JANOG 57NETCON 問題解説 Level3-13
- 2月13日
- 読了時間: 19分
更新日:2月17日
JANOG 57 にスタッフ(NETCON委員)として参加させていただきました。
作成した問題について、回答と解説を記載します。
Level3-13
SV-01から SV-02 のIPアドレス 192.168.20.200 に対してPingが通りません。
RT-01 と RT-02 間で BGP neighbor を形成して、ping が通るようにしてください。
達成条件
SV-01:192.168.10.100 から SV-02:192.168.20.200 に対してping が通ること。
SV-01:~# ping -c 5 192.168.20.200
PING 192.168.20.200 (192.168.20.200) 56(84) bytes of data.
64 bytes from 192.168.20.200: icmp_seq=1 ttl=60 time=2.77 ms
64 bytes from 192.168.20.200: icmp_seq=2 ttl=60 time=2.80 ms
64 bytes from 192.168.20.200: icmp_seq=3 ttl=60 time=3.00 ms
64 bytes from 192.168.20.200: icmp_seq=4 ttl=60 time=2.87 ms
64 bytes from 192.168.20.200: icmp_seq=5 ttl=60 time=3.07 ms
--- 192.168.20.200 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 2.770/2.904/3.073/0.116 msRT-02 が RT-01 とBGP neighbor を形成して、192.168.10.0/24 をBGPで学習すること。
RT-02>sh ip bgp nei 1.1.1.1 routes | be Net
Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 1.1.1.1 0 0 65001 i
Total number of prefixes 1制約
すべてのルータにログインが可能ですが、設定を変更できるのは RT-03 だけです
(RT-01/02/04 は enable になれません)
インターフェースを追加/削除したり、インターフェースに設定済みのIPアドレスを変更/削除してはいけません
スタティックルート/PBR/再配送 を使用してはいけません
機器のmgmポートをパケット転送に使用して通信OKとすることは禁止
解説
RT-01 には 192.168.20.0/24 の経路がなく、2.2.2.2 とBGPネイバーを確立できていない。
SV-01:~# ping -c 5 192.168.20.200
PING 192.168.20.200 (192.168.20.200) 56(84) bytes of data.
From 192.168.10.1 icmp_seq=1 Destination Host Unreachable
From 192.168.10.1 icmp_seq=2 Destination Host Unreachable
From 192.168.10.1 icmp_seq=3 Destination Host Unreachable
From 192.168.10.1 icmp_seq=4 Destination Host Unreachable
From 192.168.10.1 icmp_seq=5 Destination Host Unreachable
--- 192.168.20.200 ping statistics ---
5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4009ms
SV-01:~# traceroute -n 192.168.20.200
traceroute to 192.168.20.200 (192.168.20.200), 30 hops max, 46 byte packets
1 192.168.10.1 0.487 ms 0.278 ms 1.274 ms
2 192.168.10.1 1.230 ms !H * 1.366 ms !H
RT-01>sh ip route | be Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet2
L 192.168.10.1/32 is directly connected, GigabitEthernet2
RT-01>sh ip bgp su | be Nei
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 65002 0 0 1 0 0 00:00:04 Idleしかし RT-02 と接続している Gi2 もルーティングテーブルに表示されない。
どうやら vrf と tunnel と IPv6 が関係してそう。
RT-01>sh ip int b
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 10.0.0.15 YES TFTP up up
GigabitEthernet2 192.168.10.1 YES TFTP up up
GigabitEthernet3 10.0.12.1 YES TFTP up up
GigabitEthernet4 10.0.13.1 YES TFTP up up
GigabitEthernet5 unassigned YES unset up up
Loopback0 1.1.1.1 YES TFTP up up
Tunnel0 13.13.13.1 YES TFTP up down
RT-01>sh ip vrf
Name Default RD Interfaces
RT-01-2 <not set> Gi3
Gi4
clab-mgmt <not set> Gi1
RT-01>sh ip route vrf RT-01-2 | be Gate
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/2] via 10.0.12.2, 00:26:32, GigabitEthernet3
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.12.0/24 is directly connected, GigabitEthernet3
L 10.0.12.1/32 is directly connected, GigabitEthernet3
C 10.0.13.0/24 is directly connected, GigabitEthernet4
L 10.0.13.1/32 is directly connected, GigabitEthernet4
RT-01>sh int tun0
Tunnel0 is up, line protocol is down
Hardware is Tunnel
Internet address is 13.13.13.1/24
MTU 1456 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel linestate evaluation down - transport reg down
Tunnel source 2000:57:11::1, destination 2000:57:33::3
Tunnel protocol/transport GRE/IPv6
RT-01>sh ipv6 int b
GigabitEthernet1 [up/up]
FE80::E00:C9FF:FE58:D500
2001:DB8::2
GigabitEthernet2 [up/up]
unassigned
GigabitEthernet3 [up/up]
unassigned
GigabitEthernet4 [up/up]
unassigned
GigabitEthernet5 [up/up]
FE80::A8C1:ABFF:FE63:EAFC
2000:57:14::1
Loopback0 [up/up]
FE80::21E:7AFF:FE8C:C900
2000:57:11::1
Tunnel0 [up/down]
unassigned
RT-01>sh ipv6 route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, HG - NHRP registered
Hg - NHRP registration summary, HE - NHRP External, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter
OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1
ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations
ld - LISP dyn-eid, lA - LISP away, le - LISP extranet-policy
lp - LISP publications, ls - LISP destinations-summary, a - Application
m - OMP
LC 2000:57:11::1/128 [0/0]
via Loopback0, receive
C 2000:57:14::/64 [0/0]
via GigabitEthernet5, directly connected
L 2000:57:14::1/128 [0/0]
via GigabitEthernet5, receive
O 2000:57:23::/64 [110/3]
via FE80::A8C1:ABFF:FE5D:95D9, GigabitEthernet5
O 2000:57:24::/64 [110/2]
via FE80::A8C1:ABFF:FE5D:95D9, GigabitEthernet5
L FF00::/8 [0/0]
via Null0, receiveRT-01は、BGPの neighbor として 2.2.2.2 (AS65002) が設定されている。
RT-02 と接続しているIF:G2 、RT-03と接続しているIF:G3 は vrf RT-01-2 が設定されている。
RT-04 と接続している G4 はIPv4アドレスが設定されておらず、
IPv6アドレス:2000:57:14::1 が設定されている。
Lo0:2000:57:11::1 のアドレスを tunnel source としたIF:tunnel 0 があり、
destination は 2000:57:33::3 になっている。
tunnelモードは GRE/IPv6(IPv4overIPv6)であり、現在 up / down 状態。
IPv6のルーティングテーブルではOSPFで 2000:57:23::/64、2000:57:24::/64 を学習しているが、
tunnel destination である 2000:57:33::3 は学習していない。
RT-03#sh ip int b
Interface IP-Address OK? Method Status Protocol
GigabitEthernet1 10.0.0.15 YES TFTP up up
GigabitEthernet2 10.0.13.3 YES TFTP up up
GigabitEthernet3 10.0.23.3 YES TFTP up up
GigabitEthernet4 10.0.34.3 YES TFTP up up
Loopback0 3.3.3.3 YES manual up up
Tunnel0 13.13.13.3 YES manual up down
RT-03#sh run int tun0
Building configuration...
Current configuration : 170 bytes
!
interface Tunnel0
ip address 13.13.13.3 255.255.255.0
tunnel source 2000:57:33::3
tunnel mode ipv6
tunnel destination 2000:57:11::1
tunnel path-mtu-discovery
end
RT-03#sh ipv6 int b
GigabitEthernet1 [up/up]
FE80::E00:23FF:FEF4:5200
2001:DB8::2
GigabitEthernet2 [up/up]
unassigned
GigabitEthernet3 [up/up]
FE80::A8C1:ABFF:FE43:D019
2000:57:23::3
GigabitEthernet4 [up/up]
unassigned
Loopback0 [up/up]
FE80::21E:7AFF:FE8C:C900
2000:57:33::3
Tunnel0 [up/down]
unassigned
RT-03#sh ipv6 route
IPv6 Routing Table - default - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, HG - NHRP registered
Hg - NHRP registration summary, HE - NHRP External, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter
OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1
ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations
ld - LISP dyn-eid, lA - LISP away, le - LISP extranet-policy
lp - LISP publications, ls - LISP destinations-summary, a - Application
m - OMP
C 2000:57:23::/64 [0/0]
via GigabitEthernet3, directly connected
L 2000:57:23::3/128 [0/0]
via GigabitEthernet3, receive
LC 2000:57:33::3/128 [0/0]
via Loopback0, receive
L FF00::/8 [0/0]
via Null0, receive唯一設定を変更できるRT-03は、tun0 インターフェースがあり、
tunnel source 2000:57:33::3、 tunnel destination 2000:57:11::1 と
RT-01の設定と対になっている。
tunnel source 2000:57:33::3 はIF:Lo0のIPv6アドレス。
また、tunnel destination である 2000:57:11::1 のルートがない。
Lo0以外にIPv6が有効なのは G1。
RT-02>sh ip bgp su | be Nei
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 65001 0 0 1 0 0 00:02:37 Idle
10.0.23.3 4 65003 39 39 6 0 0 00:31:05 1
RT-02>sh ip route | be Gate
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.0.12.0/24 is directly connected, GigabitEthernet2
L 10.0.12.2/32 is directly connected, GigabitEthernet2
O IA 10.0.13.0/24 [110/2] via 10.0.12.1, 00:28:55, GigabitEthernet2
C 10.0.23.0/24 is directly connected, GigabitEthernet3
L 10.0.23.2/32 is directly connected, GigabitEthernet3
B 192.168.20.0/24 [20/0] via 10.0.23.3, 00:30:11RT-02 は 1.1.1.1(65001) とBGP neighbor を張れていない。
1.1.1.1 のルートも学習していない。
このことから、RT-01で 2.2.2.2 と BGP neighborを確立させるためには、
IPv4 over IPv6 Tunnel を介して 1.1.1.1 と 2.2.2.2 間で疎通性を持たせる必要がある。
RT-01>ping 13.13.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.13.13.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
RT-01>ping 2000:57:33::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2000:57:33::3, timeout is 2 seconds:
% No valid route for destination
Success rate is 0 percent (0/1)
RT-01>sh ipv6 route 2000:57:33::3
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, HG - NHRP registered
Hg - NHRP registration summary, HE - NHRP External, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter
OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1
ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations
ld - LISP dyn-eid, lA - LISP away, le - LISP extranet-policy
lp - LISP publications, ls - LISP destinations-summary, a - Application
m - OMP
% Route not foundRT-01 は、tunnel destination である 2000:57:33::3 への到達性が無い。
RT-04>sh ipv6 int b
GigabitEthernet1 [up/up]
FE80::E00:98FF:FED1:8600
2001:DB8::2
GigabitEthernet2 [up/up]
FE80::A8C1:ABFF:FE5D:95D9
2000:57:14::4
GigabitEthernet3 [up/up]
FE80::A8C1:ABFF:FE3A:7A0C
2000:57:24::4
GigabitEthernet4 [up/up]
unassigned
GigabitEthernet5 [up/up]
unassigned
Loopback0 [up/up]
unassigned
RT-04>sh ipv6 route
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, HG - NHRP registered
Hg - NHRP registration summary, HE - NHRP External, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter
OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1
ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations
ld - LISP dyn-eid, lA - LISP away, le - LISP extranet-policy
lp - LISP publications, ls - LISP destinations-summary, a - Application
m - OMP
O 2000:57:11::1/128 [110/1]
via FE80::A8C1:ABFF:FE63:EAFC, GigabitEthernet2
C 2000:57:14::/64 [0/0]
via GigabitEthernet2, directly connected
L 2000:57:14::4/128 [0/0]
via GigabitEthernet2, receive
O 2000:57:23::/64 [110/2]
via FE80::A8C1:ABFF:FEF5:E8C3, GigabitEthernet3
C 2000:57:24::/64 [0/0]
via GigabitEthernet3, directly connected
L 2000:57:24::4/128 [0/0]
via GigabitEthernet3, receive
L FF00::/8 [0/0]
via Null0, receive
RT-04>sh ipv6 ospf nei
OSPFv3 Router with ID (4.4.4.4) (Process ID 1)
Neighbor ID Pri State Dead Time Interface ID Interface
2.2.2.2 1 FULL/DR 00:00:33 10 GigabitEthernet3
1.1.1.1 1 FULL/DR 00:00:35 11 GigabitEthernet2
RT-04>sh ip route | be Gate
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.34.0/24 is directly connected, GigabitEthernet4
L 10.0.34.4/32 is directly connected, GigabitEthernet4
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, GigabitEthernet5
L 192.168.20.4/32 is directly connected, GigabitEthernet5
RT-02>sh ipv6 int b
GigabitEthernet1 [up/up]
FE80::E00:ADFF:FEA7:F800
2001:DB8::2
GigabitEthernet2 [up/up]
unassigned
GigabitEthernet3 [up/up]
FE80::A8C1:ABFF:FEC4:15C7
2000:57:23::2
GigabitEthernet4 [up/up]
FE80::A8C1:ABFF:FEF5:E8C3
2000:57:24::2
Loopback0 [up/up]
unassigned
RT-02>sh ipv6 route
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, HG - NHRP registered
Hg - NHRP registration summary, HE - NHRP External, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter
OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1
ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations
ld - LISP dyn-eid, lA - LISP away, le - LISP extranet-policy
lp - LISP publications, ls - LISP destinations-summary, a - Application
m - OMP
O 2000:57:11::1/128 [110/2]
via FE80::A8C1:ABFF:FE3A:7A0C, GigabitEthernet4
O 2000:57:14::/64 [110/2]
via FE80::A8C1:ABFF:FE3A:7A0C, GigabitEthernet4
C 2000:57:23::/64 [0/0]
via GigabitEthernet3, directly connected
L 2000:57:23::2/128 [0/0]
via GigabitEthernet3, receive
C 2000:57:24::/64 [0/0]
via GigabitEthernet4, directly connected
L 2000:57:24::2/128 [0/0]
via GigabitEthernet4, receive
L FF00::/8 [0/0]
via Null0, receive
RT-02>sh ipv6 ospf nei
OSPFv3 Router with ID (2.2.2.2) (Process ID 1)
Neighbor ID Pri State Dead Time Interface ID Interface
4.4.4.4 1 FULL/BDR 00:00:37 9 GigabitEthernet4RT-01 で tunnel を形成するために
tunnel destination である 2000:57:33::3 への到達性を OSPFv6 で持たせる必要がある。
RT-03 で IPv6ルーティングを有効して、IPv6 OSPF を有効にする
RT-03
ipv6 unicast-routing
interface Gi3
ipv6 ospf 1 area 0
int lo0
ipv6 ospf 1 area 0
RT-03#sh ipv6 ospf nei
OSPFv3 Router with ID (3.3.3.3) (Process ID 1)
Neighbor ID Pri State Dead Time Interface ID Interface
2.2.2.2 1 FULL/DR 00:00:32 9 GigabitEthernet3
RT-01>sh ipv6 route ospf
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, HG - NHRP registered
Hg - NHRP registration summary, HE - NHRP External, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, RL - RPL, O - OSPF Intra, OI - OSPF Inter
OE1 - OSPF ext 1, OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1
ON2 - OSPF NSSA ext 2, la - LISP alt, lr - LISP site-registrations
ld - LISP dyn-eid, lA - LISP away, le - LISP extranet-policy
lp - LISP publications, ls - LISP destinations-summary, a - Application
m - OMP
O 2000:57:23::/64 [110/3]
via FE80::A8C1:ABFF:FE5D:95D9, GigabitEthernet5
O 2000:57:24::/64 [110/2]
via FE80::A8C1:ABFF:FE5D:95D9, GigabitEthernet5
O 2000:57:33::3/128 [110/3]
via FE80::A8C1:ABFF:FE5D:95D9, GigabitEthernet5
RT-01>sh ipv6 route 2000:57:33::3
Routing entry for 2000:57:33::3/128
Known via "ospf 1", distance 110, metric 3, type intra area
Route count is 1/1, share count 0
Routing paths:
FE80::A8C1:ABFF:FE5D:95D9, GigabitEthernet5
Route metric is 3, traffic share count is 1
From FE80::A8C1:ABFF:FE5D:95D9
Last updated 00:01:14 ago
RT-01>ping 2000:57:33::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2000:57:33::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/7 ms
RT-01>sh ip int b | inc Tunnel0
Tunnel0 13.13.13.1 YES manual up upRT-01 が 2000:57:33::3 をOSPFで学習し、Tunnel0が up / up になった。
RT-01>ping 13.13.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.13.13.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)RT-01 の tunnel 0 は UP したが、RT-01から RT-03のTunnel0:13.13.13.3 にpingが飛ばない。
RT-01>sh int tun0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 13.13.13.1/24
MTU 1456 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel linestate evaluation up
Tunnel source 2000:57:11::1, destination 2000:57:33::3
Tunnel protocol/transport GRE/IPv6
RT-03#sh int tun0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 13.13.13.3/24
MTU 1460 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel linestate evaluation up
Tunnel source 2000:57:33::3, destination 2000:57:11::1
Tunnel protocol/transport IPv6
RT-03#sh run int tun0
Building configuration...
Current configuration : 170 bytes
!
interface Tunnel0
ip address 13.13.13.3 255.255.255.0
tunnel source 2000:57:33::3
tunnel mode ipv6
tunnel destination 2000:57:11::1
tunnel path-mtu-discovery
endRT-03 の Tunnel 0 の tunnel mode は ipv6 になっている (GREヘッダを使用しない IPv4 over IPv6 で、マルチキャストに非対応)。
RT-01 に合わせて GRE over IPv6 に変更する。
RT-03
interface Tunnel0
tunnel mode gre ipv6
RT-03#sh int tun0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 13.13.13.3/24
MTU 1456 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel linestate evaluation up
Tunnel source 2000:57:33::3, destination 2000:57:11::1
Tunnel protocol/transport GRE/IPv6
RT-01>ping 13.13.13.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.13.13.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms
RT-01>sh ip ospf int b
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 2 46 1.1.1.1/32 1 LOOP 0/0
Tu0 2 46 13.13.13.1/24 1000 P2P 0/0
Gi3 1 0 10.0.12.1/24 1 BDR 1/1
VL0 1 0 0.0.0.0/0 65535 DOWN 0/0
Gi4 1 13 10.0.13.1/24 1 DR 0/0ping 飛ぶようになったので、RT-03の tunnel 0 でOSPFを有効にする。
Area番号は RT-01に合わせて 46 にする。
RT-03
router ospf 1
network 13.13.13.3 0.0.0.0 area 46
RT-03#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 0 FULL/ - 00:00:37 13.13.13.1 Tunnel0
RT-01>sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 0 FULL/ - 00:00:37 13.13.13.3 Tunnel0
2.2.2.2 1 FULL/DR 00:00:38 10.0.12.2 GigabitEthernet3
RT-01>sh ip route ospf | be Gate
Gateway of last resort is not set
RT-03#sh ip route ospf | be Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/1001] via 13.13.13.1, 00:03:40, Tunnel0
RT-01>sh ip ospf int b | inc Gi4
Gi4 1 13 10.0.13.1/24 1 DR 0/0
RT-01とRT-03間でOSPF neighbor が張れたが、RT-01 はOSPFでルートを学習していない。
RT-03 は 1.1.1.1 以外、OSPFで学習していない。
RT-03 が RT-01(vrf RT-01-2) とOSPFネイバーを確立できていないので、
RT-03 のGi3でもOSPF area 13 を有効にする
RT-03
router ospf 1
network 10.0.13.3 0.0.0.0 area 13
RT-03#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
11.11.11.11 1 FULL/DR 00:00:36 10.0.13.1 GigabitEthernet2
1.1.1.1 0 FULL/ - 00:00:35 13.13.13.1 Tunnel0
RT-03#sh ip route ospf | be Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/1001] via 13.13.13.1, 00:05:48, Tunnel0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/3] via 10.0.13.1, 00:00:22, GigabitEthernet2
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
O IA 10.0.12.0/24 [110/2] via 10.0.13.1, 00:00:22, GigabitEthernet2
RT-01>sh ip route ospf | be Gate
Gateway of last resort is not setRT-03 は RT-01(vrf RT-01-2)とOSPF neighbr を確立し、2.2.2.2/32 を エリア間ルート O IAで学習したが、
RT-01 はOSPFでルートを学習できていない。
RT-02>sh ip ospf int b
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Gi2 1 0 10.0.12.2/24 1 DR 1/1
Lo0 1 2 2.2.2.2/32 1 LOOP 0/0
RT-01>sh ip ospf int b
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 2 46 1.1.1.1/32 1 LOOP 0/0
Tu0 2 46 13.13.13.1/24 1000 P2P 1/1
Gi3 1 0 10.0.12.1/24 1 BDR 1/1
VL0 1 0 0.0.0.0/0 65535 DOWN 0/0
Gi4 1 13 10.0.13.1/24 1 DR 1/1
RT-03#sh ip ospf int b
Interface PID Area IP Address/Mask Cost State Nbrs F/C
Gi2 1 13 10.0.13.3/24 1 BDR 1/1
Tu0 1 46 13.13.13.3/24 1000 P2P 1/1RT-02のLo0:2.2.2.2/32 は Area 2
RT-02:Gi2 ~ RT-01(vrf RT-01-02):G3 は Area 0
RT-01(vrf RT-01-02):Gi4 ~ RT-03:Gi2 は Area 13
RT-01:tunnel0 ~ RT-03:tunnel0 は Area 46
Area 46 が area 0 と面していないので、RT-01 が Area 46 以外のルート情報を学習できていない。
解決するためには RT-01(vrf RT-01-02):Gi4 ~ RT-03:Gi2 間の Area 13 でVirtual-Linkを作成する必要がある。
RT-01>sh ip ospf int b | inc VL0
VL0 1 0 0.0.0.0/0 65535 DOWN 0/0
RT-01>sh ip ospf virtual-links
Virtual Link OSPF_VL0 to router 3.3.3.3 is down
Run as demand circuit
DoNotAge LSA allowed.
Transit area 13
Topology-MTID Cost Disabled Shutdown Topology Name
0 65535 no no Base
Transmit Delay is 1 sec, State DOWN,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
RT-03#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
11.11.11.11 1 FULL/DR 00:00:33 10.0.13.1 GigabitEthernet2
1.1.1.1 0 FULL/ - 00:00:34 13.13.13.1 Tunnel0RT-01(vrf RT-01-02)にはすでに virtual-link が設定してあり、対向の router-id として 3.3.3.3 を指定してある。
RT-03 に virtual-link を設定する。
対向の neighbor-id は 11.11.11.11。
RT-03
router ospf 1
area 13 virtual-link 11.11.11.11
RT-03#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
11.11.11.11 0 FULL/ - 00:00:25 10.0.13.1 OSPF_VL1
11.11.11.11 1 FULL/DR 00:00:33 10.0.13.1 GigabitEthernet2
1.1.1.1 0 FULL/ - 00:00:34 13.13.13.1 Tunnel0
RT-03#sh ip ospf int b | inc VL
VL1 1 0 10.0.13.3/24 1 P2P 1/1
RT-03#sh ip ospf virtual-links
Virtual Link OSPF_VL1 to router 11.11.11.11 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 13, via interface GigabitEthernet2
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:08
Adjacency State FULL (Hello suppressed)
Index 1/1/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
RT-01>sh ip ospf virtual-links
Virtual Link OSPF_VL0 to router 3.3.3.3 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 13, via interface GigabitEthernet4
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:07
Adjacency State FULL (Hello suppressed)
Index 1/2/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
RT-01>sh ip route ospf | be Gate
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/1003] via 13.13.13.3, 00:02:16, Tunnel0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.0.12.0 [110/1002] via 13.13.13.3, 00:02:16, Tunnel0
O IA 10.0.13.0 [110/1001] via 13.13.13.3, 00:02:16, Tunnel0virtual-link を介して area 46 と area 0 が接続され、RT-01は area 46 以外のエリアのルートを学習した。
これにより RT-01は 2.2.2.2 (AS65002) と疎通性が生まれ、RT-02 とBGPネイバーを確立することができる。
RT-01>ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms
RT-01>traceroute 2.2.2.2
Type escape sequence to abort.
Tracing the route to 2.2.2.2
VRF info: (vrf in name/id, vrf out name/id)
1 13.13.13.3 68 msec 2 msec 1 msec
2 10.0.13.1 7 msec 2 msec 2 msec
3 10.0.12.2 92 msec * 4 msec
RT-01>sh ip bgp su | be Nei
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 65002 11 8 5 0 0 00:02:52 1
RT-01 と RT-02 がBGPネイバーを形成することで
SV-01から 192.168.20.200 へのpingも飛ぶようになる。
RT-01>sh ip bgp | be Net
Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 0.0.0.0 0 32768 i
*> 192.168.20.0 2.2.2.2 0 65002 65003 65004 i
RT-02>sh ip bgp | be Net
Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 1.1.1.1 0 0 65001 i
*> 192.168.20.0 10.0.23.3 0 65003 65004 i
RT-02>sh ip bgp nei 1.1.1.1 routes | be Net
Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 1.1.1.1 0 0 65001 i
Total number of prefixes 1
RT-02>sh ip route bgp | be Gate
Gateway of last resort is not set
B 192.168.10.0/24 [20/0] via 1.1.1.1, 00:03:52
B 192.168.20.0/24 [20/0] via 10.0.23.3, 01:01:47
RT-04>sh ip bgp | be Net
Network Next Hop Metric LocPrf Weight Path
*> 192.168.10.0 10.0.34.3 0 65003 65002 65001 i
*> 192.168.20.0 0.0.0.0 0 32768 i
RT-04>sh ip route bgp | be Gate
Gateway of last resort is not set
B 192.168.10.0/24 [20/0] via 10.0.34.3, 00:04:53
SV-01:~# ping -c 5 192.168.20.200
PING 192.168.20.200 (192.168.20.200) 56(84) bytes of data.
64 bytes from 192.168.20.200: icmp_seq=1 ttl=61 time=3.63 ms
64 bytes from 192.168.20.200: icmp_seq=2 ttl=61 time=4.16 ms
64 bytes from 192.168.20.200: icmp_seq=3 ttl=61 time=4.34 ms
64 bytes from 192.168.20.200: icmp_seq=4 ttl=61 time=6.38 ms
64 bytes from 192.168.20.200: icmp_seq=5 ttl=61 time=9.45 ms
--- 192.168.20.200 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 3.627/5.592/9.454/2.145 ms
SV-01:~# traceroute -n 192.168.20.200
traceroute to 192.168.20.200 (192.168.20.200), 30 hops max, 46 byte packets
1 192.168.10.1 0.279 ms 1.003 ms 0.173 ms
2 13.13.13.3 1.510 ms 1.280 ms 1.269 ms
3 10.0.34.4 2.258 ms 1.327 ms 1.531 ms
4 192.168.20.200 1.316 ms 4.608 ms 3.401 ms
※IPv4 over IPv6 のTunnelを経由して RT-03 に届いたパケットは
RT-03 によってそのまま RT-04 に転送されるため、VRF:RT-01-2 の区間は通らない
正解例
RT-03
ipv6 unicast-routing
interface Gi3
ipv6 ospf 1 area 0
int lo0
ipv6 ospf 1 area 0
interface Tunnel0
tunnel mode gre ipv6
router ospf 1
network 13.13.13.3 0.0.0.0 area 46
network 10.0.13.3 0.0.0.0 area 13
area 13 virtual-link 11.11.11.11参考:初期コンフィグ
# RT-01
hostname RT-01
aaa new-model
username user view SHOW_ONLY password 0 user
parser view SHOW_ONLY
secret 0 user
commands exec include show
ip access-list standard SSH_IN
deny 192.168.0.0 0.0.255.255
deny 10.0.12.0 0.0.0.255
deny 10.0.13.0 0.0.0.255
deny 10.0.14.0 0.0.0.255
deny 10.0.23.0 0.0.0.255
deny 10.0.24.0 0.0.0.255
deny 10.0.34.0 0.0.0.255
deny 1.1.1.1
deny 2.2.2.2
deny 3.3.3.3
deny 4.4.4.4
permit any
no ip domain lookup
ipv6 unicast-routing
vrf definition RT-01-2
address-family ipv4
exit-address-family
interface Loopback0
no shutdown
ip address 1.1.1.1 255.255.255.255
ipv6 address 2000:57:11::1/128
ipv6 ospf 1 area 0
interface Tunnel0
no shutdown
ip address 13.13.13.1 255.255.255.0
tunnel source 2000:57:11::1
tunnel mode gre ipv6
tunnel destination 2000:57:33::3
tunnel path-mtu-discovery
interface GigabitEthernet2
no shutdown
ip address 192.168.10.1 255.255.255.0
interface GigabitEthernet3
no shutdown
vrf forwarding RT-01-2
ip address 10.0.12.1 255.255.255.0
interface GigabitEthernet4
no shutdown
vrf forwarding RT-01-2
ip address 10.0.13.1 255.255.255.0
interface GigabitEthernet5
no shutdown
no ip address
negotiation auto
ipv6 address 2000:57:14::1/64
ipv6 ospf 1 area 0
router ospfv3 1
address-family ipv6 unicast
exit-address-family
router ospf 1 vrf RT-01-2
router-id 11.11.11.11
area 13 virtual-link 3.3.3.3
network 10.0.12.1 0.0.0.0 area 0
network 10.0.13.1 0.0.0.0 area 13
router ospf 2
network 1.1.1.1 0.0.0.0 area 46
network 13.13.13.1 0.0.0.0 area 46
router bgp 65001
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 192.168.10.0
neighbor 2.2.2.2 remote-as 65002
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
line vty 0 4
access-class SSH_IN in vrf-also
transport input ssh
# RT-02
hostname RT-02
aaa new-model
aaa authentication login VTY_LOCAL local
aaa authorization exec VTY_LOCAL local
username user view SHOW_ONLY password 0 user
parser view SHOW_ONLY
secret 0 user
! 基本
commands exec include show version
commands exec include show ip interface brief
commands exec include show interfaces
commands exec include show ip route
! BGP
commands exec include show ip bgp
commands exec include show ip bgp summary
commands exec include show ip bgp neighbors 1.1.1.1 routes
! OSPF
commands exec include show ip ospf
commands exec include show ip ospf interface
commands exec include show ip ospf interface brief
commands exec include show ip ospf neighbor
commands exec include show ip ospf neighbor detail
commands exec include show ip ospf database
! IPv6 基本
commands exec include show ipv6 interface
commands exec include show ipv6 interface brief
commands exec include show ipv6 route
commands exec include show ipv6 neighbors
! IPv6 OSPF (OSPFv3)
commands exec include show ipv6 ospf
commands exec include show ipv6 ospf interface
commands exec include show ipv6 ospf neighbor
commands exec include show ipv6 ospf database
ip access-list standard SSH_IN
deny 192.168.0.0 0.0.255.255
deny 10.0.12.0 0.0.0.255
deny 10.0.13.0 0.0.0.255
deny 10.0.14.0 0.0.0.255
deny 10.0.23.0 0.0.0.255
deny 10.0.24.0 0.0.0.255
deny 10.0.34.0 0.0.0.255
deny 1.1.1.1
deny 2.2.2.2
deny 3.3.3.3
deny 4.4.4.4
permit any
no ip domain lookup
ipv6 unicast-routing
interface Loopback0
no shutdown
ip address 2.2.2.2 255.255.255.255
interface GigabitEthernet2
no shutdown
ip address 10.0.12.2 255.255.255.0
interface GigabitEthernet3
no shutdown
ip address 10.0.23.2 255.255.255.0
ipv6 address 2000:57:23::2/64
ipv6 nd ra suppress all
ipv6 ospf 1 area 0
interface GigabitEthernet4
no shutdown
no ip address
ipv6 address 2000:57:24::2/64
ipv6 ospf 1 area 0
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 2
network 10.0.12.2 0.0.0.0 area 0
router bgp 65002
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65001
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 update-source Loopback0
neighbor 10.0.23.3 remote-as 65003
ipv6 router ospf 1
line vty 0 4
login authentication VTY_LOCAL
authorization exec VTY_LOCAL
access-class SSH_IN in vrf-also
transport input ssh
# RT-03
hostname RT-03
no ip domain lookup
interface Loopback0
no shutdown
ip address 3.3.3.3 255.255.255.255
ipv6 address 2000:57:33::3/128
interface Tunnel0
no shutdown
ip address 13.13.13.3 255.255.255.0
tunnel source 2000:57:33::3
tunnel mode ipv6
tunnel destination 2000:57:11::1
tunnel path-mtu-discovery
interface GigabitEthernet2
no shutdown
ip address 10.0.13.3 255.255.255.0
interface GigabitEthernet3
no shutdown
ip address 10.0.23.3 255.255.255.0
ip address 10.0.23.3 255.255.255.0
ipv6 address 2000:57:23::3/64
interface GigabitEthernet4
no shutdown
ip address 10.0.34.3 255.255.255.0
router bgp 65003
bgp router-id 3.3.3.3
neighbor 10.0.23.2 remote-as 65002
neighbor 10.0.34.4 remote-as 65004
ip route 192.168.10.0 255.255.255.0 Tunnel0
# RT-04
hostname RT-04
aaa new-model
username user view SHOW_ONLY password 0 user
parser view SHOW_ONLY
secret 0 user
commands exec include show
ip access-list standard SSH_IN
deny 192.168.0.0 0.0.255.255
deny 10.0.12.0 0.0.0.255
deny 10.0.13.0 0.0.0.255
deny 10.0.14.0 0.0.0.255
deny 10.0.23.0 0.0.0.255
deny 10.0.24.0 0.0.0.255
deny 10.0.34.0 0.0.0.255
deny 1.1.1.1
deny 2.2.2.2
deny 3.3.3.3
deny 4.4.4.4
permit any
no ip domain lookup
interface Loopback0
no shutdown
ip address 4.4.4.4 255.255.255.255
interface GigabitEthernet2
no shutdown
no ip address
ipv6 address 2000:57:14::4/64
ipv6 ospf 1 area 0
interface GigabitEthernet3
no shutdown
no ip address
ipv6 address 2000:57:24::4/64
ipv6 ospf 1 area 0
interface GigabitEthernet4
no shutdown
ip address 10.0.34.4 255.255.255.0
interface GigabitEthernet5
no shutdown
ip address 192.168.20.4 255.255.255.0
router ospf 57
passive-interface GigabitEthernet2
network 4.4.4.4 0.0.0.0 area 0
network 10.0.24.4 0.0.0.0 area 0
network 10.0.34.4 0.0.0.0 area 0
network 192.168.20.4 0.0.0.0 area 0
router bgp 65004
bgp router-id 4.4.4.4
bgp log-neighbor-changes
network 192.168.20.0
neighbor 10.0.34.3 remote-as 65003
ipv6 router ospf 1
line vty 0 4
access-class SSH_IN in vrf-also
transport input ssh
コメント