Arista EOS Layer3 EVPNの設定紹介 – 自宅で体験できるファブリックネットワーク

Arista EOSでLayer3 EVPNを設定する方法を説明します。「Arista EOS Layer2 EVPNの設定紹介」で紹介した手法で異なるvlan間を疎通させるには、Aristaで構成したleaf/spine構成の外にルータを置かなければなりません。Layer2 EVPNではルータへの折り返しトラフィックが発生してしまいますが、Layer3 EVPNならばleaf/spine内部でルーティングを実装する事ができます。

必ずしもLayer3 EVPNが優れているわけではありません。例えば、NATやFirewallなどAristaが苦手とする処理と同時にルーティングを行いたい場合は、Layer2 EVPNでleaf/spineの外にルータやファイアウォールを配置した方が適切な場合もあります。

• Arista vEOSの基本的な使い方
• Arista cEOSの基本的な使い方
• Arista cEOS docker-composeを使った操作例
• Arista cEOS docker-topoを使った操作例
• Arista EOSの基本操作 SSHログインが出来るようになるまで
• Arista EOS vxlanの設定紹介
• Arista EOS Layer2 EVPNの設定紹介
• Arista EOS Layer3 EVPNの設定紹介 (いまここ)
• Arista EOS Layer3 EVPNとダイナミックルーティングの併用
• Arista EOS MLAGの設定方法
• Arista EOS 実践的なvxlan設定
• Arista EOS 実践的なLayer2 EVPN設定
• Arista EOS アップリンク二重障害の対応
• Arista EOS 実践的なLayer3 EVPN設定
• Arista EOS 実践的なEVPNとダイナミックルーティング併用例
• Arista EOS ゼロタッチプロビジョニングの設定

構成図

以下の環境で動作確認を行います。

                          +---------------+
      192.168.13.0/24  .3 |    spine03    | .3   192.168.23.0/24
              +-----------+Lo0:10.3.3.3/32+----------+
              |        e1 +---------------+ e2       |
              |                                      |
           e2 | .1                                e1 | .2
+-------------+----------------+       +-------------+----------------+ 
|            leaf01            |       |            leaf02            |
|       Lo0:10.1.1.1/32        |       |       Lo0:10.2.2.2/32        |
+-------------+----------------+       +-------------+----------------+
           e1 | trunk                             e2 | trunk
              |                                      |
           e1 | trunk                             e1 | trunk
+-------------+----------------+       +-------------+----------------+ 
|            host01            |       |            host02            |
|vrf01:vlan110:192.168.110.1/24|       |vrf01:vlan110:192.168.110.2/24|
|vrf02:vlan120:192.168.120.1/24|       |vrf02:vlan120:192.168.120.2/24|
|vrf03:vlan130:192.168.130.1/24|       |                              |
|                              |       |vrf04:vlan140:192.168.140.2/24|
+------------------------------+       +------------------------------+

初期設定

初期設定はIPアドレスのみです。この状態からEVPNに必要な設定を投入していきます。

! Command: show running-config
! device: host01 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname host01
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$1HdZV8EnhStZl7Jq$ykA.fAxEM2WTNGiPYNFMQ9a88CjY2yK9F0tZM1x8xMWUAcmOQsuEWHVvYHo2OBUnZcxw2aqn767XrqkLaV8CS/
!
vlan 110,120,130
!
vrf instance CONSOLE
!
vrf instance vrf01
!
vrf instance vrf02
!
vrf instance vrf03
!
interface Ethernet1
   switchport mode trunk
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.41/24
!
interface Vlan110
   vrf vrf01
   ip address 192.168.110.1/24
!
interface Vlan120
   vrf vrf02
   ip address 192.168.120.1/24
!
interface Vlan130
   vrf vrf03
   ip address 192.168.130.1/24
!
no ip routing
ip routing vrf CONSOLE
no ip routing vrf vrf01
no ip routing vrf vrf02
no ip routing vrf vrf03
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

! Command: show running-config
! device: leaf01 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf01
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$8g4im0prH7WjskGr$WSWnk6NXojEYqo03GaaS0kg0RdAjkwKCF7hqpLk1b2/aIyjAUwIcBWcq.7zuWDyxdv8Otf74JsHzZnn9aR9hG.
!
vrf instance CONSOLE
!
interface Ethernet1
   switchport mode trunk
!
interface Ethernet2
   no switchport
   ip address 192.168.13.1/24
!
interface Loopback0
   ip address 10.1.1.1/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.42/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

! Command: show running-config
! device: spine03 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname spine03
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$XNluPtcOuBEDxR5H$EqK9UnbxO1KHRl.1tmHKZoRw9mFvxp3/hFJqQUDQ9wnkXjINlDPRUoZ4wPECNmKue.BfLxYDT/LtYLe8u6T4J0
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.13.3/24
!
interface Ethernet2
   no switchport
   ip address 192.168.23.3/24
!
interface Loopback0
   ip address 10.3.3.3/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.43/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

! Command: show running-config
! device: leaf02 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf02
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$bVpJ2.2SeukhvZ49$i20QxV1G6Y4RsuFV57vcPuvB2gZo5LsVHdE9Ht9yxzQoNaieMNPkBB6gdvbsykwBqXG2UDN2peT49dbeQteuX/
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.23.2/24
!
interface Ethernet2
   switchport mode trunk
!
interface Loopback0
   ip address 10.2.2.2/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.44/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

! Command: show running-config
! device: host02 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname host02
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$k0Y65l5FD1m2IXQu$PGCSozozxe9XwHS2jPp/iDTy11fm34zcPkJfb1.hY0Ajgzoa9GpmVjqAF8nW1I0P9Per1sLq6oSiEOGEaYLlf.
!
vlan 110,120,140
!
vrf instance CONSOLE
!
vrf instance vrf01
!
vrf instance vrf02
!
vrf instance vrf04
!
interface Ethernet1
   switchport mode trunk
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.45/24
!
interface Vlan110
   vrf vrf01
   ip address 192.168.110.2/24
!
interface Vlan120
   vrf vrf02
   ip address 192.168.120.2/24
!
interface Vlan140
   vrf vrf04
   ip address 192.168.140.2/24
!
no ip routing
ip routing vrf CONSOLE
no ip routing vrf vrf01
no ip routing vrf vrf02
no ip routing vrf vrf04
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

動作確認(1) 同一VLANの疎通

アンダーレイネットワークの構築

以下の設定を投入し、leaf01, spine03, leaf02間が互いに疎通可能にあるようにします。「Arista EOS Layer2 EVPNの設定紹介>」にて紹介した設定と全く同じ設定を入れます。

# leaf01
ip routing
router ospf 1
   network 10.1.1.1/32 area 0.0.0.0
   network 192.168.13.0/24 area 0.0.0.0

# spine03
ip routing
router ospf 1
   network 10.3.3.3/32 area 0.0.0.0
   network 192.168.13.0/24 area 0.0.0.0
   network 192.168.23.0/24 area 0.0.0.0

# leaf02
ip routing
router ospf 1
   network 10.2.2.2/32 area 0.0.0.0
   network 192.168.23.0/24 area 0.0.0.0

leaf01とleaf02の間が互いに疎通可能である事を確認します。

leaf01#show ip route ospf

VRF: default
Codes: C - connected, S - static, K - kernel, 
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - DHCP client installed default route, M - Martian,
       DP - Dynamic Policy Route, L - VRF Leaked,
       RC - Route Cache Route

 O        10.2.2.2/32 [110/30] via 192.168.13.3, Ethernet2
 O        10.3.3.3/32 [110/20] via 192.168.13.3, Ethernet2
 O        192.168.23.0/24 [110/20] via 192.168.13.3, Ethernet2

leaf01#
leaf01#ping 10.2.2.2 source Loopback0
PING 10.2.2.2 (10.2.2.2) from 10.1.1.1 : 72(100) bytes of data.
80 bytes from 10.2.2.2: icmp_seq=1 ttl=63 time=4.64 ms
80 bytes from 10.2.2.2: icmp_seq=2 ttl=63 time=2.49 ms
80 bytes from 10.2.2.2: icmp_seq=3 ttl=63 time=3.72 ms
80 bytes from 10.2.2.2: icmp_seq=4 ttl=63 time=2.68 ms
80 bytes from 10.2.2.2: icmp_seq=5 ttl=63 time=2.36 ms

--- 10.2.2.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 17ms
rtt min/avg/max/mdev = 2.367/3.181/4.641/0.875 ms, ipg/ewma 4.367/3.875 ms
leaf01#

VXLANの設定

leaf01, leaf02にvxlanの設定を入れます。

# leaf01
vlan 110,120,130
!
interface Vxlan1
   vxlan source-interface Loopback0
   vxlan vlan 110 vni 90110
   vxlan vlan 120 vni 90120
   vxlan vlan 130 vni 90130

# leaf02
vlan 110,120,140
!
interface Vxlan1
   vxlan source-interface Loopback0
   vxlan vlan 110 vni 90110
   vxlan vlan 120 vni 90120
   vxlan vlan 140 vni 90140

この時点ではinterface vxlanはdown状態です。EVPNの設定が完了次第、interfaceがupに変わります。

leaf01#show interfaces vxlan 1
Vxlan1 is down, line protocol is down (notconnect)
  Hardware is Vxlan
  Source interface is Loopback0 and is active with 10.1.1.1
  Replication/Flood Mode is not initialized yet
  Remote MAC learning via Datapath
  VNI mapping to VLANs
  Static VLAN to VNI mapping is 
    [110, 90110]      [120, 90120]      [130, 90130]     
  Note: All Dynamic VLANs used by VCS are internal VLANs.
        Use 'show vxlan vni' for details.
  Static VRF to VNI mapping is not configured
  MLAG Shared Router MAC is 0000.0000.0000

routing protocols model multi-agent

EVPNを使用するには「routing protocols model multi-agent」という機能を有効にする必要があります。もし、有効にしていない場合は以下のような警告が表示されます。

また、「routing protocols model multi-agent」の有効化設定を反映するには再起動が必要です。

leaf02(config)#router bgp 65000
leaf02(config-router-bgp)#no bgp default ipv4-unicast 
leaf02(config-router-bgp)#address-family evpn 
! Routing protocols model multi-agent must be configured for EVPN address-family
leaf02(config-router-bgp-af)#exit
leaf02(config-router-bgp)#exit
leaf02(config)#service routing protocols model multi-agent 
! Change will take effect only after switch reboot
leaf02(config)#

leaf01, leaf02に対し「routing protocols model multi-agent」を有効にします。設定反映には再起動が必要である事に留意ください。

# leaf01
service routing protocols model multi-agent

# leaf02
service routing protocols model multi-agent 

bgp address-family evpn

leaf01とleaf02の間でbgp address-family evpn neighborを確立します。

# leaf01
router bgp 65000
   no bgp default ipv4-unicast
   timers bgp 10 30
   neighbor 10.2.2.2 remote-as 65000
   neighbor 10.2.2.2 update-source Loopback0
   neighbor 10.2.2.2 send-community
   !
   vlan 110
      rd 10.1.1.1:110
      route-target both 110:90110
      redistribute learned
   !
   vlan 120
      rd 10.1.1.1:120
      route-target both 120:90120
      redistribute learned
   !
   vlan 130
      rd 10.1.1.1:130
      route-target both 130:90130
      redistribute learned
   !
   address-family evpn
      neighbor 10.2.2.2 activate

# leaf02
router bgp 65000
   no bgp default ipv4-unicast
   timers bgp 10 30
   neighbor 10.1.1.1 remote-as 65000
   neighbor 10.1.1.1 update-source Loopback0
   neighbor 10.1.1.1 send-community
   !
   vlan 110
      rd 10.2.2.2:110
      route-target both 110:90110
      redistribute learned
   !
   vlan 120
      rd 10.2.2.2:120
      route-target both 120:90120
      redistribute learned
   !
   vlan 140
      rd 10.2.2.2:140
      route-target both 140:90140
      redistribute learned
   !
   address-family evpn
      neighbor 10.1.1.1 activate

BGP neighborがEstabの状態になった事を確認します。

leaf01#show bgp evpn summary 
BGP summary information for VRF default
Router identifier 10.1.1.1, local AS number 65000
Neighbor Status Codes: m - Under maintenance
  Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
  10.2.2.2         4 65000             10        10    0    0 00:00:31 Estab   3      3

最低でも1つのMACアドレスが授受される状態になると、interface vxlan 1はup状態に変わります。

このシナリオではstaticにvtepの宛先を指定してないので、「Static VRF to VNI mapping is not configured」と表示されています。

また、EVPNによって対向の10.2.2.2を認識しましたので、「Headend replication flood vtep list is」に「10.2.2.2」と表示されています。

leaf01#show interfaces vxlan 1
Vxlan1 is up, line protocol is up (connected)
  Hardware is Vxlan
  Source interface is Loopback0 and is active with 10.1.1.1
  Replication/Flood Mode is headend with Flood List Source: EVPN
  Remote MAC learning via EVPN
  VNI mapping to VLANs
  Static VLAN to VNI mapping is 
    [110, 90110]      [120, 90120]      [130, 90130]     
  Note: All Dynamic VLANs used by VCS are internal VLANs.
        Use 'show vxlan vni' for details.
  Static VRF to VNI mapping is not configured
  Headend replication flood vtep list is:
   110 10.2.2.2       
   120 10.2.2.2       
  MLAG Shared Router MAC is 0000.0000.0000

疎通確認

host01からhost02への疎通を確認します。

host01#ping vrf vrf01 192.168.110.2
PING 192.168.110.2 (192.168.110.2) 72(100) bytes of data.
80 bytes from 192.168.110.2: icmp_seq=1 ttl=64 time=64.7 ms
80 bytes from 192.168.110.2: icmp_seq=2 ttl=64 time=54.8 ms
80 bytes from 192.168.110.2: icmp_seq=3 ttl=64 time=45.9 ms
80 bytes from 192.168.110.2: icmp_seq=4 ttl=64 time=37.5 ms
80 bytes from 192.168.110.2: icmp_seq=5 ttl=64 time=29.3 ms

--- 192.168.110.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 41ms
rtt min/avg/max/mdev = 29.323/46.478/64.745/12.465 ms, pipe 5, ipg/ewma 10.359/54.714 ms
host01#
host01#
host01#
host01#ping vrf vrf02 192.168.120.2
PING 192.168.120.2 (192.168.120.2) 72(100) bytes of data.
80 bytes from 192.168.120.2: icmp_seq=2 ttl=64 time=15.9 ms
80 bytes from 192.168.120.2: icmp_seq=3 ttl=64 time=12.1 ms
80 bytes from 192.168.120.2: icmp_seq=4 ttl=64 time=15.6 ms
80 bytes from 192.168.120.2: icmp_seq=5 ttl=64 time=15.4 ms

--- 192.168.120.2 ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 53ms
rtt min/avg/max/mdev = 12.130/14.791/15.989/1.554 ms, pipe 2, ipg/ewma 13.254/15.509 ms

pingによる疎通確認直後に以下のコマンドをleaf01やleaf02で実行すると、vxlanが管理しているMacアドレステーブルを確認する事ができます。

leaf01#show vxlan address-table 
          Vxlan Mac Address Table
----------------------------------------------------------------------

VLAN  Mac Address     Type     Prt  VTEP             Moves   Last Move
----  -----------     ----     ---  ----             -----   ---------
 110  0050.56f4.e19e  EVPN     Vx1  10.2.2.2         1       0:00:44 ago
 120  0050.56f4.e19e  EVPN     Vx1  10.2.2.2         1       0:00:37 ago
Total Remote Mac Addresses for this criterion: 2

EVPNによって授受されたMACアドレスは以下のコマンドで確認します。

leaf01#show bgp evpn 
BGP routing table information for VRF default
Router identifier 10.1.1.1, local AS number 65000
Route status codes: s - suppressed, * - valid, > - active, E - ECMP head, e - ECMP
                    S - Stale, c - Contributing to ECMP, b - backup
                    % - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop

          Network                Next Hop              Metric  LocPref Weight  Path
 * >     RD: 10.1.1.1:110 mac-ip 000c.2905.9ba5
                                 -                     -       -       0       i
 * >     RD: 10.1.1.1:120 mac-ip 000c.2905.9ba5
                                 -                     -       -       0       i
 * >     RD: 10.2.2.2:110 mac-ip 0050.56f4.e19e
                                 10.2.2.2              -       100     0       i
 * >     RD: 10.2.2.2:120 mac-ip 0050.56f4.e19e
                                 10.2.2.2              -       100     0       i
 * >     RD: 10.1.1.1:110 imet 10.1.1.1
                                 -                     -       -       0       i
 * >     RD: 10.1.1.1:120 imet 10.1.1.1
                                 -                     -       -       0       i
 * >     RD: 10.1.1.1:130 imet 10.1.1.1
                                 -                     -       -       0       i
 * >     RD: 10.2.2.2:110 imet 10.2.2.2
                                 10.2.2.2              -       100     0       i
 * >     RD: 10.2.2.2:120 imet 10.2.2.2
                                 10.2.2.2              -       100     0       i
 * >     RD: 10.2.2.2:140 imet 10.2.2.2
                                 10.2.2.2              -       100     0       i
leaf01#

動作確認(2) VLAN間ルーティング

デフォルトゲートウェイの設定

全てのリーフスイッチ(このシナリオの場合はleaf01,leaf02)にデフォルトゲートウェイとなるIPアドレスを設定します。

ip virtual-router mac-addressコマンドは全てのリーフスイッチでデフォルトゲートウェイのIPアドレスが同じになるように設定するコマンドです。このシナリオでは意識する必要はありませんが、実践ではVMware vMotionやVMware DRSによって仮想マシンが移動する事があります。移動すれば、異なるリーフスイッチ配下に移動される可能性もありますので、その時にサーバ側のARPテーブル含め疎通可能な状態にするにはゲートウェイのMACアドレスが変わらないように配慮する必要があります。

# leaf01
vrf instance GATEWAY
!
ip routing vrf GATEWAY
!
interface Vlan110
   vrf GATEWAY
   ip address 192.168.110.101/24
   ip virtual-router address 192.168.110.254
!
interface Vlan120
   vrf GATEWAY
   ip address 192.168.120.101/24
   ip virtual-router address 192.168.120.254
!
interface Vlan130
   vrf GATEWAY
   ip address 192.168.130.101/24
   ip virtual-router address 192.168.130.254
!
ip virtual-router mac-address 00:00:00:00:00:0a

# leaf02
vrf instance GATEWAY
!
ip routing vrf GATEWAY
!
interface Vlan110
   vrf GATEWAY
   ip address 192.168.110.102/24
   ip virtual-router address 192.168.110.254
!
interface Vlan120
   vrf GATEWAY
   ip address 192.168.120.102/24
   ip virtual-router address 192.168.120.254
!
interface Vlan140
   vrf GATEWAY
   ip address 192.168.140.102/24
   ip virtual-router address 192.168.140.254
!
ip virtual-router mac-address 00:00:00:00:00:0a

EVPNを通じて、leaf01,leaf02間で互いにルーティングおよびMACアドレスを学習している事を確認します。

leaf01#show ip route vrf GATEWAY 

VRF: GATEWAY
Codes: C - connected, S - static, K - kernel, 
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - DHCP client installed default route, M - Martian,
       DP - Dynamic Policy Route, L - VRF Leaked,
       RC - Route Cache Route

Gateway of last resort is not set

 B I      192.168.110.2/32 [200/0] via VTEP 10.2.2.2 VNI 9999 router-mac 00:50:56:07:22:5b
 C        192.168.110.0/24 is directly connected, Vlan110
 B I      192.168.120.2/32 [200/0] via VTEP 10.2.2.2 VNI 9999 router-mac 00:50:56:07:22:5b
 C        192.168.120.0/24 is directly connected, Vlan120
 C        192.168.130.0/24 is directly connected, Vlan130
 B I      192.168.140.2/32 [200/0] via VTEP 10.2.2.2 VNI 9999 router-mac 00:50:56:07:22:5b
 B I      192.168.140.0/24 [200/0] via VTEP 10.2.2.2 VNI 9999 router-mac 00:50:56:07:22:5b

VLAN間ルーティングの設定

VLAN100とVLAN200が互いにルーティング可能になるように設定します。

# leaf 01
interface Vxlan1
   vxlan vrf GATEWAY vni 9999
!
router bgp 65000
   vrf GATEWAY
      rd 10.1.1.1:9999
      route-target import evpn 99:9999
      route-target export evpn 99:9999
      redistribute connected

# leaf 02
interface Vxlan1
   vxlan vrf GATEWAY vni 9999
!
router bgp 65000
   vrf GATEWAY
      rd 10.2.2.2:9999
      route-target import evpn 99:9999
      route-target export evpn 99:9999
      redistribute connected

疎通確認

host01, host02にデフォルトゲートウェイを設定します。

# leaf01
ip routing vrf vrf01
ip routing vrf vrf02
ip routing vrf vrf03
ip route vrf vrf01 0.0.0.0/0 192.168.110.254
ip route vrf vrf02 0.0.0.0/0 192.168.120.254
ip route vrf vrf03 0.0.0.0/0 192.168.130.254

# leaf02
ip routing vrf vrf01
ip routing vrf vrf02
ip routing vrf vrf04
ip route vrf vrf01 0.0.0.0/0 192.168.110.254
ip route vrf vrf02 0.0.0.0/0 192.168.120.254
ip route vrf vrf04 0.0.0.0/0 192.168.140.254

VLAN間の疎通が可能になった事を確認します。

host01#ping vrf vrf01 192.168.120.2
PING 192.168.120.2 (192.168.120.2) 72(100) bytes of data.
80 bytes from 192.168.120.2: icmp_seq=1 ttl=62 time=19.7 ms
80 bytes from 192.168.120.2: icmp_seq=2 ttl=62 time=14.1 ms
80 bytes from 192.168.120.2: icmp_seq=3 ttl=62 time=21.9 ms
80 bytes from 192.168.120.2: icmp_seq=4 ttl=62 time=21.3 ms
80 bytes from 192.168.120.2: icmp_seq=5 ttl=62 time=21.6 ms

--- 192.168.120.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 67ms
rtt min/avg/max/mdev = 14.103/19.766/21.926/2.936 ms, pipe 2, ipg/ewma 16.941/19.901 ms
host01#
host01#
host01#ping vrf vrf01 192.168.130.1
PING 192.168.130.1 (192.168.130.1) 72(100) bytes of data.
80 bytes from 192.168.130.1: icmp_seq=1 ttl=63 time=7.36 ms
80 bytes from 192.168.130.1: icmp_seq=2 ttl=63 time=6.39 ms
80 bytes from 192.168.130.1: icmp_seq=3 ttl=63 time=6.09 ms
80 bytes from 192.168.130.1: icmp_seq=4 ttl=63 time=6.67 ms
80 bytes from 192.168.130.1: icmp_seq=5 ttl=63 time=7.85 ms

--- 192.168.130.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 28ms
rtt min/avg/max/mdev = 6.095/6.877/7.857/0.651 ms, ipg/ewma 7.121/7.148 ms
host01#
host01#
host01#ping vrf vrf01 192.168.140.2
PING 192.168.140.2 (192.168.140.2) 72(100) bytes of data.
80 bytes from 192.168.140.2: icmp_seq=1 ttl=62 time=24.9 ms
80 bytes from 192.168.140.2: icmp_seq=2 ttl=62 time=18.0 ms
80 bytes from 192.168.140.2: icmp_seq=3 ttl=62 time=21.6 ms
80 bytes from 192.168.140.2: icmp_seq=4 ttl=62 time=25.0 ms
80 bytes from 192.168.140.2: icmp_seq=5 ttl=62 time=20.8 ms

--- 192.168.140.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 71ms
rtt min/avg/max/mdev = 18.098/22.140/25.072/2.640 ms, pipe 3, ipg/ewma 17.886/23.578 ms
host01#

デフォルトゲートウェイのMACアドレスは、ip virtual-router mac-addressコマンドで指定した値になっている事を確認します。

host01#show arp vrf vrf01 
Address         Age (sec)  Hardware Addr   Interface
192.168.110.2         N/A  0050.56f4.e19e  Vlan110, not learned
192.168.110.254       N/A  0000.0000.000a  Vlan110, Ethernet1