awa Network: Mini Lab BGP and Packet Capture with Virtual-Router

Previous posted about setup mini lab OSPF with one Juniper use virtual-router to separate route table. The virtual-router is not just separate routing table as basic function, but some of other feature can also separated. It's not just OSPF can run between virtual-router, BGP routing protocols can running well. This is great feature, why ? because a physical router can setup multiple AS number to running multiple BGP process.

The other great way from JunOS to really separation is Logical-Systems (LSYS). LSYS isn't just traffic separation and some feature, but LSYS can administrative separation, logging separation and resource separation. The purpose is to partition system, the system don't talk each other. Special for SRX system, LSYS only allow for the high end SRX (SRX1400, SRX3400, SRX3600, SRX5600 and SRX5800) and also have licenses.

#### R0
user@JunOS> show configuration routing-instances R0
instance-type virtual-router;
interface ge-0/0/0.0;
routing-options {
autonomous-system 10;
}
protocols {
bgp {
group BGPtoR1 {
type external;
peer-as 11;
neighbor 172.16.1.11;
}
}
}

#### R1
user@JunOS> show configuration routing-instances R1
instance-type virtual-router;
interface ge-0/0/1.0;
routing-options {
autonomous-system 11;
}
protocols {
bgp {
group BGPtoR0 {
type external;
peer-as 10;
neighbor 172.16.1.10;
}
}
}

#### Verify BGP
user@JunOS> show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.10 10 14 15 0 0 5:20 Establ
R1.inet.0: 0/0/0/0
172.16.1.11 11 14 14 0 0 5:20 Establ
R0.inet.0: 0/0/0/0

user@JunOS> show bgp neighbor instance R0 | no-more
Peer: 172.16.1.11+179 AS 11 Local: 172.16.1.10+51682 AS 10
Type: External State: Established Flags:
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Options:
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 172.16.1.11 Local ID: 172.16.1.10 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 0
BFD: disabled, down
Local Interface: ge-0/0/0.0
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Restart time configured on the peer: 120
Stale routes from peer are kept for: 300
Restart time requested by this peer: 120
NLRI that peer supports restart for: inet-unicast
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 11)
Table R0.inet.0 Bit: 10000
RIB State: BGP restart is complete
RIB State: VPN restart is complete
Send state: in sync
Active prefixes: 0
Received prefixes: 0
Accepted prefixes: 0
Suppressed due to damping: 0
Advertised prefixes: 0
Last traffic (seconds): Received 8 Sent 17 Checked 24
Input messages: Total 15 Updates 1 Refreshes 0 Octets 289
Output messages: Total 15 Updates 0 Refreshes 0 Octets 348
Output Queue[0]: 0

user@JunOS> show bgp neighbor instance R1 | no-more
Peer: 172.16.1.10+51682 AS 10 Local: 172.16.1.11+179 AS 11
Type: External State: Established Flags:
Last State: OpenConfirm Last Event: RecvKeepAlive
Last Error: None
Options:
Holdtime: 90 Preference: 170
Number of flaps: 0
Peer ID: 172.16.1.10 Local ID: 172.16.1.11 Active Holdtime: 90
Keepalive Interval: 30 Peer index: 0
BFD: disabled, down
Local Interface: ge-0/0/1.0
NLRI for restart configured on peer: inet-unicast
NLRI advertised by peer: inet-unicast
NLRI for this session: inet-unicast
Peer supports Refresh capability (2)
Restart time configured on the peer: 120
Stale routes from peer are kept for: 300
Restart time requested by this peer: 120
NLRI that peer supports restart for: inet-unicast
NLRI that restart is negotiated for: inet-unicast
NLRI of received end-of-rib markers: inet-unicast
NLRI of all end-of-rib markers sent: inet-unicast
Peer supports 4 byte AS extension (peer-as 10)
Table R1.inet.0 Bit: 20000
RIB State: BGP restart is complete
RIB State: VPN restart is complete
Send state: in sync
Active prefixes: 0
Received prefixes: 0
Accepted prefixes: 0
Suppressed due to damping: 0
Advertised prefixes: 0
Last traffic (seconds): Received 21 Sent 12 Checked 12
Input messages: Total 15 Updates 1 Refreshes 0 Octets 329
Output messages: Total 16 Updates 0 Refreshes 0 Octets 367
Output Queue[1]: 0

Then after the BGP established, I will disable interface in R0 ge-0/0/0.0 then enable again. During enable interface ge-0/0/0.0 also capture traffic in R1 ge-0/0/1.0 use internal feature 'monitor traffic'.

#### Verify BGP Packet Capture
user@JunOS> monitor traffic interface ge-0/0/1
verbose output suppressed, use or for full protocol decode
Address resolution is ON. Use to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-0/0/1, capture size 96 bytes

Reverse lookup for 172.16.1.11 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use to avoid reverse lookups on IP addresses.

08:46:01.819936 Out IP truncated-ip - 4 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: S 1242851017:1242851017(0) win 16384
08:46:04.922312 Out IP truncated-ip - 4 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: S 1242851017:1242851017(0) win 16384
08:46:06.452115 In IP 172.16.1.10.51682 > 172.16.1.11.bgp: FP 3682718233:3682718254(21) ack 1992165605 win 16384 : BGP, length: 21
08:46:06.452337 Out IP 172.16.1.11.bgp > 172.16.1.10.51682: R 1992165605:1992165605(0) win 0
08:46:08.205122 Out IP truncated-ip - 4 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: S 1242851017:1242851017(0) win 16384
08:46:08.208571 In IP 172.16.1.10.bgp > 172.16.1.11.58976: S 376449534:376449534(0) ack 1242851018 win 16384
08:46:08.208894 Out IP 172.16.1.11.58976 > 172.16.1.10.bgp: . ack 1 win 17376
08:46:08.209875 Out IP truncated-ip - 51 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: P 1:60(59) ack 1 win 17376 : BGP, length: 59
08:46:08.217495 In IP 172.16.1.10.bgp > 172.16.1.11.58976: P 1:60(59) ack 60 win 16384 : BGP, length: 59
08:46:08.218170 Out IP truncated-ip - 11 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: P 60:79(19) ack 60 win 17317 : BGP, length: 19
08:46:08.238541 In IP 172.16.1.10.bgp > 172.16.1.11.58976: P 60:79(19) ack 79 win 16365 : BGP, length: 19
08:46:08.240109 Out IP truncated-ip - 11 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: P 79:98(19) ack 79 win 17298 : BGP, length: 19
08:46:08.258311 In IP 172.16.1.10.bgp > 172.16.1.11.58976: P 79:121(42) ack 98 win 16365 : BGP, length: 42
08:46:08.258629 Out IP truncated-ip - 15 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: P 98:121(23) ack 121 win 17256 : BGP, length: 23
08:46:08.365815 In IP 172.16.1.10.bgp > 172.16.1.11.58976: . ack 121 win 16384

08:46:35.063993 In IP 172.16.1.10.bgp > 172.16.1.11.58976: P 121:140(19) ack 121 win 16384 : BGP, length: 19
08:46:35.165828 Out IP 172.16.1.11.58976 > 172.16.1.10.bgp: . ack 140 win 17237
08:46:35.902168 Out IP truncated-ip - 11 bytes missing! 172.16.1.11.58976 > 172.16.1.10.bgp: P 121:140(19) ack 140 win 17237 : BGP, length: 19
08:46:36.006820 In IP 172.16.1.10.bgp > 172.16.1.11.58976: . ack 140 win 16384

^C
19 packets received by filter
0 packets dropped by kernel

user@JunOS> show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.10 10 443 449 0 1 56 Establ
R1.inet.0: 0/0/0/0
172.16.1.11 11 4 4 0 1 56 Establ
R0.inet.0: 0/0/0/0

awa Network

Monday, September 23, 2013

Mini Lab BGP and Packet Capture with Virtual-Router

No comments:

About Me

Links

Monthly Archive"s