JANOG 53 NETCON 問題解説 チュートリアル3
JANOG 53 にスタッフ(NETCON委員)として参加させていただきました。
作成した問題について、回答と解説を記載します。
チュートリアル3 BGP next-hop-self問題
技術要素
・BGP
構成解説
・CSR1000v x 4
問題文
R3が、4.4.4.4/32 を学習していません。R3に 4.4.4.4/32 の経路を学習させて、以下の表示のように疎通が取れるようにして下さい。
R2
R2>show ip bgp | include 4.4.4.4 *>i 4.4.4.4/32 1.1.1.1 0 100 0 200 i |
R3
R3>show ip bgp | include 4.4.4.4 *>i 4.4.4.4/32 1.1.1.1 0 100 0 200 i
R3>ping 4.4.4.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/13/62 ms
R3>traceroute 4.4.4.4 Type escape sequence to abort. Tracing the route to 4.4.4.4 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.23.2 44 msec 0 msec 0 msec 2 192.168.12.1 1 msec 1 msec 1 msec 3 123.0.0.2 8 msec * 2 msec |
制約 ・R4にはログインできません
・R1のみ設定を変更できます
・R1とR4を接続している 123.0.0.0/30 のIPアドレス帯を AS 100 内にBGPやIGPでアドバタイズしてはいけません
・新たなインターフェースを作成したり、PBR / route-map を設定してはいけません
問題解説 R3で show ip bgp / show ip route 4.4.4.4 を実行してみます。
R3>show ip bgp | include 4.4.4.4
R3>sh ip route 4.4.4.4 % Network not in table |
R2でも show ip bgp / show ip route 4.4.4.4 を実行してみます。
R2>show ip bgp | include 4.4.4.4
R2>sh ip route 4.4.4.4 % Network not in table |
R2とR3でBGPテーブルを確認してみます。
R2> R3>sh ip bgp | begin Network Network Next Hop Metric LocPrf Weight Path r>i 1.1.1.1/32 1.1.1.1 0 100 0 i r>i 2.2.2.2/32 2.2.2.2 0 100 0 i *> 3.3.3.3/32 0.0.0.0 0 32768 i |
R3/R2は 4.4.4.4/32 を学習していないようです。
R1も確認してみます。
R1#sh ip route 4.4.4.4 % Network not in table
R1#sh ip bgp BGP table version is 4, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path *> 1.1.1.1/32 0.0.0.0 0 32768 i r>i 2.2.2.2/32 2.2.2.2 0 100 0 i r>i 3.3.3.3/32 3.3.3.3 0 100 0 i |
R1も 4.4.4.4/32 をBGPで学習していないようなので、R4とのeBGPネイバーの状態を確認してみます。
R1#sh ip bgp summary BGP router identifier 1.1.1.1, local AS number 100 BGP table version is 4, main routing table version 4 3 network entries using 744 bytes of memory 3 path entries using 408 bytes of memory 2/2 BGP path/bestpath attribute entries using 576 bytes of memory 1 BGP rrinfo entries using 40 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1768 total bytes of memory BGP activity 3/0 prefixes, 3/0 paths, scan interval 60 secs 3 networks peaked at 03:00:21 Dec 19 2023 UTC (00:31:03.097 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2.2.2.2 4 100 41 37 4 0 0 00:31:02 2 123.0.0.2 4 100 0 0 1 0 0 never Idle |
neighbor 123.0.0.2 (R4) とBGPネイバーが張れていないように見えますので、設定を確認します。
R1#sh run | sec bgp router bgp 100 bgp router-id 1.1.1.1 bgp log-neighbor-changes network 1.1.1.1 mask 255.255.255.255 neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 update-source Loopback0 neighbor 123.0.0.2 remote-as 100 |
neighbor 123.0.0.2 の remote-as 設定が 100 になっていますので、200 に修正します。
R1
router bgp 100 neighbor 123.0.0.2 remote-as 200 |
再度BGPネイバーの状態とBGPテーブルを確認します。
R1#sh ip bgp summary BGP router identifier 1.1.1.1, local AS number 100 BGP table version is 5, main routing table version 5 4 network entries using 992 bytes of memory 4 path entries using 544 bytes of memory 3/3 BGP path/bestpath attribute entries using 864 bytes of memory 1 BGP rrinfo entries using 40 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 2464 total bytes of memory BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs 4 networks peaked at 03:32:01 Dec 19 2023 UTC (00:00:34.631 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2.2.2.2 4 100 42 39 5 0 0 00:32:14 2 123.0.0.2 4 200 5 6 5 0 0 00:00:34 1
R1#sh ip bgp BGP table version is 5, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path *> 1.1.1.1/32 0.0.0.0 0 32768 i r>i 2.2.2.2/32 2.2.2.2 0 100 0 i r>i 3.3.3.3/32 3.3.3.3 0 100 0 i *> 4.4.4.4/32 123.0.0.2 0 0 200 i |
R1がR4とeBGPネイバーを確立し、 4.4.4.4/32 を学習したように見えるので、R2も確認します。
R2>sh ip bgp BGP table version is 4, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path r>i 1.1.1.1/32 1.1.1.1 0 100 0 i *> 2.2.2.2/32 0.0.0.0 0 32768 i r>i 3.3.3.3/32 3.3.3.3 0 100 0 i * i 4.4.4.4/32 123.0.0.2 0 100 0 200 i
R2>sh ip route bgp (略)
Gateway of last resort is not set
R2>sh ip route 4.4.4.4 % Network not in table
R2>sh ip bgp nei 3.3.3.3 advertised-routes BGP table version is 4, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path r>i 1.1.1.1/32 1.1.1.1 0 100 0 i *> 2.2.2.2/32 0.0.0.0 0 32768 i r>i 3.3.3.3/32 3.3.3.3 0 100 0 i
Total number of prefixes 3 |
R2のBGPテーブルに 4.4.4.4/32 は載っていますが、ルーティングテーブルには挿入されていません。
また、R3へもアドバタイズしていません。
BGPで学習した 4.4.4.4/32 について詳細を確認してみます。
R2>sh ip bgp 4.4.4.4 BGP routing table entry for 4.4.4.4/32, version 0 Paths: (1 available, no best path) Not advertised to any peer Refresh Epoch 1 200, (Received from a RR-client) 123.0.0.2 (inaccessible) from 1.1.1.1 (1.1.1.1) Origin IGP, metric 0, localpref 100, valid, internal rx pathid: 0, tx pathid: 0 Updated on Dec 19 2023 03:32:01 UTC
R2>sh ip route 123.0.0.2 % Network not in table |
4.4.4.4/32 の経路への next-hop は 123.0.0.2 になっており、そのIPアドレスへの到達性が無いため、inaccessible になっていることが分かります。
設定を変えることが出来るのはR1だけなので、R1のBGP設定で next-hop-self を追加します。
R1
router bgp 100 neighbor 2.2.2.2 next-hop-self
R1#clear ip bgp * soft |
再度R2を確認します。
R2>sh ip bgp 4.4.4.4 BGP routing table entry for 4.4.4.4/32, version 5 Paths: (1 available, best #1, table default) Advertised to update-groups: 1 Refresh Epoch 1 200, (Received from a RR-client) 1.1.1.1 (metric 2) from 1.1.1.1 (1.1.1.1) Origin IGP, metric 0, localpref 100, valid, internal, best rx pathid: 0, tx pathid: 0x0 Updated on Dec 19 2023 03:37:39 UTC
R2>sh ip route 1.1.1.1 Routing entry for 1.1.1.1/32 Known via "ospf 1", distance 110, metric 2, type intra area Last update from 192.168.12.1 on GigabitEthernet3, 00:40:35 ago Routing Descriptor Blocks: * 192.168.12.1, from 1.1.1.1, 00:40:35 ago, via GigabitEthernet3 Route metric is 2, traffic share count is 1
R1#show ip bgp BGP table version is 5, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path *> 1.1.1.1/32 0.0.0.0 0 32768 i r>i 2.2.2.2/32 2.2.2.2 0 100 0 i r>i 3.3.3.3/32 3.3.3.3 0 100 0 i *> 4.4.4.4/32 123.0.0.2 0 0 200 i
R2>sh ip route bgp (略)
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets B 4.4.4.4 [200/0] via 1.1.1.1, 00:01:12
R2>sh ip bgp nei 3.3.3.3 advertised-routes BGP table version is 5, local router ID is 2.2.2.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path r>i 1.1.1.1/32 1.1.1.1 0 100 0 i *> 2.2.2.2/32 0.0.0.0 0 32768 i r>i 3.3.3.3/32 3.3.3.3 0 100 0 i *>i 4.4.4.4/32 1.1.1.1 0 100 0 200 i
Total number of prefixes 4 |
4.4.4.4/32 の next-hop は 1.1.1.1 になりました。
このアドレスはOSPFで学習しており、到達性があります。
BGPテーブル上にも 「>」のマークが付き、ルーティングテーブルにも反映されました。
R3へもアドバタイズしているようなので、R3を確認します。
R3>sh ip bgp BGP table version is 5, local router ID is 3.3.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, L long-lived-stale, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path r>i 1.1.1.1/32 1.1.1.1 0 100 0 i r>i 2.2.2.2/32 2.2.2.2 0 100 0 i *> 3.3.3.3/32 0.0.0.0 0 32768 i *>i 4.4.4.4/32 1.1.1.1 0 100 0 200 i
R3>sh ip route bgp (略)
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets B 4.4.4.4 [200/0] via 1.1.1.1, 00:02:36
R3>ping 4.4.4.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/13/62 ms
R3>traceroute 4.4.4.4 Type escape sequence to abort. Tracing the route to 4.4.4.4 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.23.2 44 msec 0 msec 0 msec 2 192.168.12.1 1 msec 1 msec 1 msec 3 123.0.0.2 8 msec * 2 msec |
R3が 4.4.4.4/32 をBGPで学習し、疎通が取れるようになりました。
正解例
以下のようにR1の設定を追加・修正します。
R1
router bgp 100 neighbor 123.0.0.2 remote-as 200 neighbor 2.2.2.2 next-hop-self |
初期config R1
hostname R1 no ip domain lookup
interface Loopback0 ip address 1.1.1.1 255.255.255.255
interface GigabitEthernet3 ip address 192.168.12.1 255.255.255.0 no shut
interface GigabitEthernet4 ip address 123.0.0.1 255.255.255.252 no shut
router ospf 1 router-id 1.1.1.1 network 1.1.1.1 0.0.0.0 area 0 network 192.168.12.0 0.0.0.255 area 0
router bgp 100 bgp router-id 1.1.1.1 network 1.1.1.1 mask 255.255.255.255 neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 update-source Loopback0 ! neighbor 2.2.2.2 next-hop-self ! neighbor 123.0.0.2 remote-as 200 neighbor 123.0.0.2 remote-as 100 |
R2
hostname R2 no ip domain lookup
interface Loopback0 ip address 2.2.2.2 255.255.255.255
interface GigabitEthernet3 ip address 192.168.12.2 255.255.255.0 no shut
interface GigabitEthernet4 ip address 192.168.23.2 255.255.255.0 no shut
router ospf 1 router-id 2.2.2.2 network 2.2.2.2 0.0.0.0 area 0 network 192.168.12.0 0.0.0.255 area 0 network 192.168.23.0 0.0.0.255 area 0
router bgp 100 bgp router-id 2.2.2.2 network 2.2.2.2 mask 255.255.255.255 neighbor 1.1.1.1 remote-as 100 neighbor 1.1.1.1 route-reflector-client neighbor 3.3.3.3 remote-as 100 neighbor 3.3.3.3 route-reflector-client |
R3
hostname R3 no ip domain lookup
interface Loopback0 ip address 3.3.3.3 255.255.255.255
interface GigabitEthernet3 ip address 192.168.23.3 255.255.255.0 no shut
router ospf 1 router-id 3.3.3.3 network 3.3.3.3 0.0.0.0 area 0 network 192.168.23.0 0.0.0.255 area 0
router bgp 100 bgp router-id 3.3.3.3 network 3.3.3.3 mask 255.255.255.255 neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 update-source Loopback0 |
R4
hostname R4 no ip domain lookup
interface Loopback0 ip address 4.4.4.4 255.255.255.255
interface GigabitEthernet3 ip address 123.0.0.2 255.255.255.252 no shut
router bgp 200 bgp router-id 4.4.4.4 neighbor 123.0.0.1 remote-as 100 network 4.4.4.4 mask 255.255.255.255
ip route 0.0.0.0 0.0.0.0 123.0.0.1 |
Commentaires