MPLS
GNS3でMPLS-VPNにトライ。MPLSとは「Multi-Protocol Label Switching」の略で、ラベルを利用して転送を行うもの。概要及び詳細は「MPLSをはじめから」を参照するのがよい。
MPLS-VPN
前回同様、2社の2拠点を同一回線で接続する。これをMPLS-VPNを用いて実現する。また、VRF(Virtual routing and forwarding)も使われている。
図の上がClient1ネットワーク、下がClient2ネットワーク、JPとEUとの間にProviderが存在しており、同じ回線を物理的に共有し、MLPSが使われているものとする。また、末端の端末である、Client1のPCとClient2のPCとに同じIPアドレスを割り当てた(CE1-JP-PCとCE2-JP-PC、CE1-EU-PCとCE2-EU-PCとが同一のIPアドレス)。VPN内はEIGRP(100)でルーティング実施。
設定
次のサイトの情報をもとに設定。
- Basic MPLS VPN
- MPLS Configuration Gns3 LAB | MPLS Cloud Providers with VPN, BGP
- MPLS-VPN 検証構成とコンフィグ設定 その1(PE-CE間でスタティックルートを使用)
PE(Provider Edge)
PE-JP
CEF(Cisco Express Forwarding)有効化。
ip cef
VPNごと(Client1およびClient2)のVRF設定。
ip vrf Client1
rd 100:1
route-target export 1:100
route-target import 1:100
ip vrf Client2
rd 200:2
route-target export 2:200
route-target import 2:200
ループバックアドレス設定(MP-BGPピア確立用)。
interface Loopback1
ip address 1.1.1.1 255.255.255.255
ip ospf network point-to-point
物理I/FにIPアドレス設定、Client1およびClient2ネットワークとVRFとのリンク。
interface FastEthernet0/0
ip vrf forwarding Client1
ip address 172.16.1.1 255.255.255.0
interface FastEthernet0/1
ip vrf forwarding Client2
ip address 172.16.2.1 255.255.255.0
Providerネットワークの物理I/F設定(IPアドレスアサインおよびMPLS有効化)。
interface FastEthernet1/0
ip address 10.1.1.2 255.255.255.0
mpls ip
Provider-PE間のOSPF設定。
router ospf 1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255 area 0
EIGRP設定(Client1およびClient2ネットワーク情報の配送およびProvider-PE間ルーティングBGPとのリンク)。
router eigrp 1
auto-summary
address-family ipv4 vrf Client1
redistribute bgp 1 metric 1500 4000 200 10 1500
network 172.16.1.0 0.0.0.255
no auto-summary
autonomous-system 100
exit-address-family
address-family ipv4 vrf Client2
redistribute bgp 1 metric 1500 4000 200 10 1500
network 172.16.2.0 0.0.0.255
no auto-summary
autonomous-system 100
exit-address-family
Provider-PE間ルーティングBGP設定およびClient1およびClient2のEIGRP(100)の再配送。
router bgp 1
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback1
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both
exit-address-family
address-family ipv4 vrf Client1
redistribute eigrp 100
exit-address-family
address-family ipv4 vrf Client2
redistribute eigrp 100
exit-address-family
LDP router-idとしてループバックアドレス利用。
mpls ldp router-id Loopback1
PE-EU
PE-JPと同様のため説明略。
ip cef
ip vrf Client1
rd 100:1
route-target export 1:100
route-target import 1:100
ip vrf Client2
rd 200:2
route-target export 2:200
route-target import 2:200
interface Loopback1
ip address 2.2.2.2 255.255.255.255
ip ospf network point-to-point
interface FastEthernet0/0
ip vrf forwarding Client1
ip address 172.16.3.1 255.255.255.0
interface FastEthernet0/1
ip vrf forwarding Client2
ip address 172.16.4.1 255.255.255.0
interface FastEthernet1/0
ip address 10.1.2.2 255.255.255.0
mpls ip
router ospf 1
network 2.2.2.2 0.0.0.0 area 0
network 10.1.2.0 0.0.0.255 area 0
router eigrp 1
auto-summary
address-family ipv4 vrf Client1
redistribute bgp 1 metric 1500 4000 200 10 1500
network 172.16.3.0 0.0.0.255
no auto-summary
autonomous-system 100
exit-address-family
address-family ipv4 vrf Client2
redistribute bgp 1 metric 1500 4000 200 10 1500
network 172.16.4.0 0.0.0.255
no auto-summary
autonomous-system 100
exit-address-family
router bgp 1
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback1
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
exit-address-family
address-family ipv4 vrf Client1
redistribute eigrp 100
exit-address-family
address-family ipv4 vrf Client2
redistribute eigrp 100
exit-address-family
mpls ldp router-id Loopback1
Provider
ip cef
interface Loopback1
ip address 3.3.3.3 255.255.255.255
ip ospf network point-to-point
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
mpls ip
interface FastEthernet0/1
ip address 10.1.2.1 255.255.255.0
mpls ip
router ospf 1
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255 area 0
network 10.1.2.0 0.0.0.255 area 0
mpls ldp router-id Loopback1
- CEF有効化
- ループバックアドレス設定
- 物理I/F設定(IPアドレスアサイン、MPLS有効化)
- LDP router-idとしてループバックアドレス利用
- Provider-PE間のためのOSPF設定
CE(Customer Edge)
CE1-JP
interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.0
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
router eigrp 100
passive-interface FastEthernet0/1
network 172.16.1.0 0.0.0.255
network 192.168.1.0
no auto-summary
- 物理I/FへIPアドレスアサイン
- EIGRP(100)の設定(ネットワークなど)
CE2-JP
CE1-JPと同様のため説明略。Configurationのみ。FastEthernet0/1側は、CE1-JPと同じ。
interface FastEthernet0/0
ip address 172.16.2.2 255.255.255.0
interface FastEthernet0/1
ip address 192.168.1.254 255.255.255.0
router eigrp 100
passive-interface FastEthernet0/1
network 172.16.2.0 0.0.0.255
network 192.168.1.0
no auto-summary
CE1-EU
CE1-JPと同様のため説明略。Configurationのみ。
interface FastEthernet0/0
ip address 172.16.3.2 255.255.255.0
interface FastEthernet0/1
ip address 192.168.2.254 255.255.255.0
router eigrp 100
passive-interface FastEthernet0/1
network 172.16.3.0 0.0.0.255
network 192.168.2.0
no auto-summary
CE2-EU
CE1-JPと同様のため説明略。Configurationのみ。
interface FastEthernet0/0
ip address 172.16.4.2 255.255.255.0
interface FastEthernet0/1
ip address 192.168.2.254 255.255.255.0
router eigrp 100
passive-interface FastEthernet0/1
network 172.16.4.0 0.0.0.255
network 192.168.2.0
no auto-summary
PC
自明のため省略。
検証
まずは、CE1-JP-PCからCE2-JP-PCへのping、CE1-EU-PCからCE2-EU-PCへのpingとが独立に行えることを確認した。その時のPE-JPとProvider間のWiresharkデータを確認。(片区間だけではあるが)
Client1
「ping request」および「ping reply」のデータである。MPLSのラベルデータに注目。
このとき、3つのルータ(PE-JP, Provider, PE-EU)にて「debug mpls packets」した時のコンソール表示。
PE-JP#
*Mar 1 01:45:39.683: MPLS: Fa1/0: recvd: CoS=0, TTL=61, Label(s)=20
*Mar 1 01:45:39.683: MPLS: Fa0/0: xmit: (no label)
Provider#
*Mar 1 00:22:20.655: MPLS: Fa0/0: recvd: CoS=0, TTL=62, Label(s)=17/20
*Mar 1 00:22:20.655: MPLS: Fa0/1: xmit: CoS=0, TTL=61, Label(s)=20
*Mar 1 00:22:20.671: MPLS: Fa0/1: recvd: CoS=0, TTL=62, Label(s)=16/20
*Mar 1 00:22:20.671: MPLS: Fa0/0: xmit: CoS=0, TTL=61, Label(s)=20
PE-EU#
*Mar 1 01:45:39.635: MPLS: Fa1/0: recvd: CoS=0, TTL=61, Label(s)=20
*Mar 1 01:45:39.635: MPLS: Fa0/0: xmit: (no label)
ラベルの一致がわかる。
Client2
「ping request」および「ping reply」のデータ。こちらも同様。
PE-JP#
*Mar 1 01:47:52.719: MPLS: Fa1/0: recvd: CoS=0, TTL=61, Label(s)=22
*Mar 1 01:47:52.719: MPLS: Fa0/1: xmit: (no label)
Provider#
*Mar 1 00:23:35.719: MPLS: Fa0/0: recvd: CoS=0, TTL=62, Label(s)=17/22
*Mar 1 00:23:35.719: MPLS: Fa0/1: xmit: CoS=0, TTL=61, Label(s)=22
*Mar 1 00:23:35.743: MPLS: Fa0/1: recvd: CoS=0, TTL=62, Label(s)=16/22
*Mar 1 00:23:35.743: MPLS: Fa0/0: xmit: CoS=0, TTL=61, Label(s)=22
PE-EU#
*Mar 1 01:47:52.663: MPLS: Fa1/0: recvd: CoS=0, TTL=61, Label(s)=22
*Mar 1 01:47:52.663: MPLS: Fa0/1: xmit: (no label)
Client1とClient2とでは異なるラベル('20'と'22')とが付与されていることもわかる。
Showコマンド
PEルーター、Proiverルーター、CEルーターのShowコマンドの結果を表示。
PE-JP
グローバルな経路ではPE-JP、Provier、PE-EUの経路のみとなり、CEルーターの経路は見えず。
PE-JP#show ip route
(略)
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/12] via 10.1.1.1, 00:05:06, FastEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 10.1.1.1, 00:05:06, FastEthernet1/0
10.0.0.0/24 is subnetted, 2 subnets
O 10.1.2.0 [110/11] via 10.1.1.1, 00:05:06, FastEthernet1/0
C 10.1.1.0 is directly connected, FastEthernet1/0
Client1およびClient2の経路。EU側の経路はBGPで学習しているのがわかる。(自身であるJP側はEIGRP。)
PE-JP#show ip route vrf Client1
Routing Table: Client1
(略)
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.1.0 is directly connected, FastEthernet0/0
B 172.16.3.0 [200/0] via 2.2.2.2, 00:04:52
D 192.168.1.0/24 [90/307200] via 172.16.1.2, 00:06:48, FastEthernet0/0
B 192.168.2.0/24 [200/307200] via 2.2.2.2, 00:04:52
PE-JP#show ip route vrf Client2
Routing Table: Client2
(略)
172.16.0.0/24 is subnetted, 2 subnets
B 172.16.4.0 [200/0] via 2.2.2.2, 00:05:00
C 172.16.2.0 is directly connected, FastEthernet0/1
D 192.168.1.0/24 [90/307200] via 172.16.2.2, 00:06:56, FastEthernet0/1
B 192.168.2.0/24 [200/307200] via 2.2.2.2, 00:05:00
CEFの状況。Client1およびClient2のラベルの状況がわかる。先ほど説明したラベルの値が見える。
PE-JP#show ip cef vrf Client1 192.168.2.0
192.168.2.0/24, version 23, epoch 0, cached adjacency 10.1.1.1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Fa1/0, 10.1.1.1, tags imposed: {17 20}
via 2.2.2.2, 0 dependencies, recursive
next hop 10.1.1.1, FastEthernet1/0 via 2.2.2.2/32
valid cached adjacency
tag rewrite with Fa1/0, 10.1.1.1, tags imposed: {17 20}
PE-JP#
PE-JP#show ip cef vrf Client2 192.168.2.0
192.168.2.0/24, version 23, epoch 0, cached adjacency 10.1.1.1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Fa1/0, 10.1.1.1, tags imposed: {17 22}
via 2.2.2.2, 0 dependencies, recursive
next hop 10.1.1.1, FastEthernet1/0 via 2.2.2.2/32
valid cached adjacency
tag rewrite with Fa1/0, 10.1.1.1, tags imposed: {17 22}
BGPの状況。
PE-JP#show ip bgp vpnv4 all 192.168.2.0
BGP routing table entry for 100:1:192.168.2.0/24, version 13
Paths: (1 available, best #1, table Client1)
Not advertised to any peer
Local
2.2.2.2 (metric 12) from 2.2.2.2 (2.2.2.2)
Origin incomplete, metric 307200, localpref 100, valid, internal, best
Extended Community: RT:1:100 Cost:pre-bestpath:128:307200
0x8800:32768:0 0x8801:100:51200 0x8802:65281:256000 0x8803:65281:1500
mpls labels in/out nolabel/20
BGP routing table entry for 200:2:192.168.2.0/24, version 17
Paths: (1 available, best #1, table Client2)
Not advertised to any peer
Local
2.2.2.2 (metric 12) from 2.2.2.2 (2.2.2.2)
Origin incomplete, metric 307200, localpref 100, valid, internal, best
Extended Community: RT:2:200 Cost:pre-bestpath:128:307200
0x8800:32768:0 0x8801:100:51200 0x8802:65281:256000 0x8803:65281:1500
mpls labels in/out nolabel/22
PE-JP#show ip bgp all
For address family: VPNv4 Unicast
BGP table version is 17, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf Client1)
*> 172.16.1.0/24 0.0.0.0 0 32768 ?
*>i172.16.3.0/24 2.2.2.2 0 100 0 ?
*> 192.168.1.0 172.16.1.2 307200 32768 ?
*>i192.168.2.0 2.2.2.2 307200 100 0 ?
Route Distinguisher: 200:2 (default for vrf Client2)
*> 172.16.2.0/24 0.0.0.0 0 32768 ?
*>i172.16.4.0/24 2.2.2.2 0 100 0 ?
*> 192.168.1.0 172.16.2.2 307200 32768 ?
*>i192.168.2.0 2.2.2.2 307200 100 0 ?
EIGRP状況。
PE-JP#show ip eigrp vrf Client1 neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.1.2 Fa0/0 9 00:34:55 30 200 0 3
PE-JP#show ip eigrp vrf Client1 topology
IP-EIGRP Topology Table for AS(100)/ID(172.16.1.1) Routing Table: Client1
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 192.168.1.0/24, 1 successors, FD is 307200
via 172.16.1.2 (307200/281600), FastEthernet0/0
P 192.168.2.0/24, 1 successors, FD is 307200
via VPNv4 Sourced (307200/0)
P 172.16.1.0/24, 1 successors, FD is 281600
via Connected, FastEthernet0/0
P 172.16.3.0/24, 1 successors, FD is 281600
via VPNv4 Sourced (281600/0)
PE-JP#show ip eigrp vrf Client2 neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.2.2 Fa0/1 10 00:35:12 24 200 0 3
PE-JP#show ip eigrp vrf Client2 topology
IP-EIGRP Topology Table for AS(100)/ID(172.16.2.1) Routing Table: Client2
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 192.168.1.0/24, 1 successors, FD is 307200
via 172.16.2.2 (307200/281600), FastEthernet0/1
P 192.168.2.0/24, 1 successors, FD is 307200
via VPNv4 Sourced (307200/0)
P 172.16.4.0/24, 1 successors, FD is 281600
via VPNv4 Sourced (281600/0)
P 172.16.2.0/24, 1 successors, FD is 281600
via Connected, FastEthernet0/1
Provider
PE-JP、Provier、PE-EUの経路のみとなる。
Provider#show ip route
(略)
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/11] via 10.1.1.2, 00:21:09, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/11] via 10.1.2.2, 00:21:09, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback1
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.2.0 is directly connected, FastEthernet0/1
C 10.1.1.0 is directly connected, FastEthernet0/0
Provider#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/BDR 00:00:34 10.1.2.2 FastEthernet0/1
1.1.1.1 1 FULL/BDR 00:00:33 10.1.1.2 FastEthernet0/0
Provider#show ip cef
Prefix Next Hop Interface
0.0.0.0/0 drop Null0 (default route handler entry)
0.0.0.0/8 drop
0.0.0.0/32 receive
1.1.1.1/32 10.1.1.2 FastEthernet0/0
2.2.2.2/32 10.1.2.2 FastEthernet0/1
3.3.3.3/32 receive
10.1.1.0/24 attached FastEthernet0/0
10.1.1.0/32 receive
10.1.1.1/32 receive
10.1.1.2/32 10.1.1.2 FastEthernet0/0
10.1.1.255/32 receive
10.1.2.0/24 attached FastEthernet0/1
10.1.2.0/32 receive
10.1.2.1/32 receive
10.1.2.2/32 10.1.2.2 FastEthernet0/1
10.1.2.255/32 receive
127.0.0.0/8 drop
224.0.0.0/4 drop
224.0.0.0/24 receive
240.0.0.0/4 drop
255.255.255.255/32 receive
CE1-JP
こちらではClient1の経路のみが表示される。
CE1-JP#show ip route
(略)
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.1.0 is directly connected, FastEthernet0/0
D 172.16.3.0 [90/307200] via 172.16.1.1, 00:07:31, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/1
D 192.168.2.0/24 [90/332800] via 172.16.1.1, 00:07:31, FastEthernet0/0
CE1-JP#show ip eigrp neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 172.16.1.1 Fa0/0 13 00:08:45 79 711 0 5
CE1-JP#show ip eigrp topology
IP-EIGRP Topology Table for AS(100)/ID(192.168.1.254)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 192.168.1.0/24, 1 successors, FD is 281600
via Connected, FastEthernet0/1
P 192.168.2.0/24, 1 successors, FD is 332800
via 172.16.1.1 (332800/307200), FastEthernet0/0
P 172.16.1.0/24, 1 successors, FD is 281600
via Connected, FastEthernet0/0
P 172.16.3.0/24, 1 successors, FD is 307200
via 172.16.1.1 (307200/281600), FastEthernet0/0