# オンプレ側ルーター(Cisco 1812J, Juniper SRX210, YAMAHA RTX 1210)から Direct Connect へ BGP 設定 ## オンプレ側ルーター(Cisco 1812J, Juniper SRX210, YAMAHA RTX 1210)から Direct Connect へ BGP 設定 ## Direct Connect 側の設定 ### Direct Connect 設定内容 以下の内容で Direct Connect 側の共有型の接続設定 * 接続 * DXtest ``` ポートスピード 1Gbps 接続 ID: dxcon-fh2ttlhf 場所: Equinix TY2, TY6 - TY8, Tokyo, JPN AWS デバイス: EqTY2-nnpntj8jigol ``` * 仮想インターフェイス * test-vif ``` ** 要約 ID: dxvif-fhaap5yn AWS アカウント: 745403317212 タイプ: private 状態: available 接続: dxcon-fh2ttlhf 場所: EqTY2 仮想ゲートウェイ: vgw-9ac0729b 割り当て済み VLAN: 972 Amazon 側の ASN: 10124 ** Peerings ID: dxpeer-fgsniovz アドレスファミリー: ipv4 BGP: 65000 ルーターのピア IP: 169.254.252.86/30 Amazon ルーターのピア IP: 169.254.252.85/30 ``` * test-vif2 ``` ** 要約 ID: dxvif-fhbbt12v AWS アカウント: 745403317212 タイプ: private 状態: available 接続: dxcon-fh2ttlhf 場所: EqTY2 仮想ゲートウェイ: vgw-9ac0729b 割り当て済み VLAN: 974 Amazon 側の ASN: 10124 ** Peerings ID: dxpeer-fgg802mv アドレスファミリー: ipv4 BGP ASN: 65000 ルーターのピア IP: 169.254.252.90/30 Amazon ルーターのピア IP: 169.254.252.89/30 ``` * test-vif3 ``` ** 要約 ID: dxvif-fgi1cm24 AWS アカウント: 745403317212 タイプ: private 状態: available 接続: dxcon-fh2ttlhf 場所: EqTY2 仮想ゲートウェイ: vgw-9ac0729b 割り当て済み VLAN: 976 Amazon 側の ASN: 10124 ** Peerings ID: dxpeer-fh3vfyls アドレスファミリー: ipv4 BGP ASN: 65000 ルーターのピア IP: 169.254.252.102/30 Amazon ルーターのピア IP: 169.254.252.101/30 ``` ### ルーター設定 #### Cisco 1812J * VLAN 設定 VLAN 972をトランクモードで設定 ``` 1812J-1#conf t 1812J-1(config)#vlan 972 1812J-1(config-vlan)#exit 1812J-1(config)#interface range fastEthernet 2 1812J-1(config-if-range)#switchport mode trunk 1812J-1(config-if-range)#switchport trunk allowed vlan add 1,864,913,972,991,1002-1005 1812J-1(config-vlan)#exit 1812J-1(config)#interface vlan 972 1812J-1(config-if)#ip address 169.254.252.86 255.255.255.252 ``` Amazon ルーターのピア IP に ping が通ることを確認 ``` 1812J-1#ping 169.254.252.85 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 169.254.252.85, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms ``` * BGP の設定 AS 番号は、Amazon 側が10124、自分のルータ側が65000 設定ファイルをダウンロードして参考にする。 ``` 1812J-1#conf t 1812J-1(config)# no router bgp 65523 1812J-1(config)# router bgp 65000 1812J-1(config-router)# neighbor 169.254.252.85 remote-as 10124 1812J-1(config-router)# neighbor 169.254.252.85 password <マネジメントコンソールから確認できる BGP 認証キー> 1812J-1(config-router)# network 169.254.0.0/16 1812J-1(config-router)# exit 1812J-1(config)# exit ``` #### 設定内容確認 * show running-config ``` ! interface FastEthernet2 switchport trunk allowed vlan 1,864,913,972,991,1002-1005 switchport mode trunk ! : : ! interface Vlan972 ip address 169.254.252.86 255.255.255.252 ! : : ! router bgp 65000 no synchronization bgp log-neighbor-changes network 169.254.0.0/16 neighbor 169.254.252.85 remote-as 10124 neighbor 169.254.252.85 password 7 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX no auto-summary ! ``` * show ip bgp neighbors ``` BGP neighbor is 169.254.252.85, remote AS 10124, external link BGP version 4, remote router ID 103.246.151.0 BGP state = Established, up for 00:01:11 Last read 00:00:14, last write 00:00:09, hold time is 90, keepalive interval is 30 seconds Neighbor capabilities: Route refresh: advertised and received(new) New ASN Capability: advertised and received Address family IPv4 Unicast: advertised and received Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 1 1 Notifications: 0 0 Updates: 1 0 Keepalives: 4 4 Route Refresh: 0 0 Total: 6 5 Default minimum time between advertisement runs is 30 seconds For address family: IPv4 Unicast ``` オンプレ側のルーターから、AWS の VPC 内の EC2 インスタンスへアクセス ### オンプレ側のルーターから、VPC 内の EC2 インスタンスへの疎通性開通 VGW を VPC にアタッチして、以下のルーティングを追加。また、ルート伝搬を有効にする。 ルート伝搬で追加されるルートは、Cisco 側で network で追加した CIDR 情報(169.254.0.0/16)。 169.254.0.0/16 vgw-9ac0729b アクティブ いいえ ping が通るように ``` 1812J-1#ping 172.16.0.169 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.0.169, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms ``` EC2 インスタンスからルーターへも ping が通る ``` [ec2-user@ip-172-16-0-169 ~]$ ping 169.254.252.86 PING 169.254.252.86 (169.254.252.86) 56(84) bytes of data. 64 bytes from 169.254.252.86: icmp_seq=1 ttl=246 time=4.72 ms 64 bytes from 169.254.252.86: icmp_seq=2 ttl=246 time=4.81 ms ^C --- 169.254.252.86 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 4.722/4.767/4.813/0.082 ms ``` #### Juniper SRX210 * VLAN 設定 SRX では、セキュリティグループを開放しないといけないことに注意。 ``` root> configure exclusive warning: uncommitted changes will be discarded on exit Entering configuration mode [edit] root# delete interfaces ge-0/0/2 [edit] root# set interfaces ge-0/0/0 unit 974 vlan-id 974 [edit] root# set interfaces ge-0/0/0 unit 974 family inet mtu 1500 [edit] root# set interfaces ge-0/0/0 unit 974 family inet address 169.254.252.90/30 [edit] root# set security zones security-zone trust interfaces ge-0/0/0.974 host-inbound-traffic system-services ping [edit] root# commit check configuration check succeeds [edit] root# commit and-quit commit complete Exiting configuration mode ``` インターフェイスの設定内容確認 ``` root> show interfaces terse Interface Admin Link Proto Local Remote ge-0/0/0 up up ge-0/0/0.911 up up inet 169.254.252.6/30 ge-0/0/0.32767 up up gr-0/0/0 up up ip-0/0/0 up up lsq-0/0/0 up up lt-0/0/0 up up mt-0/0/0 up up sp-0/0/0 up up sp-0/0/0.0 up up inet inet6 sp-0/0/0.16383 up up inet 10.0.0.1 --> 10.0.0.16 10.0.0.6 --> 0/0 128.0.0.1 --> 128.0.1.16 128.0.0.6 --> 0/0 ge-0/0/1 up up ge-0/0/1.914 up up inet 169.254.252.66/30 ge-0/0/1.32767 up up ge-0/0/2 up down ge-0/0/2.974 up down inet 169.254.252.90/30 ge-0/0/2.32767 up down ge-0/0/3 up down ge-0/0/3.0 up down eth-switch ge-0/0/4 up up ge-0/0/4.0 up up eth-switch ge-0/0/5 up down ``` ``` root# show interfaces ge-0/0/0 { flexible-vlan-tagging; mtu 1522; unit 911 { vlan-id 911; family inet { mtu 1500; address 169.254.252.6/30; } } unit 974 { vlan-id 974; family inet { mtu 1500; address 169.254.252.90/30; } } } ``` Amazon ルーターのピア IP に ping が通ることを確認 ``` root> ping 169.254.252.89 PING 169.254.252.89 (169.254.252.89): 56 data bytes 64 bytes from 169.254.252.89: icmp_seq=0 ttl=64 time=2.386 ms 64 bytes from 169.254.252.89: icmp_seq=1 ttl=64 time=2.169 ms 64 bytes from 169.254.252.89: icmp_seq=2 ttl=64 time=37.421 ms ^C --- 169.254.252.89 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 2.169/13.992/37.421/16.567 ms ``` * BGP の設定 ``` root> configure exclusive root# set policy-options policy-statement EXPORT-INTERNAL term INTERNAL from route-filter 169.254.0.0/16 exact [edit] root# set policy-options policy-statement EXPORT-INTERNAL term INTERNAL then accept [edit] root# set policy-options policy-statement EXPORT-INTERNAL term REJECT then reject [edit] root# set routing-options autonomous-system 65000 [edit] root# set protocols bgp group EBGP type external [edit] root# set protocols bgp group EBGP peer-as 10124 [edit] root# set protocols bgp group EBGP local-address 169.254.252.90 [edit] root# set protocols bgp group EBGP neighbor 169.254.252.89 [edit] root# set protocols bgp group EBGP export EXPORT-INTERNAL [edit] root# set protocols bgp group EBGP authentication-key "0xAjOvZxy3ldLFXcIvTvpCWf" [edit] root# commit check configuration check succeeds [edit] root# commit and-quit commit complete Exiting configuration mode root> ``` show bgp neighbor ``` Peer: 169.254.252.89+179 AS 10124 Local: 169.254.252.90+62648 AS 65000 Type: External State: Established Flags: <ImportEval Sync> Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: None Export: [ EXPORT-INTERNAL ] Options: <Preference LocalAddress AuthKey PeerAS Refresh> Authentication key is configured Local Address: 169.254.252.90 Holdtime: 90 Preference: 170 Number of flaps: 0 Peer ID: 103.246.151.0 Local ID: 192.168.2.1 Active Holdtime: 90 Keepalive Interval: 30 Peer index: 0 BFD: disabled, down Local Interface: ge-0/0/0.974 NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Stale routes from peer are kept for: 300 Peer does not support Restarter functionality NLRI that restart is negotiated for: inet-unicast NLRI of received end-of-rib markers: inet-unicast NLRI of all end-of-rib markers sent: inet-unicast Peer supports 4 byte AS extension (peer-as 10124) Peer does not support Addpath Table inet.0 Bit: 10000 RIB State: BGP restart is complete Send state: in sync Active prefixes: 1 Received prefixes: 1 Accepted prefixes: 1 Suppressed due to damping: 0 Advertised prefixes: 0 Last traffic (seconds): Received 8 Sent 3 Checked 4 Input messages: Total 14 Updates 2 Refreshes 0 Octets 297 Output messages: Total 16 Updates 0 Refreshes 0 Octets 367 Output Queue[0]: 0 ``` #### YAMAHA RTX 1210 lan1/1はマネジメントポート、lan2/1はDirect Connectにつなぐ用のポート ``` rtx1210-1> administrator Password: rtx1210-1# ip lan1/1 address 192.168.1.2/24 rtx1210-1# vlan lan1/1 802.1q vid=100 rtx1210-1# ip lan2/1 address 169.254.252.102/30 rtx1210-1# vlan lan2/1 802.1q vid=976 rtx1210-1# bgp use on rtx1210-1# bgp autonomous-system 65000 rtx1210-1# bgp neighbor 1 10124 169.254.252.101 hold-time=30 rtx1210-1# local-address=169.254.252.102 rtx1210-1# bgp neighbor pre-shared-key 1 text <マネジメントコンソールから確認できる BGP 認証キー> rtx1210-1# bgp import filter 1 include 0.0.0.0/0 rtx1210-1# bgp import 10124 static filter 1 rtx1210-1# save ``` 再起動 ``` rtx1210-1# restart Restarting ... RTX1210 BootROM Ver. 1.03 Copyright (c) 2014 Yamaha Corporation Press 'Enter' or 'Return' to select a firmware and a configuration. Default settings : exec0 and config0 Starting with default settings. Starting with exec0 and config0 ... Loading configuration file... Done. RTX1210 Rev.14.01.26 (Tue Mar 27 15:08:37 2018) Copyright (c) 1994-2018 Yamaha Corporation. All Rights Reserved. To display the software copyright statement, use 'show copyright' command. 00:a0:de:c9:66:ef, 00:a0:de:c9:66:f0, 00:a0:de:c9:66:f1 Memory 256Mbytes, 3LAN, 1BRI : : ----- ----------------------------------- * 0 Rev.14.01.26 1 Rev.14.01.14 ----- ----------------------------------- Select the firmware [0 or 1] : 0 No. Date Time Size Sects Comment ----- ---------- -------- ------- ------- ------------------------------------ * 0 2018/07/10 22:41:38 1428 208/208 0.1 2018/07/10 22:39:15 1454 209/209 0.2 2018/07/10 22:14:19 1336 210/210 ----- ---------- -------- ------- ------- ------------------------------------ Select the configuration [Number in upper list, or '-'(hyphen) to go back] : 0 Starting with exec0 and config0 ... Loading configuration file... Done. RTX1210 Rev.14.01.26 (Tue Mar 27 15:08:37 2018) Copyright (c) 1994-2018 Yamaha Corporation. All Rights Reserved. To display the software copyright statement, use 'show copyright' command. 00:a0:de:c9:66:ef, 00:a0:de:c9:66:f0, 00:a0:de:c9:66:f1 Memory 256Mbytes, 3LAN, 1BRI Password: RTX1210 Rev.14.01.26 (Tue Mar 27 15:08:37 2018) Copyright (c) 1994-2018 Yamaha Corporation. All Rights Reserved. To display the software copyright statement, use 'show copyright' command. 00:a0:de:c9:66:ef, 00:a0:de:c9:66:f0, 00:a0:de:c9:66:f1 Memory 256Mbytes, 3LAN, 1BRI ``` pingが通るように ``` rtx1210-1> ping 169.254.252.101 received from 169.254.252.101: icmp_seq=0 ttl=63 time=1.023ms received from 169.254.252.101: icmp_seq=1 ttl=63 time=0.894ms received from 169.254.252.101: icmp_seq=2 ttl=63 time=1.186ms 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max = 0.894/1.034/1.186 ms ``` 設定内容 L1 ``` rtx1210-1# show status vlan LAN1 Link status: Up Virtual LAN lan1/1 VLAN ID: 100 IP address: 192.168.1.2/24 LAN2 Link status: Up Virtual LAN lan2/1 VLAN ID: 976 IP address: 169.254.252.102/30 ``` L2 ``` rtx1210-1# show arp Count: 3 Interface IP address MAC address TTL(second) LAN2/1 169.254.252.101 2c:21:72:bb:b2:ed 984 LAN3 203.152.196.113 00:1e:68:8e:31:e7 1199 LAN3 203.152.196.117 00:1b:d4:56:68:b0 259 ``` L3 ``` rtx1210-1# show ip route Destination Gateway Interface Kind Additional Info. default 203.152.196.113 LAN3 static 169.254.25.104/30 - TUNNEL[1] implicit 169.254.27.92/30 - TUNNEL[2] implicit 169.254.252.100/30 169.254.252.102 LAN2/1 implicit 172.16.0.0/16 169.254.252.101 LAN2/1 BGP path=10124 172.20.1.0/24 - TUNNEL[1] static k(1) 172.20.1.0/24 - TUNNEL[2] static w(0) 172.20.255.0/24 192.168.1.15 LAN1/1 static 192.168.1.0/24 192.168.1.2 LAN1/1 implicit 203.152.196.112/28 203.152.196.115 LAN3 implicit ``` BGP ``` rtx1210-1# show status bgp neighbor BGP neighbor is 169.254.252.101, remote AS 10124, local AS 65000, external link BGP version 0, remote router ID 0.0.0.0 BGP state = Active Last read 00:00:00, hold time is 0, keepalive interval is 0 seconds Received 0 messages, 0 notifications, 0 in queue Sent 0 messages, 0 notifications, 0 in queue Connection established 0; dropped 0 Last reset never Local host: unspecified Foreign host: 169.254.252.101, Foreign port: 0 ``` Config ``` rtx1210-1# show config # RTX1210 Rev.14.01.26 (Tue Mar 27 15:08:37 2018) # MAC Address : 00:a0:de:c9:66:ef, 00:a0:de:c9:66:f0, 00:a0:de:c9:66:f1 # Memory 256Mbytes, 3LAN, 1BRI # main: RTX1210 ver=00 serial=S4H021978 MAC-Address=00:a0:de:c9:66:ef MAC-Addr ess=00:a0:de:c9:66:f0 MAC-Address=00:a0:de:c9:66:f1 # Reporting Date: Jul 11 17:05:49 2018 login password * administrator password * login user administrator * timezone +09:00 console character en.ascii console prompt jp-lab-rtx1210-1.lab.hjk.jp login timer 3600 ip routing on ip route default gateway 203.152.196.113 ip route 172.20.1.0/24 gateway tunnel 1 keepalive 1 gateway tunnel 2 weight 0 ip route 172.20.255.0/24 gateway 192.168.1.15 description lan1 lan vlan lan1/1 802.1q vid=100 ip lan1/1 address 192.168.1.2/24 lan type lan2 1000-fdx vlan lan2/1 802.1q vid=976 ip lan2/1 address 169.254.252.102/30 : ``` ### Command References * Cisco IOS Master Command List, All Releases * * CLI User Guild - Technical Documentation - Support - Juniper Networks * * Yamaha ルーターシリーズ - コマンドリファレンス * ### References * Amazon VPCとAWS Direct Connectで接続するルーターの設定 : コマンド設定 * * Network Study3 - Juniper JUNOS * * \[図解]AWS Direct ConnectのShared Virtual Interfacesとは * * BGP - Neighbor * --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hayashier.gitbook.io/article/networking/onpremises-directconnect.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.