スポンサーリンク
スポンサーリンク

【Cisco VRF】eBGP routing (同一・重複アドレス体系)

【概要】

VRFを各ルータに2つ作成し、各VRFセグメントをeBGPでルーティングする。
構成図の通り、【VRF AAA】と【VRF BBB】で全く同じアドレス体系にしても問題ないため同様とした。
※構成図、Configの誤記ではない

<OSPF Routingはこちら>
https://start-nw.com/netwrok/vrf-ospf-routing/

構成 (Cisco CMLで構成)

BGP-VRF1-1

  • PC1 (VRF AAA/192.168.1.1) ⇔ PC3 (VRF AAA/10.1.1.1) 通信可能
  • PC2 (VRF BBB/192.168.1.1) ⇒ PC4 (VRF BBB/10.1.1.1) 通信可能
  • PC1 (VRF AAA/192.168.1.1) ⇔ PC2 (VRF BBB/192.168.1.1) 通信不可
  • PC1 (VRF AAA/192.168.1.1) ⇔ PC4 (VRF BBB/10.1.1.1) 通信不可
  • PC2 (VRF BBB/192.168.1.1) ⇒ PC3 (VRF AAA/10.1.1.1) 通信可能

Config

R1-config click
hostname R1
!
ip vrf AAA
 rd 1:1
!
ip vrf BBB
 rd 2:2
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip vrf forwarding AAA
 ip address 10.12.1.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip vrf forwarding BBB
 ip address 10.12.1.1 255.255.255.0
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip vrf forwarding AAA
 ip address 192.168.1.254 255.255.255.0
!
interface GigabitEthernet0/1.20
 encapsulation dot1Q 20
 ip vrf forwarding BBB
 ip address 192.168.1.254 255.255.255.0
!
router bgp 1
 bgp log-neighbor-changes
 !
 address-family ipv4 vrf AAA
  network 192.168.1.0
  neighbor 10.12.1.2 remote-as 2
  neighbor 10.12.1.2 activate
 exit-address-family
 !
 address-family ipv4 vrf BBB
  network 192.168.1.0
  neighbor 10.12.1.2 remote-as 2
  neighbor 10.12.1.2 activate
 exit-address-family
!
control-plane
!
end
R2-config click
hostname R2
!
ip vrf AAA
 rd 1:1
!
ip vrf BBB
 rd 2:2
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip vrf forwarding AAA
 ip address 10.12.1.2 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip vrf forwarding BBB
 ip address 10.12.1.2 255.255.255.0
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip vrf forwarding AAA
 ip address 10.23.1.2 255.255.255.0
!
interface GigabitEthernet0/1.20
 encapsulation dot1Q 20
 ip vrf forwarding BBB
 ip address 10.23.1.2 255.255.255.0
!
router bgp 2
 bgp log-neighbor-changes
 !
 address-family ipv4 vrf AAA
  network 10.1.1.0
  network 192.168.1.0
  neighbor 10.12.1.1 remote-as 1
  neighbor 10.12.1.1 activate
  neighbor 10.23.1.3 remote-as 3
  neighbor 10.23.1.3 activate
 exit-address-family
 !
 address-family ipv4 vrf BBB
  network 10.1.1.0
  network 192.168.1.0
  neighbor 10.12.1.1 remote-as 1
  neighbor 10.12.1.1 activate
  neighbor 10.23.1.3 remote-as 3
  neighbor 10.23.1.3 activate
 exit-address-family
!
control-plane
!
end
R3-config click
hostname R3
!
ip vrf AAA
 rd 1:1
!
ip vrf BBB
 rd 2:2
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip vrf forwarding AAA
 ip address 10.1.1.254 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip vrf forwarding BBB
 ip address 10.1.1.254 255.255.255.0
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip vrf forwarding AAA
 ip address 10.23.1.3 255.255.255.0
!
interface GigabitEthernet0/1.20
 encapsulation dot1Q 20
 ip vrf forwarding BBB
 ip address 10.23.1.3 255.255.255.0
!
router bgp 3
 bgp log-neighbor-changes
 !
 address-family ipv4 vrf AAA
  network 10.1.1.0 mask 255.255.255.0
  neighbor 10.23.1.2 remote-as 2
  neighbor 10.23.1.2 activate
 exit-address-family
 !
 address-family ipv4 vrf BBB
  network 10.1.1.0 mask 255.255.255.0
  neighbor 10.23.1.2 remote-as 2
  neighbor 10.23.1.2 activate
 exit-address-family
!
control-plane
!
end

各種ログ

show ip interface brief

R1#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         unassigned      YES NVRAM  up                    up
GigabitEthernet0/0.10      10.12.1.1       YES NVRAM  up                    up
GigabitEthernet0/0.20      10.12.1.1       YES NVRAM  up                    up
GigabitEthernet0/1         unassigned      YES NVRAM  up                    up
GigabitEthernet0/1.10      192.168.1.254   YES NVRAM  up                    up
GigabitEthernet0/1.20      192.168.1.254   YES NVRAM  up                    up
Loopback0                  1.1.1.1         YES manual up                    up
R2#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         unassigned      YES NVRAM  up                    up
GigabitEthernet0/0.10      10.12.1.2       YES NVRAM  up                    up
GigabitEthernet0/0.20      10.12.1.2       YES NVRAM  up                    up
GigabitEthernet0/1         unassigned      YES NVRAM  up                    up
GigabitEthernet0/1.10      10.23.1.2       YES NVRAM  up                    up
GigabitEthernet0/1.20      10.23.1.2       YES NVRAM  up                    up
Loopback0                  2.2.2.2         YES NVRAM  up                    up
R3#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         unassigned      YES NVRAM  up                    up
GigabitEthernet0/0.10      10.1.1.254      YES NVRAM  up                    up
GigabitEthernet0/0.20      10.1.1.254      YES NVRAM  up                    up
GigabitEthernet0/1         unassigned      YES NVRAM  up                    up
GigabitEthernet0/1.10      10.23.1.3       YES NVRAM  up                    up
GigabitEthernet0/1.20      10.23.1.3       YES NVRAM  up                    up
Loopback0                  3.3.3.3         YES NVRAM  up                    up

show ip bgp all

R1#show ip bgp all
<省略>
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf AAA)
 *>   10.1.1.0/24      10.12.1.2                              0 2 3 i
 *>   192.168.1.0      0.0.0.0                  0         32768 i
Route Distinguisher: 2:2 (default for vrf BBB)
 *>   10.1.1.0/24      10.12.1.2                              0 2 3 i
 *>   192.168.1.0      0.0.0.0                  0         32768 i
R2#show ip bgp all
<省略>
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf AAA)
 *>   10.1.1.0/24      10.23.1.3                0             0 3 i
 *>   192.168.1.0      10.12.1.1                0             0 1 i
Route Distinguisher: 2:2 (default for vrf BBB)
 *>   10.1.1.0/24      10.23.1.3                0             0 3 i
 *>   192.168.1.0      10.12.1.1                0             0 1 i
R3#show ip bgp all
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf AAA)
 *>   10.1.1.0/24      0.0.0.0                  0         32768 i
 *>   192.168.1.0      10.23.1.2                              0 2 1 i
Route Distinguisher: 2:2 (default for vrf BBB)
 *>   10.1.1.0/24      0.0.0.0                  0         32768 i
 *>   192.168.1.0      10.23.1.2                              0 2 1 i

show ip route [AAA/BBB] bgp

R1#show ip route vrf AAA bgp
Routing Table: AAA
Gateway of last resort is not set
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B        10.1.1.0/24 [20/0] via 10.12.1.2, 02:15:42
-------------------------------------------------------------------------------
R1#show ip route vrf BBB bgp
Routing Table: BBB
Gateway of last resort is not set
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B        10.1.1.0/24 [20/0] via 10.12.1.2, 02:15:50

R2#show ip route vrf AAA bgp
Routing Table: AAA
Gateway of last resort is not set
      10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B        10.1.1.0/24 [20/0] via 10.23.1.3, 02:16:10
B     192.168.1.0/24 [20/0] via 10.12.1.1, 02:20:18
-------------------------------------------------------------------------------
R2#show ip route vrf BBB bgp
Routing Table: BBB
Gateway of last resort is not set
      10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B        10.1.1.0/24 [20/0] via 10.23.1.3, 02:16:28
B     192.168.1.0/24 [20/0] via 10.12.1.1, 02:20:36
R3#show ip route vrf AAA bgp
Routing Table: AAA
Gateway of last resort is not set
B     192.168.1.0/24 [20/0] via 10.23.1.2, 02:16:09
-------------------------------------------------------------------------------
R3#show ip route vrf BBB bgp
Routing Table: BBB
Gateway of last resort is not set
B     192.168.1.0/24 [20/0] via 10.23.1.2, 02:16:23

Arp/MAC address Table確認

PC1 / PC 2が【VRF AAA】と【VRF BBB】で全く同じアドレス体系になっているため、PC端末テレコになっていないか、ログから確認する。

構成部分拡大

BGP-VRF2-1

R1のARPテーブルを確認

VRF AAA

R1#show ip arp vrf AAA
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.12.1.1               -   5254.0008.8ed6  ARPA   GigabitEthernet0/0.10
Internet  10.12.1.2             154   5254.0005.2315  ARPA   GigabitEthernet0/0.10
Internet  192.168.1.1         0   5254.0002.2f95  ARPA   GigabitEthernet0/1.10
Internet  192.168.1.254           -   5254.000a.e56a  ARPA   GigabitEthernet0/1.10

VRF BBB

R1#show ip arp vrf BBB
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.12.1.1               -   5254.0008.8ed6  ARPA   GigabitEthernet0/0.20
Internet  10.12.1.2             154   5254.0005.2315  ARPA   GigabitEthernet0/0.20
Internet  192.168.1.1         0   5254.0018.3dd6  ARPA   GigabitEthernet0/1.20
Internet  192.168.1.254           -   5254.000a.e56a  ARPA   GigabitEthernet0/1.20

SW1のMAC addressテーブル確認

SW1#show mac address-table 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
  10    5254.0002.2f95    DYNAMIC     Gi0/1 //PC1
  10    5254.000a.e56a    DYNAMIC     Gi0/0
  20    5254.000a.e56a    DYNAMIC     Gi0/0
  20    5254.0018.3dd6    DYNAMIC     Gi0/2 //PC2
Total Mac Addresses for this criterion: 4

確認の結果

以下1~3のログから、整合性をみて想定通りであると確認が取れた。

  1. PCのipconfig
  2. R1のshow ip arp
  3. SW1のshow mac address-table
VRF-liteALL
スポンサーリンク
スポンサーリンク