前書き
ブログ開設から初投稿までかなり期間が空きましたが、今回は掲題の通りトラフィック分割についてCMLで遊んでわかったことを記載していこうと思います。
環境
CMLをProxmoxVE上に立てて環境構築しました。
- CML2.7
次に各ノードの紹介です。正直、UADPとQ200で何が違うのかわかっていません。
- Cataryst 9000v UADP ×2(以降cat9000v)
- CSR 1000v ×4(以降csr1000v)
概要図
今回は検証目的なので簡易な構成になっています。
左上のcsr1000v-0と右上csr1000v-2がA社、左下のcsr1000v-1と右下csr1000v-3がB社という設定で、A社とB社は互いにルーティングはできず、同じプライベートIPv4アドレスを重複して持っているという状況です。
VRFごとにルーティングを分けたいものの、物理線が1本しかないリンク間(G1/0/3)をどのようにして論理分割すればよいのかが、今回の検証です。
今回は802.1QのタグVLANを使っていますが、サブインターフェース、EVN、トンネルインターフェースなどでも論理分割できるのではないでしょうか。(未検証)
また、この想定は回線事業者が設計する想定なので各csr1000vとcat9000vとのリンクは閉域の伝送路ですが、エンタープライズではこの接続部分がインターネット網になり、IPsecでの接続になる想定です。
コンフィグ
cat9000v-uadp-0
どうやらCMLのデフォルトのライセンスだと、cat9000vではVRFなどが使えない1ようなので、まずアドバンテージライセンスの有効化を行います。
en
!
conf t
!
license boot level network-advantage addon dna-advantage
exit
!
write memory
reload
起動し終わったら、コンフィグを投入していきます。
今回はルートフィルタなど行っていないため、A社やB社側に広告したくないルートがある場合は、フィルタリングする必要があります。
また、ピアはSVIもしくは物理インターフェースでしか設定していないため、ループバックで設定する場合はeBGPピアのTTLやアップデートソースインターフェースなど考慮が増えるかと思います。
en
!
conf t
!
vlan 100
!
vlan 200
!
vrf definition VRF-A
address-family ipv4
rd 10001:1
!
vrf definition VRF-B
address-family ipv4
rd 20001:1
!
interface vlan 100
no shutdown
vrf forwarding VRF-A
ip address 100.0.0.1 255.255.255.0
!
interface vlan 200
no shutdown
vrf forwarding VRF-B
ip address 200.0.0.1 255.255.255.0
!
interface gigabitEthernet 1/0/1
no switchport
vrf forwarding VRF-A
ip address 1.1.1.254 255.255.255.0
!
interface gigabitEthernet 1/0/2
no switchport
vrf forwarding VRF-B
ip address 2.2.2.254 255.255.255.0
!
interface gigabitEthernet 1/0/3
switchport mode trunk
switchport trunk allowed vlan 100,200
!
ip routing
!
router bgp 65500
no synchronization
no auto-summary
bgp router-id 50.50.50.50
!
address-family ipv4 vrf VRF-A
neighbor 100.0.0.2 remote-as 65500
neighbor 100.0.0.2 activate
neighbor 1.1.1.1 remote-as 65501
neighbor 1.1.1.1 activate
no auto-summary
no synchronization
redistribute connected
exit-address-family
!
address-family ipv4 vrf VRF-B
neighbor 200.0.0.2 remote-as 65500
neighbor 200.0.0.2 activate
neighbor 2.2.2.2 remote-as 65502
neighbor 2.2.2.2 activate
no auto-summary
no synchronization
redistribute connected
exit-address-family
!
end
!cat9000v-uadp-1
en
!
conf t
!
license boot level network-advantage addon dna-advantage
exit
!
write memory
reloaden
!
conf t
!
vlan 100
!
vlan 200
!
vrf definition VRF-A
address-family ipv4
rd 10001:1
!
vrf definition VRF-B
address-family ipv4
rd 20001:1
!
interface vlan 100
no shutdown
vrf forwarding VRF-A
ip address 100.0.0.2 255.255.255.0
!
interface vlan 200
no shutdown
vrf forwarding VRF-B
ip address 200.0.0.2 255.255.255.0
!
interface gigabitEthernet 1/0/1
no switchport
vrf forwarding VRF-A
ip address 3.3.3.254 255.255.255.0
!
interface gigabitEthernet 1/0/2
no switchport
vrf forwarding VRF-B
ip address 4.4.4.254 255.255.255.0
!
interface gigabitEthernet 1/0/3
switchport mode trunk
switchport trunk allowed vlan 100,200
!
ip routing
!
router bgp 65500
no synchronization
no auto-summary
bgp router-id 50.50.50.51
!
address-family ipv4 vrf VRF-A
neighbor 100.0.0.1 remote-as 65500
neighbor 100.0.0.1 activate
neighbor 3.3.3.3 remote-as 65501
neighbor 3.3.3.3 activate
no auto-summary
no synchronization
redistribute connected
exit-address-family
!
address-family ipv4 vrf VRF-B
neighbor 200.0.0.1 remote-as 65500
neighbor 200.0.0.1 activate
neighbor 4.4.4.4 remote-as 65502
neighbor 4.4.4.4 activate
no auto-summary
no synchronization
redistribute connected
exit-address-family
!
end
!csr1000v-0
こちらは特に複雑な設定は不要ですが、今回A社のルータ2つを同じAS番号で設定しているため、allowas-inが必要になっています。(赤字部分)
現在はプライベートASも拡張されている2ため、古い機種でなければ上限数を考慮して節約する必要もないかもしれません。
en
!
conf t
!
interface gigabitEthernet 1
ip address 1.1.1.1 255.255.255.0
no shutdown
!
interface loopback 0
ip address 10.0.0.1 255.255.255.255
no shutdown
!
ip routing
!
router bgp 65501
neighbor 1.1.1.254 remote-as 65500
neighbor 1.1.1.254 allowas-in
no auto-summary
no synchronization
redistribute connected
!
end
!csr1000v-1
en
!
conf t
!
interface gigabitEthernet 1
ip address 2.2.2.2 255.255.255.0
no shutdown
!
interface loopback 0
ip address 10.0.0.1 255.255.255.255
no shutdown
!
ip routing
!
router bgp 65502
neighbor 2.2.2.254 remote-as 65500
neighbor 2.2.2.254 allowas-in
no auto-summary
no synchronization
redistribute connected
!
end
!csr1000v-2
en
!
conf t
!
interface gigabitEthernet 1
ip address 3.3.3.3 255.255.255.0
no shutdown
!
interface loopback 0
ip address 10.0.0.2 255.255.255.255
no shutdown
!
ip routing
!
router bgp 65501
neighbor 3.3.3.254 remote-as 65500
neighbor 3.3.3.254 allowas-in
no auto-summary
no synchronization
redistribute connected
!
end
!csr1000v-3
en
!
conf t
!
interface gigabitEthernet 1
ip address 4.4.4.4 255.255.255.0
no shutdown
!
interface loopback 0
ip address 10.0.0.2 255.255.255.255
no shutdown
!
ip routing
!
router bgp 65502
neighbor 4.4.4.254 remote-as 65500
neighbor 4.4.4.254 allowas-in
no auto-summary
no synchronization
redistribute connected
!
end
!showコマンド結果
show vrf
cat9000v-uadp-0
inserthostname-here#sho vrf
Name Default RD Protocols Interfaces
Mgmt-vrf <not set> ipv4,ipv6 Gi0/0
VRF-A 10001:1 ipv4 Vl100
Gi1/0/1
VRF-B 20001:1 ipv4 Vl200
Gi1/0/2cat9000v-uadp-1
inserthostname-here#sho vrf
Name Default RD Protocols Interfaces
Mgmt-vrf <not set> ipv4,ipv6 Gi0/0
VRF-A 10001:1 ipv4 Vl100
Gi1/0/1
VRF-B 20001:1 ipv4 Vl200
Gi1/0/2show ip rourt vrf VRF-A
cat9000v-uadp-0
inserthostname-here#sho ip route vrf VRF-A
Routing Table: VRF-A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, GigabitEthernet1/0/1
L 1.1.1.254/32 is directly connected, GigabitEthernet1/0/1
3.0.0.0/24 is subnetted, 1 subnets
B 3.3.3.0 [200/0] via 100.0.0.2, 00:13:05
10.0.0.0/32 is subnetted, 2 subnets
B 10.0.0.1 [20/0] via 1.1.1.1, 00:13:20
B 10.0.0.2 [200/0] via 3.3.3.3, 00:13:00
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.0.0.0/24 is directly connected, Vlan100
L 100.0.0.1/32 is directly connected, Vlan100cat9000v-uadp-1
inserthostname-here#sho ip route vrf VRF-A
Routing Table: VRF-A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [200/0] via 100.0.0.1, 00:14:48
3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 3.3.3.0/24 is directly connected, GigabitEthernet1/0/1
L 3.3.3.254/32 is directly connected, GigabitEthernet1/0/1
10.0.0.0/32 is subnetted, 2 subnets
B 10.0.0.1 [200/0] via 1.1.1.1, 00:14:48
B 10.0.0.2 [20/0] via 3.3.3.3, 00:14:48
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.0.0.0/24 is directly connected, Vlan100
L 100.0.0.2/32 is directly connected, Vlan100show ip rourt vrf VRF-B
cat9000v-uadp-0
inserthostname-here#sho ip route vrf VRF-B
Routing Table: VRF-B
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.2.2.0/24 is directly connected, GigabitEthernet1/0/2
L 2.2.2.254/32 is directly connected, GigabitEthernet1/0/2
4.0.0.0/24 is subnetted, 1 subnets
B 4.4.4.0 [200/0] via 200.0.0.2, 00:13:30
10.0.0.0/32 is subnetted, 2 subnets
B 10.0.0.1 [20/0] via 2.2.2.2, 00:13:45
B 10.0.0.2 [200/0] via 4.4.4.4, 00:13:29
200.0.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 200.0.0.0/24 is directly connected, Vlan200
L 200.0.0.1/32 is directly connected, Vlan200cat9000v-uadp-1
inserthostname-here#sho ip route vrf VRF-B
Routing Table: VRF-B
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
2.0.0.0/24 is subnetted, 1 subnets
B 2.2.2.0 [200/0] via 200.0.0.1, 00:15:52
4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 4.4.4.0/24 is directly connected, GigabitEthernet1/0/2
L 4.4.4.254/32 is directly connected, GigabitEthernet1/0/2
10.0.0.0/32 is subnetted, 2 subnets
B 10.0.0.1 [200/0] via 2.2.2.2, 00:15:52
B 10.0.0.2 [20/0] via 4.4.4.4, 00:15:51
200.0.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 200.0.0.0/24 is directly connected, Vlan200
L 200.0.0.2/32 is directly connected, Vlan200show ip route
csr1000v-0
inserthostname-here#sho ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, GigabitEthernet1
L 1.1.1.1/32 is directly connected, GigabitEthernet1
3.0.0.0/24 is subnetted, 1 subnets
B 3.3.3.0 [20/0] via 1.1.1.254, 00:18:05
10.0.0.0/32 is subnetted, 2 subnets
C 10.0.0.1 is directly connected, Loopback0
B 10.0.0.2 [20/0] via 1.1.1.254, 00:18:00
100.0.0.0/24 is subnetted, 1 subnets
B 100.0.0.0 [20/0] via 1.1.1.254, 00:18:20csr1000v-1
inserthostname-here#sho ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.2.2.0/24 is directly connected, GigabitEthernet1
L 2.2.2.2/32 is directly connected, GigabitEthernet1
4.0.0.0/24 is subnetted, 1 subnets
B 4.4.4.0 [20/0] via 2.2.2.254, 00:18:22
10.0.0.0/32 is subnetted, 2 subnets
C 10.0.0.1 is directly connected, Loopback0
B 10.0.0.2 [20/0] via 2.2.2.254, 00:18:21
B 200.0.0.0/24 [20/0] via 2.2.2.254, 00:18:36csr1000v-2
inserthostname-here#sho ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
B 1.1.1.0 [20/0] via 3.3.3.254, 00:18:34
3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 3.3.3.0/24 is directly connected, GigabitEthernet1
L 3.3.3.3/32 is directly connected, GigabitEthernet1
10.0.0.0/32 is subnetted, 2 subnets
B 10.0.0.1 [20/0] via 3.3.3.254, 00:18:34
C 10.0.0.2 is directly connected, Loopback0
100.0.0.0/24 is subnetted, 1 subnets
B 100.0.0.0 [20/0] via 3.3.3.254, 00:18:34csr1000v-3
inserthostname-here#sho ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
2.0.0.0/24 is subnetted, 1 subnets
B 2.2.2.0 [20/0] via 4.4.4.254, 00:18:54
4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 4.4.4.0/24 is directly connected, GigabitEthernet1
L 4.4.4.4/32 is directly connected, GigabitEthernet1
10.0.0.0/32 is subnetted, 2 subnets
B 10.0.0.1 [20/0] via 4.4.4.254, 00:18:54
C 10.0.0.2 is directly connected, Loopback0
B 200.0.0.0/24 [20/0] via 4.4.4.254, 00:18:54show ip bgp all summry
cat9000v-uadp-0
inserthostname-here#sho ip bgp all summary
For address family: VPNv4 Unicast
BGP router identifier 50.50.50.50, local AS number 65500
BGP table version is 11, main routing table version 11
10 network entries using 2640 bytes of memory
14 path entries using 1904 bytes of memory
6/6 BGP path/bestpath attribute entries using 1872 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 6464 total bytes of memory
BGP activity 10/0 prefixes, 14/0 paths, scan interval 60 secs
10 networks peaked at 07:14:36 Dec 28 2024 UTC (00:07:02.008 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 65501 14 14 11 0 0 00:08:12 2
2.2.2.2 4 65502 13 14 11 0 0 00:08:26 2
100.0.0.2 4 65500 13 14 11 0 0 00:08:09 3
200.0.0.2 4 65500 13 14 11 0 0 00:08:13 3cat9000v-uadp-1
inserthostname-here#sho ip bgp all summary
For address family: VPNv4 Unicast
BGP router identifier 50.50.50.50, local AS number 65500
BGP table version is 11, main routing table version 11
10 network entries using 2640 bytes of memory
14 path entries using 1904 bytes of memory
6/6 BGP path/bestpath attribute entries using 1872 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 6464 total bytes of memory
BGP activity 10/0 prefixes, 14/0 paths, scan interval 60 secs
10 networks peaked at 07:14:36 Dec 28 2024 UTC (00:07:02.008 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 65501 14 14 11 0 0 00:08:12 2
2.2.2.2 4 65502 13 14 11 0 0 00:08:26 2
100.0.0.2 4 65500 13 14 11 0 0 00:08:09 3
200.0.0.2 4 65500 13 14 11 0 0 00:08:13 3csr1000v-0
inserthostname-here#sho ip bgp all summary
For address family: IPv4 Unicast
BGP router identifier 10.0.0.1, local AS number 65501
BGP table version is 6, main routing table version 6
5 network entries using 1240 bytes of memory
6 path entries using 816 bytes of memory
4/4 BGP path/bestpath attribute entries using 1152 bytes of memory
2 BGP AS-PATH entries using 64 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3272 total bytes of memory
BGP activity 5/0 prefixes, 6/0 paths, scan interval 60 secs
5 networks peaked at 07:14:40 Dec 28 2024 UTC (00:08:32.959 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.254 4 65500 16 16 6 0 0 00:09:47 4csr1000v-1
inserthostname-here#sho ip bgp all summary
For address family: IPv4 Unicast
BGP router identifier 10.0.0.1, local AS number 65502
BGP table version is 6, main routing table version 6
5 network entries using 1240 bytes of memory
6 path entries using 816 bytes of memory
4/4 BGP path/bestpath attribute entries using 1152 bytes of memory
2 BGP AS-PATH entries using 64 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3272 total bytes of memory
BGP activity 5/0 prefixes, 6/0 paths, scan interval 60 secs
5 networks peaked at 07:14:36 Dec 28 2024 UTC (00:11:00.518 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.254 4 65500 18 17 6 0 0 00:12:25 4csr1000v-2
inserthostname-here#sho ip bgp all summary
For address family: IPv4 Unicast
BGP router identifier 10.0.0.2, local AS number 65501
BGP table version is 6, main routing table version 6
5 network entries using 1240 bytes of memory
6 path entries using 816 bytes of memory
4/4 BGP path/bestpath attribute entries using 1152 bytes of memory
2 BGP AS-PATH entries using 64 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3272 total bytes of memory
BGP activity 5/0 prefixes, 6/0 paths, scan interval 60 secs
5 networks peaked at 07:14:35 Dec 28 2024 UTC (00:11:22.834 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.254 4 65500 19 17 6 0 0 00:12:27 4csr1000v-3
inserthostname-here#sho ip bgp all summary
For address family: IPv4 Unicast
BGP router identifier 10.0.0.2, local AS number 65502
BGP table version is 6, main routing table version 6
5 network entries using 1240 bytes of memory
6 path entries using 816 bytes of memory
4/4 BGP path/bestpath attribute entries using 1152 bytes of memory
2 BGP AS-PATH entries using 64 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3272 total bytes of memory
BGP activity 5/0 prefixes, 6/0 paths, scan interval 60 secs
5 networks peaked at 07:14:35 Dec 28 2024 UTC (00:11:40.698 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.254 4 65500 19 17 6 0 0 00:12:28 4疎通確認
ping
csr1000v-0
inserthostname-here#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/5 ms
inserthostname-here#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 45/58/79 mscsr1000v-1
inserthostname-here#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/5 ms
inserthostname-here#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 45/55/70 mscsr1000v-2
inserthostname-here#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 55/62/77 ms
inserthostname-here#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 mscsr1000v-3
inserthostname-here#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 45/53/72 ms
inserthostname-here#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/5 mstraceroute
csr1000v-0
inserthostname-here#traceroute 10.0.0.1
Type escape sequence to abort.
Tracing the route to 10.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.0.1 37 msec * 1 msec
inserthostname-here#traceroute 10.0.0.2
Type escape sequence to abort.
Tracing the route to 10.0.0.2
VRF info: (vrf in name/id, vrf out name/id)
1 1.1.1.254 26 msec 22 msec 22 msec
2 100.0.0.2 [AS 65500] 37 msec 38 msec 43 msec
3 3.3.3.3 [AS 65500] 71 msec 43 msec *csr1000v-1
inserthostname-here#traceroute 10.0.0.1
Type escape sequence to abort.
Tracing the route to 10.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.0.1 34 msec * 1 msec
inserthostname-here#traceroute 10.0.0.2
Type escape sequence to abort.
Tracing the route to 10.0.0.2
VRF info: (vrf in name/id, vrf out name/id)
1 2.2.2.254 19 msec 13 msec 20 msec
2 200.0.0.2 [AS 65500] 48 msec 36 msec 33 msec
3 4.4.4.4 [AS 65500] 70 msec 46 msec * csr1000v-2
inserthostname-here#traceroute 10.0.0.1
Type escape sequence to abort.
Tracing the route to 10.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
1 3.3.3.254 16 msec 23 msec 21 msec
2 100.0.0.1 [AS 65500] 52 msec 48 msec 45 msec
3 1.1.1.1 [AS 65500] 55 msec 45 msec *
inserthostname-here#traceroute 10.0.0.2
Type escape sequence to abort.
Tracing the route to 10.0.0.2
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.0.2 0 msec * 2 mseccsr1000v-3
inserthostname-here#traceroute 10.0.0.1
Type escape sequence to abort.
Tracing the route to 10.0.0.1
VRF info: (vrf in name/id, vrf out name/id)
1 4.4.4.254 18 msec 20 msec 22 msec
2 200.0.0.1 [AS 65500] 50 msec 31 msec 36 msec
3 2.2.2.2 [AS 65500] 44 msec 51 msec *
inserthostname-here#traceroute 10.0.0.2
Type escape sequence to abort.
Tracing the route to 10.0.0.2
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.0.2 1 msec * 0 msec後書き
802.1QのVLANの数はイーサネットフレーム内のTCIフィールドの規定から4096が上限となっています。3
なので、今回の設計ではVLAN数=VRF数=会社数なので、論理分割が可能なのは4096社までとなります。(実際には機器によって予約済みのVLANIDがあるため、さらに少ない)
この制約を免れるためには4096以上作れるならサブインターフェース、VXLAN、QinQなどの仕組みを使って橋渡しする必要がありそうですね。
脚注
- 参考サイトのリンクです。
https://sig9.org/blog/2023/03/13/#_2:~:text=20000%20kb/s-,%E3%83%A9%E3%82%A4%E3%82%BB%E3%83%B3%E3%82%B9%E3%83%AC%E3%83%99%E3%83%AB%E3%82%92%E5%A4%89%E6%9B%B4%E3%81%99%E3%82%8B,-%C2%B6
↩︎ - 現在は64512~65534だけでなく、4200000000~4294967294がプライベートASになっています。
https://www.nic.ad.jp/doc/jpnic-01244.html#:~:text=%E5%BF%85%E8%A6%81%E3%81%82%E3%82%8A%E3%81%BE%E3%81%9B%E3%82%93%E3%80%82-,3.2%20%E3%83%97%E3%83%A9%E3%82%A4%E3%83%99%E3%83%BC%E3%83%88AS%E7%95%AA%E5%8F%B7%E3%81%AE%E5%88%A9%E7%94%A8,-%E6%9C%89%E9%99%90%E3%81%AE%E8%B3%87%E6%BA%90
↩︎ - VLANIDのフィールドは12bitなので、2^12=4096
https://www.alaxala.com/jp/techinfo/archive/manual/AX5400S/HTML/10_10_/APGUIDE/0044.HTM ↩︎
コメント