MPLS VPNについて、PE-CE間のルーティングとしてRIPを用いる方法についてまとめます。疎通可能にするためには、BGP VPNv4によってRIPを伝播させる必要があります。
MPLS RIP routing
構成概要
実際の設定例を見た方が早く理解できますので、設定例を紹介します。以下の環境で動作確認を行います。
VPN_A VPN_A
e0/0 e0/0 e0/1 e0/0 e0/1 e0/0 e0/1 e0/0
+------+.1 .2+------+.2 .3+------+.3 .4+------+.4 .5+------+
| CE1 +----------+ PE2 +----------+ P3 +----------+ PE4 +----------+ CE5 |
+------+ +------+ +------+ +------+ +------+
192.168.12.0/24 200.0.23.0/24 200.0.34.0/24 192.168.45.0/24
CE1 Loopback0 PE2 Loopback0 P3 Loopback0 PE4 Loopback0 CE5 Loopback0
10.1.1.1/24 200.2.2.2/24 200.3.3.3/24 200.4.4.4/24 10.5.5.5/24
[CE1] router rip version 2 network 10.0.0.0 network 192.168.12.0 no auto-summary [PE2] ip vrf VPN_A rd 100:1 route-target export 100:1 route-target import 100:1 ! interface Loopback0 ip address 200.2.2.2 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 ip vrf forwarding VPN_A ip address 192.168.12.2 255.255.255.0 ! interface Ethernet0/1 ip address 200.0.23.2 255.255.255.0 mpls ip ! router ospf 1 log-adjacency-changes network 200.0.23.2 0.0.0.0 area 0 network 200.2.2.2 0.0.0.0 area 0 ! router rip address-family ipv4 vrf VPN_A redistribute bgp 100 metric transparent network 192.168.12.0 no auto-summary version 2 ! router bgp 100 no bgp default ipv4-unicast neighbor 200.3.3.3 remote-as 100 neighbor 200.3.3.3 update-source Loopback0 ! address-family vpnv4 neighbor 200.3.3.3 activate neighbor 200.3.3.3 send-community extended exit-address-family ! address-family ipv4 vrf VPN_A redistribute rip no synchronization exit-address-family [P3] interface Loopback0 ip address 200.3.3.3 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 ip address 200.0.23.3 255.255.255.0 mpls ip ! interface Ethernet0/1 ip address 200.0.34.3 255.255.255.0 mpls ip ! router ospf 1 network 200.0.23.3 0.0.0.0 area 0 network 200.0.34.3 0.0.0.0 area 0 network 200.3.3.3 0.0.0.0 area 0 ! router bgp 100 no bgp default ipv4-unicast neighbor 200.2.2.2 remote-as 100 neighbor 200.2.2.2 update-source Loopback0 neighbor 200.4.4.4 remote-as 100 neighbor 200.4.4.4 update-source Loopback0 ! address-family vpnv4 neighbor 200.2.2.2 activate neighbor 200.2.2.2 send-community extended neighbor 200.2.2.2 route-reflector-client neighbor 200.4.4.4 activate neighbor 200.4.4.4 send-community extended neighbor 200.4.4.4 route-reflector-client exit-address-family [PE4] ip vrf VPN_A rd 100:1 route-target export 100:1 route-target import 100:1 ! interface Loopback0 ip address 200.4.4.4 255.255.255.0 ip ospf network point-to-point ! interface Ethernet0/0 ip address 200.0.34.4 255.255.255.0 mpls ip ! interface Ethernet0/1 ip vrf forwarding VPN_A ip address 192.168.45.4 255.255.255.0 ! router ospf 1 log-adjacency-changes network 200.0.34.4 0.0.0.0 area 0 network 200.4.4.4 0.0.0.0 area 0 ! router rip address-family ipv4 vrf VPN_A redistribute bgp 100 metric transparent network 192.168.45.0 no auto-summary version 2 ! router bgp 100 no bgp default ipv4-unicast neighbor 200.3.3.3 remote-as 100 neighbor 200.3.3.3 update-source Loopback0 ! address-family vpnv4 neighbor 200.3.3.3 activate neighbor 200.3.3.3 send-community extended exit-address-family ! address-family ipv4 vrf VPN_A redistribute rip no synchronization exit-address-family [CE5] router rip version 2 network 10.0.0.0 network 192.168.45.0 no auto-summary
なお、設定全文は下記ファイルです。
設定説明
PEルータ, Pルータ間で、MPLS neighbor, GBP VPNv4 neighborを確立させます。なお、P3をroute-reflectorとして設定する必要がある事に留意して下さい。
[PE2] interface Ethernet0/1 mpls ip ! router bgp 100 no bgp default ipv4-unicast neighbor 200.3.3.3 remote-as 100 neighbor 200.3.3.3 update-source Loopback0 ! address-family vpnv4 neighbor 200.3.3.3 activate [P3] interface Ethernet0/0 mpls ip ! interface Ethernet0/1 mpls ip ! router bgp 100 no bgp default ipv4-unicast neighbor 200.2.2.2 remote-as 100 neighbor 200.2.2.2 update-source Loopback0 neighbor 200.4.4.4 remote-as 100 neighbor 200.4.4.4 update-source Loopback0 ! address-family vpnv4 neighbor 200.2.2.2 activate neighbor 200.2.2.2 route-reflector-client neighbor 200.4.4.4 activate neighbor 200.4.4.4 route-reflector-client [PE4] interface Ethernet0/0 mpls ip ! router bgp 100 no bgp default ipv4-unicast neighbor 200.3.3.3 remote-as 100 neighbor 200.3.3.3 update-source Loopback0 ! address-family vpnv4 neighbor 200.3.3.3 activate neighbor 200.3.3.3 send-community extended
PE, CE間のルーティングを設定します。VRFに対してRIPを設定する場合は、以下のようにaddress-familyというコマンドを使用します。
[PE2] router rip address-family ipv4 vrf VPN_A network 192.168.12.0 no auto-summary version 2
RIP, MP-BGP間で再配送設定は以下の通りです。
なお、MP-BGPはRIPから再配送する際にmetric値をMED値にコピーする事で、metric値を他のBGP neighborに伝搬させます。伝搬したmetric値を使いたい場合は、以下のように”metric transparent“を指定して下さい。
[PE2] router rip address-family ipv4 vrf VPN_A redistribute bgp 100 metric transparent ! router bgp 100 address-family ipv4 vrf VPN_A redistribute rip
動作確認
RIPによる経路交換がなされている事とCEルータ間で疎通可能な事を確認します。
[CE1]
CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet0/0
R 192.168.45.0/24 [120/1] via 192.168.12.2, 00:00:18, Ethernet0/0
10.0.0.0/24 is subnetted, 2 subnets
R 10.5.5.0 [120/2] via 192.168.12.2, 00:00:18, Ethernet0/0
C 10.1.1.0 is directly connected, Loopback0
CE1#
CE1#
CE1#ping 10.5.5.5 source Loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/143/188 ms
CE1#
PEルータ, Pルータ間のBGP updateを観察すると以下の通りです。10.1.1.0/24のMED値が1であり192.168.12.0/24のMED値が0である事から、metric値がMED値にコピーされて伝搬する様子が読み取れます。
Ethernet II, Src: cc:01:0c:54:00:01 (cc:01:0c:54:00:01), Dst: cc:02:0c:54:00:00 (cc:02:0c:54:00:00)
Internet Protocol, Src: 200.2.2.2 (200.2.2.2), Dst: 200.3.3.3 (200.3.3.3)
Transmission Control Protocol, Src Port: bgp (179), Dst Port: 31538 (31538), Seq: 84, Ack: 84, Len: 180
Border Gateway Protocol
UPDATE Message
Marker: 16 bytes
Length: 90 bytes
Type: UPDATE Message (2)
Unfeasible routes length: 0 bytes
Total path attribute length: 67 bytes
Path attributes
ORIGIN: INCOMPLETE (4 bytes)
AS_PATH: empty (3 bytes)
MULTI_EXIT_DISC: 1 (7 bytes)
LOCAL_PREF: 100 (7 bytes)
EXTENDED_COMMUNITIES: (11 bytes)
MP_REACH_NLRI (35 bytes)
Flags: 0x80 (Optional, Non-transitive, Complete)
Type code: MP_REACH_NLRI (14)
Length: 32 bytes
Address family: IPv4 (1)
Subsequent address family identifier: Labeled VPN Unicast (128)
Next hop network address (12 bytes)
Subnetwork points of attachment: 0
Network layer reachability information (15 bytes)
Label Stack=19 (bottom) RD=100:1, IPv4=10.1.1.0/24
Border Gateway Protocol
UPDATE Message
Marker: 16 bytes
Length: 90 bytes
Type: UPDATE Message (2)
Unfeasible routes length: 0 bytes
Total path attribute length: 67 bytes
Path attributes
ORIGIN: INCOMPLETE (4 bytes)
AS_PATH: empty (3 bytes)
MULTI_EXIT_DISC: 0 (7 bytes)
LOCAL_PREF: 100 (7 bytes)
EXTENDED_COMMUNITIES: (11 bytes)
MP_REACH_NLRI (35 bytes)
Flags: 0x80 (Optional, Non-transitive, Complete)
Type code: MP_REACH_NLRI (14)
Length: 32 bytes
Address family: IPv4 (1)
Subsequent address family identifier: Labeled VPN Unicast (128)
Next hop network address (12 bytes)
Subnetwork points of attachment: 0
Network layer reachability information (15 bytes)
Label Stack=20 (bottom) RD=100:1, IPv4=192.168.12.0/24
