2012年1月11日水曜日

MPLS VPN lab (OSPF版)


MPLS VPN(OSPF版ラボ)






■ 目的

(1) MPLSネットワーク内を経由してAAAA株式会社の本社、支店同士で通信が出来るようにする事。
(2) MPLSネットワーク内を経由してBBBB株式会社の本社、支店同士で通信が出来るようにする事。
(3) AAAA株式会社とBBBB株式会社間は一切通信できない事。(ルーティング情報も含めて)


■ 設定コンフィグ
※ 基礎コマンドは除く


(1)R1(AAAA株式会社本社側CEルータ)

R1(config)# router ospf 1
R1(config-router)#network 0.0.0.0 255.255.255.255 area 0


(2)R2(通信事業者MPLSネットワーク本社側PEルータ)


Router2(config)# ip cef
Router2(config)# ip vrf AAAA
Router2(config-vrf)# rd 1:100
Router2(config-vrf)# route-target both 1:100 
Router2(config-vrf)# exit
Router2(config)# interface ser0/0
Router2(config-if)# ip address 10.0.0.1 255.255.255.252
Router2(config-if)# mpls ip
Router2(config-if)# no shutdown
Router2(config)# interface ser0/1
Router2(config-if)# ip vrf forwarding AAAA
Router2(config-if)# ip address 10.10.0.2 255.255.255.252
Router2(config-if)# no shutdown
Router2(config)# interface loopback 0
Router2(config-if)# ip address 1.1.1.1 255.255.255.255
Router2(config-if)# no shutdown
Router2(config-if)# exit
Router2(config)# router bgp 100
Router2(config-router)# no bgp default ipv4-unicast
Router2(config-router)# neighbor 2.2.2.2 remote-as 100
Router2(config-router)# neighbor 2.2.2.2 update-source Loopback0
Router2(config-router)# address-family vpnv4
Router2(config-router-af)# neighbor 2.2.2.2 activate 
Router2(config)# router ospf 10 vrf AAAA
Router2(config-router)# network 10.10.0.0 0.0.0.3 area 0
Router2(config-router)# redistribute bgp 100 metric 30 subnets
Router2(config-router)# exit
Router2(config)#router bgp 100
Router2(config-router)# address-family ipv4 vrf AAAA 
Router2(config-router-af)# redistribute ospf 10 vrf AAAA

 Router2(config)# ip vrf BBBB
Router2(config-vrf)# rd 1:200
Router2(config-vrf)# route-target both 1:200 
Router2(config-vrf)# exit
Router2(config)# interface fa0/1
Router2(config-if)# ip vrf forwarding BBBB
Router2(config-if)# ip address 10.100.0.2 255.255.255.252
Router2(config-if)# no shutdown
Router2(config)# router ospf 20 vrf BBBB
Router2(config-router)# network 10.100.0.0 0.0.0.3 area 0
Router2(config-router)# redistribute bgp 100 metric 30 subnets
Router2(config-router)# exit
Router2(config)#router bgp 100
Router2(config-router)# address-family ipv4 vrf BBBB 
Router2(config-router-af)# redistribute ospf 10 vrf BBBB

(3)R3(通信事業者MPLSネットワークPルータ)

Router3(config)# ip cef
Router3(config)# interface ser0/0
Router3(config-if)# ip address 10.0.0.2 255.255.255.252
Router3(config-if)# mpls ip
Router3(config-if)# no shut
Router3(config-if)# exit
Router3(config)# interface ser0/1
Router3(config-if)# ip address 10.0.0.6 255.255.255.252
Router3(config-if)# mpls ip
Router3(config-if)# no shut

(4)R4(通信事業者MPLSネットワーク支社側PEルータ)

Router4(config)# ip cef
Router4(config)# ip vrf AAAA
Router4(config-vrf)# rd 1:100
Router4(config-vrf)# route-target both 1:100 
Router4(config-vrf)# exit
Router4(config)# interface ser0/0
Router4(config-if)# ip address 10.0.0.5 255.255.255.252
Router4(config-if)# mpls ip
Router4(config-if)# no shutdown
Router4(config)# interface ser0/1
Router4(config-if)# ip vrf forwarding AAAA
Router4(config-if)# ip address 10.20.0.2 255.255.255.252
Router4(config-if)# no shutdown
Router4(config)# interface loopback 0
Router4(config-if)# ip address 2.2.2.2 255.255.255.255
Router4(config-if)# no shutdown
Router4(config-if)# exit
Router4(config)# router bgp 100
Router4(config-router)# no bgp default ipv4-unicast
Router4(config-router)# neighbor 1.1.1.1 remote-as 100
Router4(config-router)# neighbor 1.1.1.1 update-source Loopback0
Router4(config-router)# address-family vpnv4
Router4(config-router-af)# neighbor 1.1.1.1 activate 
Router4(config)# router ospf 10 vrf AAAA
Router4(config-router)# network 10.20.0.0 0.0.0.3 area 0
Router4(config-router)# redistribute bgp 100 metric 30 subnets
Router4(config-router)# exit
Router4(config)#router bgp 100
Router4(config-router)# address-family ipv4 vrf AAAA 
Router4(config-router-af)# redistribute ospf 10 vrf AAAA

 Router4(config)# ip vrf BBBB
Router4(config-vrf)# rd 1:200
Router4(config-vrf)# route-target both 1:200 
Router4(config-vrf)# exit
Router4(config)# interface fa0/1
Router4(config-if)# ip vrf forwarding BBBB
Router4(config-if)# ip address 10.110.0.2 255.255.255.252
Router4(config-if)# no shutdown
Router4(config)# router ospf 20 vrf BBBB
Router4(config-router)# network 10.110.0.0 0.0.0.3 area 0
Router4(config-router)# redistribute bgp 100 metric 30 subnets
Router4(config-router)# exit
Router4(config)#router bgp 100
Router4(config-router)# address-family ipv4 vrf BBBB 
Router4(config-router-af)# redistribute ospf 20 vrf BBBB


(5)R5(AAAA株式会社支店側CEルータ)

Router5(config)# router ospf 1
Router5(config-router)#network 0.0.0.0 255.255.255.255 area 0

(6)R6(AAAA株式会社支店側CEルータ)

Router6(config)# router ospf 1
Router6(config-router)#network 0.0.0.0 255.255.255.255 area 0

(7)R7(AAAA株式会社支店側CEルータ)

Router7(config)# router ospf 1
Router7(config-router)#network 0.0.0.0 255.255.255.255 area 0




■ 検証コマンド


1.ルーティングテーブルの確認


(1)R2(通信事業者MPLSネットワーク本社側PEルータ)


Router2# show ip route vrf AAAA

Routing Table: AAAA
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     20.0.0.0/32 is subnetted, 1 subnets
B       20.20.20.20 [200/65] via 2.2.2.2, 00:30:16
     10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O       10.10.10.10/32 [110/65] via 10.10.0.1, 00:21:44, Serial0/1
C       10.10.0.0/30 is directly connected, Serial0/1
B       10.20.0.0/30 [200/0] via 2.2.2.2, 00:30:16

Router2# show ip route vrf BBBB

Routing Table: BBBB
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     100.0.0.0/32 is subnetted, 1 subnets
O       100.100.100.100 [110/11] via 10.100.0.1, 00:21:45, FastEthernet0/0
     110.0.0.0/32 is subnetted, 1 subnets
B       110.110.110.110 [200/11] via 2.2.2.2, 00:17:48
     10.0.0.0/30 is subnetted, 2 subnets
B       10.110.0.0 [200/0] via 2.2.2.2, 00:17:48
C       10.100.0.0 is directly connected, FastEthernet0/0


(2)R4(通信事業者MPLSネットワーク支社側PEルータ)

Router4#show ip route vrf AAAA

Routing Table: AAAA
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     20.0.0.0/32 is subnetted, 1 subnets
O       20.20.20.20 [110/65] via 10.20.0.1, 00:29:27, Serial0/1
     10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B       10.10.10.10/32 [200/65] via 1.1.1.1, 00:26:18
B       10.10.0.0/30 [200/0] via 1.1.1.1, 00:26:18
C       10.20.0.0/30 is directly connected, Serial0/1

Router4#show ip route vrf BBBB

Routing Table: BBBB
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     100.0.0.0/32 is subnetted, 1 subnets
B       100.100.100.100 [200/11] via 1.1.1.1, 00:11:31
     110.0.0.0/32 is subnetted, 1 subnets
O       110.110.110.110 [110/11] via 10.110.0.1, 00:29:16, FastEthernet0/0
     10.0.0.0/30 is subnetted, 2 subnets
C       10.110.0.0 is directly connected, FastEthernet0/0
B       10.100.0.0 [200/0] via 1.1.1.1, 00:11:31




(3)R1(AAAA株式会社本社側CEルータ)

Router1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     20.0.0.0/32 is subnetted, 1 subnets
O IA    20.20.20.20 [110/94] via 10.10.0.2, 00:18:53, Serial0/0
     10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C       10.10.10.10/32 is directly connected, Loopback0
C       10.10.0.0/30 is directly connected, Serial0/0
O IA    10.20.0.0/30 [110/94] via 10.10.0.2, 00:18:53, Serial0/0

(4)Router5(AAAA株式会社支店側CEルータ)

Router5#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     20.0.0.0/32 is subnetted, 1 subnets
C       20.20.20.20 is directly connected, Loopback0
     10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O IA    10.10.10.10/32 [110/94] via 10.20.0.2, 00:28:47, Serial0/0
O IA    10.10.0.0/30 [110/94] via 10.20.0.2, 00:28:47, Serial0/0
C       10.20.0.0/30 is directly connected, Serial0/0

(5)R6(AAAA株式会社支店側CEルータ)

Router6#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     100.0.0.0/32 is subnetted, 1 subnets
C       100.100.100.100 is directly connected, Loopback0
     110.0.0.0/32 is subnetted, 1 subnets
O IA    110.110.110.110 [110/40] via 10.100.0.2, 00:19:38, FastEthernet0/0
     10.0.0.0/30 is subnetted, 2 subnets
O IA    10.110.0.0 [110/40] via 10.100.0.2, 00:19:38, FastEthernet0/0
C       10.100.0.0 is directly connected, FastEthernet0/0

(6)R7(AAAA株式会社支店側CEルータ)

R7#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     100.0.0.0/32 is subnetted, 1 subnets
O IA    100.100.100.100 [110/40] via 10.110.0.2, 00:13:50, FastEthernet0/0
     110.0.0.0/32 is subnetted, 1 subnets
C       110.110.110.110 is directly connected, Loopback0
     10.0.0.0/30 is subnetted, 2 subnets
C       10.110.0.0 is directly connected, FastEthernet0/0
O IA    10.100.0.0 [110/40] via 10.110.0.2, 00:13:50, FastEthernet0/0



2.BGPテーブルの確認


(1)R2(通信事業者MPLSネットワーク本社側PEルータ)

Router2#show ip bgp vpnv4 vrf AAAA
BGP table version is 29, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:100 (default for vrf AAAA)
*> 10.10.0.0/30     0.0.0.0                  0         32768 ?
*> 10.10.10.10/32   10.10.0.1               65         32768 ?
*>i10.20.0.0/30     2.2.2.2                  0    100      0 ?
*>i20.20.20.20/32   2.2.2.2                 65    100      0 ?


Router2#show ip bgp vpnv4 vrf BBBB
BGP table version is 29, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:200 (default for vrf BBBB)
*> 10.100.0.0/30    0.0.0.0                  0         32768 ?
*>i10.110.0.0/30    2.2.2.2                  0    100      0 ?
*> 100.100.100.100/32
                    10.100.0.1              11         32768 ?
*>i110.110.110.110/32
                    2.2.2.2                 11    100      0 ?

(2)R4(通信事業者MPLSネットワーク支社側PEルータ)

Router4#show ip bgp vpnv4 vrf AAAA
BGP table version is 29, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:100 (default for vrf AAAA)
*>i10.10.0.0/30     1.1.1.1                  0    100      0 ?
*>i10.10.10.10/32   1.1.1.1                 65    100      0 ?
*> 10.20.0.0/30     0.0.0.0                  0         32768 ?
*> 20.20.20.20/32   10.20.0.1               65         32768 ?

Router4#show ip bgp vpnv4 vrf BBBB
BGP table version is 29, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:200 (default for vrf BBBB)
*>i10.100.0.0/30    1.1.1.1                  0    100      0 ?
*> 10.110.0.0/30    0.0.0.0                  0         32768 ?
*>i100.100.100.100/32
                    1.1.1.1                 11    100      0 ?
*> 110.110.110.110/32
                    10.110.0.1              11         32768 ?




3.拠点間で疎通確認

(1)R1(AAAA株式会社本社側CEルータ)

Router1#ping 20.20.20.20 source 10.10.10.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/88/132 ms

Router1#ping 100.100.100.100 source 10.10.10.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.100, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.10
U.U.U
Success rate is 0 percent (0/5)

Router1#ping 110.110.110.110 source 10.10.10.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 110.110.110.110, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.10
U.U.U
Success rate is 0 percent (0/5)



(2)R5(AAAA株式会社支店側CEルータ)

Router5#ping 10.10.10.10 source 20.20.20.20

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 20.20.20.20
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/139/164 ms

Router5#ping 100.100.100.100 source 20.20.20.20

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.100, timeout is 2 seconds:
Packet sent with a source address of 20.20.20.20
U.U.U
Success rate is 0 percent (0/5)

Router5#ping 110.110.110.110 source 20.20.20.20

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 110.110.110.110, timeout is 2 seconds:
Packet sent with a source address of 20.20.20.20
U.U.U
Success rate is 0 percent (0/5)

(3)R6(AAAA株式会社支店側CEルータ)

Router6#ping 110.110.110.110 source 100.100.100.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 110.110.110.110, timeout is 2 seconds:
Packet sent with a source address of 100.100.100.100
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/93/200 ms

Router6#ping 10.10.10.10 source 100.100.100.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 100.100.100.100
U.U.U
Success rate is 0 percent (0/5)

Router6#ping 20.20.20.20 source 100.100.100.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
Packet sent with a source address of 100.100.100.100
U.U.U
Success rate is 0 percent (0/5)

(4)R7(AAAA株式会社支店側CEルータ)


Router7#ping 100.100.100.100 source 110.110.110.110

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.100, timeout is 2 seconds:
Packet sent with a source address of 110.110.110.110
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/116/200 ms

Router7#ping 10.10.10.10 source 110.110.110.110

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 110.110.110.110
U.U.U
Success rate is 0 percent (0/5)

Router7#ping 20.20.20.20 source 110.110.110.110

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
Packet sent with a source address of 110.110.110.110
U.U.U
Success rate is 0 percent (0/5)
投稿者 時刻:
ラベル: , ,