MPLS VPN(スタティックルート版ラボ)
■ 目的
(1) MPLSネットワーク内を経由してAAAA株式会社の本社、支店同士で通信が出来るようにする事。
(2) MPLSネットワーク内を経由してBBBB株式会社の本社、支店同士で通信が出来るようにする事。
(3) AAAA株式会社とBBBB株式会社間は一切通信できない事。(ルーティング情報も含めて)
■ 設定コンフィグ
※ 基礎コマンドは除く
(1)R1(AAAA株式会社本社側CEルータ)
R1(config)# ip route 0.0.0.0 0.0.0.0 10.10.0.2
(2)R2(通信事業者MPLSネットワーク本社側PEルータ)
Router2(config)# ip cef
Router2(config)# ip vrf AAAA
Router2(config-vrf)# rd 1:100
Router2(config-vrf)# route-target both 1:100
Router2(config-vrf)# exit
Router2(config)# interface ser0/0
Router2(config-if)# ip address 10.0.0.1 255.255.255.252
Router2(config-if)# mpls ip
Router2(config-if)# no shutdown
Router2(config)# interface ser0/1
Router2(config-if)# ip vrf forwarding AAAA
Router2(config-if)# ip address 10.10.0.2 255.255.255.252
Router2(config-if)# no shutdown
Router2(config)# interface loopback 0
Router2(config-if)# ip address 1.1.1.1 255.255.255.255
Router2(config-if)# no shutdown
Router2(config-if)# exit
Router2(config)# router bgp 100
Router2(config-router)# no bgp default ipv4-unicast
Router2(config-router)# neighbor 2.2.2.2 remote-as 100
Router2(config-router)# neighbor 2.2.2.2 update-source Loopback0
Router2(config-router)# address-family vpnv4
Router2(config-router-af)# neighbor 2.2.2.2 activate
Router2(config)# ip route vrf AAAA 10.10.10.10 255.255.255.255 10.10.0.1
Router2(config)#router bgp 100
Router2(config-router)#address-family ipv4 vrf AAAA
Router2(config-router-af)#redistribute static
Router2(config)# ip vrf BBBB
Router2(config-vrf)# rd 1:200
Router2(config-vrf)# route-target both 1:200
Router2(config-vrf)# exit
Router2(config)# interface fa0/1
Router2(config-if)# ip vrf forwarding BBBB
Router2(config-if)# ip address 10.100.0.2 255.255.255.252
Router2(config-if)# no shutdown
Router2(config)# ip route vrf BBBB 100.100.100.100 255.255.255.255 10.100.0.1
Router2(config)#router bgp 100
Router2(config-router)#address-family ipv4 vrf BBBB
Router2(config-router-af)#redistribute static
(3)R3(通信事業者MPLSネットワークPルータ)
Router3(config)# ip cef
Router3(config)# interface ser0/0
Router3(config-if)# ip address 10.0.0.2 255.255.255.252
Router3(config-if)# mpls ip
Router3(config-if)# no shut
Router3(config-if)# exit
Router3(config)# interface ser0/1
Router3(config-if)# ip address 10.0.0.6 255.255.255.252
Router3(config-if)# mpls ip
Router3(config-if)# no shut
(4)R4(通信事業者MPLSネットワーク支社側PEルータ)
Router4(config)# ip cef
Router4(config)# ip vrf AAAA
Router4(config-vrf)# rd 1:100
Router4(config-vrf)# route-target both 1:100
Router4(config-vrf)# exit
Router4(config)# interface ser0/0
Router4(config-if)# ip address 10.0.0.5 255.255.255.252
Router4(config-if)# mpls ip
Router4(config-if)# no shutdown
Router4(config)# interface ser0/1
Router4(config-if)# ip vrf forwarding AAAA
Router4(config-if)# ip address 10.20.0.2 255.255.255.252
Router4(config-if)# no shutdown
Router4(config)# interface loopback 0
Router4(config-if)# ip address 2.2.2.2 255.255.255.255
Router4(config-if)# no shutdown
Router4(config-if)# exit
Router4(config)# router bgp 100
Router4(config-router)# no bgp default ipv4-unicast
Router4(config-router)# neighbor 1.1.1.1 remote-as 100
Router4(config-router)# neighbor 1.1.1.1 update-source Loopback0
Router4(config-router)# address-family vpnv4
Router4(config-router-af)# neighbor 1.1.1.1 activate
Router4(config)# ip route vrf AAAA 20.20.20.20 255.255.255.255 10.20.0.1
Router4(config)#router bgp 1
Router4(config-router)#address-family ipv4 vrf AAAA
Router4(config-router-af)#redistribute static
Router4(config)# ip vrf BBBB
Router4(config-vrf)# rd 1:200
Router4(config-vrf)# route-target both 1:200
Router4(config-vrf)# exit
Router4(config)# interface fa0/1
Router4(config-if)# ip vrf forwarding BBBB
Router4(config-if)# ip address 10.110.0.2 255.255.255.252
Router4(config-if)# no shutdown
Router4(config)# ip route vrf BBBB 110.110.110.110 255.255.255.255 10.110.0.1
Router4(config)#router bgp 100
Router4(config-router)#address-family ipv4 vrf BBBB
Router4(config-router-af)#redistribute static
(5)R5(AAAA株式会社支店側CEルータ)
R5(config)# ip route 0.0.0.0 0.0.0.0 10.20.0.2
(6)R6(AAAA株式会社支店側CEルータ)
R6(config)# ip route 0.0.0.0 0.0.0.0 10.100.0.2
(7)R7(AAAA株式会社支店側CEルータ)
R7(config)# ip route 0.0.0.0 0.0.0.0 10.110.0.2
■ 検証コマンド
1.ルーティングテーブルの確認
(1)R2(通信事業者MPLSネットワーク本社側PEルータ)
Router2# show ip route vrf AAAA
Routing Table: AAAA
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
20.0.0.0/32 is subnetted, 1 subnets
B 20.20.20.20 [200/0] via 2.2.2.2, 01:13:35
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 10.10.10.10/32 [1/0] via 10.10.0.1
C 10.10.0.0/30 is directly connected, Serial0/1
Router2# show ip route vrf BBBB
Routing Table: BBBB
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
100.0.0.0/32 is subnetted, 1 subnets
S 100.100.100.100 [1/0] via 10.100.0.1
110.0.0.0/32 is subnetted, 1 subnets
B 110.110.110.110 [200/0] via 2.2.2.2, 01:07:13
10.0.0.0/30 is subnetted, 1 subnets
C 10.100.0.0 is directly connected, FastEthernet0/0
(2)R4(通信事業者MPLSネットワーク支社側PEルータ)
Router4#show ip route vrf AAAA
Routing Table: AAAA
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
20.0.0.0/32 is subnetted, 1 subnets
S 20.20.20.20 [1/0] via 10.20.0.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 10.10.10.10/32 [200/0] via 1.1.1.1, 01:19:09
C 10.20.0.0/30 is directly connected, Serial0/1
Router4#show ip route vrf BBBB
Routing Table: BBBB
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
100.0.0.0/32 is subnetted, 1 subnets
B 100.100.100.100 [200/0] via 1.1.1.1, 01:17:36
110.0.0.0/32 is subnetted, 1 subnets
S 110.110.110.110 [1/0] via 10.110.0.1
10.0.0.0/30 is subnetted, 1 subnets
C 10.110.0.0 is directly connected, FastEthernet0/0
2.BGPテーブルの確認
(1)R2(通信事業者MPLSネットワーク本社側PEルータ)
Router2#show ip bgp vpnv4 vrf AAAA
BGP table version is 9, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:100 (default for vrf AAAA)
*> 10.10.10.10/32 10.10.0.1 0 32768 ?
*>i20.20.20.20/32 2.2.2.2 0 100 0 ?
Router2#show ip bgp vpnv4 vrf BBBB
BGP table version is 9, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:200 (default for vrf BBBB)
*> 100.100.100.100/32
10.100.0.1 0 32768 ?
*>i110.110.110.110/32
2.2.2.2 0 100 0 ?
(2)R4(通信事業者MPLSネットワーク支社側PEルータ)
Router4#show ip bgp vpnv4 vrf AAAA
BGP table version is 9, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:100 (default for vrf AAAA)
*>i10.10.10.10/32 1.1.1.1 0 100 0 ?
*> 20.20.20.20/32 10.20.0.1 0 32768 ?
Router4#show ip bgp vpnv4 vrf BBBB
BGP table version is 9, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:200 (default for vrf BBBB)
*>i100.100.100.100/32
1.1.1.1 0 100 0 ?
*> 110.110.110.110/32
10.110.0.1 0 32768 ?
3.拠点間で疎通確認
(1)R1(AAAA株式会社本社側CEルータ)
Router1#ping 20.20.20.20 source 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/88/132 ms
Router1#ping 100.100.100.100 source 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.100, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.10
U.U.U
Success rate is 0 percent (0/5)
Router1#ping 110.110.110.110 source 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 110.110.110.110, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.10
U.U.U
Success rate is 0 percent (0/5)
(2)R5(AAAA株式会社支店側CEルータ)
Router5#ping 10.10.10.10 source 20.20.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 20.20.20.20
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/139/164 ms
Router5#ping 100.100.100.100 source 20.20.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.100, timeout is 2 seconds:
Packet sent with a source address of 20.20.20.20
U.U.U
Success rate is 0 percent (0/5)
Router5#ping 110.110.110.110 source 20.20.20.20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 110.110.110.110, timeout is 2 seconds:
Packet sent with a source address of 20.20.20.20
U.U.U
Success rate is 0 percent (0/5)
(3)R6(AAAA株式会社支店側CEルータ)
Router6#ping 110.110.110.110 source 100.100.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 110.110.110.110, timeout is 2 seconds:
Packet sent with a source address of 100.100.100.100
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/93/200 ms
Router6#ping 10.10.10.10 source 100.100.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 100.100.100.100
U.U.U
Success rate is 0 percent (0/5)
Router6#ping 20.20.20.20 source 100.100.100.100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
Packet sent with a source address of 100.100.100.100
U.U.U
Success rate is 0 percent (0/5)
(4)R7(AAAA株式会社支店側CEルータ)
Router7#ping 100.100.100.100 source 110.110.110.110
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.100, timeout is 2 seconds:
Packet sent with a source address of 110.110.110.110
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/116/200 ms
Router7#ping 10.10.10.10 source 110.110.110.110
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 110.110.110.110
U.U.U
Success rate is 0 percent (0/5)
Router7#ping 20.20.20.20 source 110.110.110.110
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
Packet sent with a source address of 110.110.110.110
U.U.U
Success rate is 0 percent (0/5)
※ 解説は後ほど搭載します!!
