Posted at

GoBGP / VyOSでIPv6ネットワークを構築して、BGPルーティングを試してみる

More than 1 year has passed since last update.

GoBGPは、IPv6ルーティング( BGP4+ )に対応しているので、基本動作を試してみました。

さらに、"FIB manipulation"モードで、IPv6フォワーディングが、動作する事も合わせて確認してみます。


■ IPv6ネットワーク構成

GoBGP環境は、Ubuntu上の構築することにしました。

さらに、BGPピア接続は、すべて、Globalユニキャストアドレスを使用することにしました。

                                              < AS65000 >                    < AS65001 >                     < AS65001 >                   < 650002 >

+————————+ +--------+ +---------+ +---------+ +--------+
:2 | | :1 :2 | | :1 e-BGP :2 | | :1 i-BGP :2 | | :1 e-BGP :2 | | :1
+-------------+ | vyos-3 | +---------------+ | vyos-1 | +-----------------+ | GoBGP-1 | +-----------------+ | GoBGP-3 | +---------------+ | vyos-4 | +--------------+
2001:db8:1::/64 | | 2001:db8:2::/64 | | 2001:db8:3:1::/64 | | 2001:db8:4:1::/64 | | 2001:db8:5::/64 | | 2001:db8:6::/64
+------—-+ + +--------+ +---------+ +---------+ +--------+
| :2 +
| |
| |
| +--------+ +---------+ |
| :3 | | :1 e-BGP :2 | | :1 i-BGP |
+-------+ | vyos-2 | +-----------------+ | GoBGP-2 | +------------------------+
| | 2001:db8:3:2::/64 | | 2001:db8:4:2::/64
+--------+ +---------+
< AS65000 > < AS65001 >


(1) e-BGP接続区間


  • vyos-1 - GoBGP-1

  • vyos-2 - GoBGP-2

  • GoBGP-3 - vyos-4


(2) i-BGP接続区間


  • GoBGP-1 - GoBGP-3

  • GoBGP-2 - GoBGP-3


(3) static経路区間


  • vyos-3 - vyos-1

  • vyos-3 - vyos-2


■ VyOS環境の準備

以下、vyos-3のコンフィグ抜粋です

interfaces {

...

ethernet eth1 {
address 192.168.0.1/24
address 2001:db8:3:1::1/64
duplex auto
hw-id 52:54:00:a9:81:4c
smp_affinity auto
speed auto
}
ethernet eth2 {
address 192.168.3.101/24
address 2001:db8:2::2/64
duplex auto
hw-id 52:54:00:b6:c4:bf
smp_affinity auto
speed auto
vrrp {
vrrp-group 20 {
advertise-interval 1
preempt true
priority 250
virtual-address 192.168.3.100/24
}
}
}
loopback lo {
address 10.0.0.1/32
}
}
protocols {
bgp 65000 {
address-family {
ipv6-unicast {
redistribute {
connected {
}
static {
}
}
}
}
neighbor 2001:db8:3:1::2 {
address-family {
ipv6-unicast {
}
}
remote-as 65001
}
parameters {
router-id 10.0.0.1
}
}
static {
route6 ::/0 {
next-hop 2001:db8:2::1 {
}
}
}
}

[ VyOS設定の備忘録メモ ]


  • デフォルト経路を、BGP配信するように設定した

  • コネク区間の経路も、BGP配信するように設定した

  • vrrp設定として、vipには、IPv6アドレスを設定できなかった

  • router-idには、IPv6アドレスを設定できなかった


■ GoBGP環境の準備

以下、GoBGP-1に関する各種設定のメモ


  • 事前に、GoBGP側にて、IPv6フォワーディングを有効にしておく

tsubo@gobgp-1:~/golang/bin$ sudo sysctl -p /etc/sysctl.conf

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1


  • GoBGP側にて、gobgpd.confを作成しておく


gobgpd.conf

[global]

[global.config]
as = 65001
router-id = "10.10.10.1"
[global.apply-policy.config]
export-policy-list = ["policy1"]

[zebra]
[zebra.config]
enabled = true
url = "unix:/var/run/quagga/zserv.api"

[[neighbors]]
[neighbors.config]
peer-type = "external"
neighbor-address = "2001:db8:3:1::1"
peer-as = 65000
local-as = 65001

[[neighbors]]
[neighbors.config]
peer-type = "internal"
neighbor-address = "2001:db8:4:1::2"
peer-as = 65001
local-as = 65001

[[policy-definitions]]
name = "policy1"
[[policy-definitions.statements]]
name = "statement1"
[policy-definitions.statements.actions]
route-disposition = "accept-route"
[policy-definitions.statements.actions.bgp-actions]
set-next-hop = "self"



  • GoBGPを起動する

tsubo@gobgp-1:~/golang/bin$ sudo ./gobgpd -f gobgpd.conf -p -l info

INFO[0000] gobgpd started
INFO[0000] Finished reading the config file Topic=Config
INFO[0000] Peer 2001:db8:3:1::1 is added
INFO[0000] Add a peer configuration for:2001:db8:3:1::1 Topic=Peer
INFO[0000] Peer 2001:db8:4:1::2 is added
INFO[0000] Add a peer configuration for:2001:db8:4:1::2 Topic=Peer
INFO[0004] Peer Up Key="2001:db8:3:1::1" State="BGP_FSM_OPENCONFIRM" Topic=Peer
INFO[0004] Peer Up Key="2001:db8:4:1::2" State="BGP_FSM_OPENCONFIRM" Topic=Peer
WARN[0005] No matching path for withdraw found, may be path was not installed into table Key="::/0" Path={ ::/0 | src: { 2001:db8:4:1::2 | as: 65001, id: 10.10.10.3 }, nh: <nil>, withdraw } Topic=Table
WARN[0005] No matching path for withdraw found, may be path was not installed into table Key="2001:db8:2::/64" Path={ 2001:db8:2::/64 | src: { 2001:db8:4:1::2 | as: 65001, id: 10.10.10.3 }, nh: <nil>, withdraw } Topic=Table


■ GoBGP-1上でのIPv6ルーティング動作確認

以下、GoBGP-1でのIPv6ルーティング情報と、IPv6フォワーディング情報を確認します


  • BGPテーブルの確認

tsubo@gobgp-1:~/golang/bin$ gobgp global rib -a ipv6

Network Next Hop AS_PATH Age Attrs
*> ::/0 2001:db8:3:1::1 65000 00:26:43 [{Origin: ?} {Med: 0}]
*> 2001:db8:2::/64 2001:db8:3:1::1 65000 00:26:43 [{Origin: ?} {Med: 1}]
*> 2001:db8:3:1::/64 2001:db8:3:1::1 65000 00:26:43 [{Origin: ?} {Med: 1}]
*> 2001:db8:5::/64 2001:db8:4:1::2 65002 00:26:44 [{Origin: ?} {Med: 1} {LocalPref: 100}]
*> 2001:db8:6::/64 2001:db8:4:1::2 65002 00:26:44 [{Origin: ?} {Med: 1} {LocalPref: 100}]


  • IPv6フォワーディング情報の確認

tsubo@gobgp-1:~/golang/bin$ route -n -A inet6

Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:db8:2::/64 2001:db8:3:1::1 UG 1 1 12 ens8
2001:db8:3:1::/64 :: U 256 1 30 ens8
2001:db8:4:1::/64 :: U 256 1 17 ens9
2001:db8:5::/64 2001:db8:4:1::2 UG 1 1 12 ens9
2001:db8:6::/64 2001:db8:4:1::2 UG 1 0 0 ens9
fe80::/64 :: U 256 0 0 ens9
fe80::/64 :: U 256 0 0 ens8
fe80::/64 :: U 256 0 0 ens3
::/0 2001:db8:3:1::1 UG 1024 0 0 ens8
::/0 :: !n -1 1 2175 lo
::1/128 :: Un 0 2 9 lo
2001:db8:3:1::/128 :: Un 0 1 0 lo
2001:db8:3:1::2/128 :: Un 0 2 257 lo
2001:db8:4:1::/128 :: Un 0 1 0 lo
2001:db8:4:1::1/128 :: Un 0 2 286 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::5054:ff:fe45:8010/128 :: Un 0 2 680 lo
fe80::5054:ff:fec2:6194/128 :: Un 0 2 631 lo
fe80::5054:ff:fef6:6f61/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 0 0 ens9
ff00::/8 :: U 256 1 10 ens8
ff00::/8 :: U 256 1 2334 ens3
::/0 :: !n -1 1 2175 lo


■ GoBGP-3上でのIPv6ルーティング動作確認

以下、GoBGP-3でのIPv6ルーティング情報と、IPv6フォワーディング情報を確認します


  • BGPテーブルの確認

tsubo@gobgp-3:~/golang/bin$ gobgp global rib -a ipv6

Network Next Hop AS_PATH Age Attrs
*> ::/0 2001:db8:4:1::1 65000 00:25:47 [{Origin: ?} {Med: 0} {LocalPref: 100}]
* ::/0 2001:db8:4:2::1 65000 05:14:04 [{Origin: ?} {Med: 0} {LocalPref: 100}]
*> 2001:db8:2::/64 2001:db8:4:1::1 65000 00:25:47 [{Origin: ?} {Med: 1} {LocalPref: 100}]
* 2001:db8:2::/64 2001:db8:4:2::1 65000 05:14:04 [{Origin: ?} {Med: 1} {LocalPref: 100}]
*> 2001:db8:3:1::/64 2001:db8:4:1::1 65000 00:25:47 [{Origin: ?} {Med: 1} {LocalPref: 100}]
*> 2001:db8:3:2::/64 2001:db8:4:2::1 65000 05:14:04 [{Origin: ?} {Med: 1} {LocalPref: 100}]
*> 2001:db8:5::/64 2001:db8:5::2 65002 05:14:03 [{Origin: ?} {Med: 1}]
*> 2001:db8:6::/64 2001:db8:5::2 65002 05:14:03 [{Origin: ?} {Med: 1}]


  • IPv6フォワーディング情報の確認

tsubo@gobgp-3:~/golang/bin$ route -n -A inet6

Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:db8:2::/64 2001:db8:4:1::1 UG 1 1 12 ens8
2001:db8:3:1::/64 2001:db8:4:1::1 UG 1 0 0 ens8
2001:db8:3:2::/64 2001:db8:4:2::1 UG 1 1 4 ens9
2001:db8:4:1::/64 :: U 256 1 18 ens8
2001:db8:4:2::/64 :: U 256 1 15 ens9
2001:db8:5::/64 :: U 256 1 380 ens10
2001:db8:6::/64 2001:db8:5::2 UG 1 1 2 ens10
fe80::/64 :: U 256 0 0 ens8
fe80::/64 :: U 256 0 0 ens9
fe80::/64 :: U 256 0 0 ens10
fe80::/64 :: U 256 0 0 ens3
::/0 2001:db8:4:1::1 UG 1024 0 0 ens8
::/0 :: !n -1 1 2163 lo
::1/128 :: Un 0 2 4 lo
2001:db8:4:1::/128 :: Un 0 1 0 lo
2001:db8:4:1::2/128 :: Un 0 2 155 lo
2001:db8:4:2::/128 :: Un 0 1 0 lo
2001:db8:4:2::2/128 :: Un 0 2 46 lo
2001:db8:5::/128 :: Un 0 1 0 lo
2001:db8:5::1/128 :: Un 0 2 182 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::5054:ff:fe0b:ad1a/128 :: Un 0 2 762 lo
fe80::5054:ff:fe44:c737/128 :: Un 0 2 685 lo
fe80::5054:ff:fe4b:9009/128 :: Un 0 1 0 lo
fe80::5054:ff:feb0:5e9c/128 :: Un 0 2 753 lo
ff00::/8 :: U 256 1 2 ens8
ff00::/8 :: U 256 1 1 ens9
ff00::/8 :: U 256 0 0 ens10
ff00::/8 :: U 256 1 2362 ens3
::/0 :: !n -1 1 2163 lo


■ VyOS-4上でのIPv6ルーティング動作確認

以下、vyos-4でのIPv6ルーティング情報と、IPv6フォワーディング情報を確認します


  • BGPテーブルの確認

tsubo@vyos-4:~$ show ipv6 bgp  

BGP table version is 0, local router ID is 10.0.0.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> ::/0 2001:db8:5::1 0 65001 65000 ?
*> 2001:db8:2::/64 2001:db8:5::1 0 65001 65000 ?
*> 2001:db8:3:1::/64
2001:db8:5::1 0 65001 65000 ?
*> 2001:db8:3:2::/64
2001:db8:5::1 0 65001 65000 ?
*> 2001:db8:5::/64 :: 1 32768 ?
*> 2001:db8:6::/64 :: 1 32768 ?

Total number of prefixes 6


  • IPv6フォワーディング情報の確認

tsubo@vyos-4:~$ show ipv6 route forward 

2001:db8:2::/64 via 2001:db8:5::1 dev eth1 proto zebra metric 1024
2001:db8:3:1::/64 via 2001:db8:5::1 dev eth1 proto zebra metric 1024
2001:db8:3:2::/64 via 2001:db8:5::1 dev eth1 proto zebra metric 1024
2001:db8:5::/64 dev eth1 proto kernel metric 256
2001:db8:6::/64 dev eth2 proto kernel metric 256
fe80::/64 dev eth2 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev eth1 proto kernel metric 256
default via 2001:db8:5::1 dev eth1 proto zebra metric 1024


■ 最後に、エンドエンドでの疎通性を確認しておく

以下、vyos-4でのping/traceroute動作結果です


  • BGP配信されたIPv6ルーティングに従って、vyos-3宛てに、pingを打ってみる

tsubo@vyos-4:~$ ping6  2001:db8:2::1

PING 2001:db8:2::1(2001:db8:2::1) 56 data bytes
64 bytes from 2001:db8:2::1: icmp_seq=1 ttl=61 time=3.17 ms
64 bytes from 2001:db8:2::1: icmp_seq=2 ttl=61 time=2.79 ms
64 bytes from 2001:db8:2::1: icmp_seq=3 ttl=61 time=2.91 ms
64 bytes from 2001:db8:2::1: icmp_seq=4 ttl=61 time=2.78 ms
64 bytes from 2001:db8:2::1: icmp_seq=5 ttl=61 time=3.03 ms
^C
--- 2001:db8:2::1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 2.783/2.940/3.176/0.160 ms

 tracerouteも、打ってみる

tsubo@vyos-4:~$ traceroute6  2001:db8:2::1

traceroute to 2001:db8:2::1 (2001:db8:2::1), 30 hops max, 80 byte packets
1 2001:db8:5::1 (2001:db8:5::1) 0.712 ms 0.422 ms 0.579 ms
2 2001:db8:4:1::1 (2001:db8:4:1::1) 1.747 ms 2.726 ms 2.521 ms
3 2001:db8:3:1::1 (2001:db8:3:1::1) 4.197 ms 4.138 ms 4.070 ms
4 2001:db8:2::1 (2001:db8:2::1) 5.414 ms 5.418 ms 5.409 ms


  • BGP配信されたデフォルト経路に従って、vyos-3宛てに、pingを打ってみる

tsubo@vyos-4:~$ ping6 2001:db8:1::2

PING 2001:db8:1::2(2001:db8:1::2) 56 data bytes
64 bytes from 2001:db8:1::2: icmp_seq=1 ttl=61 time=2.85 ms
64 bytes from 2001:db8:1::2: icmp_seq=2 ttl=61 time=2.78 ms
64 bytes from 2001:db8:1::2: icmp_seq=3 ttl=61 time=2.92 ms
64 bytes from 2001:db8:1::2: icmp_seq=4 ttl=61 time=3.05 ms
64 bytes from 2001:db8:1::2: icmp_seq=5 ttl=61 time=2.84 ms
^C
--- 2001:db8:1::2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 2.780/2.890/3.051/0.103 ms

 tracerouteも、打ってみる

tsubo@vyos-4:~$ traceroute6 2001:db8:1::2

traceroute to 2001:db8:1::2 (2001:db8:1::2), 30 hops max, 80 byte packets
1 2001:db8:5::1 (2001:db8:5::1) 0.751 ms 0.761 ms 0.715 ms
2 2001:db8:4:1::1 (2001:db8:4:1::1) 1.779 ms 1.422 ms 1.372 ms
3 2001:db8:3:1::1 (2001:db8:3:1::1) 2.223 ms 2.294 ms 2.240 ms
4 2001:db8:1::2 (2001:db8:1::2) 2.201 ms 2.164 ms 2.126 ms

以上、IPv6ネットワークでのBGPルーティング動作が確認できました。