はじめに
前回の拡張として、下記のような接続パターンが考えられます。
この構成の良いところは、図の左側のTransit Gateway#1がPowerVSへのルーティング情報をDirect Link 2.0に広告してくれるので、オンプレミス側のルータでGREを終端する必要がない点です。
※この構成はGREトンネルを冗長化しておらず、Transit Gatewayのメンテナンス時に影響を受ける可能性があります。本番利用の際は下記Docsを参考に、異なるゾーンに対し、GREを2本張ることをお勧めします。
https://cloud.ibm.com/docs/transit-gateway?topic=transit-gateway-about#use-case-8
実際に構成してみましょう。
(※今回はオンプレミス環境を用意していないので、ルーティングの流れを見るために代替としてVPCを使いました)
Transit Gateway構成
Transit Gateway#1で下記を構成します。
・DL2.0(今回は代替としてVPC)へのコネクションを作成
・下記のGREコネクションを作成
Remote BGP ASN(VRA側で用いるASN)は、前回と同じ「4205000063」を指定します。
Transit Gateway#2は前回の構成と同じです。
VRA構成
前回分と合わせ、下記の構成となります。
TGW側underlayへの静的経路(next hopをBCRに設定)
set protocols static route 192.168.181.5/32 next-hop 10.132.163.193
set protocols static route 192.168.231.5/32 next-hop 10.132.163.193
GRE設定
set interfaces tunnel tun0 address 192.168.100.1/30
set interfaces tunnel tun0 encapsulation gre
set interfaces tunnel tun0 local-ip 10.132.163.242
set interfaces tunnel tun0 remote-ip 192.168.231.5
set interfaces tunnel tun3 address 192.168.250.1/30
set interfaces tunnel tun3 encapsulation gre
set interfaces tunnel tun3 local-ip 10.132.163.242
set interfaces tunnel tun3 remote-ip 192.168.181.5
BGP設定
set protocols bgp 4205000063 address-family ipv4-unicast network 192.168.170.0/24
set protocols bgp 4205000063 neighbor 192.168.100.2 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 4205000063 neighbor 192.168.100.2 remote-as 4201065555
set protocols bgp 4205000063 neighbor 192.168.250.2 address-family ipv4-unicast soft-reconfiguration inbound
set protocols bgp 4205000063 neighbor 192.168.250.2 remote-as 4201065556
set protocols bgp 4205000063 parameters extended-asn-capability
確認
GRE確認
vyatta@vra02:~$ show interfaces tunnel
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Speed/Duplex Description
--------- ---------- --- ------------ -----------
tun0 192.168.100.1/30 u/u -/-
tun3 192.168.250.1/30 u/u -/-
vyatta@vra02:~$
GRE確認
vyatta@vra02:~$ show interfaces tunnel detail
tun0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN group default qlen 1000
link/gre 10.132.163.242 peer 192.168.231.5
inet 192.168.100.1/30 brd 192.168.100.3 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::5efe:a84:a3f2/64 scope link
valid_lft forever preferred_lft forever
RX: bytes packets errors ignored overrun mcast
551701 6071 0 0 0 0
TX: bytes packets errors dropped carrier collisions
469019 5365 0 0 0 0
tun3@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1476 qdisc noqueue state UNKNOWN group default qlen 1000
link/gre 10.132.163.242 peer 192.168.181.5
inet 192.168.250.1/30 brd 192.168.250.3 scope global tun3
valid_lft forever preferred_lft forever
inet6 fe80::5efe:a84:a3f2/64 scope link
valid_lft forever preferred_lft forever
RX: bytes packets errors ignored overrun mcast
222205 2513 0 0 0 0
TX: bytes packets errors dropped carrier collisions
225940 2518 0 0 0 0
vyatta@vra02:~$
下記のBGPの確認により、オンプレミス(代替としてVPC) <-> TGW#1 <-> VRA <-> TGW#2 <-> PowerVS の間でルーティング情報が交換されている事を確認できます。
BGP確認
vyatta@vra02:~$ show ip bgp
BGP table version is 18, local router ID is 192.168.200.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
l - labeled, S Stale, b - backup, x - best external
Origin codes: i - IGP, e - EGP, ? - incomplete
IPv4 Unicast address family:
Network Next Hop Metric LocPrf Weight Path
*> 172.16.30.0/24 192.168.250.2 0 100 0 4201065556 4203065556 i
*> 192.168.150.0 192.168.100.2 0 100 0 4201065555 64999 64997 64998 ?
*> 192.168.170.0 0.0.0.0 100 32768 i
Total number of prefixes 3
vyatta@vra02:~$
VRAとGRE#1の経路情報やり取り。
vyatta@vra02:~$ show ip bgp neighbors 192.168.250.2 received-routes
BGP table version is 18, local router ID is 192.168.200.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
IPv4 Unicast address family:
Network Next Hop Metric LocPrf Weight Path
*> 172.16.30.0/24 192.168.250.2 100 0 4201065556 4203065556 i
Total number of prefixes 1
vyatta@vra02:~$ show ip bgp neighbors 192.168.250.2 advertised-routes
BGP table version is 18, local router ID is 192.168.200.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
IPv4 Unicast address family:
Network Next Hop Metric LocPrf Weight Path
*> 192.168.150.0 192.168.250.1 100 0 4201065555 64999 64997 64998 ?
*> 192.168.170.0 192.168.250.1 100 32768 i
Total number of prefixes 2
vyatta@vra02:~$
VRAとGRE#2の経路情報やり取り。
vyatta@vra02:~$ show ip bgp neighbors 192.168.100.2 received-routes
BGP table version is 18, local router ID is 192.168.200.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
IPv4 Unicast address family:
Network Next Hop Metric LocPrf Weight Path
*> 192.168.150.0 192.168.100.2 100 0 4201065555 64999 64997 64998 ?
Total number of prefixes 1
vyatta@vra02:~$ show ip bgp neighbors 192.168.100.2 advertised-routes
BGP table version is 18, local router ID is 192.168.200.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
IPv4 Unicast address family:
Network Next Hop Metric LocPrf Weight Path
*> 172.16.30.0/24 192.168.100.1 100 0 4201065556 4203065556 i
*> 192.168.170.0 192.168.100.1 100 32768 i
Total number of prefixes 2
vyatta@vra02:~$
VRAのルーティング情報
vyatta@vra02:~$ show ip route
Codes: K - kernel, C - connected, S - static, D - DHCP, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
L - LDP, V - RSVP-TE, I - IGP shortcut
> - selected route, * - FIB route, p - stale info
IP Route Table for Routing-instance "default"
Gateway of last resort is 161.202.242.121 to network 0.0.0.0
(略)
B *> 172.16.30.0/24 [20/0] via 192.168.250.2, tun3, 09:54:27
C *> 192.168.100.0/30 is directly connected, tun0
B *> 192.168.150.0/24 [20/0] via 192.168.100.2, tun0, 17:12:20
S *> 192.168.181.5/32 [1/0] via 10.132.163.193, dp0bond0
S *> 192.168.231.5/32 [1/0] via 10.132.163.193, dp0bond0
C *> 192.168.250.0/30 is directly connected, tun3
vyatta@vra02:~$
TGW#1の経路情報
TGW#2の経路情報
End-to-end疎通確認(PowerVSからVPC)
# ping 172.16.30.4
PING 172.16.30.4 (172.16.30.4): 56 data bytes
64 bytes from 172.16.30.4: icmp_seq=0 ttl=57 time=3 ms
64 bytes from 172.16.30.4: icmp_seq=1 ttl=57 time=3 ms
64 bytes from 172.16.30.4: icmp_seq=2 ttl=57 time=3 ms
^C
--- 172.16.30.4 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 3/3/3 ms
#
以上