Vyatta(VyOS) GRETAP(L2トンネル)設定

Vyatta(VyOS)で、GRETAPトンネルの設定方法をまとめます。GREと似た機能ですが、GREはLayer3として動作し、GRETAPはLayer2として動作します。近年流行りのL2延伸を実装する時に有用となる機能です。

設定まとめ

以下のコマンドでトンネルインターフェースを作成できます。トンネル名はtunXXXという命名にする必要があります。

set interfaces tunnel <tunnel name>

以下のコマンドでトンネルのカプセル化を指定できます。gretapを指定すれば、L2トンネルになります。

set interfaces tunnel <tunnel name> encapsulation <カプセル化>

以下のコマンドでトンネルの送信元IPアドレスを指定します。

set interfaces tunnel <tunnel name> source-address <IPv4アドレス>

以下のコマンドでトンネルの対向IPアドレスを指定します。

set interfaces tunnel <tunnel name> remote <IPv4アドレス>

以下のコマンドでブリッジインターフェースを作成し、それに所属するブリッジメンバーを定義できます。ブリッジのメンバーになれるのは、IPアドレスが付与されていないインターフェースのみです。

set interfaces bridge <ブリッジインターフェース> member interface <ブリッジメンバー>
set interfaces bridge <ブリッジインターフェース> member interface <ブリッジメンバー>

動作確認

動作確認の構成

以下の環境で動作確認を行います。ブリッジを含む動作確認をする時は、ハイパーバイザの仮想スイッチに対してプロミスキャスモード等を有効にする必要がある事に注意ください。

+-----------------------+
|        host100        |
|                       |
+-----------+-----------+
     ens224 | .100  ::100
            | 
            | 192.168.100.0/24
            | 2001:0DB8:100::/64
            | 
       eth0 | (bridge)
+-----------+-----------+
|         vy001         |
| Lo:10.1.1.1/32        |
| Lo:2001:0DB8:1::1/128 |
+-----------+-----------+
       eth1 | .1  ::1
            | 
            | 192.168.12.0/24
            | 2001:0DB8:12::/64
            | 
       eth1 | .2 ::2
+-----------+-----------+
|         vy002         |
| Lo:10.2.2.2/32        |
| Lo:2001:0DB8:2::2/128 |
+-----------+-----------+
       eth2 | .2 ::2
            | 
            | 192.168.23.0/24
            | 2001:0DB8:23::/64
            | 
       eth0 | .3 ::3
+-----------+-----------+
|         vy003         |
| Lo:10.3.3.3/32        |
| Lo:2001:0DB8:3::3/128 |
+-----------+-----------+
       eth1 | (bridge)
            | 
            | 192.168.100.0/24
            | 2001:0DB8:100::/64
            | 
     ens224 | .200 ::200
+-----------+-----------+
|        host200        |
|                       |
+-----------------------+

初期設定

IPv4アドレスとIPv6アドレスは付与済とします。vy001, vy002, vy003の間はOSPFで互いに経路を交換しているものとします。

host100 : Rocky Linux 8.4

[root@host100 ~]# ip address 

 <omitted>

3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:8e:96:66 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.100/24 brd 192.168.100.255 scope global noprefixroute ens224
       valid_lft forever preferred_lft forever
    inet6 2001:db8:100::100/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::8813:7d0:ffd3:2c04/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

host200 : Rocky Linux 8.4

[root@host200 ~]# ip address 

 <omitted>

3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:8e:83:9b brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.200/24 brd 192.168.100.255 scope global noprefixroute ens224
       valid_lft forever preferred_lft forever
    inet6 2001:db8:100::200/64 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::5fb3:768b:ed49:2f24/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

vy001 : VyOS 1.4

set interfaces ethernet eth0 hw-id '00:50:56:8e:74:ec'
set interfaces ethernet eth1 address '192.168.12.1/24'
set interfaces ethernet eth1 address '2001:0DB8:12::1/64'
set interfaces ethernet eth1 hw-id '00:50:56:8e:3a:92'
set interfaces loopback lo address '10.1.1.1/32'
set interfaces loopback lo address '2001:0DB8:1::1/128'
set protocols ospf area 0 network '192.168.12.0/24'
set protocols ospf area 0 network '10.1.1.1/32'
set protocols ospfv3 area 0 interface 'eth1'
set protocols ospfv3 area 0 interface 'lo'
set service ssh
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vy001'
set system login user vyos authentication encrypted-password '$6$tMjC07ln2rEuCnYQ$NrbFEUQTzGprNHwkxo5skkG5h4rX1G6RQxdpo61p3MF77PluwdJgfP9UlYT7f1Nr.gIFKoQdAsKRBykNU24.I/'
set system login user vyos authentication plaintext-password ''
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'

vy002 : VyOS 1.4

set interfaces ethernet eth0 address '192.168.12.2/24'
set interfaces ethernet eth0 hw-id '00:50:56:8e:45:5e'
set interfaces ethernet eth1 address '192.168.23.2/24'
set interfaces ethernet eth1 hw-id '00:50:56:8e:5e:c2'
set interfaces loopback lo address '10.2.2.2/32'
set interfaces loopback lo address '2001:0DB8:2::2/128'
set protocols ospf area 0 network '192.168.12.0/24'
set protocols ospf area 0 network '192.168.23.0/24'
set protocols ospf area 0 network '10.2.2.2/32'
set protocols ospfv3 area 0 interface 'eth0'
set protocols ospfv3 area 0 interface 'eth1'
set protocols ospfv3 area 0 interface 'lo'
set service ssh
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vy002'
set system login user vyos authentication encrypted-password '$6$tMjC07ln2rEuCnYQ$NrbFEUQTzGprNHwkxo5skkG5h4rX1G6RQxdpo61p3MF77PluwdJgfP9UlYT7f1Nr.gIFKoQdAsKRBykNU24.I/'
set system login user vyos authentication plaintext-password ''
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'

vy003 : VyOS 1.4

set interfaces ethernet eth0 address '192.168.23.3/24'
set interfaces ethernet eth0 address '2001:0DB8:23::3/64'
set interfaces ethernet eth0 hw-id '00:50:56:8e:01:93'
set interfaces ethernet eth1 hw-id '00:50:56:8e:fd:95'
set interfaces loopback lo address '10.3.3.3/32'
set interfaces loopback lo address '2001:0DB8:3::3/128'
set protocols ospf area 0 network '192.168.23.0/24'
set protocols ospf area 0 network '10.3.3.3/32'
set protocols ospfv3 area 0 interface 'eth0'
set protocols ospfv3 area 0 interface 'lo'
set service ssh
set system config-management commit-revisions '100'
set system console device ttyS0 speed '115200'
set system host-name 'vy003'
set system login user vyos authentication encrypted-password '$6$tMjC07ln2rEuCnYQ$NrbFEUQTzGprNHwkxo5skkG5h4rX1G6RQxdpo61p3MF77PluwdJgfP9UlYT7f1Nr.gIFKoQdAsKRBykNU24.I/'
set system login user vyos authentication plaintext-password ''
set system ntp server time1.vyos.net
set system ntp server time2.vyos.net
set system ntp server time3.vyos.net
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'

動作確認 GRETAPトンネル

vy001とvy003の間でGRETAPトンネルを確立します。

[vy001:VyOS1.4]
set interfaces tunnel tun0 encapsulation 'gretap'
set interfaces tunnel tun0 remote '10.3.3.3'
set interfaces tunnel tun0 source-address '10.1.1.1'

[vy003:VyOS1.4]
set interfaces tunnel tun0 encapsulation 'gretap'
set interfaces tunnel tun0 remote '10.1.1.1'
set interfaces tunnel tun0 source-address '10.3.3.3'

vy001とvy003でブリッジインターフェースを作成し、そのブリッジに所属するメンバーを定義します。

[vy001:VyOS1.4]
set interfaces bridge br0 member interface eth0
set interfaces bridge br0 member interface tun0

[vy003:VyOS1.4]
set interfaces bridge br0 member interface eth1
set interfaces bridge br0 member interface tun0

host100とhost200の間で互いに疎通可能である事を確認します。

[host100:RockyLinux8.4]
[root@host100 ~]# ping -c 3 192.168.100.200
PING 192.168.100.200 (192.168.100.200) 56(84) bytes of data.
64 bytes from 192.168.100.200: icmp_seq=1 ttl=64 time=1.79 ms
64 bytes from 192.168.100.200: icmp_seq=2 ttl=64 time=1.67 ms
64 bytes from 192.168.100.200: icmp_seq=3 ttl=64 time=1.62 ms

--- 192.168.100.200 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 1.621/1.691/1.787/0.077 ms
[root@host100 ~]# 
[root@host100 ~]# 
[root@host100 ~]# 
[root@host100 ~]# ping -c 3 2001:db8:100::200
PING 2001:db8:100::200(2001:db8:100::200) 56 data bytes
64 bytes from 2001:db8:100::200: icmp_seq=1 ttl=64 time=2.73 ms
64 bytes from 2001:db8:100::200: icmp_seq=2 ttl=64 time=1.72 ms
64 bytes from 2001:db8:100::200: icmp_seq=3 ttl=64 time=1.90 ms

--- 2001:db8:100::200 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.719/2.118/2.733/0.444 ms
[root@host100 ~]#

デバッグ GRETAPトンネル

もし前述の操作でping疎通がNGとなった場合は、デバッグ目的として一時的にブリッジインターフェースに対してIPアドレスを振ってみましょう。

[vy001:VyOS1.4]
set interfaces bridge br0 address 192.168.100.1/24

[vy003:VyOS1.4]
set interfaces bridge br0 address 192.168.100.3/24

host100とvy001の間、host200とvy003の間などでping応答を確認すれば、どの機器間でトラブルがあるかの切り分けが可能になります。

[vy001:VyOS1.4]
[root@host100 ~]# ping -c 3 192.168.100.1
PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.
64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.702 ms
64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.368 ms
64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.673 ms

--- 192.168.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2049ms
rtt min/avg/max/mdev = 0.368/0.581/0.702/0.151 ms
[root@host100 ~]# 

[vy003:VyOS1.4]
[root@host200 ~]# ping -c 3 192.168.100.3
PING 192.168.100.3 (192.168.100.3) 56(84) bytes of data.
64 bytes from 192.168.100.3: icmp_seq=1 ttl=64 time=0.469 ms
64 bytes from 192.168.100.3: icmp_seq=2 ttl=64 time=0.387 ms
64 bytes from 192.168.100.3: icmp_seq=3 ttl=64 time=0.544 ms

--- 192.168.100.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2081ms
rtt min/avg/max/mdev = 0.387/0.466/0.544/0.068 ms
[root@host200 ~]#