Home Lab – NSX 6.2.4 ESG DLR Routing dynamiczny BGP

W poprzednich wpisach konfigurowaliśmy ESG i DLR. Dziś natomiat będziemy konfigurować routing dynamiczny z wykorzystaniem protokołu BGP oraz ECMP.

Rysunek poglądowy

home_lab

 

Konfiguracja BGP na DLR

Przechodzimy do naszego DLR w panelu NSX’a

ospf01

wybieramy edge-6 w nowym oknie przechodzimy do Manage zakładka Routing i Global Configuration

r_dyn10

w kroku 1 włączamy ECMP, a w kroku 2 nadajemy Router ID – w tym celu klikamy Edit, gdzie w nowym oknie z listy rozwijanej wybieramy IP, które będzie parametrem Router ID

r_dyn11

klikamy OK i publikujemy zmiany klikając Publish Changes

r_dyn12

w kolejnym etapie przechodzimy do zakładki Routing

r_dyn01

gdzie w kroku 1 ustawiamy Local AS oraz włączamy BGP (w tym celu klikamy EDIT i konfigurujemy) ważne aby przy ECMP wyłączyć Enable Graceful Restart

r_dyn02

w 2 kroku jest konfiguracja peerów BGP – w tym celu klikamy plusik zielony, po czym dostajemy okno gdzie, konfigurujemy

IP Address – jest to adres peera, z którym będzie nawiązywana sesja BGP

Forwarding Address – jest to ip naszego DLRa

Protocol Address – tu wpisujemy wolny ip z tej samej podsieci co wcześniejszy adres, do tego adresu będziemy nawiązywać sesję BGP z ESG

Remote AS – numer AS dla peera, do którego będziemy się łączyć

r_dyn03

powtarzamy krok dla drugiego zestawu połączeń

r_dyn04

po kliknięciu ok i publikacji konfiguracji

r_dyn05

w kolejnym etapie przechodzimy do  Route Redistribution, gdzie włączymy krok 1 (redystrybucję sieci) oraz w kroku 2 zdefiniujemy co ma być wysyłane.

r_dyn06

Klikając Edit otworzy się nam okno, w którym zaznaczamy dla którego protokołu ma odbywać się redystrybucja

r_dyn07

Klikając plusik zielony otworzy się nam okno, w którym w zmieniamy Learner Protocol – wybieramy tu BGP oraz w Allow learning from i wybieramy Connected

r_dyn08

po zakończeniu publikujemy zmiany

r_dyn09

 

Konfiguracja BGP na ESG

przechodzimy do naszego ESG wybierając edge-3

ospf01

gdzie przechodzimy do Manage i Routing, gdzie w Global Configuration:

r_dyn13

włączamy ECMP w kroku 1, a następnie nadajemy router id (krok 2)

r_dyn14

zatwierdzamy ok i następnie publikujemy zmiany klikając na Publish Changes

r_dyn15

następnie przechodzimy do BGP,

r_dyn16

gdzie w kroku 1 włączamy BGP, nadajemy Local AS  oraz odznaczenie opcji Enable Graceful Restart

r_dyn25

w kroku 2 konfigurujemy peeringi BGP z DLR i Vyosem klikając na zielony plusik (krok2)

r_dyn18

Drugie połączenie do DLR’a:

r_dyn19

vyos

r_dyn20

po publikacji zamian przechodzimy do Route Redistribution, gdzie

r_dyn21

w kroku 1 włączamy redystrybucję w protokole BGP

r_dyn22

w kroku 2 zdefiniujemy jakie sieci mają być wysyłane

r_dyn23

Po kliknięciu ok publikujemy zmiany

r_dyn24

Konfiguracja BGP na VYOS’a

ważne założenie, VYOS będzie wysyłać trasę domyślną w dół naszej sieci czyli do ESG

[edit]
vyos@vyos01# set protocols bgp 65002 neighbor 10.20.200.254 default-originate
[edit]
vyos@vyos01# set protocols bgp 65002 neighbor 10.20.200.254 ebgp-multihop 2
[edit]
vyos@vyos01# set protocols bgp 65002 neighbor 10.20.200.254 remote-as 65001
[edit]
vyos@vyos01# set protocols bgp 65002 neighbor 10.20.200.254 update-source 10.20.200.1

wykonujemy commit

[edit]
vyos@vyos01# commit

 

Weryfikacja

DLR

wyświetlamy tablicę routingu

dlr01-0> show ip route 

Codes: O - OSPF derived, i - IS-IS derived, B - BGP derived,
C - connected, S - static, L1 - IS-IS level-1, L2 - IS-IS level-2,
IA - OSPF inter area, E1 - OSPF external type 1, E2 - OSPF external type 2,
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

Total number of routes: 7

B       0.0.0.0/0            [200/0]       via 10.100.10.1     
B       0.0.0.0/0            [200/0]       via 10.100.11.1     
B       10.20.200.0/24       [200/0]       via 10.100.10.1     
B       10.20.200.0/24       [200/0]       via 10.100.11.1     
C       10.100.10.0/24       [0/0]         via 10.100.10.15    
C       10.100.11.0/24       [0/0]         via 10.100.11.15    
C       172.16.10.0/24       [0/0]         via 172.16.10.1     
C       172.16.11.0/24       [0/0]         via 172.16.11.1     
C       172.16.12.0/24       [0/0]         via 172.16.12.1

wyświetlamy sesje BGP

dlr01-0> show ip bgp neighbors 

BGP neighbor is 10.100.10.1,   remote AS 65001,
BGP state = Established, up
Hold time is 180, Keep alive interval is 60 seconds
Neighbor capabilities:
         Route refresh: advertised and received 
         Address family IPv4 Unicast:advertised and received
         Graceful restart Capability:advertised and received 
                 Restart remain time: 0
Received 503 messages, Sent 499 messages
Default minimum time between advertisement runs is 30 seconds
For Address family IPv4 Unicast:advertised and received
         Index 1 Identifier 0xba9eaac
         Route refresh request:received 0 sent 0
         Prefixes received 4 sent 5 advertised 5
Connections established 2, dropped 7
Local host: 10.100.10.15, Local port: 179
Remote host: 10.100.10.1, Remote port: 48019


BGP neighbor is 10.100.11.1,   remote AS 65001,
BGP state = Established, up
Hold time is 180, Keep alive interval is 60 seconds
Neighbor capabilities:
         Route refresh: advertised and received 
         Address family IPv4 Unicast:advertised and received
         Graceful restart Capability:advertised and received 
                 Restart remain time: 0
Received 474 messages, Sent 471 messages
Default minimum time between advertisement runs is 30 seconds
For Address family IPv4 Unicast:advertised and received
         Index 2 Identifier 0xba9eaac
         Route refresh request:received 0 sent 0
         Prefixes received 4 sent 5 advertised 5
Connections established 2, dropped 7
Local host: 10.100.11.15, Local port: 179
Remote host: 10.100.11.1, Remote port: 18549

ESG

wyświetlamy tablicę routingu

esg01-0> show ip route 

Codes: O - OSPF derived, i - IS-IS derived, B - BGP derived,
C - connected, S - static, L1 - IS-IS level-1, L2 - IS-IS level-2,
IA - OSPF inter area, E1 - OSPF external type 1, E2 - OSPF external type 2,
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

Total number of routes: 7

B       0.0.0.0/0            [20/0]        via 10.20.200.1     
C       10.20.200.0/24       [0/0]         via 10.20.200.253   
C       10.20.200.0/24       [0/0]         via 10.20.200.254   
C       10.100.10.0/24       [0/0]         via 10.100.10.1     
C       10.100.11.0/24       [0/0]         via 10.100.11.1     
B       172.16.10.0/24       [200/0]       via 10.100.10.10    
B       172.16.10.0/24       [200/0]       via 10.100.11.10    
B       172.16.11.0/24       [200/0]       via 10.100.10.10    
B       172.16.11.0/24       [200/0]       via 10.100.11.10    
B       172.16.12.0/24       [200/0]       via 10.100.10.10    
B       172.16.12.0/24       [200/0]       via 10.100.11.10

wyświetlamy sesje BGP

esg01-0> show ip bgp neighbors 

BGP neighbor is 10.20.200.1,   remote AS 65002,
BGP state = Established, up
Hold time is 180, Keep alive interval is 60 seconds
Neighbor capabilities:
         Route refresh: advertised and received 
         Address family IPv4 Unicast:advertised and received
         Graceful restart Capability:none 
                 Restart remain time: 0
Received 33 messages, Sent 36 messages
Default minimum time between advertisement runs is 30 seconds
For Address family IPv4 Unicast:advertised and received
         Index 4 Identifier 0x691bb04c
         Route refresh request:received 0 sent 0
         Prefixes received 1 sent 6 advertised 6
Connections established 1, dropped 1
Local host: 10.20.200.254, Local port: 179
Remote host: 10.20.200.1, Remote port: 49873


BGP neighbor is 10.100.10.15,   remote AS 65001,
BGP state = Established, up
Hold time is 180, Keep alive interval is 60 seconds
Neighbor capabilities:
         Route refresh: advertised and received 
         Address family IPv4 Unicast:advertised and received
         Graceful restart Capability:advertised and received 
                 Restart remain time: 0
Received 41 messages, Sent 42 messages
Default minimum time between advertisement runs is 30 seconds
For Address family IPv4 Unicast:advertised and received
         Index 2 Identifier 0x691bb04c
         Route refresh request:received 0 sent 0
         Prefixes received 5 sent 4 advertised 4
Connections established 1, dropped 1
Local host: 10.100.10.1, Local port: 48019
Remote host: 10.100.10.15, Remote port: 179


BGP neighbor is 10.100.11.15,   remote AS 65001,
BGP state = Established, up
Hold time is 180, Keep alive interval is 60 seconds
Neighbor capabilities:
         Route refresh: advertised and received 
         Address family IPv4 Unicast:advertised and received
         Graceful restart Capability:advertised and received 
                 Restart remain time: 0
Received 42 messages, Sent 41 messages
Default minimum time between advertisement runs is 30 seconds
For Address family IPv4 Unicast:advertised and received
         Index 3 Identifier 0x691bb04c
         Route refresh request:received 0 sent 0
         Prefixes received 5 sent 4 advertised 4
Connections established 1, dropped 1
Local host: 10.100.11.1, Local port: 18549
Remote host: 10.100.11.15, Remote port: 179

VYOS

wyświetlamy tablicę routingu

vyos@vyos01:~$ show ip route 
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

S>* 0.0.0.0/0 [1/0] via 192.168.0.1, eth0
C>* 10.10.0.0/24 is directly connected, eth1
C>* 10.20.0.0/24 is directly connected, eth2.10
C>* 10.20.100.0/24 is directly connected, eth2.100
B   10.20.200.0/24 [20/0] via 10.20.200.254 inactive, 00:27:53
O   10.20.200.0/24 [110/10] is directly connected, eth4, 2d10h30m
C>* 10.20.200.0/24 is directly connected, eth4
C>* 10.30.0.0/24 is directly connected, eth3.10
C>* 10.30.100.0/24 is directly connected, eth3.100
C>* 10.30.200.0/24 is directly connected, eth3.200
B   10.100.10.0/24 [20/0] via 10.20.200.254, 00:27:53
S>* 10.100.10.0/24 [1/0] via 10.20.200.254, eth4
B>* 10.100.11.0/24 [20/0] via 10.20.200.254, eth4, 00:27:53
C>* 127.0.0.0/8 is directly connected, lo
B>* 172.16.10.0/24 [20/0] via 10.20.200.254, eth4, 00:27:53
B>* 172.16.11.0/24 [20/0] via 10.20.200.254, eth4, 00:27:53
B>* 172.16.12.0/24 [20/0] via 10.20.200.254, eth4, 00:27:53
C>* 192.168.0.0/24 is directly connected, eth0

wyświetlamy sesje BGP

vyos@vyos01:~$ show ip bgp neighbors 
BGP neighbor is 10.20.200.254, remote AS 65001, local AS 65002, external link
  BGP version 4, remote router ID 10.20.200.254
  BGP state = Established, up for 00:28:31
  Last read 16:00:06, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    4 Byte AS: advertised
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
    Graceful Restart Capabilty: received
      Remote Restart timer is 120 seconds
      Address families by peer:
        IPv4 Unicast(not preserved)
  Graceful restart informations:
    End-of-RIB send: IPv4 Unicast
    End-of-RIB received: IPv4 Unicast
  Message statistics:
    Inq depth is 0
    Outq depth is 0
                         Sent       Rcvd
    Opens:                  7          4
    Notifications:          0          4
    Updates:                8         12
    Keepalives:          2046       2341
    Route Refresh:          0          2
    Capability:             0          0
    Total:               2061       2363
  Minimum time between advertisement runs is 30 seconds
  Update source is 10.20.200.1

 For address family: IPv4 Unicast
  Community attribute sent to this neighbor(both)
  Default information originate, default sent
  6 accepted prefixes

  Connections established 3; dropped 2
  Last reset 00:28:34, due to Peer closed the session
  External BGP neighbor may be up to 3 hops away.
Local host: 10.20.200.1, Local port: 49873
Foreign host: 10.20.200.254, Foreign port: 179
Nexthop: 10.20.200.1
Nexthop global: fe80::20c:29ff:fe2f:cb93
Nexthop local: ::
BGP connection: non shared network
Read thread: on  Write thread: off

Hosty ESX, które dostają tablicę routingu od DLR’a co możemy też sprawdzić:

[root@esx04:~] net-vdr --instance -l

VDR Instance Information :
---------------------------

Vdr Name:                   default+edge-6
Vdr Id:                     0x00002710
Number of Lifs:             5
Number of Routes:           7
State:                      Enabled  
Controller IP:              10.20.0.70
Control Plane IP:           10.20.0.14
Control Plane Active:       Yes
Num unique nexthops:        2
Generation Number:          0
Edge Active:                Yes

tu sprawdzamy nazwę vdr Name i wykonujemy kolejne polecenie

[root@esx04:~] net-vdr -l --route default+edge-6

VDR default+edge-6 Route Table
Legend: [U: Up], [G: Gateway], [C: Connected], [I: Interface]
Legend: [H: Host], [F: Soft Flush] [!: Reject] [E: ECMP]

Destination      GenMask          Gateway          Flags    Ref Origin   UpTime     Interface
-----------      -------          -------          -----    --- ------   ------     ---------
0.0.0.0          0.0.0.0          10.100.10.1      UGE      1   AUTO     2116       271000000002
0.0.0.0          0.0.0.0          10.100.11.1      UGE      1   AUTO     2116       271000000003
10.20.200.0      255.255.255.0    10.100.10.1      UGE      1   AUTO     2803       271000000002
10.20.200.0      255.255.255.0    10.100.11.1      UGE      1   AUTO     2803       271000000003
10.100.10.0      255.255.255.0    0.0.0.0          UCI      1   MANUAL   214412     271000000002
10.100.11.0      255.255.255.0    0.0.0.0          UCI      1   MANUAL   214412     271000000003
172.16.10.0      255.255.255.0    0.0.0.0          UCI      1   MANUAL   214412     27100000000a
172.16.11.0      255.255.255.0    0.0.0.0          UCI      1   MANUAL   214412     27100000000b
172.16.12.0      255.255.255.0    0.0.0.0          UCI      1   MANUAL   214412     27100000000c

z poziomu hostów sprawdzamy połączenie ze światem

host o IP 172.16.10.10

root@photon-2a361e5d20ff [ ~ ]# ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:50:56:bb:e0:d9  
          inet addr:172.16.10.10  Bcast:172.16.10.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:febb:e0d9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4434 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6338 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1284109 (1.2 MB)  TX bytes:1862815 (1.8 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:163 errors:0 dropped:0 overruns:0 frame:0
          TX packets:163 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:12499 (12.4 KB)  TX bytes:12499 (12.4 KB)

root@photon-2a361e5d20ff [ ~ ]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=43 time=31.2 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=43 time=30.0 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 30.080/30.689/31.299/0.634 ms
root@photon-2a361e5d20ff [ ~ ]# tracepath 8.8.8.8
 1?: [LOCALHOST]                                         pmtu 1500
 1:  172.16.10.1                                           0.364ms asymm 64 
 1:  172.16.10.1                                           0.173ms asymm 64 
 2:  10.100.11.1                                           0.739ms 
 3:  10.20.200.1                                           0.825ms 
 4:  192.168.0.1                                           0.978ms 
 5:  192.168.1.1                                           1.140ms 
 6:  no reply
 7:  89-76-12-219.infra.chello.pl                         10.384ms 
 8:  pl-waw26b-rc1-ae14-2163.aorta.net                     9.531ms asymm 11 
 9:  pl-waw26b-ri1-ae2-0.aorta.net                        10.984ms 
^C
root@photon-2a361e5d20ff [ ~ ]#

z hosta 172.16.11.10

root@photon-8c1be0f336b5 [ ~ ]# ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:50:56:82:3b:3e  
          inet addr:172.16.11.10  Bcast:172.16.11.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe82:3b3e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1006 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6018 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:292093 (292.0 KB)  TX bytes:1469873 (1.4 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:172 errors:0 dropped:0 overruns:0 frame:0
          TX packets:172 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:211168 (211.1 KB)  TX bytes:211168 (211.1 KB)

root@photon-8c1be0f336b5 [ ~ ]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=43 time=30.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=43 time=30.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=43 time=29.4 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 29.441/30.284/30.776/0.598 ms
root@photon-8c1be0f336b5 [ ~ ]# tracepath 8.8.8.8
 1?: [LOCALHOST]                                         pmtu 1500
 1:  172.16.11.1                                           0.315ms asymm 64 
 1:  172.16.11.1                                           0.182ms asymm 64 
 2:  10.100.11.1                                           0.635ms 
 3:  10.20.200.1                                           0.876ms 
 4:  192.168.0.1                                           0.966ms 
 5:  192.168.1.1                                           1.124ms 
 6:  no reply
 7:  89-76-12-219.infra.chello.pl                         10.384ms 
 8:  pl-waw26b-rc1-ae14-2163.aorta.net                    10.093ms asymm 11 
 9:  pl-waw26b-ri1-ae2-0.aorta.net                         9.209ms 
10:  no reply
^C
root@photon-8c1be0f336b5 [ ~ ]# 

Jak widać hosty mają komunikację ze światem.
Mam nadzieję, że komuś się przydał ten wpis 🙂

Pasjonat komputerowy od zawsze oraz maniak w zakresie sieci, wirtualizacji oraz bezpieczeństwa IT. Kompetentny inżynier z dużym doświadczeniem w realizacji projektów informatycznych i telekomunikacyjnych. Wieloletni administrator IT, który utrzymuje systemy informatyczne dostosowując je do wymogów biznesowych z zapewnieniem dostępności 24/7/365.
Posts created 126

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top