id と パスワードは admin/admin
VMware Workstation Player 17 上で実行。
VMlan で繋ぐと繋がるけども、LAN セグメントで繋ぐと通信できないのは何故...
vEOS-00
vEOS-00
vEOS-00#show running-config
! Command: show running-config
! device: vEOS-00 (vEOS-lab, EOS-4.31.0F)
!
! boot system flash:/vEOS-lab.swi
!
no aaa root
!
username admin role network-admin secret sha512 $6$pWNKPgmbYLekE/7s$jmETqLeXaxGB3Ru1yJc1iRm21i0NPaF/GVy1VG51GxMGqDw9pctP.S2IwnunIPVHcfne9TXj1yNSq8.M1i8cX1
!
terminal length 0
terminal width 32767
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname vEOS-00
!
spanning-tree mode mstp
!
system l1
unsupported speed action error
unsupported error-correction action error
!
vrf instance CONSOLE
!
interface Ethernet1
no switchport
ip address 10.0.1.0/31
!
interface Ethernet2
no switchport
ip address 10.0.2.0/31
!
interface Ethernet3
no switchport
ip address 172.16.0.1/24
!
interface Management1
vrf CONSOLE
ip address 192.168.126.10/24
!
ip routing
no ip routing vrf CONSOLE
!
router bgp 65000
neighbor 10.0.1.1 remote-as 65020
neighbor 10.0.2.1 remote-as 65030
network 10.0.1.0/31
network 10.0.2.0/31
network 172.16.0.0/24
!
end
vEOS-00#exit
vEOS-01
vEOS-01
vEOS-01#show run
! Command: show running-config
! device: vEOS-01 (vEOS-lab, EOS-4.31.0F)
!
! boot system flash:/vEOS-lab.swi
!
no aaa root
!
username admin role network-admin secret sha512 $6$pWNKPgmbYLekE/7s$jmETqLeXaxGB3Ru1yJc1iRm21i0NPaF/GVy1VG51GxMGqDw9pctP.S2IwnunIPVHcfne9TXj1yNSq8.M1i8cX1
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname vEOS-01
!
spanning-tree mode mstp
!
system l1
unsupported speed action error
unsupported error-correction action error
!
vrf instance CONSOLE
!
interface Ethernet1
no switchport
ip address 10.0.1.1/31
!
interface Ethernet2
no switchport
ip address 10.1.2.0/31
!
interface Ethernet3
no switchport
ip address 172.16.1.1/24
!
interface Management1
vrf CONSOLE
ip address 192.168.126.11/24
!
ip routing
no ip routing vrf CONSOLE
!
router bgp 65020
neighbor 10.0.1.0 remote-as 65000
neighbor 10.1.2.1 remote-as 65020
network 10.0.1.0/31
network 10.1.2.0/31
network 172.16.1.0/24
!
end
vEOS-01#exit
vEOS-02
vEOS-02
vEOS-02#show run
! Command: show running-config
! device: vEOS-02 (vEOS-lab, EOS-4.31.0F)
!
! boot system flash:/vEOS-lab.swi
!
no aaa root
!
username admin role network-admin secret sha512 $6$pWNKPgmbYLekE/7s$jmETqLeXaxGB3Ru1yJc1iRm21i0NPaF/GVy1VG51GxMGqDw9pctP.S2IwnunIPVHcfne9TXj1yNSq8.M1i8cX1
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname vEOS-02
!
spanning-tree mode mstp
!
system l1
unsupported speed action error
unsupported error-correction action error
!
vrf instance CONSOLE
!
interface Ethernet1
no switchport
ip address 10.2.1.0/31
!
interface Ethernet2
no switchport
ip address 10.1.2.1/31
!
interface Ethernet3
no switchport
ip address 172.16.2.1/24
!
interface Management1
vrf CONSOLE
ip address 192.168.126.12/24
!
ip routing
no ip routing vrf CONSOLE
!
router bgp 65020
neighbor 10.1.2.0 remote-as 65020
neighbor 10.2.1.1 remote-as 65010
network 10.1.2.0/31
network 10.2.1.0/31
network 172.16.2.0/24
!
end
vEOS-02#exit
vEOS-03
vEOS-03
vEOS-03#show run
! Command: show running-config
! device: vEOS-03 (vEOS-lab, EOS-4.31.0F)
!
! boot system flash:/vEOS-lab.swi
!
no aaa root
!
username admin role network-admin secret sha512 $6$pWNKPgmbYLekE/7s$jmETqLeXaxGB3Ru1yJc1iRm21i0NPaF/GVy1VG51GxMGqDw9pctP.S2IwnunIPVHcfne9TXj1yNSq8.M1i8cX1
!
terminal length 0
terminal width 32767
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname vEOS-03
!
spanning-tree mode mstp
!
system l1
unsupported speed action error
unsupported error-correction action error
!
vrf instance CONSOLE
!
interface Ethernet1
no switchport
ip address 10.0.2.1/31
!
interface Ethernet2
no switchport
ip address 10.3.2.0/31
!
interface Ethernet3
no switchport
ip address 172.16.3.1/24
!
interface Management1
vrf CONSOLE
ip address 192.168.126.13/24
!
ip routing
no ip routing vrf CONSOLE
!
router bgp 65030
neighbor 10.0.2.0 remote-as 65000
neighbor 10.3.2.1 remote-as 65030
network 10.0.2.0/31
network 10.3.1.0/31
network 172.16.3.0/24
!
end
vEOS-03#exit
vEOS-04
vEOS-04
vEOS-04#show run
! Command: show running-config
! device: vEOS-04 (vEOS-lab, EOS-4.31.0F)
!
! boot system flash:/vEOS-lab.swi
!
no aaa root
!
username admin role network-admin secret sha512 $6$pWNKPgmbYLekE/7s$jmETqLeXaxGB3Ru1yJc1iRm21i0NPaF/GVy1VG51GxMGqDw9pctP.S2IwnunIPVHcfne9TXj1yNSq8.M1i8cX1
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname vEOS-04
!
spanning-tree mode mstp
!
system l1
unsupported speed action error
unsupported error-correction action error
!
vrf instance CONSOLE
!
interface Ethernet1
no switchport
ip address 10.4.1.0/31
!
interface Ethernet2
no switchport
ip address 10.3.2.1/31
!
interface Ethernet3
no switchport
ip address 172.16.4.1/24
!
interface Management1
vrf CONSOLE
ip address 192.168.126.14/24
!
ip routing
no ip routing vrf CONSOLE
!
router bgp 65030
neighbor 10.3.2.0 remote-as 65030
neighbor 10.4.1.1 remote-as 65010
network 10.3.2.0/31
network 10.4.1.0/31
network 172.16.4.0/24
!
end
vEOS-04#exit
vEOS-05
vEOS-05
vEOS-05#show run
! Command: show running-config
! device: vEOS-05 (vEOS-lab, EOS-4.31.0F)
!
! boot system flash:/vEOS-lab.swi
!
no aaa root
!
username admin role network-admin secret sha512 $6$pWNKPgmbYLekE/7s$jmETqLeXaxGB3Ru1yJc1iRm21i0NPaF/GVy1VG51GxMGqDw9pctP.S2IwnunIPVHcfne9TXj1yNSq8.M1i8cX1
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname vEOS-05
!
spanning-tree mode mstp
!
system l1
unsupported speed action error
unsupported error-correction action error
!
vrf instance CONSOLE
!
interface Ethernet1
no switchport
ip address 10.2.1.1/31
!
interface Ethernet2
no switchport
ip address 10.4.1.1/31
!
interface Ethernet3
no switchport
ip address 172.16.5.1/24
!
interface Management1
vrf CONSOLE
ip address 192.168.126.15/24
!
ip routing
no ip routing vrf CONSOLE
!
router bgp 65010
neighbor 10.2.1.0 remote-as 65020
neighbor 10.4.1.0 remote-as 65030
network 10.2.1.0/31
network 10.4.1.0/31
network 172.16.5.0/24
!
end
vEOS-05#exit
FreeBSD の /etc/rc.conf
IP アドレスとルーティングの設定
🐢=0~5 (FreeBSD-00~05)
/etc/rc.conf
hostname="FreeBSD-0🐢"
ifconfig_em0="inet 192.168.126.5🐢 netmask 255.255.255.0"
ifconfig_em1="inet 172.16.🐢.200 netmask 255.255.255.0"
sshd_enable="YES"
moused_nondefault_enable="NO"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"
static_routes="10 172"
route_10=" -net 10.0.0.0 -netmask 255.0.0.0 172.16.🐢.1"
route_172="-net 172.16.0.0 -netmask 255.255.0.0 172.16.🐢.1"
ルーティングテーブル
vEOS-00
vEOS-00#show ip route
...(略)
Gateway of last resort is not set
C 10.0.1.0/31 is directly connected, Ethernet1
C 10.0.2.0/31 is directly connected, Ethernet2
B E 10.1.2.0/31 [200/0] via 10.0.1.1, Ethernet1
B E 10.2.1.0/31 [200/0] via 10.0.1.1, Ethernet1
B E 10.3.2.0/31 [200/0] via 10.0.2.1, Ethernet2
B E 10.4.1.0/31 [200/0] via 10.0.2.1, Ethernet2
C 172.16.0.0/24 is directly connected, Ethernet3
B E 172.16.1.0/24 [200/0] via 10.0.1.1, Ethernet1
B E 172.16.2.0/24 [200/0] via 10.0.1.1, Ethernet1
B E 172.16.3.0/24 [200/0] via 10.0.2.1, Ethernet2
B E 172.16.4.0/24 [200/0] via 10.0.2.1, Ethernet2
B E 172.16.5.0/24 [200/0] via 10.0.1.1, Ethernet1
vEOS-00#show bgp summary
BGP summary information for VRF default
Router identifier 172.16.0.1, local AS number 65000
Neighbor AS Session State AFI/SAFI AFI/SAFI State NLRI Rcd NLRI Acc
-------- ----------- ------------- ----------------------- -------------- ---------- ----------
10.0.1.1 65020 Established IPv4 Unicast Negotiated 7 7
10.0.2.1 65030 Established IPv4 Unicast Negotiated 7 7
vEOS-00#show ip bgp neighbors received-routes
BGP routing table information for VRF default
Router identifier 172.16.0.1, local AS number 65000
Route status codes: s - suppressed contributor, * - valid, > - active, E - ECMP head, e - ECMP
S - Stale, c - Contributing to ECMP, b - backup, L - labeled-unicast
% - Pending best path selection
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI Origin Validation codes: V - valid, I - invalid, U - unknown
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
Network Peer Next Hop Metric AIGP LocPref Weight Path
* > 10.0.1.0/31 - - - - - - i
* 10.0.1.0/31 10.0.1.1 10.0.1.1 - - - - 65020 i
* > 10.0.2.0/31 - - - - - - i
* 10.0.2.0/31 10.0.2.1 10.0.2.1 - - - - 65030 i
* > 10.1.2.0/31 10.0.1.1 10.0.1.1 - - - - 65020 i
* > 10.2.1.0/31 10.0.1.1 10.0.1.1 - - - - 65020 i
* 10.2.1.0/31 10.0.2.1 10.0.2.1 - - - - 65030 65010 i
* > 10.3.2.0/31 10.0.2.1 10.0.2.1 - - - - 65030 i
* > 10.4.1.0/31 10.0.2.1 10.0.2.1 - - - - 65030 i
* 10.4.1.0/31 10.0.1.1 10.0.1.1 - - - - 65020 65010 i
* > 172.16.0.0/24 - - - - - - i
* > 172.16.1.0/24 10.0.1.1 10.0.1.1 - - - - 65020 i
* > 172.16.2.0/24 10.0.1.1 10.0.1.1 - - - - 65020 i
* > 172.16.3.0/24 10.0.2.1 10.0.2.1 - - - - 65030 i
* > 172.16.4.0/24 10.0.2.1 10.0.2.1 - - - - 65030 i
* > 172.16.5.0/24 10.0.1.1 10.0.1.1 - - - - 65020 65010 i
* 172.16.5.0/24 10.0.2.1 10.0.2.1 - - - - 65030 65010 i
全部繋がっていますね。
abc123@FreeBSD-00:~ $ traceroute -n 172.16.5.200
traceroute to 172.16.5.200 (172.16.5.200), 64 hops max, 40 byte packets
1 172.16.0.1 2.453 ms 0.834 ms 1.970 ms
2 10.0.1.1 2.056 ms 2.020 ms 1.327 ms
3 10.1.2.1 2.420 ms 2.044 ms 2.285 ms
4 10.2.1.1 3.130 ms 5.327 ms 2.684 ms
5 172.16.5.200 4.786 ms 3.246 ms 3.861 ms
上の FreeBSD-00 から下の FreeBSD-05 まで ping が帰ってきます。
一カ所切ってみる
vEOD-03 と vEOD-04 の間を切ってみます。
事前の確認として、
vEOS-03
vEOS-03#traceroute 172.16.5.200
traceroute to 172.16.5.200 (172.16.5.200), 30 hops max, 60 byte packets
1 10.3.2.1 (10.3.2.1) 1.542 ms 1.545 ms 1.616 ms
2 10.4.1.1 (10.4.1.1) 3.244 ms 3.392 ms 3.444 ms
3 172.16.5.200 (172.16.5.200) 5.005 ms 5.110 ms 5.283 ms
vEOS-03#
vEOS-03 ▶ vEOS-04 ▶ vEOS-05
と近い方を回っていますね。
vEOS-03
vEOS-03#conf
vEOS-03(config)#int e2
vEOS-03(config-if-Et2)#shut
vEOS-03(config-if-Et2)#end
vEOS-03#
vEOS-03#show ip interface brief
Address
Interface IP Address Status Protocol MTU Owner
--------------- --------------------- ---------- ------------ --------- -------
Ethernet1 10.0.2.1/31 up up 1500
Ethernet2 10.3.2.0/31 down down 1500
Ethernet3 172.16.3.1/24 up up 1500
Management1 192.168.126.13/24 up up 1500
vEOS-03
vEOS-03#traceroute 172.16.5.200
traceroute to 172.16.5.200 (172.16.5.200), 30 hops max, 60 byte packets
1 10.0.2.0 (10.0.2.0) 1.519 ms 1.268 ms 1.315 ms
2 10.0.1.1 (10.0.1.1) 2.676 ms 2.649 ms 2.588 ms
3 10.1.2.1 (10.1.2.1) 3.656 ms 3.643 ms 3.848 ms
4 10.2.1.1 (10.2.1.1) 6.894 ms 6.913 ms 8.472 ms
5 172.16.5.200 (172.16.5.200) 9.046 ms 9.081 ms 9.000 ms
vEOS-03 ▶ vEOS-00 ▶ vEOS-01 ▶ vEOS-02 ▶ vEOS-05 ▶ FreeBSD-05
くるっと回って切れてないですね。
では、
vEOS-03
vEOS-03#traceroute 172.16.4.200
traceroute to 172.16.4.200 (172.16.4.200), 30 hops max, 60 byte packets
connect: Network is unreachable
vEOS-03#
あら?...
あ、同じ AS の中なので外を回ってくることはないのですね。
戻しましょう。
vEOS-03
vEOS-03#conf
vEOS-03(config)#int e2
vEOS-03(config-if-Et2)#no shutdown
vEOS-03(config-if-Et2)#end
vEOS-03#traceroute 172.16.4.200
traceroute to 172.16.4.200 (172.16.4.200), 30 hops max, 60 byte packets
1 10.3.2.1 (10.3.2.1) 1.366 ms 1.218 ms 1.211 ms
2 172.16.4.200 (172.16.4.200) 6.600 ms 6.732 ms 6.726 ms
vEOS-03#traceroute 172.16.5.200
traceroute to 172.16.5.200 (172.16.5.200), 30 hops max, 60 byte packets
1 10.3.2.1 (10.3.2.1) 1.752 ms 1.810 ms 2.337 ms
2 10.4.1.1 (10.4.1.1) 3.278 ms 3.348 ms 3.742 ms
3 172.16.5.200 (172.16.5.200) 5.030 ms 5.585 ms 5.657 ms
vEOS-03#
vEOS-00 にセグメントを追加して、それぞれ別経路を選択させる
vEOS-00 (一部)
ip prefix-list net_172_16_0 seq 10 permit 172.16.0.0/24
ip prefix-list net_172_16_6 seq 10 permit 172.16.6.0/24
!
route-map as_add_172_16_0 permit 10
match ip address prefix-list net_172_16_0
set as-path prepend auto
!
route-map as_add_172_16_0 permit 20
!
route-map as_add_172_16_6 permit 10
match ip address prefix-list net_172_16_6
set as-path prepend auto
!
route-map as_add_172_16_6 permit 20
!
router bgp 65000
neighbor 10.0.1.1 remote-as 65020
neighbor 10.0.1.1 route-map as_add_172_16_6 out
neighbor 10.0.2.1 remote-as 65030
neighbor 10.0.2.1 route-map as_add_172_16_0 out
network 10.0.1.0/31
network 10.0.2.0/31
network 172.16.0.0/24
network 172.16.6.0/24
vEOS-05#show ip bgp neighbors received-routes | grep 65000
* 10.0.1.0/31 10.4.1.0 10.4.1.0 - - - - 65030 65000 i
* 10.0.2.0/31 10.2.1.0 10.2.1.0 - - - - 65020 65000 i
* > 172.16.0.0/24 10.2.1.0 10.2.1.0 - - - - 65020 65000 i
* 172.16.0.0/24 10.4.1.0 10.4.1.0 - - - - 65030 65000 65000 i
* > 172.16.6.0/24 10.4.1.0 10.4.1.0 - - - - 65030 65000 i
* 172.16.6.0/24 10.2.1.0 10.2.1.0 - - - - 65020 65000 65000 i
FreeBSD-05
abc123@FreeBSD-05:~ $ traceroute -n 172.16.0.200
traceroute to 172.16.0.200 (172.16.0.200), 64 hops max, 40 byte packets
1 172.16.5.1 2.428 ms 0.631 ms 0.922 ms
2 10.2.1.0 3.069 ms 1.145 ms 1.315 ms
3 10.1.2.0 2.340 ms 1.846 ms 1.609 ms
4 10.0.1.0 2.692 ms 3.977 ms 2.312 ms
5 172.16.0.200 3.249 ms 2.520 ms 2.240 ms
abc123@FreeBSD-05:~ $ traceroute -n 172.16.6.200
traceroute to 172.16.6.200 (172.16.6.200), 64 hops max, 40 byte packets
1 172.16.5.1 0.991 ms 0.569 ms 0.650 ms
2 10.4.1.0 1.522 ms 1.635 ms 1.136 ms
3 10.3.2.0 2.168 ms 2.093 ms 1.917 ms
4 10.0.2.0 4.523 ms 3.087 ms 2.269 ms
5 172.16.6.200 5.724 ms 2.683 ms 2.235 ms
まだ途中。
でもまぁ、これで繋がってますねぇ。
詳細は後ほど。