Juniper: Internal BGP Peer Session

From OnnoWiki
Revision as of 04:57, 28 December 2018 by Onnowpurbo (talk | contribs) (→‎Pranala Menarik)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

sumber: https://www.juniper.net/documentation/en_US/junos/topics/example/routing-protocol-bgp-security-internal-peering-session-configuring-cli.html


This example shows how to configure internal BGP peer sessions. Requirements

No special configuration beyond device initialization is required before you configure this example. Overview

In this example, you configure internal BGP (IBGP) peer sessions. The loopback interface (lo0) is used to establish connections between IBGP peers. The loopback interface is always up as long as the device is operating. If there is a route to the loopback address, the IBGP peer session stays up. If a physical interface address is used instead and that interface goes up and down, the IBGP peer session also goes up and down. Thus, if the device has link redundancy, the loopback interface provides fault tolerance in case the physical interface or one of the links goes down.

When a device peers with a remote device’s loopback interface address, the local device expects BGP update messages to come from (be sourced by) the remote device’s loopback interface address. The local-address statement enables you to specify the source information in BGP update messages. If you omit the local-address statement, the expected source of BGP update messages is based on the device’s source address selection rules, which normally results in the egress interface address being the expected source of update messages. When this happens, the peer session is not established because a mismatch exists between the expected source address (the egress interface of the peer) and the actual source (the loopback interface of the peer). To make sure that the expected source address matches the actual source address, specify the loopback interface address in the local-address statement.

Because IBGP supports multihop connections, IBGP neighbors can be located anywhere within the autonomous system (AS) and often do not share a link. A recursive route lookup resolves the loopback peer address to an IP forwarding next hop. In this example, this service is provided by OSPF. Although interior gateway protocol (IGP) neighbors do not need to be directly connected, they do need to be fully meshed. In this case, fully meshed means that each device is logically connected to every other device through neighbor peer relationships. The neighbor statement creates the mesh. Note

The requirement for a full mesh is waived if you configure a confederation or route reflection.

After the BGP peers are established, local routes are not automatically advertised by the BGP peers. At each BGP-enabled device, policy configuration is required to export the local, static, or IGP-learned routes into the BGP routing information base (RIB) and then advertise them as BGP routes to the other peers. BGP's advertisement policy, by default, does not advertise any non-BGP routes (such as local routes) to peers.

In the sample network, the devices in AS 17 are fully meshed in the group internal-peers. The devices have loopback addresses 192.168.6.5, 192.163.6.4, and 192.168.40.4.

Figure 1 shows a typical network with internal peer sessions. Figure 1: Typical Network with IBGP Sessions Typical Network with IBGP Sessions Configuration

   Configuring Device A
   Configuring Device B
   Configuring Device C

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Device A

content_copy zoom_out_map set interfaces ge-0/1/0 unit 1 description to-B set interfaces ge-0/1/0 unit 1 family inet address 10.10.10.1/30 set interfaces lo0 unit 1 family inet address 192.168.6.5/32 set protocols bgp group internal-peers type internal set protocols bgp group internal-peers description “connections to B and C” set protocols bgp group internal-peers local-address 192.168.6.5 set protocols bgp group internal-peers export send-direct set protocols bgp group internal-peers neighbor 192.163.6.4 set protocols bgp group internal-peers neighbor 192.168.40.4 set protocols ospf area 0.0.0.0 interface lo0.1 passive set protocols ospf area 0.0.0.0 interface ge-0/1/0.1 set policy-options policy-statement send-direct term 2 from protocol direct set policy-options policy-statement send-direct term 2 then accept set routing-options router-id 192.168.6.5 set routing-options autonomous-system 17

Device B

content_copy zoom_out_map set interfaces ge-0/1/0 unit 2 description to-A set interfaces ge-0/1/0 unit 2 family inet address 10.10.10.2/30 set interfaces ge-0/1/1 unit 5 description to-C set interfaces ge-0/1/1 unit 5 family inet address 10.10.10.5/30 set interfaces lo0 unit 2 family inet address 192.163.6.4/32 set protocols bgp group internal-peers type internal set protocols bgp group internal-peers description “connections to A and C” set protocols bgp group internal-peers local-address 192.163.6.4 set protocols bgp group internal-peers export send-direct set protocols bgp group internal-peers neighbor 192.168.40.4 set protocols bgp group internal-peers neighbor 192.168.6.5 set protocols ospf area 0.0.0.0 interface lo0.2 passive set protocols ospf area 0.0.0.0 interface ge-0/1/0.2 set protocols ospf area 0.0.0.0 interface ge-0/1/1.5 set policy-options policy-statement send-direct term 2 from protocol direct set policy-options policy-statement send-direct term 2 then accept set routing-options router-id 192.163.6.4 set routing-options autonomous-system 17

Device C

content_copy zoom_out_map set interfaces ge-0/1/0 unit 6 description to-B set interfaces ge-0/1/0 unit 6 family inet address 10.10.10.6/30 set interfaces lo0 unit 3 family inet address 192.168.40.4/32 set protocols bgp group internal-peers type internal set protocols bgp group internal-peers description “connections to A and B” set protocols bgp group internal-peers local-address 192.168.40.4 set protocols bgp group internal-peers export send-direct set protocols bgp group internal-peers neighbor 192.163.6.4 set protocols bgp group internal-peers neighbor 192.168.6.5 set protocols ospf area 0.0.0.0 interface lo0.3 passive set protocols ospf area 0.0.0.0 interface ge-0/1/0.6 set policy-options policy-statement send-direct term 2 from protocol direct set policy-options policy-statement send-direct term 2 then accept set routing-options router-id 192.168.40.4 set routing-options autonomous-system 17 Configuring Device A Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure internal BGP peer sessions on Device A:

   Configure the interfaces.
   content_copy zoom_out_map
   [edit interfaces ge-0/1/0 unit 1]
   user@A# set description to-B
   user@A# set family inet address 10.10.10.1/30
   [edit interfaces]
   user@A# set lo0 unit 1 family inet address 192.168.6.5/32
   Configure BGP.
   The neighbor statements are included for both Device B and Device C, even though Device A is not directly connected to Device C.
   content_copy zoom_out_map
   [edit protocols bgp group internal-peers]
   user@A# set type internal
   user@A# set description “connections to B and C”
   user@A# set local-address 192.168.6.5
   user@A# set export send-direct
   user@A# set neighbor 192.163.6.4
   user@A# set neighbor 192.168.40.4
   Configure OSPF.
   content_copy zoom_out_map
   [edit protocols ospf area 0.0.0.0]
   user@A# set interface lo0.1 passive
   user@A# set interface ge-0/1/0.1
   Configure a policy that accepts direct routes.
   Other useful options for this scenario might be to accept routes learned through OSPF or local routes.
   content_copy zoom_out_map
   [edit policy-options policy-statement send-direct term 2]
   user@A# set from protocol direct
   user@A# set then accept
   Configure the router ID and the AS number.
   content_copy zoom_out_map
   [edit routing-options]
   user@A# set router-id 192.168.6.5
   user@A# set autonomous-system 17

Results

From configuration mode, confirm your configuration by entering the show interfaces, show policy-options, show protocols, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration. content_copy zoom_out_map user@A# show interfaces ge-0/1/0 { unit 1 { description to-B; family inet { address 10.10.10.1/30; } } } lo0 { unit 1 { family inet { address 192.168.6.5/32; } } } content_copy zoom_out_map user@A# show policy-options policy-statement send-direct { term 2 { from protocol direct; then accept; } } content_copy zoom_out_map user@A# show protocols bgp { group internal-peers { type internal; description “connections to B and C”; local-address 192.168.6.5; export send-direct; neighbor 192.163.6.4; neighbor 192.168.40.4; } } ospf { area 0.0.0.0 { interface lo0.1 { passive; } interface ge-0/1/0.1; } } content_copy zoom_out_map user@A# show routing-options router-id 192.168.6.5; autonomous-system 17;

If you are done configuring the device, enter commit from configuration mode. Configuring Device B Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode.

To configure internal BGP peer sessions on Device B:

   Configure the interfaces.
   content_copy zoom_out_map
   [edit interfaces ge-0/1/0 unit 2]
   user@B# set description to-A
   user@B# set family inet address 10.10.10.2/30
   [edit interfaces ge-0/1/1]
   user@B# set unit 5 description to-C
   user@B# set unit 5 family inet address 10.10.10.5/30
   [edit interfaces]
   user@B# set lo0 unit 2 family inet address 192.163.6.4/32
   Configure BGP.
   The neighbor statements are included for both Device B and Device C, even though Device A is not directly connected to Device C.
   content_copy zoom_out_map
   [edit protocols bgp group internal-peers]
   user@B# set type internal
   user@B# set description “connections to A and C”
   user@B# set local-address 192.163.6.4
   user@B# set export send-direct
   user@B# set neighbor 192.168.40.4
   user@B# set neighbor 192.168.6.5
   Configure OSPF.
   content_copy zoom_out_map
   [edit protocols ospf area 0.0.0.0]
   user@B# set interface lo0.2 passive
   user@B# set interface ge-0/1/0.2
   user@B# set interface ge-0/1/1.5
   Configure a policy that accepts direct routes.
   Other useful options for this scenario might be to accept routes learned through OSPF or local routes.
   content_copy zoom_out_map
   [edit policy-options policy-statement send-direct term 2]
   user@B# set from protocol direct
   user@B# set then accept
   Configure the router ID and the AS number.
   content_copy zoom_out_map
   [edit routing-options]
   user@B# set router-id 192.163.6.4
   user@B# set autonomous-system 17

Results

From configuration mode, confirm your configuration by entering the show interfaces, show policy-options, show protocols, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration. content_copy zoom_out_map user@B# show interfaces ge-0/1/0 { unit 2 { description to-A; family inet { address 10.10.10.2/30; } } } ge-0/1/1 { unit 5 { description to-C; family inet { address 10.10.10.5/30; } } } lo0 { unit 2 { family inet { address 192.163.6.4/32; } } } content_copy zoom_out_map user@B# show policy-options policy-statement send-direct { term 2 { from protocol direct; then accept; } } content_copy zoom_out_map user@B# show protocols bgp { group internal-peers { type internal; description “connections to A and C”; local-address 192.163.6.4; export send-direct; neighbor 192.168.40.4; neighbor 192.168.6.5; } } ospf { area 0.0.0.0 { interface lo0.2 { passive; } interface ge-0/1/0.2; interface ge-0/1/1.5; } } content_copy zoom_out_map user@B# show routing-options router-id 192.163.6.4; autonomous-system 17;

If you are done configuring the device, enter commit from configuration mode. Configuring Device C Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure internal BGP peer sessions on Device C:

   Configure the interfaces.
   content_copy zoom_out_map
   [edit interfaces ge-0/1/0 unit 6]
   user@C# set description to-B
   user@C# set family inet address 10.10.10.6/30
   [edit interfaces]
   user@C# set lo0 unit 3 family inet address 192.168.40.4/32
   Configure BGP.
   The neighbor statements are included for both Device B and Device C, even though Device A is not directly connected to Device C.
   content_copy zoom_out_map
   [edit protocols bgp group internal-peers]
   user@C# set type internal
   user@C# set description “connections to A and B”
   user@C# set local-address 192.168.40.4
   user@C# set export send-direct
   user@C# set neighbor 192.163.6.4
   user@C# set neighbor 192.168.6.5
   Configure OSPF.
   content_copy zoom_out_map
   [edit protocols ospf area 0.0.0.0]
   user@C# set interface lo0.3 passive
   user@C# set interface ge-0/1/0.6
   Configure a policy that accepts direct routes.
   Other useful options for this scenario might be to accept routes learned through OSPF or local routes.
   content_copy zoom_out_map
   [edit policy-options policy-statement send-direct term 2]
   user@C# set from protocol direct
   user@C# set then accept
   Configure the router ID and the AS number.
   content_copy zoom_out_map
   [edit routing-options]
   user@C# set router-id 192.168.40.4
   user@C# set autonomous-system 17

Results

From configuration mode, confirm your configuration by entering the show interfaces, show policy-options, show protocols, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration. content_copy zoom_out_map user@C# show interfaces ge-0/1/0 { unit 6 { description to-B; family inet { address 10.10.10.6/30; } } } lo0 { unit 3 { family inet { address 192.168.40.4/32; } } } content_copy zoom_out_map user@C# show policy-options policy-statement send-direct { term 2 { from protocol direct; then accept; } } content_copy zoom_out_map user@C# show protocols bgp { group internal-peers { type internal; description “connections to A and B”; local-address 192.168.40.4; export send-direct; neighbor 192.163.6.4; neighbor 192.168.6.5; } } ospf { area 0.0.0.0 { interface lo0.3 { passive; } interface ge-0/1/0.6; } } content_copy zoom_out_map user@C# show routing-options router-id 192.168.40.4; autonomous-system 17;

If you are done configuring the device, enter commit from configuration mode.



Referensi


Pranala Menarik