【概要】
VRFを各ルータに2つ作成し、各VRFセグメントをOSPFでルーティングする。
構成図の通り、【VRF AAA】と【VRF BBB】で全く同じアドレス体系にしても問題ないため同様とした。
※構成図、Configの誤記ではない
構成 (Cisco CMLで構成)
- PC1 (VRF AAA/192.168.1.1) ⇔ PC3 (VRF AAA/10.1.1.1) 通信可能
- PC2 (VRF BBB/192.168.1.1) ⇒ PC4 (VRF BBB/10.1.1.1) 通信可能
- PC1 (VRF AAA/192.168.1.1) ⇔ PC2 (VRF BBB/192.168.1.1) 通信不可
- PC1 (VRF AAA/192.168.1.1) ⇔ PC4 (VRF BBB/10.1.1.1) 通信不可
- PC2 (VRF BBB/192.168.1.1) ⇒ PC3 (VRF AAA/10.1.1.1) 通信可能
Config
R1-config click
hostname R1 ! ip vrf AAA rd 1:1 ! ip vrf BBB rd 2:2 ! interface GigabitEthernet0/0 no ip address duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 10.12.1.1 255.255.255.0 ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 10.12.1.1 255.255.255.0 ! interface GigabitEthernet0/1 no ip address duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 192.168.1.254 255.255.255.0 ! interface GigabitEthernet0/1.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 192.168.1.254 255.255.255.0 ! router ospf 10 vrf AAA passive-interface GigabitEthernet0/1.10 network 10.12.1.0 0.0.0.255 area 0 network 192.168.1.0 0.0.0.255 area 0 ! router ospf 20 vrf BBB passive-interface GigabitEthernet0/1.20 network 10.12.1.0 0.0.0.255 area 0 network 192.168.1.0 0.0.0.255 area 0 ! control-plane ! end
R2-config click
hostname R2 ! ip vrf AAA rd 1:1 ! ip vrf BBB rd 2:2 ! interface GigabitEthernet0/0 no ip address duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 10.12.1.2 255.255.255.0 ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 10.12.1.2 255.255.255.0 ! interface GigabitEthernet0/1 no ip address duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 10.23.1.2 255.255.255.0 ! interface GigabitEthernet0/1.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 10.23.1.2 255.255.255.0 ! router ospf 10 vrf AAA network 10.12.1.0 0.0.0.255 area 0 network 10.23.1.0 0.0.0.255 area 0 ! router ospf 20 vrf BBB network 10.12.1.0 0.0.0.255 area 0 network 10.23.1.0 0.0.0.255 area 0 ! control-plane ! end
R3-config click
hostname R3 ! ip vrf AAA rd 1:1 ! ip vrf BBB rd 2:2 ! interface GigabitEthernet0/0 no ip address duplex auto speed auto ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 10.1.1.254 255.255.255.0 ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 10.1.1.254 255.255.255.0 ! interface GigabitEthernet0/1 no ip address duplex auto speed auto ! interface GigabitEthernet0/1.10 encapsulation dot1Q 10 ip vrf forwarding AAA ip address 10.23.1.3 255.255.255.0 ! interface GigabitEthernet0/1.20 encapsulation dot1Q 20 ip vrf forwarding BBB ip address 10.23.1.3 255.255.255.0 ! router ospf 10 vrf AAA passive-interface GigabitEthernet0/0.10 network 10.1.1.0 0.0.0.255 area 0 network 10.23.1.0 0.0.0.255 area 0 ! router ospf 20 vrf BBB passive-interface GigabitEthernet0/0.20 network 10.1.1.0 0.0.0.255 area 0 network 10.23.1.0 0.0.0.255 area 0 ! control-plane ! end
SW1 click
hostname SW1 ! interface GigabitEthernet0/0 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/1 switchport access vlan 10 switchport mode access ! interface GigabitEthernet0/2 switchport access vlan 20 switchport mode access ! control-plane ! end
SW2 click
hostname SW2 ! interface GigabitEthernet0/0 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/1 switchport access vlan 10 switchport mode access ! interface GigabitEthernet0/2 switchport access vlan 20 switchport mode access ! control-plane ! end
各種ログ
show ip interface brief
R1#show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset up up GigabitEthernet0/0.10 10.12.1.1 YES manual up up GigabitEthernet0/0.20 10.12.1.1 YES manual up up GigabitEthernet0/1 unassigned YES unset up up GigabitEthernet0/1.10 192.168.1.254 YES manual up up GigabitEthernet0/1.20 192.168.1.254 YES manual up up
R2#show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES unset up up GigabitEthernet0/0.10 10.12.1.2 YES manual up up GigabitEthernet0/0.20 10.12.1.2 YES manual up up GigabitEthernet0/1 unassigned YES unset up up GigabitEthernet0/1.10 10.23.1.2 YES manual up up GigabitEthernet0/1.20 10.23.1.2 YES manual up up
R3#show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0 unassigned YES NVRAM up up GigabitEthernet0/0.10 10.1.1.254 YES manual up up GigabitEthernet0/0.20 10.1.1.254 YES manual up up GigabitEthernet0/1 unassigned YES NVRAM up up GigabitEthernet0/1.10 10.23.1.3 YES manual up up GigabitEthernet0/1.20 10.23.1.3 YES manual up up
show ip ospf xx neighbor
R1#show ip ospf 10 neighbor Neighbor ID Pri State Dead Time Address Interface 10.23.1.2 1 FULL/DR 00:00:37 10.12.1.2 GigabitEthernet0/0.10 ------------------------------------------------------------------------------- R1#show ip ospf 20 neighbor Neighbor ID Pri State Dead Time Address Interface 10.12.1.2 1 FULL/DR 00:00:37 10.12.1.2 GigabitEthernet0/0.20
R2#show ip ospf 10 neighbor Neighbor ID Pri State Dead Time Address Interface 10.23.1.3 1 FULL/DR 00:00:39 10.23.1.3 GigabitEthernet0/1.10 192.168.1.254 1 FULL/BDR 00:00:32 10.12.1.1 GigabitEthernet0/0.10 ------------------------------------------------------------------------------- R2#show ip ospf 20 neighbor Neighbor ID Pri State Dead Time Address Interface 10.1.1.254 1 FULL/DR 00:00:34 10.23.1.3 GigabitEthernet0/1.20 10.12.1.1 1 FULL/BDR 00:00:33 10.12.1.1 GigabitEthernet0/0.20
R3#show ip ospf 10 neighbor Neighbor ID Pri State Dead Time Address Interface 10.23.1.2 1 FULL/BDR 00:00:38 10.23.1.2 GigabitEthernet0/1.10 ------------------------------------------------------------------------------- R3#show ip ospf 20 neighbor Neighbor ID Pri State Dead Time Address Interface 10.12.1.2 1 FULL/BDR 00:00:35 10.23.1.2 GigabitEthernet0/1.20
show ip route vrf [AAA or BBB] ospf
R1#show ip route vrf AAA ospf
Routing Table: AAA
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.1.1.0/24 [110/3] via 10.12.1.2, 00:54:41, GigabitEthernet0/0.10
O 10.23.1.0/24 [110/2] via 10.12.1.2, 00:54:41, GigabitEthernet0/0.10
-------------------------------------------------------------------------------
R1#show ip route vrf BBB ospf
Routing Table: BBB
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.1.1.0/24 [110/3] via 10.12.1.2, 00:54:51, GigabitEthernet0/0.20
O 10.23.1.0/24 [110/2] via 10.12.1.2, 00:54:51, GigabitEthernet0/0.20
R2#show ip route vrf AAA ospf
Routing Table: AAA
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O 10.1.1.0/24 [110/2] via 10.23.1.3, 00:55:44, GigabitEthernet0/1.10
O 192.168.1.0/24 [110/2] via 10.12.1.1, 00:56:04, GigabitEthernet0/0.10
-------------------------------------------------------------------------------
R2#show ip route vrf BBB ospf
Routing Table: BBB
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O 10.1.1.0/24 [110/2] via 10.23.1.3, 00:55:39, GigabitEthernet0/1.20
O 192.168.1.0/24 [110/2] via 10.12.1.1, 00:56:16, GigabitEthernet0/0.20
R3#show ip route vrf AAA ospf
Routing Table: AAA
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O 10.12.1.0/24 [110/2] via 10.23.1.2, 00:56:38, GigabitEthernet0/1.10
O 192.168.1.0/24 [110/3] via 10.23.1.2, 00:56:38, GigabitEthernet0/1.10
-------------------------------------------------------------------------------
R3#show ip route vrf BBB ospf
Routing Table: BBB
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O 10.12.1.0/24 [110/2] via 10.23.1.2, 00:56:38, GigabitEthernet0/1.20
O 192.168.1.0/24 [110/3] via 10.23.1.2, 00:56:38, GigabitEthernet0/1.20
Arp/MAC address Table確認
PC1 / PC 2が【VRF AAA】と【VRF BBB】で全く同じアドレス体系になっているため、PC端末テレコになっていないか、ログから確認する。
構成部分拡大
R1のARPテーブルを確認
VRF AAA
R1#show ip arp vrf AAA
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.12.1.1 - 5254.0008.8ed6 ARPA GigabitEthernet0/0.10 //R1
Internet 10.12.1.2 10 5254.0005.2315 ARPA GigabitEthernet0/0.10 //R2
Internet 192.168.1.1 5 5254.0002.2f95 ARPA GigabitEthernet0/1.10 //PC1
Internet 192.168.1.254 - 5254.000a.e56a ARPA GigabitEthernet0/1.10 //R1
VRF BBB
R1#show ip arp vrf BBB
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.12.1.1 - 5254.0008.8ed6 ARPA GigabitEthernet0/0.20 //R1
Internet 10.12.1.2 28 5254.0005.2315 ARPA GigabitEthernet0/0.20 //R2
Internet 192.168.1.1 22 5254.0018.3dd6 ARPA GigabitEthernet0/1.20 //PC1
Internet 192.168.1.254 - 5254.000a.e56a ARPA GigabitEthernet0/1.20 //R1
SW1のMAC addressテーブル確認
SW1#show mac address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
10 5254.0002.2f95 DYNAMIC Gi0/1 //PC1
10 5254.000a.e56a DYNAMIC Gi0/0
20 5254.000a.e56a DYNAMIC Gi0/0
20 5254.0018.3dd6 DYNAMIC Gi0/2 //PC2
Total Mac Addresses for this criterion: 4
確認の結果
以下1~3のログから、整合性をみて想定通りであると確認が取れた。
- PCのipconfig
- R1のshow ip arp
- SW1のshow mac address-table
