Go to Qiita Advent Calendar 2024 Top
LoginSignup
17
17

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@homihomu

GREでL2トンネルを作成してVLANを流す

Last updated at Posted at 2014-12-18

二台のサーバをGRE(Generic Routing Encapsulation)を使用したL2トンネルで接続し、その中にタグVLANを流す方法です。
タグVLANの使用できないネットワーク越しのKVMホスト間を接続する際に使用しました。

#構成
Untitled (1).png

  • NICは192.168.0.0/24のIPアドレスを割り当てる
  • 両サーバでブリッジ(br_dmz,br_lan)を作成する

#やりたいこと
両サーバのブリッジをそれぞれ同じL2ネットワークにしたい

#設定

##SV1側設定

createTunnel_sv1.sh
#!/bin/sh

# 1528 = 1500 + 4(VLANタグ) + 24(GREヘッダ)
ifconfig eth0 mtu 1528

# ---------------------------------------------------------
# GREトンネル作成(gre0とかgretap0だと上手くいかない気がする)
# ---------------------------------------------------------
modprobe ip_gre
ip link add name gretunnel type gretap remote 192.168.0.2
ip link set gretunnel up
ip link set gretunnel mtu 1504

# ---------------------------------------------------------
# VLAN設定
# ---------------------------------------------------------
ip link add link gretunnel name vlan_dmz type vlan id 101
ip link set vlan_dmz up
ip link set vlan_dmz mtu 1500
ip link add link gretunnel name vlan_lan type vlan id 102
ip link set vlan_lan up
ip link set vlan_lan mtu 1500

# ---------------------------------------------------------
#ブリッジ作成
# ---------------------------------------------------------
brctl addbr br_dmz
ip addr add 10.4.0.1/24 dev br_dmz
ip link set br_dmz up

brctl addbr br_lan
ip addr add 10.5.0.1/24 dev br_lan
ip link set br_lan up

# ---------------------------------------------------------
#ブリッジにVLANを割り当て
# ---------------------------------------------------------
brctl addif br_dmz vlan_dmz
brctl addif br_lan vlan_lan

##SV2側設定

createTunnel_sv2.sh
#!/bin/sh

ifconfig eth0 mtu 1500

# ---------------------------------------------------------
# GREトンネル作成
# ---------------------------------------------------------
modprobe ip_gre
ip link add name gretunnel type gretap remote 192.168.0.1
ip link set gretunnel up
ip link set gretunnel mtu 1462

# ---------------------------------------------------------
#VLAN設定
# ---------------------------------------------------------
ip link add link gretunnel name vlan_dmz type vlan id 101
ip link set vlan_dmz up
ip link set vlan_dmz mtu 1458
ip link add link gretunnel name vlan_lan type vlan id 102
ip link set vlan_lan up
ip link set vlan_lan mtu 1458

# ---------------------------------------------------------
#ブリッジ作成
# ---------------------------------------------------------
brctl addbr br_dmz
ip addr add 10.4.0.2/24 dev br_dmz
ip link set br_dmz up

brctl addbr br_lan
ip addr add 10.5.0.2/24 dev br_lan
ip link set br_lan up

# ---------------------------------------------------------
#ブリッジにVLANを割り当て
# ---------------------------------------------------------
brctl addif br_dmz vlan_dmz
brctl addif br_lan vlan_lan

#確認
インターフェースの状態を確認(関係のある部分のみ抜粋)

sv02
# ip a
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 brd 192.168.0.255 scope global eth1
       valid_lft forever preferred_lft forever
7: gre0: <NOARP> mtu 1476 qdisc noop state DOWN
    link/gre 0.0.0.0 brd 0.0.0.0
8: gretap0: <BROADCAST,MULTICAST> mtu 1476 qdisc noop state DOWN qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
9: gretunnel@NONE: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1462 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
       valid_lft forever preferred_lft forever
10: vlan_dmz@gretunnel: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1458 qdisc noqueue state UP
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
       valid_lft forever preferred_lft forever
11: vlan_lan@gretunnel: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1458 qdisc noqueue state UP
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
       valid_lft forever preferred_lft forever
12: br_dmz: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1458 qdisc noqueue state UNKNOWN
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
    inet 10.4.0.2/24 scope global br_dmz
       valid_lft forever preferred_lft forever
13: br_lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1458 qdisc noqueue state UNKNOWN
    link/ether **:**:**:**:**:** brd ff:ff:ff:ff:ff:ff
    inet 10.4.1.2/24 scope global br_lan
       valid_lft forever preferred_lft forever

GRE上のVLAN上でICMPのやりとりが行われていることを確認

sv01
$ sudo ping  -d -M do -s 1430 10.4.0.2
sv02

22:41:19.392715 d4:3d:7e:0a:4a:dd > d4:3d:7e:0a:49:bf, ethertype IPv4 (0x0800), length 1514: 192.168.0.1 > 192.168.0.2: GREv0, proto TEB (0x6558), length 1480: 1a:60:64:59:e2:28 > b6:7d:da:4c:cc:29, ethertype 802.1Q (0x8100), length 1476: vlan 101, p 0, ethertype IPv4, 10.4.0.1 > 10.4.0.2: ICMP echo request, id 51530, seq 5, length 1438
	0x0000:  4500 05dc 3b89 4000 402f 7816 c0a8 0001  E...;.@.@/x.....
	0x0010:  c0a8 0002 0000 6558 b67d da4c cc29 1a60  ......eX.}.L.).`
	0x0020:  6459 e228 8100 0065 0800 4500 05b2 0000  dY.(...e..E.....
	0x0030:  4000 4001 2141 0a04 0001 0a04 0002 0800  @.@.!A..........
	0x0040:  8bd5 c94a 0005 7f7d b254 0000 0000 1efb  ...J...}.T......
	0x0050:  0500 0000 0000 1011 1213 1415 1617 1819  ................
	0x0060:  1a1b 1c1d 1e1f 2021 2223 2425 2627 2829  .......!"#$%&'()
	0x0070:  2a2b 2c2d 2e2f 3031 3233 3435 3637 3839  *+,-./0123456789
	(略)
	0x05b0:  6a6b 6c6d 6e6f 7071 7273 7475 7677 7879  jklmnopqrstuvwxy
	0x05c0:  7a7b 7c7d 7e7f 8081 8283 8485 8687 8889  z{|}~...........
	0x05d0:  8a8b 8c8d 8e8f 9091 9293 9495            ............
22:41:19.392754 d4:3d:7e:0a:49:bf > d4:3d:7e:0a:4a:dd, ethertype IPv4 (0x0800), length 1514: 192.168.0.2 > 192.168.0.1: GREv0, proto TEB (0x6558), length 1480: b6:7d:da:4c:cc:29 > 1a:60:64:59:e2:28, ethertype 802.1Q (0x8100), length 1476: vlan 101, p 0, ethertype IPv4, 10.4.0.2 > 10.4.0.1: ICMP echo reply, id 51530, seq 5, length 1438
	0x0000:  4500 05dc 6455 4000 402f 4f4a c0a8 0002  E...dU@.@/OJ....
	0x0010:  c0a8 0001 0000 6558 1a60 6459 e228 b67d  ......eX.`dY.(.}
	0x0020:  da4c cc29 8100 0065 0800 4500 05b2 8657  .L.)...e..E....W
	0x0030:  0000 4001 dae9 0a04 0002 0a04 0001 0000  ..@.............
	0x0040:  93d5 c94a 0005 7f7d b254 0000 0000 1efb  ...J...}.T......
	0x0050:  0500 0000 0000 1011 1213 1415 1617 1819  ................
	0x0060:  1a1b 1c1d 1e1f 2021 2223 2425 2627 2829  .......!"#$%&'()
	0x0070:  2a2b 2c2d 2e2f 3031 3233 3435 3637 3839  *+,-./0123456789
	(略)
	0x05b0:  6a6b 6c6d 6e6f 7071 7273 7475 7677 7879  jklmnopqrstuvwxy
	0x05c0:  7a7b 7c7d 7e7f 8081 8283 8485 8687 8889  z{|}~...........
	0x05d0:  8a8b 8c8d 8e8f 9091 9293 9495            ............

上記PING送信時のイーサネットフレーム

   14Byte         20Byte     4Byte    14Byte       4Byte       20Byte        8Byte     (1430Byte)
|ETH_HEADER] [GRE_IP_HEADER] [GRE] [ETH_HEADER] [802.1Q_TAG] [IP_HEADER] [ICMP_HEADER] [ICMP_DATA]
|            |               |     |            |            |           |(1438)-----------------|
|            |               |     |            |            |(1458)"vlan_lan" MTU SIZE ---------|
|            |               |     |            |(1462)"gretunnel" MTU SIZE ---------------------|
|            |               |     |(1476)-------------------------------------------------------|
|            |               |(1480)-------------------------------------------------------------|
|            |(1500)"eth0" MTU SIZE -------------------------------------------------------------|
|(1514)Ethernet Frame Size ----------------------------------------------------------------------|
17
17
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
17
17

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?