LoginSignup
0
0

More than 1 year has passed since last update.

@infinite1oop(H T)

久しぶりにGNS3(その7:VRF-Lite)

Posted at

VRF-Lite

今回は、VRF-Liteにトライ。VRFとは「Virtual Routing and Forwarding」の略で、ルーターに複数のルーティングテーブルをもたせるもの。次のサイトの説明がナイスである。

2社の2拠点を同一回線で接続

同じ回線を用いて、2社の2拠点を接続し、それぞれのVPNを実現する。
Topology.png
図の上がA社ネットワーク、下がB社ネットワーク、JapanとEUとの間で、同じ回線を物理的に共有しているものとする。また、末端の端末である、A社のPCとB社のPCとに同じIPアドレスを割り当てた(A-PC1とB-PC1、A-PC2とB-PC2とが同一のIPアドレス)。

設定

次のサイトの記載をもとに設定。

VRF設定を行うルーター(Japan)

A社およびB社ようのVRF名およびRDを設定する。

ip vrf A-VRF
 rd 10:10

ip vrf B-VRF
 rd 20:20

I/FへのIPアドレスのアサイン及びA社およびB社の拠点ルーターへの経路をVRF名と結びつける(ip vrf forwarding)。同じIPアドレスでもOK。

interface FastEthernet0/0
 ip vrf forwarding A-VRF
 ip address 192.168.11.1 255.255.255.0

interface FastEthernet0/1
 ip vrf forwarding B-VRF
 ip address 192.168.11.1 255.255.255.0

拠点間(Japan-EU)は802.1Qでカプセル(トランク)化する。10がA社用、20がB社用であり、「ip vrf forwarding」で結びつける。

interface FastEthernet1/0
 no ip address

interface FastEthernet1/0.10
 encapsulation dot1Q 10
 ip vrf forwarding A-VRF
 ip address 192.168.0.1 255.255.255.0

interface FastEthernet1/0.20
 encapsulation dot1Q 20
 ip vrf forwarding B-VRF
 ip address 192.168.0.1 255.255.255.0

拠点間はEIGRP(100)、A社ネットワークはEIGRP(10)、B社ネットワークはOSPF(Area 0)で接続。

router eigrp 100
 network 192.168.0.0 0.0.255.255
 no auto-summary
 !
 address-family ipv4 vrf A-VRF
  network 192.168.0.0 0.0.255.255
  no auto-summary
  autonomous-system 10
 exit-address-family
!
router ospf 20 vrf B-VRF
 network 192.168.0.0 0.0.255.255 area 0

VRF設定を行うルーター(EU)

Japanと同じなので、説明省略。

ip vrf A-VRF
 rd 10:10

ip vrf B-VRF
 rd 20:20


interface FastEthernet0/0
 ip vrf forwarding A-VRF
 ip address 192.168.22.1 255.255.255.0

interface FastEthernet0/1
 ip vrf forwarding B-VRF
 ip address 192.168.22.1 255.255.255.0


interface FastEthernet1/0
 no ip address

interface FastEthernet1/0.10
 encapsulation dot1Q 10
 ip vrf forwarding A-VRF
 ip address 192.168.0.2 255.255.255.0

interface FastEthernet1/0.20
 encapsulation dot1Q 20
 ip vrf forwarding B-VRF
 ip address 192.168.0.2 255.255.255.0


router eigrp 100
 network 192.168.0.0 0.0.255.255
 no auto-summary

 address-family ipv4 vrf A-VRF
  network 192.168.0.0 0.0.255.255
  no auto-summary
  autonomous-system 10
 exit-address-family

router ospf 20 vrf B-VRF
 network 192.168.0.0 0.0.255.255 area 0

拠点内ルーター(Tokyo)

I/FへのIPアドレスアサイン、およびEIGRP(10)の設定。こちらには、当然ながら、VRFの設定は存在しない。

interface FastEthernet0/0
 ip address 192.168.11.2 255.255.255.0

interface FastEthernet0/1
 ip address 192.168.111.254 255.255.255.0
 no cdp enable


router eigrp 10
 passive-interface FastEthernet0/1
 network 192.168.0.0 0.0.255.255
 no auto-summary

拠点内ルーター(Osaka)

I/FへのIPアドレスアサイン、およびOSPF(Area 0)の設定。こちらにも、VRFの設定は存在しない。

interface FastEthernet0/0
 ip address 192.168.11.2 255.255.255.0

interface FastEthernet0/1
 ip address 192.168.111.254 255.255.255.0
 no cdp enable


router ospf 20
 passive-interface FastEthernet0/1
 network 192.168.0.0 0.0.255.255 area 0

拠点内ルーター(Roma,Paris)

TokyoおよびOsakaと同じなので説明省略。Romaはこちら。

interface FastEthernet0/0
 ip address 192.168.22.2 255.255.255.0

interface FastEthernet0/1
 ip address 192.168.222.254 255.255.255.0
 no cdp enable


router eigrp 10
 passive-interface FastEthernet0/1
 network 192.168.0.0 0.0.255.255
 no auto-summary

Paris。

interface FastEthernet0/0
 ip address 192.168.22.2 255.255.255.0

interface FastEthernet0/1
 ip address 192.168.222.254 255.255.255.0
 no cdp enable


router ospf 20
 passive-interface FastEthernet0/1
 network 192.168.0.0 0.0.255.255 area 0

なお、PCの設定は自明のため、省略。

検証

A-PC1からA-PC2へのPing時の拠点間(Japan-EU)のWiresharkデータはこちらである。
10のコピー.png
ID(10)でカプセル化されているのがわかる。このパケットはB社ネットワークには流れていない。

B-PC1からB-PC2へのPing時の拠点間(Japan-EU)のWiresharkデータはこちらである。
20のコピー.png
ID(20)でカプセル化されているのがわかる。IPアドレス自体は、A社の時のPingと同じであるが、カプセル化されているため、拠点間エッジルーター(VRF設定を行ったルーター)で、A社間通信とB社間通信との区別が可能となる。

Showコマンド結果

日本側の状況の表示のみ。EU側もほぼ同じのため、こちらは省略。

ルーターJapan(VRF設定を行ったルーター)

VRFごとのルーティング状況がわかる。

Japan#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

Japan#show ip vrf
  Name                             Default RD          Interfaces
  A-VRF                            10:10               Fa0/0
                                                       Fa1/0.10
  B-VRF                            20:20               Fa0/1
                                                       Fa1/0.20

Japan#show ip route vrf A-VRF

Routing Table: A-VRF
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

D    192.168.111.0/24 [90/307200] via 192.168.11.2, 00:21:37, FastEthernet0/0
C    192.168.11.0/24 is directly connected, FastEthernet0/0
D    192.168.22.0/24 [90/284160] via 192.168.0.2, 00:21:38, FastEthernet1/0.10
C    192.168.0.0/24 is directly connected, FastEthernet1/0.10
D    192.168.222.0/24 
           [90/309760] via 192.168.0.2, 00:21:36, FastEthernet1/0.10

Japan#show ip route vrf B-VRF

Routing Table: B-VRF
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

O    192.168.111.0/24 [110/20] via 192.168.11.2, 00:21:03, FastEthernet0/1
C    192.168.11.0/24 is directly connected, FastEthernet0/1
O    192.168.22.0/24 [110/11] via 192.168.0.2, 00:21:03, FastEthernet1/0.20
C    192.168.0.0/24 is directly connected, FastEthernet1/0.20
O    192.168.222.0/24 [110/21] via 192.168.0.2, 00:21:03, FastEthernet1/0.20

Japan#show ip eigrp 100 topology 
IP-EIGRP Topology Table for AS(100)/ID(192.168.0.1)

Japan#show ip eigrp vrf A-VRF topology 
IP-EIGRP Topology Table for AS(10)/ID(192.168.11.1) Routing Table: A-VRF
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status 

P 192.168.111.0/24, 1 successors, FD is 307200
        via 192.168.11.2 (307200/281600), FastEthernet0/0
P 192.168.11.0/24, 1 successors, FD is 281600
        via Connected, FastEthernet0/0
P 192.168.0.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet1/0.10
P 192.168.22.0/24, 1 successors, FD is 284160
        via 192.168.0.2 (284160/281600), FastEthernet1/0.10
P 192.168.222.0/24, 1 successors, FD is 309760
        via 192.168.0.2 (309760/307200), FastEthernet1/0.10

Japan#show ip eigrp vrf A-VRF neighbors 
IP-EIGRP neighbors for process 10
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
1   192.168.0.2             Fa1/0.10          10 00:23:14   23   200  0  9
0   192.168.11.2            Fa0/0             12 00:23:14   30   200  0  4

Japan#show ip ospf 20 neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.22.1      1   FULL/DR         00:00:37    192.168.0.2     FastEthernet1/0.20
192.168.111.254   1   FULL/DR         00:00:35    192.168.11.2    FastEthernet0/1

Japan#show ip ospf 20          
 Routing Process "ospf 20" with ID 192.168.11.1
   Domain ID type 0x0005, value 0.0.0.20
 Start time: 00:00:33.928, Time elapsed: 00:24:00.148
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 Connected to MPLS VPN Superbackbone, VRF B-VRF
 It is an area border router
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 Number of areas transit capable is 0
 External flood list length 0
    Area BACKBONE(0)
	Number of interfaces in this area is 2
	Area has no authentication
	SPF algorithm last executed 00:23:03.012 ago
	SPF algorithm executed 4 times
	Area ranges are
	Number of LSA 7. Checksum Sum 0x02E52F
	Number of opaque link LSA 0. Checksum Sum 0x000000
	Number of DCbitless LSA 0
	Number of indication LSA 0
	Number of DoNotAge LSA 0
	Flood list length 0

拠点内ルーターTokyo

EIGRPによるルーティング状況。

Tokyo#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.111.0/24 is directly connected, FastEthernet0/1
C    192.168.11.0/24 is directly connected, FastEthernet0/0
D    192.168.22.0/24 [90/309760] via 192.168.11.1, 00:17:42, FastEthernet0/0
D    192.168.0.0/24 [90/284160] via 192.168.11.1, 00:17:42, FastEthernet0/0
D    192.168.222.0/24 [90/335360] via 192.168.11.1, 00:17:42, FastEthernet0/0

Tokyo#show ip eigrp topology 
IP-EIGRP Topology Table for AS(10)/ID(192.168.111.254)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status 

P 192.168.111.0/24, 1 successors, FD is 281600
        via Connected, FastEthernet0/1
P 192.168.11.0/24, 1 successors, FD is 281600
        via Connected, FastEthernet0/0
P 192.168.0.0/24, 1 successors, FD is 284160
        via 192.168.11.1 (284160/28160), FastEthernet0/0
P 192.168.22.0/24, 1 successors, FD is 309760
        via 192.168.11.1 (309760/284160), FastEthernet0/0
P 192.168.222.0/24, 1 successors, FD is 335360
        via 192.168.11.1 (335360/309760), FastEthernet0/0

Tokyo#show ip eigrp neighbors 
IP-EIGRP neighbors for process 10
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   192.168.11.1            Fa0/0             13 00:18:54   22   300  0  11

拠点内ルーターOsaka

OSPFによるルーティング状況。

Osaka#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.111.0/24 is directly connected, FastEthernet0/1
C    192.168.11.0/24 is directly connected, FastEthernet0/0
O    192.168.22.0/24 [110/21] via 192.168.11.1, 00:10:36, FastEthernet0/0
O    192.168.0.0/24 [110/11] via 192.168.11.1, 00:10:36, FastEthernet0/0
O    192.168.222.0/24 [110/31] via 192.168.11.1, 00:10:36, FastEthernet0/0

Osaka#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.11.1      1   FULL/BDR        00:00:33    192.168.11.1    FastEthernet0/0

Osaka#show ip ospf
 Routing Process "ospf 20" with ID 192.168.111.254
 Start time: 00:00:30.896, Time elapsed: 00:25:52.092
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 Number of areas transit capable is 0
 External flood list length 0
    Area BACKBONE(0)
	Number of interfaces in this area is 2
	Area has no authentication
	SPF algorithm last executed 00:10:51.024 ago
	SPF algorithm executed 4 times
	Area ranges are
	Number of LSA 7. Checksum Sum 0x02E52F
	Number of opaque link LSA 0. Checksum Sum 0x000000
	Number of DCbitless LSA 0
	Number of indication LSA 0
	Number of DoNotAge LSA 0
	Flood list length 0

......

MPLS-VPNもトライしてみます。

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0