note IOS add Origin incomplete default for provision of routes*/ Cluster list: Originator ID: Communities: 1111:2 BGP next hop: Localpref: 100 Router ID: lunkan@lena> dummy#sh ip bgp BGP table version is 78, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> / i *> i *> / i * / ? /*JUNOS*/ *> I /*IOS*/ * / ? *> i *> / ? * ? *> / ? * ? dummy# Copyright 2001, Juniper Networks, Inc. 27

28 Originate Origin MED as-path Origin igp dummy#sh ip bgp BGP routing table entry for /16, version 77 Paths: (2 available, best #2, table Default-IP-Routing-Table) Flag: 0x208 Advertised to peer-groups: external from ( )/* JUNOS router */ Origin incomplete, localpref 100, valid, external 1111, (aggregated by )/* IOS router */ from ( ) Origin IGP, localpref 100, valid, external, atomic-aggregate, best routing-options aggregate atomic-aggregate aggregate [edit routing-options] show aggregate { route /16 { as-path { origin igp; atomic-aggregate; aggregator ; Origin igp atomic-aggregate aggregator AS router-id lunkan@lena# run show route /16 detail all inet.0: 24 destinations, 24 routes (23 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both /16 (2 entries, 1 announced) *Aggregate Preference: 130 Next hop type: Reject State: <Active Int Ext> Age: 5d 1:28:22 Task: Aggregate Announcement bits (3): 0-KRT 4-BGP BGP_Sync_Any AS path: I <Atomic> Aggregator: Flags: Depth: 0 Active Contributing Routes (2): /32 proto BGP /32 proto BGP 28 Copyright 2001, Juniper Networks, Inc.

29 BGP Preference: 170/-101 Source: Nexthop: via fxp0.0, selected State: <Int Ext> Inactive reason: Route Preference Local AS: 1111 Peer AS: 1111 Age: 30:02 Metric2: 10 Task: BGP_ AS path: I <Atomic Originator> Aggregator: Cluster list: Originator ID: BGP next hop: Localpref: 100 Router ID: /32 (1 entry, 1 announced) *BGP Preference: 170/-101 Source: Nexthop: via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 30:02 Metric: 0 Metric2: 20 Task: BGP_ Announcement bits (3): 0-KRT 3-Aggregate 5-BGP_Sync_Any AS path:? <Originator> Cluster list: Originator ID: Communities: 1111:1 BGP next hop: Localpref: 100 Router ID: /32 (1 entry, 1 announced) *BGP Preference: 170/-101 Source: Nexthop: via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 30:02 Metric: 0 Metric2: 20 Task: BGP_ Announcement bits (3): 0-KRT 3-Aggregate 5-BGP_Sync_Any AS path:? <Originator> Cluster list: Originator ID: Communities: 1111:2 BGP next hop: Localpref: 100 Router ID: [edit routing-options] lunkan@lena# Copyright 2001, Juniper Networks, Inc. 29

30 dummy#sh ip bgp BGP table version is 8, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> / i *> i *> / i *> / I/* JUNOS */ * I/* IOS */ *> / i * i *> / ? * ? *> / ? * ? dummy#sh ip bgp BGP routing table entry for /16, version 5 Paths: (2 available, best #1, table Default-IP-Routing-Table) Advertised to peer-groups: external 1111, (aggregated by )/* JUNOS */ from ( ) Origin IGP, localpref 100, valid, external, atomic-aggregate, best 1111, (aggregated by )/* IOS */ from ( ) Origin IGP, localpref 100, valid, external, atomic-aggregate 30 Copyright 2001, Juniper Networks, Inc.

31 routing-options { aggregate { route /24 policy deny_local; router-id ; autonomous-system 1111; protocols { bgp { advertise-inactive; log-updown; group external { type external; description to_ebgp-routers; local-address ; hold-time 180; damping; import ebgp_in; family inet { unicast { prefix-limit { maximum 100; teardown 70; any; export ebgp; peer-as 2222; neighbor { peer-as 3333; policy-options { policy-statement deny_local { term 1 { from interface lo0.0; then reject; Copyright 2001, Juniper Networks, Inc. 31

32 run show route detail inet.0: 27 destinations, 27 routes (25 active, 0 holddown, 2 hidden) + = Active Route, - = Last Active, * = Both /24 (1 entry, 1 announced) *Aggregate Preference: 130 Next hop type: Reject State: <Active Int Ext> Age: 18:14:13 Task: Aggregate Announcement bits (3): 0-KRT 4-BGP BGP_Sync_Any AS path: I Flags: Depth: 0 Active AS path list: AS path: I Refcount: 7 Contributing Routes (7): /32 proto IS-IS /32 proto IS-IS /32 proto IS-IS /32 proto IS-IS /32 proto IS-IS /32 proto IS-IS This example shows the local (direct) routes. Note /32 is a direct route. lunkan@junos_lena# run show route protocol direct inet.0: 27 destinations, 27 routes (25 active, 0 holddown, 2 hidden) + = Active Route, - = Last Active, * = Both /32 *[Direct/0] 1w4d 20:09:21 > via lo /28 *[Direct/0] 17:40:51 > via fxp /24 *[Direct/0] 1d 06:24:04 > via fxp Copyright 2001, Juniper Networks, Inc.

34 Provision and Prevention of Advertising Intra-AS Routes AS 1111 UNIX Access Lunkan M10 Ida M /24, no-export /24, 1111:10 Lena M40 2.2/16 Pagent AS /32, 1111: /32, 1111: /32, 1111: /32, 1111: /16, 1111: /16, 1111:6 Cisco_pop Cisco_core_rr Cisco_border Dummy 3.3/16 Plus Martians AS /24, no-export as-path MED community 34 Copyright 2001, Juniper Networks, Inc.

35 Manipulation of Announced Aggregate Updates AS 1111 UNIX Lunkan M /16 MED /16 MED 100 as-path /16 MED /16 MED 100 as-path Access Ida M20 Lena M40 Pagent AS /32, 1111: /32, 1111: /32, 1111: /32, 1111: /16, 1111: /16, 1111:6 Cisco_pop Cisco_core_rr Cisco_border /16 MED /16 MED 100 as-path /16 MED /16 MED 100 as-path Dummy AS 3333 community no-export router bgp 1111 no synchronization bgp router-id bgp cluster-id bgp log-neighbor-changes network route-map rfc1918 timers bgp redistribute connected neighbor internal_rr peer-group neighbor internal_rr remote-as 1111 neighbor internal_rr update-source Loopback0 neighbor internal_rr route-reflector-client neighbor internal_rr send-community neighbor internal_rr route-map rfc1918 out neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal send-community/* Send community */ neighbor internal route-map rfc1918 out/* Route-map out */ neighbor peer-group internal neighbor peer-group internal_rr Copyright 2001, Juniper Networks, Inc. 35

36 neighbor peer-group internal_rr neighbor peer-group internal_rr neighbor peer-group internal_rr no auto-summary ip bgp-community new-format access-list 1 permit /* Access-list that route-map use */ route-map rfc1918 permit 10/* Route-map mark route with no-export community */ match ip address 1 set community no-export community router bgp 1111 no synchronization bgp log-neighbor-changes timers bgp redistribute connected route-map access/* Route-map used for connected routes (loopbacks) */ redistribute static route-map static neighbor access peer-group neighbor access remote-as 1111 neighbor access update-source Loopback0 neighbor access send-community neighbor peer-group access neighbor peer-group access no auto-summary ip bgp-community new-format /* Route-map used for static routes */ access-list 1 permit /* Access-list that route-map uses */ access-list 2 permit access-list 3 permit access-list 4 permit access-list 5 permit access-list 6 permit route-map access permit 10/* Route-map that sets community for connected routes */ match ip address 1 set community 1111:1 route-map access permit 20 match ip address 2 set community 1111:2 route-map access permit 30 match ip address 3 set community 1111:3 36 Copyright 2001, Juniper Networks, Inc.

37 route-map access permit 40 match ip address 4 set community 1111:4 route-map static permit 10/* Route-map that set community for staticly routes */ match ip address 5 set community 1111:5 route-map static permit 20 match ip address 6 set community 1111:6 community cisco_access#sh ip bgp commun 1111:1 BGP table version is 12, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> / ? cisco_access#sh ip bgp commun 1111:2 BGP table version is 12, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> / ? cisco_access#sh ip bgp commun 1111:3 BGP table version is 12, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> / ? cisco_access#sh ip bgp commun 1111:4 BGP table version is 12, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> / ? cisco_access#sh ip bgp commun 1111:5 BGP table version is 12, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> / ? cisco_access#sh ip bgp commun 1111:6 BGP table version is 12, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> / ? Copyright 2001, Juniper Networks, Inc. 37

38 community no-export community routing-options { router-id ; autonomous-system 1111; protocols { bgp { traceoptions { file bgp; flag state; log-updown; group internal_rr { type internal; local-address ; export service;/* Export policy (for non-reflected routes) */ cluster ; neighbor { authentication-key "$9$.mT3ApBSrv9ApBRSMW"; neighbor { authentication-key "$9$h2PclM7-waZjX7-w2aiH"; neighbor ; neighbor ; group internal { type internal; local-address ; export service;/* Export policy (for non-reflected routes) */ neighbor ; policy-options { policy-statement service { term one { from { route-filter /24 exact; then { community add rfc1918; accept; term two { from { route-filter /24 exact; then { community add mcast; accept; community mcast members 1111:10; community rfc1918 members no-export; 38 Copyright 2001, Juniper Networks, Inc.

39 community run show route advertising-protocol bgp /24 detail inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path /24 (1 entry, 1 announced) BGP group type Internal AS 1111 Nexthop: Self Localpref: 100 AS path: I Communities: 1111:10 [edit] lunkan@lunkan# run show route advertising-protocol bgp /24 detail inet.0: 27 destinations, 27 routes (27 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path /24 (1 entry, 1 announced) BGP group type Internal AS 1111 Nexthop: Self Localpref: 100 AS path: I Communities: no-export [edit] lunkan@lunkan# MED as-path community community no-export router bgp 1111 no synchronization bgp router-id bgp log-neighbor-changes bgp deterministic-med bgp dampening route-map damp aggregate-address summary-only aggregate-address summary-only timers bgp neighbor internal peer-group neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal next-hop-self neighbor external peer-group neighbor external prefix-list martians in neighbor external route-map int_policy in neighbor external route-map ext_policy out /* Route-map (policy) applied to route... */ neighbor peer-group internal neighbor peer-group internal neighbor remote-as 2222 neighbor peer-group external neighbor remote-as 3333 neighbor peer-group external no auto-summary ip bgp-community new-format ip community-list 1 permit 1111:5 ip community-list 2 permit 1111:6 Copyright 2001, Juniper Networks, Inc. 39

40 access-list 10 permit access-list 20 permit route-map ext_policy permit 10 match ip address 10 /* Agggregate /16 are as-prep and get high (bad) MED */ set metric 100 set as-path prepend route-map ext_policy permit 20 match ip address 20/* Aggregate /16 get low (good) MED */ set metric 0 route-map ext_policy permit 30 match community 1 set metric 100 set as-path prepend /* /16 route with community 1111:5 get as-path prepend and high MED (bad) value */ route-map ext_policy permit 40 match community 2 /* /16 route with community 1111:6 get low MED (good) value */ set metric 0 route-map ext_policy deny 50 community cisco_border#sh ip bgp comm 1111:1 BGP table version is 17, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path s>i / ? cisco_border# cisco_border#sh ip bgp comm 1111:2 BGP table version is 17, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path s>i / ? cisco_border# cisco_border#sh ip bgp comm 1111:3 BGP table version is 17, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path s>i / ? cisco_border# cisco_border#sh ip bgp comm 1111:4 BGP table version is 17, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path s>i / ? cisco_border# 40 Copyright 2001, Juniper Networks, Inc.

41 community cisco_border#sh ip bgp com 1111:10 BGP table version is 18, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *>i / i cisco_border# no-export community cisco_border#sh ip bgp comm no-export BGP table version is 19, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *>i i *>i i * i i cisco_border# community MED as-path cisco_border#sh ip bgp comm 1111:5 BGP table version is 17, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *>i / ? cisco_border# cisco_border#sh ip bgp comm 1111:6 BGP table version is 17, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *>i / ? cisco_border# cisco_border#sh ip bgp nei adv BGP table version is 17, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> / i *> / i *>i / ? *>i / ? cisco_border# Copyright 2001, Juniper Networks, Inc. 41

42 routing-options { aggregate { route /16 { as-path { origin igp; atomic-aggregate; aggregator ; route /16 { as-path { origin igp; atomic-aggregate; aggregator ; router-id ; autonomous-system 1111; protocols { bgp { traceoptions { file bgp; flag damping detail; log-updown; group external { type external; local-address ; damping; import ebgp_in; export ebgp; /* Policy used for EBGP peering */ neighbor { peer-as 2222; neighbor { peer-as 3333; group internal { type internal; local-address ; export internal; neighbor { authentication-key "$9$0UylORSvWxwYoevWx-waJ"; neighbor ; policy-options { policy-statement ebgp { term two {/* Agggregate /16 are as-prep and get high (bad) MED */ from { route-filter /16 exact; then { metric 100; as-path-prepend " "; accept; 42 Copyright 2001, Juniper Networks, Inc.

43 term three {/* Aggregate /16 get low (good) MED */ from { route-filter /16 exact; then { metric 0; accept; term four {/* /16 route with community 1111:5 get as-path prepend and high MED (bad) value */ from community bad; then { metric 100; as-path-prepend " "; accept; term five {/* /16 route with community 1111:6 get low MED (good) value */ from community good; then { metric 0; accept; term last { then reject; community bad members 1111:6; community good members 1111:5; Copyright 2001, Juniper Networks, Inc. 43

44 community show route community 1111:1 inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both /32 *[BGP/170] 01:55:38, MED 0, localpref 100, from AS path:? > to via fxp0.0 to via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both lunkan@lena> show route community 1111:2 inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both /32 *[BGP/170] 01:55:41, MED 0, localpref 100, from AS path:? to via fxp0.0 > to via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both lunkan@lena> show route community 1111:3 inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both /32 *[BGP/170] 01:55:43, MED 0, localpref 100, from AS path:? > to via fxp0.0 to via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both lunkan@lena> show route community 1111:4 inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both /32 *[BGP/170] 01:55:45, MED 0, localpref 100, from AS path:? > to via fxp0.0 to via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both community lunkan@lena> show route community 1111:10 inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both /24 *[BGP/170] 00:22:42, localpref 100, from AS path: I > to via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 44 Copyright 2001, Juniper Networks, Inc.

45 show route community no-export inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both /24 *[BGP/170] 02:03:04, localpref 100, from AS path: I > to via fxp /24 *[BGP/170] 02:03:07, MED 0, localpref 100, from AS path: I > to via fxp0.0 [BGP/170] 02:03:04, MED 0, localpref 100, from AS path: I > to via fxp0.0 iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both community MED as-path lunkan@lena> show route community 1111:5 detail inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both /16 (1 entry, 1 announced) *BGP Preference: 170/-101 Source: Nexthop: via fxp0.0 Nexthop: via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 1:59:26 Metric: 0 Metric2: 20 Task: BGP_ Announcement bits (3): 0-KRT 4-BGP BGP_Sync_Any AS path:? <Originator> Cluster list: Originator ID: Communities: 1111:5 BGP next hop: Localpref: 100 Router ID: iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both lunkan@lena> show route community 1111:6 detail inet.0: 28 destinations, 28 routes (26 active, 0 holddown, 4 hidden) + = Active Route, - = Last Active, * = Both /16 (1 entry, 1 announced) *BGP Preference: 170/-101 Source: Nexthop: via fxp0.0, selected Nexthop: via fxp0.0 State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 1:59:33 Metric: 0 Metric2: 20 Task: BGP_ Announcement bits (3): 0-KRT 4-BGP BGP_Sync_Any Copyright 2001, Juniper Networks, Inc. 45

46 AS path:? <Originator> Cluster list: Originator ID: Communities: 1111:6 BGP next hop: Localpref: 100 Router ID: iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both lunkan@lena> show route advertising-protocol bgp inet.0: 28 destinations, 28 routes (25 active, 0 holddown, 7 hidden) Prefix Nexthop MED Lclpref AS path /16 Self 0 I /16 Self [1111] I /16 Self 0? /16 Self [1111]? lunkan@lena> MED as-path pagent#sh ip bgp BGP table version is 13, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i -internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> i *> / i *> / i *> ? *> / i * i * i *> / i * i * i *> / ? * ? * ? *> / ? * ? * ? pagent# 46 Copyright 2001, Juniper Networks, Inc.

47 as-path MED pagent#sh ip ro Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route S C /8 is variably subnetted, 2 subnets, 2 masks /16 is directly connected, Null /32 is directly connected, Loopback /16 is subnetted, 2 subnets B [20/0] via , 00:21:51/* JUNOS */ B [20/0] via , 00:21:37/* IOS */ /16 is subnetted, 1 subnets B [20/1] via , 00:21:56 C /24 is directly connected, Ethernet /16 is subnetted, 1 subnets B [20/0] via , 00:21:53/* JUNOS */ B /8 [20/1] via , 00:21:57 B* /0 [20/1] via , 00:21:58 B /16 [20/0] via , 00:21:39/* IOS */ pagent# Copyright 2001, Juniper Networks, Inc. 47

48 local-preference Controlling Traffic Out from an AS AS 1111 UNIX Lunkan Access M10 Ida M20 2.2/16, Local-pref /16, Local-pref 100 Lena M40 2.2/16, as-path 2222 Pagent AS 2222 Cisco_pop 3.3/16, Local pref /16. Local pref 100 Cisco_border Dummy AS 3333 Cisco_core_rr 3.3/16, as-path 3333 Plus Martians 48 Copyright 2001, Juniper Networks, Inc.

49 local-preference router bgp 1111 no synchronization bgp router-id bgp log-neighbor-changes bgp deterministic-med bgp dampening route-map damp aggregate-address summary-only aggregate-address summary-only timers bgp neighbor internal peer-group/* Internal peer grp */ neighbor internal remote-as 1111 neighbor internal update-source Loopback0 neighbor internal next-hop-self/* Source-address for BGP next hop is router lo0 */ neighbor external peer-group/* external peer grp */ neighbor external soft-reconfiguration inbound neighbor external prefix-list martians in neighbor external route-map int_policy in /* Route-map applied for receiving updates */ neighbor external route-map ext_policy out neighbor peer-group internal neighbor peer-group internal neighbor remote-as 2222 neighbor peer-group external neighbor remote-as 3333 neighbor peer-group external no auto-summary ip as-path access-list 1 permit ^3333$ /* as-path used (routes originate in AS 3333 one hop away) */ route-map int_policy permit 10 match as-path 1 set local-preference 101/* Local-preference for routes from as-path defined above */ route-map int_policy permit 20 as-path local-preference cisco_border#sh ip bgp reg ^3333$ BGP table version is 25, local router ID is Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP,? - incomplete Network Next Hop Metric LocPrf Weight Path *> / i cisco_border# Copyright 2001, Juniper Networks, Inc. 49

50 local-preference routing-options { aggregate { route /16 { as-path { origin igp; atomic-aggregate; aggregator ; route /16 { as-path { origin igp; atomic-aggregate; aggregator ; router-id ; autonomous-system 1111; protocols { bgp { traceoptions { file bgp; flag route receive; flag damping; flag state; group external {/* External peer grp */ type external; local-address ; damping; import ebgp_in;/* Policy applied to incoming route updates */ family inet { unicast { prefix-limit { maximum 100; teardown 70; export ebgp; neighbor { peer-as 2222; neighbor { peer-as 3333; group internal {/* Internal peer grp */ type internal; local-address ; export internal;/* Policy applied to advertised updates */ neighbor { authentication-key "$9$4ToGiP5FApB.P5F6A1I"; neighbor ; policy-options { policy-statement internal { term one { then { next-hop self;/* Source-address for BGP next hop is router lo0 */ 50 Copyright 2001, Juniper Networks, Inc.

51 policy-statement ebgp_in { term 1918 { from { route-filter /0 exact; route-filter /8 orlonger; route-filter /8 orlonger; route-filter /16 orlonger; then reject; term local_pref { from as-path from_pagent; then { local-preference 101;/* Local-precedence for routes from as-path defined below */ term no_damp { from { route-filter /24 exact; route-filter /16 exact; route-filter /24 exact; route-filter /16 exact; route-filter /24 exact; route-filter /23 exact; route-filter /16 exact; route-filter /24 exact; route-filter /24 exact; route-filter /24 exact; route-filter /24 exact; then { damping no; accept; term damp { then damping yes; as-path from_pagent 2222;/* as-path used (routes originate in AS 2222 one hop away) */ damping no { disable; damping yes { half-life 15; reuse 750; suppress 2000; max-suppress 60; Copyright 2001, Juniper Networks, Inc. 51

52 local-preference run show route aspath-regex "2222" detail inet.0: 23 destinations, 23 routes (23 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both /16 (2 entries, 1 announced) *BGP Preference: 170/-102 Nexthop: via fxp1.0, selected State: <Active Ext> Local AS: 1111 Peer AS: 2222 Age: 56 Metric: 0 Task: BGP_ Announcement bits (3): 0-KRT 4-BGP BGP_Sync_Any AS path: 2222 I Localpref: 101 Router ID: iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both local-preference as-path lunkan@lunkan> show route all detail inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both /16 (1 entry, 1 announced) *BGP Preference: 170/-102 Source: Nexthop: via fxp0.0, selected State: <Active Int Ext> Local AS: 1111 Peer AS: 1111 Age: 5:25 Metric: 0 Metric2: 10 Task: BGP_ Announcement bits (3): 0-KRT 3-BGP BGP_Sync_Any AS path: 2222 I BGP next hop: Localpref: 101 Router ID: lunkan@lunkan> show route all detail inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 52 Copyright 2001, Juniper Networks, Inc.

すべて見る

宛先変更のトラブルシューティング

宛先変更のトラブルシューティング APPENDIX B この付録では Guard の宛先変更元ルータ (Cisco および Juniper) に関連する宛先変更問題を解決するためのトラブルシューティング手順を示します次の手順について説明します Guard のルーティングと宛先変更元ルータの設定確認 Guard と宛先変更元ルータ間の BGP セッションの設定確認宛先変更元ルータのレコードの確認 B-1 Guard のルーティングと宛先変更元ルータの設定確認