W poprzednich wpisach konfigurowaliśmy ESG i DLR. Dziś natomiat będziemy konfigurować routing dynamiczny z wykorzystaniem protokołu BGP oraz ECMP.
Rysunek poglądowy
Konfiguracja BGP na DLR
Przechodzimy do naszego DLR w panelu NSX’a
wybieramy edge-6 w nowym oknie przechodzimy do Manage zakładka Routing i Global Configuration
w kroku 1 włączamy ECMP, a w kroku 2 nadajemy Router ID – w tym celu klikamy Edit, gdzie w nowym oknie z listy rozwijanej wybieramy IP, które będzie parametrem Router ID
klikamy OK i publikujemy zmiany klikając Publish Changes
w kolejnym etapie przechodzimy do zakładki Routing
gdzie w kroku 1 ustawiamy Local AS oraz włączamy BGP (w tym celu klikamy EDIT i konfigurujemy) ważne aby przy ECMP wyłączyć Enable Graceful Restart
w 2 kroku jest konfiguracja peerów BGP – w tym celu klikamy plusik zielony, po czym dostajemy okno gdzie, konfigurujemy
IP Address – jest to adres peera, z którym będzie nawiązywana sesja BGP
Forwarding Address – jest to ip naszego DLRa
Protocol Address – tu wpisujemy wolny ip z tej samej podsieci co wcześniejszy adres, do tego adresu będziemy nawiązywać sesję BGP z ESG
Remote AS – numer AS dla peera, do którego będziemy się łączyć
powtarzamy krok dla drugiego zestawu połączeń
po kliknięciu ok i publikacji konfiguracji
w kolejnym etapie przechodzimy do Route Redistribution, gdzie włączymy krok 1 (redystrybucję sieci) oraz w kroku 2 zdefiniujemy co ma być wysyłane.
Klikając Edit otworzy się nam okno, w którym zaznaczamy dla którego protokołu ma odbywać się redystrybucja
Klikając plusik zielony otworzy się nam okno, w którym w zmieniamy Learner Protocol – wybieramy tu BGP oraz w Allow learning from i wybieramy Connected
po zakończeniu publikujemy zmiany
Konfiguracja BGP na ESG
przechodzimy do naszego ESG wybierając edge-3
gdzie przechodzimy do Manage i Routing, gdzie w Global Configuration:
włączamy ECMP w kroku 1, a następnie nadajemy router id (krok 2)
zatwierdzamy ok i następnie publikujemy zmiany klikając na Publish Changes
następnie przechodzimy do BGP,
gdzie w kroku 1 włączamy BGP, nadajemy Local AS oraz odznaczenie opcji Enable Graceful Restart
w kroku 2 konfigurujemy peeringi BGP z DLR i Vyosem klikając na zielony plusik (krok2)
Drugie połączenie do DLR’a:
vyos
po publikacji zamian przechodzimy do Route Redistribution, gdzie
w kroku 1 włączamy redystrybucję w protokole BGP
w kroku 2 zdefiniujemy jakie sieci mają być wysyłane
Po kliknięciu ok publikujemy zmiany
Konfiguracja BGP na VYOS’a
ważne założenie, VYOS będzie wysyłać trasę domyślną w dół naszej sieci czyli do ESG
[edit] vyos@vyos01# set protocols bgp 65002 neighbor 10.20.200.254 default-originate [edit] vyos@vyos01# set protocols bgp 65002 neighbor 10.20.200.254 ebgp-multihop 2 [edit] vyos@vyos01# set protocols bgp 65002 neighbor 10.20.200.254 remote-as 65001 [edit] vyos@vyos01# set protocols bgp 65002 neighbor 10.20.200.254 update-source 10.20.200.1
wykonujemy commit
[edit] vyos@vyos01# commit
Weryfikacja
DLR
wyświetlamy tablicę routingu
dlr01-0> show ip route Codes: O - OSPF derived, i - IS-IS derived, B - BGP derived, C - connected, S - static, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - OSPF inter area, E1 - OSPF external type 1, E2 - OSPF external type 2, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 Total number of routes: 7 B 0.0.0.0/0 [200/0] via 10.100.10.1 B 0.0.0.0/0 [200/0] via 10.100.11.1 B 10.20.200.0/24 [200/0] via 10.100.10.1 B 10.20.200.0/24 [200/0] via 10.100.11.1 C 10.100.10.0/24 [0/0] via 10.100.10.15 C 10.100.11.0/24 [0/0] via 10.100.11.15 C 172.16.10.0/24 [0/0] via 172.16.10.1 C 172.16.11.0/24 [0/0] via 172.16.11.1 C 172.16.12.0/24 [0/0] via 172.16.12.1
wyświetlamy sesje BGP
dlr01-0> show ip bgp neighbors BGP neighbor is 10.100.10.1, remote AS 65001, BGP state = Established, up Hold time is 180, Keep alive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received Address family IPv4 Unicast:advertised and received Graceful restart Capability:advertised and received Restart remain time: 0 Received 503 messages, Sent 499 messages Default minimum time between advertisement runs is 30 seconds For Address family IPv4 Unicast:advertised and received Index 1 Identifier 0xba9eaac Route refresh request:received 0 sent 0 Prefixes received 4 sent 5 advertised 5 Connections established 2, dropped 7 Local host: 10.100.10.15, Local port: 179 Remote host: 10.100.10.1, Remote port: 48019 BGP neighbor is 10.100.11.1, remote AS 65001, BGP state = Established, up Hold time is 180, Keep alive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received Address family IPv4 Unicast:advertised and received Graceful restart Capability:advertised and received Restart remain time: 0 Received 474 messages, Sent 471 messages Default minimum time between advertisement runs is 30 seconds For Address family IPv4 Unicast:advertised and received Index 2 Identifier 0xba9eaac Route refresh request:received 0 sent 0 Prefixes received 4 sent 5 advertised 5 Connections established 2, dropped 7 Local host: 10.100.11.15, Local port: 179 Remote host: 10.100.11.1, Remote port: 18549
ESG
wyświetlamy tablicę routingu
esg01-0> show ip route Codes: O - OSPF derived, i - IS-IS derived, B - BGP derived, C - connected, S - static, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - OSPF inter area, E1 - OSPF external type 1, E2 - OSPF external type 2, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 Total number of routes: 7 B 0.0.0.0/0 [20/0] via 10.20.200.1 C 10.20.200.0/24 [0/0] via 10.20.200.253 C 10.20.200.0/24 [0/0] via 10.20.200.254 C 10.100.10.0/24 [0/0] via 10.100.10.1 C 10.100.11.0/24 [0/0] via 10.100.11.1 B 172.16.10.0/24 [200/0] via 10.100.10.10 B 172.16.10.0/24 [200/0] via 10.100.11.10 B 172.16.11.0/24 [200/0] via 10.100.10.10 B 172.16.11.0/24 [200/0] via 10.100.11.10 B 172.16.12.0/24 [200/0] via 10.100.10.10 B 172.16.12.0/24 [200/0] via 10.100.11.10
wyświetlamy sesje BGP
esg01-0> show ip bgp neighbors BGP neighbor is 10.20.200.1, remote AS 65002, BGP state = Established, up Hold time is 180, Keep alive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received Address family IPv4 Unicast:advertised and received Graceful restart Capability:none Restart remain time: 0 Received 33 messages, Sent 36 messages Default minimum time between advertisement runs is 30 seconds For Address family IPv4 Unicast:advertised and received Index 4 Identifier 0x691bb04c Route refresh request:received 0 sent 0 Prefixes received 1 sent 6 advertised 6 Connections established 1, dropped 1 Local host: 10.20.200.254, Local port: 179 Remote host: 10.20.200.1, Remote port: 49873 BGP neighbor is 10.100.10.15, remote AS 65001, BGP state = Established, up Hold time is 180, Keep alive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received Address family IPv4 Unicast:advertised and received Graceful restart Capability:advertised and received Restart remain time: 0 Received 41 messages, Sent 42 messages Default minimum time between advertisement runs is 30 seconds For Address family IPv4 Unicast:advertised and received Index 2 Identifier 0x691bb04c Route refresh request:received 0 sent 0 Prefixes received 5 sent 4 advertised 4 Connections established 1, dropped 1 Local host: 10.100.10.1, Local port: 48019 Remote host: 10.100.10.15, Remote port: 179 BGP neighbor is 10.100.11.15, remote AS 65001, BGP state = Established, up Hold time is 180, Keep alive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received Address family IPv4 Unicast:advertised and received Graceful restart Capability:advertised and received Restart remain time: 0 Received 42 messages, Sent 41 messages Default minimum time between advertisement runs is 30 seconds For Address family IPv4 Unicast:advertised and received Index 3 Identifier 0x691bb04c Route refresh request:received 0 sent 0 Prefixes received 5 sent 4 advertised 4 Connections established 1, dropped 1 Local host: 10.100.11.1, Local port: 18549 Remote host: 10.100.11.15, Remote port: 179
VYOS
wyświetlamy tablicę routingu
vyos@vyos01:~$ show ip route Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route S>* 0.0.0.0/0 [1/0] via 192.168.0.1, eth0 C>* 10.10.0.0/24 is directly connected, eth1 C>* 10.20.0.0/24 is directly connected, eth2.10 C>* 10.20.100.0/24 is directly connected, eth2.100 B 10.20.200.0/24 [20/0] via 10.20.200.254 inactive, 00:27:53 O 10.20.200.0/24 [110/10] is directly connected, eth4, 2d10h30m C>* 10.20.200.0/24 is directly connected, eth4 C>* 10.30.0.0/24 is directly connected, eth3.10 C>* 10.30.100.0/24 is directly connected, eth3.100 C>* 10.30.200.0/24 is directly connected, eth3.200 B 10.100.10.0/24 [20/0] via 10.20.200.254, 00:27:53 S>* 10.100.10.0/24 [1/0] via 10.20.200.254, eth4 B>* 10.100.11.0/24 [20/0] via 10.20.200.254, eth4, 00:27:53 C>* 127.0.0.0/8 is directly connected, lo B>* 172.16.10.0/24 [20/0] via 10.20.200.254, eth4, 00:27:53 B>* 172.16.11.0/24 [20/0] via 10.20.200.254, eth4, 00:27:53 B>* 172.16.12.0/24 [20/0] via 10.20.200.254, eth4, 00:27:53 C>* 192.168.0.0/24 is directly connected, eth0
wyświetlamy sesje BGP
vyos@vyos01:~$ show ip bgp neighbors BGP neighbor is 10.20.200.254, remote AS 65001, local AS 65002, external link BGP version 4, remote router ID 10.20.200.254 BGP state = Established, up for 00:28:31 Last read 16:00:06, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised Route refresh: advertised and received(old & new) Address family IPv4 Unicast: advertised and received Graceful Restart Capabilty: received Remote Restart timer is 120 seconds Address families by peer: IPv4 Unicast(not preserved) Graceful restart informations: End-of-RIB send: IPv4 Unicast End-of-RIB received: IPv4 Unicast Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 7 4 Notifications: 0 4 Updates: 8 12 Keepalives: 2046 2341 Route Refresh: 0 2 Capability: 0 0 Total: 2061 2363 Minimum time between advertisement runs is 30 seconds Update source is 10.20.200.1 For address family: IPv4 Unicast Community attribute sent to this neighbor(both) Default information originate, default sent 6 accepted prefixes Connections established 3; dropped 2 Last reset 00:28:34, due to Peer closed the session External BGP neighbor may be up to 3 hops away. Local host: 10.20.200.1, Local port: 49873 Foreign host: 10.20.200.254, Foreign port: 179 Nexthop: 10.20.200.1 Nexthop global: fe80::20c:29ff:fe2f:cb93 Nexthop local: :: BGP connection: non shared network Read thread: on Write thread: off
Hosty ESX, które dostają tablicę routingu od DLR’a co możemy też sprawdzić:
[root@esx04:~] net-vdr --instance -l VDR Instance Information : --------------------------- Vdr Name: default+edge-6 Vdr Id: 0x00002710 Number of Lifs: 5 Number of Routes: 7 State: Enabled Controller IP: 10.20.0.70 Control Plane IP: 10.20.0.14 Control Plane Active: Yes Num unique nexthops: 2 Generation Number: 0 Edge Active: Yes
tu sprawdzamy nazwę vdr Name i wykonujemy kolejne polecenie
[root@esx04:~] net-vdr -l --route default+edge-6 VDR default+edge-6 Route Table Legend: [U: Up], [G: Gateway], [C: Connected], [I: Interface] Legend: [H: Host], [F: Soft Flush] [!: Reject] [E: ECMP] Destination GenMask Gateway Flags Ref Origin UpTime Interface ----------- ------- ------- ----- --- ------ ------ --------- 0.0.0.0 0.0.0.0 10.100.10.1 UGE 1 AUTO 2116 271000000002 0.0.0.0 0.0.0.0 10.100.11.1 UGE 1 AUTO 2116 271000000003 10.20.200.0 255.255.255.0 10.100.10.1 UGE 1 AUTO 2803 271000000002 10.20.200.0 255.255.255.0 10.100.11.1 UGE 1 AUTO 2803 271000000003 10.100.10.0 255.255.255.0 0.0.0.0 UCI 1 MANUAL 214412 271000000002 10.100.11.0 255.255.255.0 0.0.0.0 UCI 1 MANUAL 214412 271000000003 172.16.10.0 255.255.255.0 0.0.0.0 UCI 1 MANUAL 214412 27100000000a 172.16.11.0 255.255.255.0 0.0.0.0 UCI 1 MANUAL 214412 27100000000b 172.16.12.0 255.255.255.0 0.0.0.0 UCI 1 MANUAL 214412 27100000000c
z poziomu hostów sprawdzamy połączenie ze światem
host o IP 172.16.10.10
root@photon-2a361e5d20ff [ ~ ]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:56:bb:e0:d9 inet addr:172.16.10.10 Bcast:172.16.10.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:febb:e0d9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4434 errors:0 dropped:0 overruns:0 frame:0 TX packets:6338 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1284109 (1.2 MB) TX bytes:1862815 (1.8 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:163 errors:0 dropped:0 overruns:0 frame:0 TX packets:163 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:12499 (12.4 KB) TX bytes:12499 (12.4 KB) root@photon-2a361e5d20ff [ ~ ]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=43 time=31.2 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=43 time=30.0 ms ^C --- 8.8.8.8 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 30.080/30.689/31.299/0.634 ms root@photon-2a361e5d20ff [ ~ ]# tracepath 8.8.8.8 1?: [LOCALHOST] pmtu 1500 1: 172.16.10.1 0.364ms asymm 64 1: 172.16.10.1 0.173ms asymm 64 2: 10.100.11.1 0.739ms 3: 10.20.200.1 0.825ms 4: 192.168.0.1 0.978ms 5: 192.168.1.1 1.140ms 6: no reply 7: 89-76-12-219.infra.chello.pl 10.384ms 8: pl-waw26b-rc1-ae14-2163.aorta.net 9.531ms asymm 11 9: pl-waw26b-ri1-ae2-0.aorta.net 10.984ms ^C root@photon-2a361e5d20ff [ ~ ]#
z hosta 172.16.11.10
root@photon-8c1be0f336b5 [ ~ ]# ifconfig eth0 Link encap:Ethernet HWaddr 00:50:56:82:3b:3e inet addr:172.16.11.10 Bcast:172.16.11.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fe82:3b3e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1006 errors:0 dropped:0 overruns:0 frame:0 TX packets:6018 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:292093 (292.0 KB) TX bytes:1469873 (1.4 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:172 errors:0 dropped:0 overruns:0 frame:0 TX packets:172 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:211168 (211.1 KB) TX bytes:211168 (211.1 KB) root@photon-8c1be0f336b5 [ ~ ]# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=43 time=30.6 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=43 time=30.7 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=43 time=29.4 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 29.441/30.284/30.776/0.598 ms root@photon-8c1be0f336b5 [ ~ ]# tracepath 8.8.8.8 1?: [LOCALHOST] pmtu 1500 1: 172.16.11.1 0.315ms asymm 64 1: 172.16.11.1 0.182ms asymm 64 2: 10.100.11.1 0.635ms 3: 10.20.200.1 0.876ms 4: 192.168.0.1 0.966ms 5: 192.168.1.1 1.124ms 6: no reply 7: 89-76-12-219.infra.chello.pl 10.384ms 8: pl-waw26b-rc1-ae14-2163.aorta.net 10.093ms asymm 11 9: pl-waw26b-ri1-ae2-0.aorta.net 9.209ms 10: no reply ^C root@photon-8c1be0f336b5 [ ~ ]#
Jak widać hosty mają komunikację ze światem.
Mam nadzieję, że komuś się przydał ten wpis 🙂