【概要】
VRFを各ルータに2つ作成し、各VRFセグメントをeBGPでルーティングする。
構成図の通り、【VRF AAA】と【VRF BBB】で全く同じアドレス体系にしても問題ないため同様とした。
※構成図、Configの誤記ではない
<OSPF Routingはこちら>
https://start-nw.com/netwrok/vrf-ospf-routing/
構成 (Cisco CMLで構成)
- PC1 (VRF AAA/192.168.1.1) ⇔ PC3 (VRF AAA/10.1.1.1) 通信可能
- PC2 (VRF BBB/192.168.1.1) ⇒ PC4 (VRF BBB/10.1.1.1) 通信可能
- PC1 (VRF AAA/192.168.1.1) ⇔ PC2 (VRF BBB/192.168.1.1) 通信不可
- PC1 (VRF AAA/192.168.1.1) ⇔ PC4 (VRF BBB/10.1.1.1) 通信不可
- PC2 (VRF BBB/192.168.1.1) ⇒ PC3 (VRF AAA/10.1.1.1) 通信可能
Config
R1-config click
hostname R1 ! ip vrf AAA rd 1:1 ! ip vrf BBB rd 2:2 ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface GigabitEthernet0/0 no ip address duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 10.12.1.1 255.255.255.0 ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 10.12.1.1 255.255.255.0 ! interface GigabitEthernet0/1 no ip address duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 192.168.1.254 255.255.255.0 ! interface GigabitEthernet0/1.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 192.168.1.254 255.255.255.0 ! router bgp 1 bgp log-neighbor-changes ! address-family ipv4 vrf AAA network 192.168.1.0 neighbor 10.12.1.2 remote-as 2 neighbor 10.12.1.2 activate exit-address-family ! address-family ipv4 vrf BBB network 192.168.1.0 neighbor 10.12.1.2 remote-as 2 neighbor 10.12.1.2 activate exit-address-family ! control-plane ! end
R2-config click
hostname R2 ! ip vrf AAA rd 1:1 ! ip vrf BBB rd 2:2 ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface GigabitEthernet0/0 no ip address duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 10.12.1.2 255.255.255.0 ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 10.12.1.2 255.255.255.0 ! interface GigabitEthernet0/1 no ip address duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 10.23.1.2 255.255.255.0 ! interface GigabitEthernet0/1.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 10.23.1.2 255.255.255.0 ! router bgp 2 bgp log-neighbor-changes ! address-family ipv4 vrf AAA network 10.1.1.0 network 192.168.1.0 neighbor 10.12.1.1 remote-as 1 neighbor 10.12.1.1 activate neighbor 10.23.1.3 remote-as 3 neighbor 10.23.1.3 activate exit-address-family ! address-family ipv4 vrf BBB network 10.1.1.0 network 192.168.1.0 neighbor 10.12.1.1 remote-as 1 neighbor 10.12.1.1 activate neighbor 10.23.1.3 remote-as 3 neighbor 10.23.1.3 activate exit-address-family ! control-plane ! end
R3-config click
hostname R3 ! ip vrf AAA rd 1:1 ! ip vrf BBB rd 2:2 ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface GigabitEthernet0/0 no ip address duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 10.1.1.254 255.255.255.0 ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 10.1.1.254 255.255.255.0 ! interface GigabitEthernet0/1 no ip address duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 10.23.1.3 255.255.255.0 ! interface GigabitEthernet0/1.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 10.23.1.3 255.255.255.0 ! router bgp 3 bgp log-neighbor-changes ! address-family ipv4 vrf AAA network 10.1.1.0 mask 255.255.255.0 neighbor 10.23.1.2 remote-as 2 neighbor 10.23.1.2 activate exit-address-family ! address-family ipv4 vrf BBB network 10.1.1.0 mask 255.255.255.0 neighbor 10.23.1.2 remote-as 2 neighbor 10.23.1.2 activate exit-address-family ! control-plane ! end
各種ログ
show ip interface brief
R1#show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES NVRAM up up GigabitEthernet0/0.10 10.12.1.1 YES NVRAM up up GigabitEthernet0/0.20 10.12.1.1 YES NVRAM up up GigabitEthernet0/1 unassigned YES NVRAM up up GigabitEthernet0/1.10 192.168.1.254 YES NVRAM up up GigabitEthernet0/1.20 192.168.1.254 YES NVRAM up up Loopback0 1.1.1.1 YES manual up up
R2#show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES NVRAM up up GigabitEthernet0/0.10 10.12.1.2 YES NVRAM up up GigabitEthernet0/0.20 10.12.1.2 YES NVRAM up up GigabitEthernet0/1 unassigned YES NVRAM up up GigabitEthernet0/1.10 10.23.1.2 YES NVRAM up up GigabitEthernet0/1.20 10.23.1.2 YES NVRAM up up Loopback0 2.2.2.2 YES NVRAM up up
R3#show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES NVRAM up up GigabitEthernet0/0.10 10.1.1.254 YES NVRAM up up GigabitEthernet0/0.20 10.1.1.254 YES NVRAM up up GigabitEthernet0/1 unassigned YES NVRAM up up GigabitEthernet0/1.10 10.23.1.3 YES NVRAM up up GigabitEthernet0/1.20 10.23.1.3 YES NVRAM up up Loopback0 3.3.3.3 YES NVRAM up up
show ip bgp all
R1#show ip bgp all
<省略>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf AAA)
*> 10.1.1.0/24 10.12.1.2 0 2 3 i
*> 192.168.1.0 0.0.0.0 0 32768 i
Route Distinguisher: 2:2 (default for vrf BBB)
*> 10.1.1.0/24 10.12.1.2 0 2 3 i
*> 192.168.1.0 0.0.0.0 0 32768 i
R2#show ip bgp all
<省略>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf AAA)
*> 10.1.1.0/24 10.23.1.3 0 0 3 i
*> 192.168.1.0 10.12.1.1 0 0 1 i
Route Distinguisher: 2:2 (default for vrf BBB)
*> 10.1.1.0/24 10.23.1.3 0 0 3 i
*> 192.168.1.0 10.12.1.1 0 0 1 i
R3#show ip bgp all
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf AAA)
*> 10.1.1.0/24 0.0.0.0 0 32768 i
*> 192.168.1.0 10.23.1.2 0 2 1 i
Route Distinguisher: 2:2 (default for vrf BBB)
*> 10.1.1.0/24 0.0.0.0 0 32768 i
*> 192.168.1.0 10.23.1.2 0 2 1 i
show ip route [AAA/BBB] bgp
R1#show ip route vrf AAA bgp
Routing Table: AAA
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.1.1.0/24 [20/0] via 10.12.1.2, 02:15:42
-------------------------------------------------------------------------------
R1#show ip route vrf BBB bgp
Routing Table: BBB
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.1.1.0/24 [20/0] via 10.12.1.2, 02:15:50
R2#show ip route vrf AAA bgp
Routing Table: AAA
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B 10.1.1.0/24 [20/0] via 10.23.1.3, 02:16:10
B 192.168.1.0/24 [20/0] via 10.12.1.1, 02:20:18
-------------------------------------------------------------------------------
R2#show ip route vrf BBB bgp
Routing Table: BBB
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B 10.1.1.0/24 [20/0] via 10.23.1.3, 02:16:28
B 192.168.1.0/24 [20/0] via 10.12.1.1, 02:20:36
R3#show ip route vrf AAA bgp Routing Table: AAA Gateway of last resort is not set B 192.168.1.0/24 [20/0] via 10.23.1.2, 02:16:09 ------------------------------------------------------------------------------- R3#show ip route vrf BBB bgp Routing Table: BBB Gateway of last resort is not set B 192.168.1.0/24 [20/0] via 10.23.1.2, 02:16:23
Arp/MAC address Table確認
PC1 / PC 2が【VRF AAA】と【VRF BBB】で全く同じアドレス体系になっているため、PC端末テレコになっていないか、ログから確認する。
構成部分拡大
R1のARPテーブルを確認
VRF AAA
R1#show ip arp vrf AAA
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.12.1.1 - 5254.0008.8ed6 ARPA GigabitEthernet0/0.10
Internet 10.12.1.2 154 5254.0005.2315 ARPA GigabitEthernet0/0.10
Internet 192.168.1.1 0 5254.0002.2f95 ARPA GigabitEthernet0/1.10
Internet 192.168.1.254 - 5254.000a.e56a ARPA GigabitEthernet0/1.10
VRF BBB
R1#show ip arp vrf BBB
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.12.1.1 - 5254.0008.8ed6 ARPA GigabitEthernet0/0.20
Internet 10.12.1.2 154 5254.0005.2315 ARPA GigabitEthernet0/0.20
Internet 192.168.1.1 0 5254.0018.3dd6 ARPA GigabitEthernet0/1.20
Internet 192.168.1.254 - 5254.000a.e56a ARPA GigabitEthernet0/1.20
SW1のMAC addressテーブル確認
SW1#show mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 5254.0002.2f95 DYNAMIC Gi0/1 //PC1
10 5254.000a.e56a DYNAMIC Gi0/0
20 5254.000a.e56a DYNAMIC Gi0/0
20 5254.0018.3dd6 DYNAMIC Gi0/2 //PC2
Total Mac Addresses for this criterion: 4
確認の結果
以下1~3のログから、整合性をみて想定通りであると確認が取れた。
- PCのipconfig
- R1のshow ip arp
- SW1のshow mac address-table
