ネットワーク備忘録

アラフォーエンジニアのネットワーク系の備忘録。twitter:@deigo25374582

BGP コミュニティ制御

マイクロソフトクラウドサービスAzureを使用する際に、「Express Route」を使用する方法があるらしいけど、その際にはBGPが通信要件。


 ただし、結構な数の経路がAzure側から転送されるみたい。 幸い、Express Routeが送出する経路にはcommunity値がついてくるらしいので、受け取る側で制御できないか検証。

 

         f:id:klock_3rd:20170128183755p:plain

AS 12076をAzure側のExpress Route。 (実際のサービスは使えないため、Ciscoで代用。)

まずは、R2のConfigが普通の場合

router bgp 65000
bgp log-neighbor-changes
neighbor 203.0.113.1 remote-as 12076
!
address-family ipv4
neighbor 203.0.113.1 activate
neighbor 203.0.113.1 send-community
neighbor 203.0.113.1 soft-reconfiguration inbound
no auto-summary
no synchronization
exit-address-family
!
!
ip bgp-community new-format
!

show ip bgp の結果

#show ip bgp

  Network    Next Hop   Metric LocPrf Weight Path
*> 1.1.1.1/32  203.0.113.1    0        0 12076 ?
*> 2.2.2.2/32  203.0.113.1    0        0 12076 ?
*> 3.3.3.3/32  203.0.113.1    0        0 12076 ?
*> 4.4.4.4/32  203.0.113.1    0        0 12076 ?
*> 5.5.5.5/32  203.0.113.1    0        0 12076 ?
R2#

当然、1.1.1.1~5.5.5.5までの経路は見えてる
では、community値を確認(1.1.1.1で確認)

R2#show ip bgp 1.1.1.1
BGP routing table entry for 1.1.1.1/32, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
 Not advertised to any peer
  12076, (received & used)
   203.0.113.1 from 203.0.113.1 (5.5.5.5)
   Origin incomplete, metric 0, localpref 100, valid, external, best
   Community: 12076:5010

 

ここで、lo5(12076:5100)の経路だけを受け取る。

R2の追加Config

router bgp 65000
bgp log-neighbor-changes
neighbor 203.0.113.1 remote-as 12076
!
address-family ipv4
neighbor 203.0.113.1 activate
neighbor 203.0.113.1 send-community
neighbor 203.0.113.1 soft-reconfiguration inbound
neighbor 203.0.113.1 route-map community in
no auto-summary
no synchronization
exit-address-family
!
!
ip bgp-community new-format
ip community-list standard COMM permit 12076:5100
!
route-map community permit 10
 match community COMM
!

clear ip bgpのあと

R2#show ip bgp


  Network    Next Hop   Metric LocPrf Weight Path
*> 5.5.5.5/32  203.0.113.1    0        0 12076 ?

とりあえず、ExpressRouteからの経路もフィルタできそう。

 

参考

docs.microsoft.com

 


<備忘>
ExpressRoute想定のConfig

router bgp 12076
bgp log-neighbor-changes
neighbor 203.0.113.2 remote-as 65000
!
address-family ipv4
redistribute connected
neighbor 203.0.113.2 activate
neighbor 203.0.113.2 send-community
neighbor 203.0.113.2 soft-reconfiguration inbound
neighbor 203.0.113.2 route-map community out
no auto-summary
no synchronization
exit-address-family
!
ip bgp-community new-format
!
ip prefix-list lo1 seq 5 permit 1.1.1.1/32
ip prefix-list lo2 seq 5 permit 2.2.2.2/32
ip prefix-list lo3 seq 5 permit 3.3.3.3/32
ip prefix-list lo4 seq 5 permit 4.4.4.4/32
ip prefix-list lo5 seq 5 permit 5.5.5.5/32
!
route-map community permit 10
match ip address prefix-list lo1
set community 12076:5010
!
route-map community permit 20
match ip address prefix-list lo2
set community 12076:5020
!
route-map community permit 30
match ip address prefix-list lo3
set community 12076:5030
!
route-map community permit 40
match ip address prefix-list lo4
set community 12076:5040
!
route-map community permit 50
match ip address prefix-list lo5
set community 12076:5100
!