Vyatta(VyOS) staticルーティング設定

Vyatta(VyOS)で、IPv4とIPv6のstatic routingの方法をまとめます。

設定まとめ

static routeの設定

以下のコマンドでIPv4とIPv6のstatic routeを定義できます。

set protocols static route <宛先アドレス> next-hop <ネクストホップとなるIPv4アドレス>
set protocols static route6 <宛先アドレス> next-hop <ネクストホップとなるIPv6アドレス>

ルーティングテーブルの確認

以下のコマンドでIPv4とIPv6のルーティングテーブルを閲覧できます。

show ip route
show ipv6 route

動作確認

動作確認の構成

以下の環境で動作確認を行います。

+-----------------------+
|         vy001         |
| Lo:10.1.1.1/32        |
| Lo:2001:0DB8:1::1/128 |
+-----------+-----------+
       eth0 | .1  ::1
            | 
            | 192.168.12.0/24
            | 2001:0DB8:12::/64
            | 
       eth0 | .2 ::2
+-----------;-----------+
|         vy002         |
| Lo:10.2.2.2/32        |
| Lo:2001:0DB8:2::2/128 |
+-----------+-----------+
       eth1 | .2 ::2
            | 
            | 192.168.23.0/24
            | 2001:0DB8:23::/64
            | 
       eth0 | .3 ::3
+-----------+-----------+
|         vy003         |
| Lo:10.3.3.3/32        |
| Lo:2001:0DB8:3::3/128 |
+-----------------------+

初期設定

IPv4アドレスとIPv6アドレスは付与済の状態で動作確認をします。

vy001 : VyOS 1.4

set interfaces ethernet eth0 address '192.168.12.1/24'
set interfaces ethernet eth0 address '2001:0DB8:12::1/64'
set interfaces ethernet eth0 hw-id '00:50:56:8e:74:ec'
set interfaces loopback lo address '10.1.1.1/32'
set interfaces loopback lo address '2001:0DB8:1::1/128'
set service ssh
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vy001'
set system login user vyos authentication encrypted-password '$6$tMjC07ln2rEuCnYQ$NrbFEUQTzGprNHwkxo5skkG5h4rX1G6RQxdpo61p3MF77PluwdJgfP9UlYT7f1Nr.gIFKoQdAsKRBykNU24.I/'
set system login user vyos authentication plaintext-password ''
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'

vy002 : VyOS 1.4

set interfaces ethernet eth0 address '192.168.12.2/24'
set interfaces ethernet eth0 address '2001:0DB8:12::2/64'
set interfaces ethernet eth0 hw-id '00:50:56:8e:45:5e'
set interfaces ethernet eth1 address '192.168.23.2/24'
set interfaces ethernet eth1 address '2001:0DB8:23::2/64'
set interfaces ethernet eth1 hw-id '00:50:56:8e:5e:c2'
set interfaces loopback lo address '10.2.2.2/32'
set interfaces loopback lo address '2001:0DB8:2::2/128'
set service ssh
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vy002'
set system login user vyos authentication encrypted-password '$6$tMjC07ln2rEuCnYQ$NrbFEUQTzGprNHwkxo5skkG5h4rX1G6RQxdpo61p3MF77PluwdJgfP9UlYT7f1Nr.gIFKoQdAsKRBykNU24.I/'
set system login user vyos authentication plaintext-password ''
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'

vy003 : VyOS 1.4

set interfaces ethernet eth0 address '192.168.23.3/24'
set interfaces ethernet eth0 address '2001:0DB8:23::3/64'
set interfaces ethernet eth0 hw-id '00:50:56:8e:01:93'
set interfaces loopback lo address '10.3.3.3/32'
set interfaces loopback lo address '2001:0DB8:3::3/128'
set service ssh
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vy003'
set system login user vyos authentication encrypted-password '$6$tMjC07ln2rEuCnYQ$NrbFEUQTzGprNHwkxo5skkG5h4rX1G6RQxdpo61p3MF77PluwdJgfP9UlYT7f1Nr.gIFKoQdAsKRBykNU24.I/'
set system login user vyos authentication plaintext-password ''
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'

動作確認 (1) デフォルトゲートウェイの設定

vy001とvy003に、IPv4とIPv6のデフォルトゲートウェイを設定します。

[vy001:VyOS1.4]
set protocols static route 0.0.0.0/0 next-hop 192.168.12.2
set protocols static route6 ::/0 next-hop 2001:0DB8:12::2

[vy003:VyOS1.4]
set protocols static route 0.0.0.0/0 next-hop 192.168.23.2
set protocols static route6 ::/0 next-hop 2001:0DB8:23::2

IPv4とIPv6のルーティングテーブルを確認します。

[vy001:VyOS1.4]
vyos@vy001:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

S>* 0.0.0.0/0 [1/0] via 192.168.12.2, eth0, weight 1, 00:00:31
C>* 10.1.1.1/32 is directly connected, lo, 00:11:18
C>* 192.168.12.0/24 is directly connected, eth0, 01:45:14
vyos@vy001:~$ 
vyos@vy001:~$ 
vyos@vy001:~$ show ipv6 route 
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

S>* ::/0 [1/0] via 2001:db8:12::2, eth0, weight 1, 00:00:37
C>* 2001:db8:1::1/128 is directly connected, lo, 00:11:24
C>* 2001:db8:12::/64 is directly connected, eth0, 00:11:23
C * fe80::/64 is directly connected, eth0, 01:45:59
C>* fe80::/64 is directly connected, lo, 01:46:02
vyos@vy001:~$ 

[vy003:VyOS1.4]
vyos@vy003:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

S>* 0.0.0.0/0 [1/0] via 192.168.23.2, eth0, weight 1, 00:00:07
C>* 10.3.3.3/32 is directly connected, lo, 00:14:37
C>* 192.168.23.0/24 is directly connected, eth0, 01:52:26
vyos@vy003:~$ 
vyos@vy003:~$ 
vyos@vy003:~$ show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

S>* ::/0 [1/0] via 2001:db8:23::2, eth0, weight 1, 00:00:11
C>* 2001:db8:3::3/128 is directly connected, lo, 00:14:41
C>* 2001:db8:23::/64 is directly connected, eth0, 00:14:40
C * fe80::/64 is directly connected, eth0, 01:53:20
C>* fe80::/64 is directly connected, lo, 01:53:23
vyos@vy003:~$

vy001とyv003から、vy002のLoopbackへ疎通可能になった事を確認します。

[vy001:VyOS1.4]
vyos@vy001:~$ ping 10.2.2.2 count 3
PING 10.2.2.2 (10.2.2.2) 56(84) bytes of data.
64 bytes from 10.2.2.2: icmp_seq=1 ttl=64 time=0.450 ms
64 bytes from 10.2.2.2: icmp_seq=2 ttl=64 time=0.585 ms
64 bytes from 10.2.2.2: icmp_seq=3 ttl=64 time=0.730 ms

--- 10.2.2.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2040ms
rtt min/avg/max/mdev = 0.450/0.588/0.730/0.114 ms
vyos@vy001:~$ 
vyos@vy001:~$ 
vyos@vy001:~$ ping 2001:0DB8:2::2 count 3
PING 2001:0DB8:2::2(2001:db8:2::2) 56 data bytes
64 bytes from 2001:db8:2::2: icmp_seq=1 ttl=64 time=0.635 ms
64 bytes from 2001:db8:2::2: icmp_seq=2 ttl=64 time=0.525 ms
64 bytes from 2001:db8:2::2: icmp_seq=3 ttl=64 time=0.642 ms

--- 2001:0DB8:2::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2047ms
rtt min/avg/max/mdev = 0.525/0.600/0.642/0.053 ms
vyos@vy001:~$ 


[vy003:VyOS1.4]
vyos@vy003:~$ ping 10.2.2.2 count 3
PING 10.2.2.2 (10.2.2.2) 56(84) bytes of data.
64 bytes from 10.2.2.2: icmp_seq=1 ttl=64 time=0.572 ms
64 bytes from 10.2.2.2: icmp_seq=2 ttl=64 time=0.450 ms
64 bytes from 10.2.2.2: icmp_seq=3 ttl=64 time=0.415 ms

--- 10.2.2.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2051ms
rtt min/avg/max/mdev = 0.415/0.479/0.572/0.067 ms
vyos@vy003:~$ 
vyos@vy003:~$ 
vyos@vy003:~$ ping 2001:0DB8:2::2 count 3
PING 2001:0DB8:2::2(2001:db8:2::2) 56 data bytes
64 bytes from 2001:db8:2::2: icmp_seq=1 ttl=64 time=0.668 ms
64 bytes from 2001:db8:2::2: icmp_seq=2 ttl=64 time=0.485 ms
64 bytes from 2001:db8:2::2: icmp_seq=3 ttl=64 time=0.514 ms

--- 2001:0DB8:2::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2062ms
rtt min/avg/max/mdev = 0.485/0.555/0.668/0.080 ms
vyos@vy003:~$

動作確認 (2) static routeの設定

デフォルトゲートウェイではないstatic routeの動作確認をします。vy002に、vy001とvy003のloopback向けてのstatic routeを定義します。

[vy002:VyOS1.4]
set protocols static route 10.1.1.1/32 next-hop 192.168.12.1
set protocols static route 10.3.3.3/32 next-hop 192.168.23.3
set protocols static route6 2001:0DB8:1::1/128 next-hop 2001:0DB8:12::1
set protocols static route6 2001:0DB8:3::3/128 next-hop 2001:0DB8:23::3

IPv4とIPv6のルーティングテーブルを確認します。

[vy002:VyOS1.4]
vyos@vy002:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

S>* 10.1.1.1/32 [1/0] via 192.168.12.1, eth0, weight 1, 00:00:07
C>* 10.2.2.2/32 is directly connected, lo, 00:29:33
S>* 10.3.3.3/32 [1/0] via 192.168.23.3, eth1, weight 1, 00:07:24
C>* 192.168.12.0/24 is directly connected, eth0, 02:04:33
C>* 192.168.23.0/24 is directly connected, eth1, 02:04:33
vyos@vy002:~$ 
vyos@vy002:~$ 
vyos@vy002:~$ show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

S>* 2001:db8:1::1/128 [1/0] via 2001:db8:12::1, eth0, weight 1, 00:00:06
C>* 2001:db8:2::2/128 is directly connected, lo, 00:26:53
S>* 2001:db8:3::3/128 [1/0] via 2001:db8:23::3, eth1, weight 1, 00:00:06
C>* 2001:db8:12::/64 is directly connected, eth0, 00:26:52
C>* 2001:db8:23::/64 is directly connected, eth1, 00:26:51
C * fe80::/64 is directly connected, eth0, 02:03:08
C * fe80::/64 is directly connected, eth1, 02:03:09
C>* fe80::/64 is directly connected, lo, 02:03:11
vyos@vy002:~$

vy001とyv003から、vy002のLoopbackへ疎通可能になった事を確認します。

[vy001:VyOS1.4]
vyos@vy001:~$ ping 10.3.3.3 count 3
PING 10.3.3.3 (10.3.3.3) 56(84) bytes of data.
64 bytes from 10.3.3.3: icmp_seq=1 ttl=63 time=0.816 ms
64 bytes from 10.3.3.3: icmp_seq=2 ttl=63 time=1.03 ms
64 bytes from 10.3.3.3: icmp_seq=3 ttl=63 time=1.19 ms

--- 10.3.3.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2008ms
rtt min/avg/max/mdev = 0.816/1.009/1.185/0.151 ms
vyos@vy001:~$ 
vyos@vy001:~$ 
vyos@vy001:~$ ping 2001:0DB8:3::3 count 3
PING 2001:0DB8:3::3(2001:db8:3::3) 56 data bytes
64 bytes from 2001:db8:3::3: icmp_seq=1 ttl=63 time=0.965 ms
64 bytes from 2001:db8:3::3: icmp_seq=2 ttl=63 time=1.12 ms
64 bytes from 2001:db8:3::3: icmp_seq=3 ttl=63 time=1.03 ms

--- 2001:0DB8:3::3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.965/1.037/1.120/0.063 ms
vyos@vy001:~$ 


[vy003:VyOS1.4]
vyos@vy003:~$ ping 10.1.1.1 count 3
PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data.
64 bytes from 10.1.1.1: icmp_seq=1 ttl=63 time=0.761 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=63 time=1.16 ms
64 bytes from 10.1.1.1: icmp_seq=3 ttl=63 time=1.00 ms

--- 10.1.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.761/0.975/1.163/0.165 ms
vyos@vy003:~$ 
vyos@vy003:~$ 
vyos@vy003:~$ ping 2001:0DB8:1::1 count 3
PING 2001:0DB8:1::1(2001:db8:1::1) 56 data bytes
64 bytes from 2001:db8:1::1: icmp_seq=1 ttl=63 time=0.940 ms
64 bytes from 2001:db8:1::1: icmp_seq=2 ttl=63 time=1.17 ms
64 bytes from 2001:db8:1::1: icmp_seq=3 ttl=63 time=1.03 ms

--- 2001:0DB8:1::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.940/1.046/1.172/0.095 ms
vyos@vy003:~$