JANOG 57NETCON 問題解説 Level2-10
- 41 分前
- 読了時間: 13分
JANOG 57 にスタッフ(NETCON委員)として参加させていただきました。
作成した問題について、回答と解説を記載します。
Level2-10
SV-01から SV-02 のIPアドレス 192.168.20.200 に対してPingが通りません。
RT-02 / RT-03 の設定を修正して、ping が通るようにしてください。
達成条件
SV-01:192.168.10.100 から SV-02:192.168.20.200 に対してping が通ること。
SV-01:~# ping -c 5 192.168.20.200
PING 192.168.20.200 (192.168.20.200) 56(84) bytes of data.
64 bytes from 192.168.20.200: icmp_seq=1 ttl=60 time=2.77 ms
64 bytes from 192.168.20.200: icmp_seq=2 ttl=60 time=2.80 ms
64 bytes from 192.168.20.200: icmp_seq=3 ttl=60 time=3.00 ms
64 bytes from 192.168.20.200: icmp_seq=4 ttl=60 time=2.87 ms
64 bytes from 192.168.20.200: icmp_seq=5 ttl=60 time=3.07 ms
--- 192.168.20.200 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 2.770/2.904/3.073/0.116 ms制約
すべてのルータにログインが可能ですが、設定を変更できるのは RT-02 / RT-03 だけです
インターフェースを追加/削除/shutdown したり、インターフェースに設定済みのIPアドレスを変更/削除してはいけません
スタティックルート/PBR を使用してはいけません
機器のmgmポートをパケット転送に使用して通信OKとすることは禁止
解説
SV-01:~# ping -c 5 192.168.20.200
PING 192.168.20.200 (192.168.20.200) 56(84) bytes of data.
From 192.168.10.1 icmp_seq=1 Packet filtered
From 192.168.10.1 icmp_seq=2 Packet filtered
From 192.168.10.1 icmp_seq=3 Packet filtered
From 192.168.10.1 icmp_seq=4 Packet filtered
From 192.168.10.1 icmp_seq=5 Packet filtered
--- 192.168.20.200 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4101ms
SV-01:~# traceroute -n 192.168.20.200
traceroute to 192.168.20.200 (192.168.20.200), 30 hops max, 46 byte packets
1 192.168.10.1 0.319 ms 0.122 ms 0.145 ms
2 10.0.13.3 64.601 ms 0.568 ms 0.459 ms
3 10.0.34.4 64.838 ms 0.775 ms 0.839 ms
4 10.0.34.4 0.978 ms !A * 1.218 ms !A
SV-01:~# traceroute -n 192.168.20.200 -I
traceroute to 192.168.20.200 (192.168.20.200), 30 hops max, 46 byte packets
1 192.168.10.1 0.511 ms 0.364 ms 0.211 ms
2 192.168.10.1 0.275 ms !A * 0.347 ms !ASV-01からの ping 結果は Packet filtered となり、traceroute は 10.0.34.4 (RT-04) まで。
ICMPでの traceroute では RT-01 から先が見えない。
正解例①
RT-02
router bgp 65002
network 192.168.20.0
router ospf 57
redistribute bgp 65002 metric-type 1RT-03
interface G2
ip ospf cost 2
interface G3
ip ospf cost 2ICMPでのtracerouteでRT-01から先が見えないので、RT-01の出力IFから確認。
RT-01>sh ip route 192.168.20.200
Routing entry for 192.168.20.0/24
Known via "ospf 57", distance 110, metric 3, type intra area
Last update from 10.0.13.3 on GigabitEthernet4, 02:10:21 ago
Routing Descriptor Blocks:
* 10.0.13.3, from 4.4.4.4, 02:10:21 ago, via GigabitEthernet4
Route metric is 3, traffic share count is 1
RT-01>sh ip int G4
GigabitEthernet4 is up, line protocol is up
Internet address is 10.0.13.1/24
Broadcast address is 255.255.255.255
Address determined by configuration file
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5 224.0.0.6
Outgoing Common access list is not set
Outgoing access list is To_R3
Inbound Common access list is not set
Inbound access list is not set
RT-01>sh access-lists To_R3
Extended IP access list To_R3
10 deny icmp any any (8 matches)
20 permit ip any any (9 matches)RT-01 の G4 に ACL:To_R3 が out 方向に設定されており、ICMP が出せない。
RT-01 の設定変更はできないので、別IFから出力されるようにするしかない。
RT-01>sh ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "application"
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Maximum path: 32
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 4)
Routing Protocol is "ospf 57"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 1.1.1.1
It is an autonomous system boundary router
Redistributing External Routes from,
connected, includes subnets in redistribution
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
1.1.1.1 0.0.0.0 area 0
10.0.13.1 0.0.0.0 area 0
Passive Interface(s):
GigabitEthernet2
Routing Information Sources:
Passive Interface(s):
Gateway Distance Last Update
4.4.4.4 110 02:16:28
2.2.2.2 110 02:25:11
3.3.3.3 110 02:25:54
Distance: (default is 110)
Routing Protocol is "bgp 65001"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGP synchronization is disabled
Automatic route summarization is disabled
Redistributing: connected
Neighbor(s):
Address FiltIn FiltOut DistIn DistOut Weight RouteMap
10.0.12.2
Maximum path: 1
Routing Information Sources:
Gateway Distance Last Update
Distance: external 20 internal 200 local 200
RT-01>sh ip ospf int b
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 57 0 1.1.1.1/32 1 LOOP 0/0
Gi4 57 0 10.0.13.1/24 1 DR 1/1RT-01ではOSPFとBGPが動作している。
OSPFが動作している物理IFは Gi4。
RT-01>sh ip bgp su
BGP router identifier 1.1.1.1, local AS number 65001
BGP table version is 2, main routing table version 2
1 network entries using 248 bytes of memory
1 path entries using 136 bytes of memory
1/1 BGP path/bestpath attribute entries using 296 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 680 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
1 networks peaked at 10:53:20 Jan 11 2026 UTC (02:27:58.692 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.12.2 4 65002 167 165 2 0 0 02:27:10 0
RT-01>sh ip bgp nei 10.0.12.2 routes
Total number of prefixes 0
RT-01>sh ip bgp
BGP table version is 2, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 0.0.0.0 20 32768 ?RT-01 は RT-02(10.0.12.2:AS65002) とBGPを張っているが、RT-02 からは何も学習していない。
BGPテーブルには 192.168.10.0/24 のみ。
RT-02>sh ip route 192.168.20.200
Routing entry for 192.168.20.0/24
Known via "ospf 57", distance 110, metric 2, type intra area
Last update from 10.0.24.4 on GigabitEthernet4, 02:18:17 ago
Routing Descriptor Blocks:
* 10.0.24.4, from 4.4.4.4, 02:18:17 ago, via GigabitEthernet4
Route metric is 2, traffic share count is 1
RT-02>sh ip bgp su
BGP router identifier 2.2.2.2, local AS number 65002
BGP table version is 2, main routing table version 2
1 network entries using 248 bytes of memory
1 path entries using 136 bytes of memory
1/1 BGP path/bestpath attribute entries using 296 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 704 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs
1 networks peaked at 10:54:44 Jan 11 2026 UTC (02:27:53.941 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.12.1 4 65001 166 168 2 0 0 02:28:29 1
RT-02>sh ip bgp nei 10.0.12.1 advertised-routes
Total number of prefixes 0RT-02 は 192.168.20.0/24 をOSPFで学習している。
RT-01 の出力IFを RT-02(G3)に向けるには、RT-02 から 192.168.20.0/24 をBGPでアドバタイズすればよい。
(RT-04 に直接渡すのが最短だが、Gi5 でルーティングプロトコルが動作していないので それはできない)
RT-03
router bgp 65002
network 192.168.20.0RT-02#sh ip bgp | be Net
Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 10.0.12.1 20 0 65001 ?
*> 192.168.20.0 10.0.24.4 2 32768 i
RT-02#sh ip bgp nei 10.0.12.1 advertised-routes | be Net
Network Next Hop Metric LocPrf Weight Path
*> 192.168.20.0 10.0.24.4 2 32768 i
Total number of prefixes 1
RT-01>sh ip bgp nei 10.0.12.2 routes | be Net
Network Next Hop Metric LocPrf Weight Path
*> 192.168.20.0 10.0.12.2 2 0 65002 i
Total number of prefixes 1
RT-01>sh ip route bgp | be Gate
Gateway of last resort is not set
B 192.168.20.0/24 [20/2] via 10.0.12.2, 00:01:13
RT-01>sh ip route 192.168.20.200
Routing entry for 192.168.20.0/24
Known via "bgp 65001", distance 20, metric 2
Tag 65002, type external
Last update from 10.0.12.2 00:01:27 ago
Routing Descriptor Blocks:
* 10.0.12.2, from 10.0.12.2, 00:01:27 ago
opaque_ptr 0x73927DF8CCB8
Route metric is 2, traffic share count is 1
AS Hops 1
Route tag 65002
MPLS label: none
RT-01>sh ip route 10.0.12.2
Routing entry for 10.0.12.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Redistributing via ospf 57, bgp 65001
Routing Descriptor Blocks:
* directly connected, via GigabitEthernet3
Route metric is 0, traffic share count is 1RT-01 は RT-02 から 192.168.20.0/24 を学習したことで、出力IFが G3 になった。
SV-01:~# ping -c 5 192.168.20.200
PING 192.168.20.200 (192.168.20.200) 56(84) bytes of data.
--- 192.168.20.200 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4134ms
SV-01:~# traceroute -n 192.168.20.200 -I
traceroute to 192.168.20.200 (192.168.20.200), 30 hops max, 46 byte packets
1 192.168.10.1 0.311 ms 0.217 ms 0.122 ms
2 10.0.12.2 0.638 ms 0.405 ms 0.429 ms
3 10.0.24.4 0.918 ms 0.864 ms 0.933 ms
4 *RT-04 まで到達するようになったが、その先が表示されない
RT-04>sh ip route 192.168.10.100
Routing entry for 192.168.10.0/24
Known via "ospf 57", distance 110, metric 3, type extern 1
Last update from 10.0.34.3 on GigabitEthernet4, 02:27:58 ago
Routing Descriptor Blocks:
* 10.0.34.3, from 1.1.1.1, 02:27:58 ago, via GigabitEthernet4
Route metric is 3, traffic share count is 1
RT-04>traceroute 192.168.10.100
Type escape sequence to abort.
Tracing the route to 192.168.10.100
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * *
RT-04>sh ip int G4
GigabitEthernet4 is up, line protocol is up
Internet address is 10.0.34.4/24
Broadcast address is 255.255.255.255
Address determined by configuration file
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5 224.0.0.6
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is From_R3
RT-04>sh access-lists From_R3
Extended IP access list From_R3
10 deny icmp any any (6 matches)
20 permit ip any any (22 matches)RT-04 の G4 には ACL:From_R3 が適用されており、IN方向のICMPが遮断されている。
RT-04 がICMPを受信できるのは G3 のみ。
SV-01:~# ping -c 5 192.168.20.200
PING 192.168.20.200 (192.168.20.200) 56(84) bytes of data.
--- 192.168.20.200 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4094ms
RT-04>sh access-lists From_R3
Extended IP access list From_R3
10 deny icmp any any (6 matches)
20 permit ip any any (34 matches)permit がカウントアップするので、ここで落ちているわけではなさそう。
RT-04>sh ip int G3
GigabitEthernet3 is up, line protocol is up
Internet address is 10.0.24.4/24
Broadcast address is 255.255.255.255
(略)
Input features: uRPF, MCI Check
(略)
IP verify source reachable-via RX
39 verification drops
0 suppressed verification drops
0 verification drop-rate
IP Clear Dont Fragment is disabledRT-04 の Eth0/3 は uRPF が有効になっており、verification drops がカウントされている。
RT-04>show ip traffic | section drop
0 no route, 39 unicast RPF, 0 forced drop, 0 unsupported-addr
Queue drops: 0
Queue drops: 0
Report VRF mismatch drops: 0
SV-01:~# ping -c 5 192.168.20.200
PING 192.168.20.200 (192.168.20.200) 56(84) bytes of data.
--- 192.168.20.200 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4083ms
RT-04>show ip traffic | section drop
0 no route, 44 unicast RPF, 0 forced drop, 0 unsupported-addr
Queue drops: 0
Queue drops: 0
Report VRF mismatch drops: 0
RT-04>sh ip int G3 | inc verification drops
44 verification drops
0 suppressed verification dropsSV-01 からpingを打つと verification drops がカウントアップするので、
uRPF で drop されていることが確定。
192.168.10.100 からのICMP パケットを受け取るには ACL が適用されていない G3 を使用するしかないが、
uRPFが設定されているため、192.168.10.0/24 の出力IFも G3 にする必要がある。
RT-04>sh ip route ospf | be Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/3] via 10.0.34.3, 02:37:06, GigabitEthernet4
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/3] via 10.0.34.3, 02:37:06, GigabitEthernet4
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 10.0.34.3, 02:37:06, GigabitEthernet4
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
O 10.0.13.0/24 [110/2] via 10.0.34.3, 02:37:06, GigabitEthernet4
O 10.0.23.0/24 [110/2] via 10.0.34.3, 02:37:06, GigabitEthernet4
O E1 192.168.10.0/24 [110/3] via 10.0.34.3, 02:37:06, GigabitEthernet4RT-04 は 192.168.10.0/24 を O E1 (OSPF外部ルート)として学習している。
RT-04>sh ip ospf database external
OSPF Router with ID (4.4.4.4) (Process ID 57)
Type-5 AS External Link States
LS age: 2006
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 192.168.10.0 (External Network Number )
Advertising Router: 1.1.1.1
LS Seq Number: 80000005
Checksum: 0x5F59
Length: 36
Network Mask: /24
Metric Type: 1 (Comparable directly to link state metric)
MTID: 0
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 0192.168.20.0/24 をアドバタイズしているのは ASBR:1.1.1.1(RT-01) で、metric は 1。
RT-04>sh ip ospf border-routers
OSPF Router with ID (4.4.4.4) (Process ID 57)
Base Topology (MTID 0)
Internal Router Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 1.1.1.1 [2] via 10.0.34.3, GigabitEthernet4, ASBR, Area 0, SPF 9ASBR:1.1.1.1(RT-01) への Metric は 2 で、出力IFは G4。
RT-02 と RT-03 のどのIFのコストを操作しても、ASBR:1.1.1.1(RT-01) へは RT-03:G4 経由となってしまう。
ASBR:1.1.1.1(RT-01) へのコストを操作して 192.168.10.0/24への出力IFを G3 にすることはできないので、別のASBRを作成する。
static-route が禁止されているので、BGPとOSPFの境界Rになっている RT-02 で BGPをOSPFに再配送する。
RT-02
router ospf 57
redistribute bgp 65002 metric-type 1RT-04>sh ip ospf database externa
OSPF Router with ID (4.4.4.4) (Process ID 57)
Type-5 AS External Link States
LS age: 65
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 192.168.10.0 (External Network Number )
Advertising Router: 1.1.1.1
LS Seq Number: 80000006
Checksum: 0x5D5A
Length: 36
Network Mask: /24
Metric Type: 1 (Comparable directly to link state metric)
MTID: 0
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 0
LS age: 10
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 192.168.10.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x9937
Length: 36
Network Mask: /24
Metric Type: 1 (Comparable directly to link state metric)
MTID: 0
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 65001これで 192.168.10.0/24 は ASBR:1.1.1.1(RT-01) と ASBR:2.2.2.2(RT-01) から再配送された。
RT-04>sh ip ospf border-routers
OSPF Router with ID (4.4.4.4) (Process ID 57)
Base Topology (MTID 0)
Internal Router Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 1.1.1.1 [2] via 10.0.34.3, GigabitEthernet4, ASBR, Area 0, SPF 10
i 2.2.2.2 [2] via 10.0.34.3, GigabitEthernet4, ASBR, Area 0, SPF 10この時点では 両ASBRへのMetricは 2 で同じで、G4 経由のみ。
RT-04>sh ip route 192.168.10.100
Routing entry for 192.168.10.0/24
Known via "ospf 57", distance 110, metric 3
Tag 65001, type extern 1
Last update from 10.0.34.3 on GigabitEthernet4, 00:01:04 ago
Routing Descriptor Blocks:
* 10.0.34.3, from 2.2.2.2, 00:01:04 ago, via GigabitEthernet4
Route metric is 3, traffic share count is 1
Route tag 65001
RT-03#sh ip route | be Gate
Gateway of last resort is not set
(略)
O E1 192.168.10.0/24 [110/2] via 10.0.23.2, 00:01:25, GigabitEthernet3
[110/2] via 10.0.13.1, 00:01:25, GigabitEthernet2
RT-03#sh ip route 192.168.10.100
Routing entry for 192.168.10.0/24
Known via "ospf 57", distance 110, metric 2
Tag 65001, type extern 1
Last update from 10.0.13.1 on GigabitEthernet2, 00:02:12 ago
Routing Descriptor Blocks:
* 10.0.23.2, from 2.2.2.2, 00:02:12 ago, via GigabitEthernet3
Route metric is 2, traffic share count is 1
Route tag 65001
10.0.13.1, from 1.1.1.1, 00:02:12 ago, via GigabitEthernet2
Route metric is 2, traffic share count is 1
Route tag 65001RT-03 からは metric 1 で ロードバランスになっている。
RT-03 の G2 と G3 のコストを上げる。
RT-03
interface G2
ip ospf cost 2
interface G3
ip ospf cost 2
R3#sh ip route | be Gate
Gateway of last resort is not set
(略)
O E1 192.168.10.0/24 [110/3] via 10.0.23.2, 00:00:09, GigabitEthernet3
[110/3] via 10.0.13.1, 00:00:09, GigabitEthernet2
RT-04>sh ip route 192.168.10.100
Routing entry for 192.168.10.0/24
Known via "ospf 57", distance 110, metric 4
Tag 65001, type extern 1
Last update from 10.0.34.3 on GigabitEthernet4, 00:00:30 ago
Routing Descriptor Blocks:
10.0.34.3, from 2.2.2.2, 00:00:30 ago, via GigabitEthernet4
Route metric is 4, traffic share count is 1
Route tag 65001
* 10.0.24.2, from 2.2.2.2, 00:00:30 ago, via GigabitEthernet3
Route metric is 4, traffic share count is 1
Route tag 65001
RT-04>sh ip ospf border-routers
OSPF Router with ID (4.4.4.4) (Process ID 57)
Base Topology (MTID 0)
Internal Router Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 1.1.1.1 [3] via 10.0.34.3, GigabitEthernet4, ASBR, Area 0, SPF 12
i 2.2.2.2 [3] via 10.0.24.2, GigabitEthernet3, ASBR, Area 0, SPF 12
i 2.2.2.2 [3] via 10.0.34.3, GigabitEthernet4, ASBR, Area 0, SPF 12RT-04 からみると、ASBR:1.1.1.1(RT-01) までが metric 3。
ASBR:2.2.2.2(RT-01) までは G3経由もG4経由も metric 3。
RT-04>sh ip route 192.168.10.100Routing entry for 192.168.10.0/24
Known via "ospf 57", distance 110, metric 4
Tag 65001, type extern 1
Last update from 10.0.34.3 on GigabitEthernet4, 00:03:11 ago
Routing Descriptor Blocks:
10.0.34.3, from 2.2.2.2, 00:03:11 ago, via GigabitEthernet4
Route metric is 4, traffic share count is 1
Route tag 65001
* 10.0.24.2, from 2.2.2.2, 00:03:11 ago, via GigabitEthernet3
Route metric is 4, traffic share count is 1
Route tag 65001
RT-04>sh ip route ospf | be Gate
Gateway of last resort is not set
(略)
O E1 192.168.10.0/24 [110/4] via 10.0.34.3, 00:03:52, GigabitEthernet4
[110/4] via 10.0.24.2, 00:03:52, GigabitEthernet3RT-04 で 192.168.10.0/24 宛の出力IFに G3 が追加されたため、
uRPFチェックに通るようになる。
RT-04>show ip traffic | section drop
0 no route, 44 unicast RPF, 0 forced drop, 0 unsupported-addr
Queue drops: 0
Queue drops: 0
Report VRF mismatch drops: 0
SV-01:~# ping -c 5 192.168.20.200
PING 192.168.20.200 (192.168.20.200) 56(84) bytes of data.
64 bytes from 192.168.20.200: icmp_seq=1 ttl=61 time=1.87 ms
64 bytes from 192.168.20.200: icmp_seq=2 ttl=61 time=1.52 ms
64 bytes from 192.168.20.200: icmp_seq=3 ttl=61 time=1.70 ms
64 bytes from 192.168.20.200: icmp_seq=4 ttl=61 time=1.57 ms
64 bytes from 192.168.20.200: icmp_seq=5 ttl=61 time=2.69 ms
--- 192.168.20.200 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4007ms
rtt min/avg/max/mdev = 1.518/1.868/2.691/0.429 ms
SV-01:~# traceroute -n 192.168.20.200 -I
traceroute to 192.168.20.200 (192.168.20.200), 30 hops max, 46 byte packets
1 192.168.10.1 0.303 ms 0.147 ms 0.098 ms
2 10.0.12.2 0.742 ms 0.507 ms 0.528 ms
3 10.0.24.4 12.655 ms 0.984 ms 0.822 ms
4 192.168.20.200 0.971 ms 1.100 ms 1.064 ms
RT-04>show ip traffic | section drop
0 no route, 44 unicast RPF, 0 forced drop, 0 unsupported-addr
Queue drops: 0
Queue drops: 0
Rport VRF mismatch drops: 0uRPF で drop されなくなり、SV-01 からのpingが飛ぶようになる。
正解例②
RT-02
RT-02
router bgp 65002
network 192.168.20.0
router ospf 57
redistribute bgp 65002 metric-type 1RT-03
interface GigabitEthernet4
ip ospf hello-interval 5RT-02でBGPをOSPFに再配送した後、RT-03 と RT-04 間のOSPFネイバー関係を無効化することで
RT-04は 出力IFにGi3のみを使用するため、URPFのチェックに通ります。
RT-03 ~ RT-04 間のOSPFネイバー関係の維持は制約に含まれていませんので、この解法も正解です。
ネイバー無効化の方法は、helloタイマーやエリア番号 不一致など、どれでもOKです。
RT-03 で no router ospf 57 でOSPF自体を無効化する、なんていう過激な方法でも、
制約違反ではないので 今回は正解となります。
コメント