Vyatta(VyOS) L3トンネル設定

スポンサーリンク

Vyatta(VyOS)で、L3トンネルの設定方法をまとめます。VyattaはIPIP, IP6IP6, IPIP6, 6in4(SIT), GRE, IP6GREのカプセル化に対応しています。

設定まとめ

以下のコマンドでトンネルインターフェースを作成できます。トンネル名はtunXXXという命名にする必要があります。

set interfaces tunnel <tunnel name>

以下のコマンドでトンネルのカプセル化を指定できます。

set interfaces tunnel <tunnel name> encapsulation <カプセル化>

以下のコマンドでトンネルインターフェースに対してIPアドレスを付与できます。IPv4, IPv6の片方または両方のアドレスを指定できるかどうかは、トンネルのカプセル化によって異なります。

例えば、IPIPでカプセル化するならばIPv4しか指定できません。

set interfaces tunnel <tunnel name> address <IPv4アドレス>
set interfaces tunnel <tunnel name> address <IPv6アドレス>

以下のコマンドでトンネルの送信元IPアドレスを指定します。

set interfaces tunnel <tunnel name> source-address <IPv4アドレス>
set interfaces tunnel <tunnel name> source-address <IPv6アドレス>

以下のコマンドでトンネルの対向IPアドレスを指定します。

set interfaces tunnel <tunnel name> remote <IPv4アドレス>
set interfaces tunnel <tunnel name> remote <IPv6アドレス>

動作確認

動作確認の構成

以下の環境で動作確認を行います。

+-----------------------+
|        host100        |
|                       |
+-----------+-----------+
     ens224 | .100  ::100
            | 
            | 192.168.100.0/24
            | 2001:0DB8:100::/64
            | 
       eth0 | .1 ::1
+-----------+-----------+
|         vy001         |
| Lo:10.1.1.1/32        |
| Lo:2001:0DB8:1::1/128 |
+-----------+-----------+
       eth1 | .1  ::1
            | 
            | 192.168.12.0/24
            | 2001:0DB8:12::/64
            | 
       eth0 | .2 ::2
+-----------+-----------+
|         vy002         |
| Lo:10.2.2.2/32        |
| Lo:2001:0DB8:2::2/128 |
+-----------+-----------+
       eth1 | .2 ::2
            | 
            | 192.168.23.0/24
            | 2001:0DB8:23::/64
            | 
       eth0 | .3 ::3
+-----------+-----------+
|         vy003         |
| Lo:10.3.3.3/32        |
| Lo:2001:0DB8:3::3/128 |
+-----------+-----------+
       eth1 | .1 ::1
            | 
            | 192.168.200.0/24
            | 2001:0DB8:200::/64
            | 
     ens224 | .200 ::200
+-----------+-----------+
|        host200        |
|                       |
+-----------------------+

初期設定

IPv4アドレスとIPv6アドレスは付与済とします。vy001, vy002, vy003の間はOSPFで互いに経路を交換しているものとします。

host100 : Rocky Linux 8.4
[root@host100 ~]# ip address 

 <omitted>

3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:8e:96:66 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.100/24 brd 192.168.100.255 scope global noprefixroute ens224
       valid_lft forever preferred_lft forever
    inet6 2001:db8:100::100/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::8813:7d0:ffd3:2c04/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
host200 : Rocky Linux 8.4
[root@host200 ~]# ip address 

 <omitted>

3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:8e:83:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.200/24 brd 192.168.200.255 scope global noprefixroute ens224
       valid_lft forever preferred_lft forever
    inet6 2001:db8:200::200/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::5fb3:768b:ed49:2f24/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
vy001 : VyOS 1.4
set interfaces ethernet eth0 address '192.168.100.1/24'
set interfaces ethernet eth0 address '2001:0DB8:100::1/64'
set interfaces ethernet eth0 hw-id '00:50:56:8e:74:ec'
set interfaces ethernet eth1 address '192.168.12.1/24'
set interfaces ethernet eth1 address '2001:0DB8:12::1/64'
set interfaces ethernet eth1 hw-id '00:50:56:8e:3a:92'
set interfaces loopback lo address '10.1.1.1/32'
set interfaces loopback lo address '2001:0DB8:1::1/128'
set protocols ospf area 0 network '192.168.12.0/24'
set protocols ospf area 0 network '10.1.1.1/32'
set protocols ospfv3 area 0 interface 'eth1'
set protocols ospfv3 area 0 interface 'lo'
set service ssh
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vy001'
set system login user vyos authentication encrypted-password '$6$tMjC07ln2rEuCnYQ$NrbFEUQTzGprNHwkxo5skkG5h4rX1G6RQxdpo61p3MF77PluwdJgfP9UlYT7f1Nr.gIFKoQdAsKRBykNU24.I/'
set system login user vyos authentication plaintext-password ''
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
vy002 : VyOS 1.4
set interfaces ethernet eth0 address '192.168.12.2/24'
set interfaces ethernet eth0 address '2001:0DB8:12::2/64'
set interfaces ethernet eth0 hw-id '00:50:56:8e:45:5e'
set interfaces ethernet eth1 address '192.168.23.2/24'
set interfaces ethernet eth1 address '2001:0DB8:23::2/64'
set interfaces ethernet eth1 hw-id '00:50:56:8e:5e:c2'
set interfaces loopback lo address '10.2.2.2/32'
set interfaces loopback lo address '2001:0DB8:2::2/128'
set protocols ospf area 0 network '192.168.12.0/24'
set protocols ospf area 0 network '192.168.23.0/24'
set protocols ospf area 0 network '10.2.2.2/32'
set protocols ospfv3 area 0 interface 'eth0'
set protocols ospfv3 area 0 interface 'eth1'
set protocols ospfv3 area 0 interface 'lo'
set service ssh
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vy002'
set system login user vyos authentication encrypted-password '$6$tMjC07ln2rEuCnYQ$NrbFEUQTzGprNHwkxo5skkG5h4rX1G6RQxdpo61p3MF77PluwdJgfP9UlYT7f1Nr.gIFKoQdAsKRBykNU24.I/'
set system login user vyos authentication plaintext-password ''
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
vy003 : VyOS 1.4
set interfaces ethernet eth0 address '192.168.23.3/24'
set interfaces ethernet eth0 address '2001:0DB8:23::3/64'
set interfaces ethernet eth0 hw-id '00:50:56:8e:01:93'
set interfaces ethernet eth1 address '192.168.200.1/24'
set interfaces ethernet eth1 address '2001:0DB8:200::1/64'
set interfaces ethernet eth1 hw-id '00:50:56:8e:fd:95'
set interfaces loopback lo address '10.3.3.3/32'
set interfaces loopback lo address '2001:0DB8:3::3/128'
set protocols ospf area 0 network '192.168.23.0/24'
set protocols ospf area 0 network '10.3.3.3/32'
set protocols ospfv3 area 0 interface 'eth0'
set protocols ospfv3 area 0 interface 'lo'
set service ssh
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vy003'
set system login user vyos authentication encrypted-password '$6$tMjC07ln2rEuCnYQ$NrbFEUQTzGprNHwkxo5skkG5h4rX1G6RQxdpo61p3MF77PluwdJgfP9UlYT7f1Nr.gIFKoQdAsKRBykNU24.I/'
set system login user vyos authentication plaintext-password ''
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'

動作確認 (1) IPIPトンネル

vy001とvy003の間でIPIPトンネルを確立します。

[vy001:VyOS1.4]
set interfaces tunnel tun0 address '192.168.13.1/24'
set interfaces tunnel tun0 encapsulation 'ipip'
set interfaces tunnel tun0 remote '10.3.3.3'
set interfaces tunnel tun0 source-address '10.1.1.1'

[vy003:VyOS1.4]
set interfaces tunnel tun0 address '192.168.13.3/24'
set interfaces tunnel tun0 encapsulation 'ipip'
set interfaces tunnel tun0 remote '10.1.1.1'
set interfaces tunnel tun0 source-address '10.3.3.3'

トンネルが確立された事を確認するため、vy001とvy003の間でトンネル経由のping疎通が可能である事を確認します。

[vy001:VyOS1.4]
vyos@vy001:~$ ping 192.168.13.3 count 3
PING 192.168.13.3 (192.168.13.3) 56(84) bytes of data.
64 bytes from 192.168.13.3: icmp_seq=1 ttl=64 time=0.815 ms
64 bytes from 192.168.13.3: icmp_seq=2 ttl=64 time=0.903 ms
64 bytes from 192.168.13.3: icmp_seq=3 ttl=64 time=0.974 ms

--- 192.168.13.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2046ms
rtt min/avg/max/mdev = 0.815/0.897/0.974/0.065 ms
vyos@vy001:~$ 

host100とhost200の間で疎通可能になるようにBGPで経路を交換します。

[vy001:VyOS1.4]
set protocols bgp address-family ipv4-unicast network 192.168.100.0/24
set protocols bgp local-as '65000'
set protocols bgp neighbor 192.168.13.3 remote-as '65000'
set protocols bgp timers holdtime '30'
set protocols bgp timers keepalive '10'

[vy003:VyOS1.4]
set protocols bgp address-family ipv4-unicast network 192.168.200.0/24
set protocols bgp local-as '65000'
set protocols bgp neighbor 192.168.13.1 remote-as '65000'
set protocols bgp timers holdtime '10'
set protocols bgp timers keepalive '30'

host100とhost200の間で互いに疎通可能である事を確認します。

[host100:RockyLinux8.4]
[root@host100 ~]# ping -c 3 192.168.200.200
PING 192.168.200.200 (192.168.200.200) 56(84) bytes of data.
64 bytes from 192.168.200.200: icmp_seq=1 ttl=62 time=1.59 ms
64 bytes from 192.168.200.200: icmp_seq=2 ttl=62 time=1.75 ms
64 bytes from 192.168.200.200: icmp_seq=3 ttl=62 time=1.24 ms

--- 192.168.200.200 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.239/1.523/1.745/0.211 ms
[root@host100 ~]# 

次の検証シナリオに備え、トンネルとBGPの設定を削除します。

[vy001:VyOS1.4]
delete interfaces tunnel tun0
delete protocols bgp

[vy003:VyOS1.4]
delete interfaces tunnel tun0
delete protocols bgp

動作確認 (2) IP6IP6トンネル

vy001とvy003の間でIP6IP6トンネルを確立します。

[vy001:VyOS1.4]
set interfaces tunnel tun0 address '2001:db8:13::1/64'
set interfaces tunnel tun0 encapsulation 'ip6ip6'
set interfaces tunnel tun0 remote '2001:db8:3::3'
set interfaces tunnel tun0 source-address '2001:db8:1::1'

[vy003:VyOS1.4]
set interfaces tunnel tun0 address '2001:db8:13::3/64'
set interfaces tunnel tun0 encapsulation 'ip6ip6'
set interfaces tunnel tun0 remote '2001:db8:1::1'
set interfaces tunnel tun0 source-address '2001:db8:3::3'

トンネルが確立された事を確認するため、vy001とvy003の間でトンネル経由のping疎通が可能である事を確認します。

[vy001:VyOS1.4]
vyos@vy001:~$ ping 2001:db8:13::3 count 3
PING 2001:db8:13::3(2001:db8:13::3) 56 data bytes
64 bytes from 2001:db8:13::3: icmp_seq=1 ttl=64 time=1.24 ms
64 bytes from 2001:db8:13::3: icmp_seq=2 ttl=64 time=1.08 ms
64 bytes from 2001:db8:13::3: icmp_seq=3 ttl=64 time=1.01 ms

--- 2001:db8:13::3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.012/1.111/1.239/0.094 ms
vyos@vy001:~$ 

host100とhost200の間で疎通可能になるようにBGPで経路を交換します。

[vy001:VyOS1.4]
set protocols bgp address-family ipv6-unicast network 2001:db8:100::/64
set protocols bgp local-as '65000'
set protocols bgp neighbor 2001:db8:13::3 address-family ipv6-unicast
set protocols bgp neighbor 2001:db8:13::3 remote-as '65000'
set protocols bgp timers holdtime '30'
set protocols bgp timers keepalive '10'

[vy003:VyOS1.4]
set protocols bgp address-family ipv6-unicast network 2001:db8:200::/64
set protocols bgp local-as '65000'
set protocols bgp neighbor 2001:db8:13::1 address-family ipv6-unicast
set protocols bgp neighbor 2001:db8:13::1 remote-as '65000'
set protocols bgp timers holdtime '30'
set protocols bgp timers keepalive '10'

host100とhost200の間で互いに疎通可能である事を確認します。

[host100:RockyLinux8.4]
[root@host100 ~]# ping -c 3 2001:db8:200::200
PING 2001:db8:200::200(2001:db8:200::200) 56 data bytes
64 bytes from 2001:db8:200::200: icmp_seq=1 ttl=62 time=2.06 ms
64 bytes from 2001:db8:200::200: icmp_seq=2 ttl=62 time=1.56 ms
64 bytes from 2001:db8:200::200: icmp_seq=3 ttl=62 time=1.76 ms

--- 2001:db8:200::200 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.560/1.790/2.055/0.206 ms
[root@host100 ~]# 

次の検証シナリオに備え、トンネルとBGPの設定を削除します。

[vy001:VyOS1.4]
delete interfaces tunnel tun0
delete protocols bgp

[vy003:VyOS1.4]
delete interfaces tunnel tun0
delete protocols bgp

動作確認 (3) IPIP6トンネル

IPIP6はIPv4をIPv6でカプセル化するトンネリングです。vy001とvy003の間でIPIP6トンネルを確立します。

[vy001:VyOS1.4]
set interfaces tunnel tun0 address '192.168.13.1/24'
set interfaces tunnel tun0 encapsulation 'ipip6'
set interfaces tunnel tun0 remote '2001:db8:3::3'
set interfaces tunnel tun0 source-address '2001:db8:1::1'

[vy003:VyOS1.4]
set interfaces tunnel tun0 address '192.168.13.3/24'
set interfaces tunnel tun0 encapsulation 'ipip6'
set interfaces tunnel tun0 remote '2001:db8:1::1'
set interfaces tunnel tun0 source-address '2001:db8:3::3'

トンネルが確立された事を確認するため、vy001とvy003の間でトンネル経由のping疎通が可能である事を確認します。

[vy001:VyOS1.4]
vyos@vy001:~$ ping 192.168.13.3 count 3
PING 192.168.13.3 (192.168.13.3) 56(84) bytes of data.
64 bytes from 192.168.13.3: icmp_seq=1 ttl=64 time=1.13 ms
64 bytes from 192.168.13.3: icmp_seq=2 ttl=64 time=1.18 ms
64 bytes from 192.168.13.3: icmp_seq=3 ttl=64 time=0.996 ms

--- 192.168.13.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.996/1.102/1.180/0.077 ms
vyos@vy001:~$ 

host100とhost200の間で疎通可能になるようにBGPで経路を交換します。

[vy001:VyOS1.4]
set protocols bgp address-family ipv4-unicast network 192.168.100.0/24
set protocols bgp local-as '65000'
set protocols bgp neighbor 192.168.13.3 remote-as '65000'
set protocols bgp timers holdtime '30'
set protocols bgp timers keepalive '10'

[vy003:VyOS1.4]
set protocols bgp address-family ipv4-unicast network 192.168.200.0/24
set protocols bgp local-as '65000'
set protocols bgp neighbor 192.168.13.1 remote-as '65000'
set protocols bgp timers holdtime '10'
set protocols bgp timers keepalive '30'

host100とhost200の間で互いに疎通可能である事を確認します。

[host100:RockyLinux8.4]
[root@host100 ~]# ping -c 3 192.168.200.200
PING 192.168.200.200 (192.168.200.200) 56(84) bytes of data.
64 bytes from 192.168.200.200: icmp_seq=1 ttl=62 time=1.68 ms
64 bytes from 192.168.200.200: icmp_seq=2 ttl=62 time=1.71 ms
64 bytes from 192.168.200.200: icmp_seq=3 ttl=62 time=2.01 ms

--- 192.168.200.200 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.684/1.803/2.012/0.152 ms
[root@host100 ~]# 

次の検証シナリオに備え、トンネルとBGPの設定を削除します。

[vy001:VyOS1.4]
delete interfaces tunnel tun0
delete protocols bgp

[vy003:VyOS1.4]
delete interfaces tunnel tun0
delete protocols bgp

動作確認 (4) 6in4(SIT)トンネル

6in4(SIT)はIPv6をIPv4でカプセル化するトンネリングです。vy001とvy003の間で6in4(SIT)トンネルを確立します。

[vy001:VyOS1.4]
set interfaces tunnel tun0 address '2001:db8:13::1/64'
set interfaces tunnel tun0 encapsulation 'sit'
set interfaces tunnel tun0 remote '10.3.3.3'
set interfaces tunnel tun0 source-address '10.1.1.1'

[vy003:VyOS1.4]
set interfaces tunnel tun0 address '2001:db8:13::3/64'
set interfaces tunnel tun0 encapsulation 'sit'
set interfaces tunnel tun0 remote '10.1.1.1'
set interfaces tunnel tun0 source-address '10.3.3.3'

トンネルが確立された事を確認するため、vy001とvy003の間でトンネル経由のping疎通が可能である事を確認します。

[vy001:VyOS1.4]
vyos@vy001:~$ ping 2001:db8:13::3 count 3
PING 2001:db8:13::3(2001:db8:13::3) 56 data bytes
64 bytes from 2001:db8:13::3: icmp_seq=1 ttl=64 time=0.863 ms
64 bytes from 2001:db8:13::3: icmp_seq=2 ttl=64 time=1.08 ms
64 bytes from 2001:db8:13::3: icmp_seq=3 ttl=64 time=1.01 ms

--- 2001:db8:13::3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.863/0.984/1.077/0.089 ms
vyos@vy001:~$ 

host100とhost200の間で疎通可能になるようにBGPで経路を交換します。

[vy001:VyOS1.4]
set protocols bgp address-family ipv6-unicast network 2001:db8:100::/64
set protocols bgp local-as '65000'
set protocols bgp neighbor 2001:db8:13::3 address-family ipv6-unicast
set protocols bgp neighbor 2001:db8:13::3 remote-as '65000'
set protocols bgp timers holdtime '30'
set protocols bgp timers keepalive '10'

[vy003:VyOS1.4]
set protocols bgp address-family ipv6-unicast network 2001:db8:200::/64
set protocols bgp local-as '65000'
set protocols bgp neighbor 2001:db8:13::1 address-family ipv6-unicast
set protocols bgp neighbor 2001:db8:13::1 remote-as '65000'
set protocols bgp timers holdtime '30'
set protocols bgp timers keepalive '10'

host100とhost200の間で互いに疎通可能である事を確認します。

[host100:RockyLinux8.4]
[root@host100 ~]# ping -c 3 2001:db8:200::200
PING 2001:db8:200::200(2001:db8:200::200) 56 data bytes
64 bytes from 2001:db8:200::200: icmp_seq=1 ttl=62 time=2.20 ms
64 bytes from 2001:db8:200::200: icmp_seq=2 ttl=62 time=1.77 ms
64 bytes from 2001:db8:200::200: icmp_seq=3 ttl=62 time=1.75 ms

--- 2001:db8:200::200 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.753/1.905/2.197/0.212 ms
[root@host100 ~]# 

次の検証シナリオに備え、トンネルとBGPの設定を削除します。

[vy001:VyOS1.4]
delete interfaces tunnel tun0
delete protocols bgp

[vy003:VyOS1.4]
delete interfaces tunnel tun0
delete protocols bgp

動作確認 (5) GREトンネル

GREは任意のプロトコルを任意のプロトコルでカプセル化する手法です。任意のプロトコル(IPv4, IPv6など)をIPv4でカプセル化する場合は、encapsulationに「gre」を指定します。

vy001とvy003の間でGREトンネルを確立する設定例は以下の通りです。

[vy001:VyOS1.4]
set interfaces tunnel tun0 address '192.168.13.1/24'
set interfaces tunnel tun0 address '2001:db8:13::1/64'
set interfaces tunnel tun0 encapsulation 'gre'
set interfaces tunnel tun0 remote '10.3.3.3'
set interfaces tunnel tun0 source-address '10.1.1.1'

[vy003:VyOS1.4]
set interfaces tunnel tun0 address '192.168.13.3/24'
set interfaces tunnel tun0 address '2001:db8:13::3/64'
set interfaces tunnel tun0 encapsulation 'gre'
set interfaces tunnel tun0 remote '10.1.1.1'
set interfaces tunnel tun0 source-address '10.3.3.3'

トンネルが確立された事を確認するため、vy001とvy003の間でトンネル経由のping疎通が可能である事を確認します。

[vy001:VyOS1.4]
vyos@vy001:~$ ping 192.168.13.3 count 3
PING 192.168.13.3 (192.168.13.3) 56(84) bytes of data.
64 bytes from 192.168.13.3: icmp_seq=1 ttl=64 time=0.652 ms
64 bytes from 192.168.13.3: icmp_seq=2 ttl=64 time=0.918 ms
64 bytes from 192.168.13.3: icmp_seq=3 ttl=64 time=0.949 ms

--- 192.168.13.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2047ms
rtt min/avg/max/mdev = 0.652/0.839/0.949/0.133 ms
vyos@vy001:~$ 
vyos@vy001:~$ 
vyos@vy001:~$ ping 2001:db8:13::3 count 3
PING 2001:db8:13::3(2001:db8:13::3) 56 data bytes
64 bytes from 2001:db8:13::3: icmp_seq=1 ttl=64 time=0.906 ms
64 bytes from 2001:db8:13::3: icmp_seq=2 ttl=64 time=0.955 ms
64 bytes from 2001:db8:13::3: icmp_seq=3 ttl=64 time=1.06 ms

--- 2001:db8:13::3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.906/0.972/1.056/0.062 ms
vyos@vy001:~$ 

host100とhost200の間で疎通可能になるようにBGPで経路を交換します。

[vy001:VyOS1.4]
set protocols bgp address-family ipv4-unicast network 192.168.100.0/24
set protocols bgp address-family ipv6-unicast network 2001:db8:100::/64
set protocols bgp local-as '65000'
set protocols bgp neighbor 192.168.13.3 remote-as '65000'
set protocols bgp neighbor 2001:db8:13::3 address-family ipv6-unicast
set protocols bgp neighbor 2001:db8:13::3 remote-as '65000'
set protocols bgp timers holdtime '30'
set protocols bgp timers keepalive '10'

[vy003:VyOS1.4]
set protocols bgp address-family ipv4-unicast network 192.168.200.0/24
set protocols bgp address-family ipv6-unicast network 2001:db8:200::/64
set protocols bgp local-as '65000'
set protocols bgp neighbor 192.168.13.1 remote-as '65000'
set protocols bgp neighbor 2001:db8:13::1 address-family ipv6-unicast
set protocols bgp neighbor 2001:db8:13::1 remote-as '65000'
set protocols bgp timers holdtime '30'
set protocols bgp timers keepalive '10'

host100とhost200の間で互いに疎通可能である事を確認します。

[host100:RockyLinux8.4]
[root@host100 ~]# ping -c 3 192.168.200.200
PING 192.168.200.200 (192.168.200.200) 56(84) bytes of data.
64 bytes from 192.168.200.200: icmp_seq=1 ttl=62 time=1.66 ms
64 bytes from 192.168.200.200: icmp_seq=2 ttl=62 time=1.55 ms
64 bytes from 192.168.200.200: icmp_seq=3 ttl=62 time=1.68 ms

--- 192.168.200.200 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.553/1.629/1.679/0.072 ms
[root@host100 ~]# 
[root@host100 ~]# 
[root@host100 ~]# ping -c 3 2001:db8:200::200
PING 2001:db8:200::200(2001:db8:200::200) 56 data bytes
64 bytes from 2001:db8:200::200: icmp_seq=1 ttl=62 time=1.61 ms
64 bytes from 2001:db8:200::200: icmp_seq=2 ttl=62 time=1.62 ms
64 bytes from 2001:db8:200::200: icmp_seq=3 ttl=62 time=1.75 ms

--- 2001:db8:200::200 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.609/1.659/1.754/0.074 ms
[root@host100 ~]# 

次の検証シナリオに備え、トンネルとBGPの設定を削除します。

[vy001:VyOS1.4]
delete interfaces tunnel tun0
delete protocols bgp

[vy003:VyOS1.4]
delete interfaces tunnel tun0
delete protocols bgp

動作確認 (6) IP6GREトンネル

GREは任意のプロトコルを任意のプロトコルでカプセル化する手法です。任意のプロトコル(IPv4, IPv6など)をIPv6でカプセル化する場合は、encapsulationに「ip6gre」を指定します。

vy001とvy003の間でGREトンネルを確立する設定例は以下の通りです。

[vy001:VyOS1.4]
set interfaces tunnel tun0 address '192.168.13.1/24'
set interfaces tunnel tun0 address '2001:db8:13::1/64'
set interfaces tunnel tun0 encapsulation 'ip6gre'
set interfaces tunnel tun0 remote '2001:db8:3::3'
set interfaces tunnel tun0 source-address '2001:db8:1::1'

[vy003:VyOS1.4]
set interfaces tunnel tun0 address '192.168.13.3/24'
set interfaces tunnel tun0 address '2001:db8:13::3/64'
set interfaces tunnel tun0 encapsulation 'ip6gre'
set interfaces tunnel tun0 remote '2001:db8:1::1'
set interfaces tunnel tun0 source-address '2001:db8:3::3'

トンネルが確立された事を確認するため、vy001とvy003の間でトンネル経由のping疎通が可能である事を確認します。

[vy001:VyOS1.4]
vyos@vy001:~$ ping 192.168.13.3 count 3
PING 192.168.13.3 (192.168.13.3) 56(84) bytes of data.
64 bytes from 192.168.13.3: icmp_seq=1 ttl=64 time=1.23 ms
64 bytes from 192.168.13.3: icmp_seq=2 ttl=64 time=1.09 ms
64 bytes from 192.168.13.3: icmp_seq=3 ttl=64 time=1.61 ms

--- 192.168.13.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.093/1.310/1.611/0.219 ms
vyos@vy001:~$ 
vyos@vy001:~$ 
vyos@vy001:~$ ping 2001:db8:13::3 count 3
PING 2001:db8:13::3(2001:db8:13::3) 56 data bytes
64 bytes from 2001:db8:13::3: icmp_seq=1 ttl=64 time=1.14 ms
64 bytes from 2001:db8:13::3: icmp_seq=2 ttl=64 time=1.01 ms
64 bytes from 2001:db8:13::3: icmp_seq=3 ttl=64 time=1.01 ms

--- 2001:db8:13::3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.006/1.051/1.135/0.059 ms
vyos@vy001:~$ 

host100とhost200の間で疎通可能になるようにBGPで経路を交換します。

[vy001:VyOS1.4]
set protocols bgp address-family ipv4-unicast network 192.168.100.0/24
set protocols bgp address-family ipv6-unicast network 2001:db8:100::/64
set protocols bgp local-as '65000'
set protocols bgp neighbor 192.168.13.3 remote-as '65000'
set protocols bgp neighbor 2001:db8:13::3 address-family ipv6-unicast
set protocols bgp neighbor 2001:db8:13::3 remote-as '65000'
set protocols bgp timers holdtime '30'
set protocols bgp timers keepalive '10'

[vy003:VyOS1.4]
set protocols bgp address-family ipv4-unicast network 192.168.200.0/24
set protocols bgp address-family ipv6-unicast network 2001:db8:200::/64
set protocols bgp local-as '65000'
set protocols bgp neighbor 192.168.13.1 remote-as '65000'
set protocols bgp neighbor 2001:db8:13::1 address-family ipv6-unicast
set protocols bgp neighbor 2001:db8:13::1 remote-as '65000'
set protocols bgp timers holdtime '30'
set protocols bgp timers keepalive '10'

host100とhost200の間で互いに疎通可能である事を確認します。

[host100:RockyLinux8.4]
[root@host100 ~]# ping -c 3 192.168.200.200
PING 192.168.200.200 (192.168.200.200) 56(84) bytes of data.
64 bytes from 192.168.200.200: icmp_seq=1 ttl=62 time=1.69 ms
64 bytes from 192.168.200.200: icmp_seq=2 ttl=62 time=1.77 ms
64 bytes from 192.168.200.200: icmp_seq=3 ttl=62 time=2.12 ms

--- 192.168.200.200 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.690/1.858/2.119/0.193 ms
[root@host100 ~]# 
[root@host100 ~]# 
[root@host100 ~]# ping -c 3 2001:db8:200::200
PING 2001:db8:200::200(2001:db8:200::200) 56 data bytes
64 bytes from 2001:db8:200::200: icmp_seq=1 ttl=62 time=1.87 ms
64 bytes from 2001:db8:200::200: icmp_seq=2 ttl=62 time=1.62 ms
64 bytes from 2001:db8:200::200: icmp_seq=3 ttl=62 time=1.80 ms

--- 2001:db8:200::200 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.616/1.763/1.871/0.118 ms
[root@host100 ~]# 
タイトルとURLをコピーしました