VRF 構成の詳細については、「VRF の設定」を参照してください。
(注)
|
|
VRF Red の構成例!SNMP server configuration under VRF context Red:
vrf context Red
snmp-server host 192.168.0.12 use-vrf Red
!OSPF instance configuration to VRF Red
router ospf 201
vrf Red
!interface configuration for VRF Red
interface ethernet 1/2
vrf member Red
ip address 192.168.0.1/16
ip router ospf 201 area 0
no shutdown
VRF Red および Blue の構成例
!VRFs (Red, and Blue) creation
vrf context Red
vrf context Blue
!Configures OSPF per VRF
feature ospf
router ospf Lab
vrf Red
router ospf Production
vrf Blue
router-id 192.168.1.0
interface ethernet 1/2
vrf member Red
ip address 192.168.0.1/16
ip router ospf Lab area 0
no shutdown
interface ethernet 10/2
vrf member Blue
ip address 192.168.0.1/16
ip router ospf Production area 0
no shutdown
!SNMP server configuration under VRF
!Note: Use the SNMP context “lab” to access the OSPF-MIB values for the OSPF instance Lab in VRF “Red” in this example.
!Create SNMP entities (v2c and/or v3) with appropriate groups/roles as needed on the switch to access the MIBs on the switch
!Create SNMP v3 user that can be used for SNMP queries, for example:
snmp-server user admin network-admin auth md5 password1
!Create SNMP v2c community that can be used for SNMP queries, for example:
snmp-server community public ro
!Create SNMP contexts that can be used along with the entities for SNMP queries, for example:
snmp-server context lab instance Lab vrf Red
snmp-server context production instance Production vrf Blue
ルート リークの VRF 構成例
!VRF configuration
feature bgp
vrf context red
ip route 192.168.33.0/32 192.168.3.1
address-family ipv4 unicast
route-target import 3:3
route-target export 2:2
export map test
import map test
import vrf default map test
interface Ethernet1/7
vrf member red
ip address 192.168.3.2/24
no shutdown
vrf context blue
ip route 192.168.44.0/32 192.168.4.1
address-family ipv4 unicast
route-target import 1:1
route-target import 2:2
route-target export 3:3
export map test
import map test
import vrf default map test
interface Ethernet1/11
vrf member blue
ip address 192.168.4.2/24
no shutdown
!IP prefix list configuration
ip prefix-list test seq 5 permit 0.0.0.0/0 le 32
route-map test permit 10
match ip address prefix-list test
ip route 192.168.101.101/32 192.168.55.1
!BGP per VRF assignment
router bgp 100
address-family ipv4 unicast
redistribute static route-map test
vrf red
address-family ipv4 unicast
redistribute static route-map test
vrf blue
address-family ipv4 unicast
redistribute static route-map test
グローバル VRF と非デフォルト VRF 間のルート リークの確認例
switch# show ip route vrf all
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
192.168.55.0/24, ubest/mbest: 1/0, attached
*via 192.168.55.5, Lo0, [0/0], 00:07:59, direct
192.168.55.5/32, ubest/mbest: 1/0, attached
*via 192.168.55.5, Lo0, [0/0], 00:07:59, local
192.168.101.101/32, ubest/mbest: 1/0
*via 192.168.55.1, [1/0], 00:07:42, static
!
IP Route Table for VRF "management"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
0.0.0.0/0, ubest/mbest: 1/0
*via 10.29.176.1, [1/0], 12:53:54, static
10.29.176.0/24, ubest/mbest: 1/0, attached
*via 10.29.176.233, mgmt0, [0/0], 13:11:57, direct
10.29.176.233/32, ubest/mbest: 1/0, attached
*via 10.29.176.233, mgmt0, [0/0], 13:11:57, local
!
IP Route Table for VRF "red"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
192.168.33.0/32, ubest/mbest: 1/0
*via 192.168.3.1, [1/0], 00:23:44, static
35.35.1.0/24, ubest/mbest: 1/0, attached
*via 35.35.1.2, Eth1/7, [0/0], 00:26:46, direct
35.35.1.2/32, ubest/mbest: 1/0, attached
*via 35.35.1.2, Eth1/7, [0/0], 00:26:46, local
192.168.44.0/32, ubest/mbest: 1/0
*via 192.168.4.1%blue, [20/0], 00:12:08, bgp-100, external, tag 100
192.168.101.101/32, ubest/mbest: 1/0
*via 192.168.55.1%default, [20/0], 00:07:41, bgp-100, external, tag 100
!
IP Route Table for VRF "blue"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
192.168.33.0/32, ubest/mbest: 1/0
*via 192.168.3.1%red, [20/0], 00:12:34, bgp-100, external, tag 100
192.168.44.0/32, ubest/mbest: 1/0
*via 192.168.4.1, [1/0], 00:23:16, static
45.45.1.0/24, ubest/mbest: 1/0, attached
*via 192.168.4.2, Eth1/11, [0/0], 00:25:53, direct
192.168.4.2/32, ubest/mbest: 1/0, attached
*via 192.168.4.2, Eth1/11, [0/0], 00:25:53, local
192.168.101.101/32, ubest/mbest: 1/0
*via 192.168.55.1%default, [20/0], 00:07:41, bgp-100, external, tag 100
switch(config)#
エクスポート VRF デフォルトの構成例
次に、「export vrf default」コマンドで導入されたインポート済みルートの再インポートを許可し、VPN インポート済みルートを default-VRF に再インポートできるようにする例を示します。
vrf context vpn1
address-family ipv4 unicast
export vrf default [<prefix-limit>] map <route-map> [allow-vpn]
address-family ipv6 unicast
export vrf default [<prefix-limit>] map <route-map> [allow-vpn]
Border-leaf の構成例
-
IP プレフィックス リストを構成するには、次のコマンドを使用します。
!IP prefix list configuration
ip prefix-list DEFAULT_ROUTE seq 5 permit 0.0.0.0/0
route-map NO_DEFAULT_ROUTE deny 5
match ip address prefix-list DEFAULT_ROUTE
route-map NO_DEFAULT_ROUTE permit 10
route-map allow permit 10
!Creation of VRFs, and importing the route maps
vrf context vni100
vni 100
ip route 0.0.0.0/0 Null0
rd auto
address-family ipv4 unicast
route-target import 100:200
route-target import 100:200 evpn
route-target both auto
route-target both auto evpn
import vrf default map allow
export vrf default map NO_DEFAULT_ROUTE allow-vpn
vrf context vni200
vni 200
ip route 0.0.0.0/0 Null0
rd auto
address-family ipv4 unicast
route-target import 100:100
route-target import 100:100 evpn
route-target both auto
route-target both auto evpn
import vrf default map allow
export vrf default map NO_DEFAULT_ROUTE
!BGP configuration
router bgp 100
address-family ipv4 unicast
redistribute direct route-map allow
address-family ipv6 unicast
redistribute direct route-map allow
neighbor 192.168.101.101
remote-as 100
update-source loopback0
address-family l2vpn evpn
send-community extended
neighbor 192.168.30.2
remote-as 300
address-family ipv4 unicast
vrf vni100
address-family ipv4 unicast
network 0.0.0.0/0
advertise l2vpn evpn
redistribute direct route-map allow
vrf vni200
address-family ipv4 unicast
network 0.0.0.0/0
advertise l2vpn evpn
redistribute direct route-map allow
BGP IPv4 ユニキャスト構成の確認例
switch(config-vrf)# show bgp ipv4 unicast 192.168.11.11/32
BGP routing table information for VRF default, address family IPv4 Unicast
BGP routing table entry for 192.168.11.11/32, version 14
Paths: (1 available, best #1)
Flags: (0x08041a) on xmit-list, is in urib, is best urib route, is in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, in rib
Imported from 192.168.3.3:3:192.168.11.11/32 (VRF vni100)
AS-Path: 150 , path sourced external to AS
192.168.1.0 (metric 81) from 192.168.101.101 (192.168.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 100
Extcommunity:
RT:100:100
ENCAP:8
Router MAC:5254.004e.a437
Originator: 192.168.1.0 Cluster list: 192.168.101.101
Path-id 1 advertised to peers:
192.168.30.2
VRF ごとの BGP IPv4 ユニキャスト構成の確認例
switch(config-vrf)# show bgp vrf vni100 ipv4 unicast 192.168.11.11/32
BGP routing table information for VRF vni100, address family IPv4 Unicast
BGP routing table entry for 192.168.11.11/32, version 8
Paths: (1 available, best #1)
Flags: (0x08041e) on xmit-list, is in urib, is best urib route, is in HW
vpn: version 19, (0x100002) on xmit-list
Advertised path-id 1, VPN AF advertised path-id 1
Path type: internal, path is valid, is best path, in rib
Imported from 192.168.1.0:3:[5]:[0]:[0]:[32]:[192.168.11.11]:[0.0.0.0]/224
AS-Path: 150 , path sourced external to AS
192.168.1.0 (metric 81) from 192.168.101.101 (192.168.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 100
Extcommunity:
RT:100:100
ENCAP:8
Router MAC:5254.004e.a437
Originator: 192.168.1.0 Cluster list: 192.168.101.101
VRF advertise information:
Path-id 1 not advertised to any peer
VPN AF advertise information:
Path-id 1 not advertised to any peer
BGP IPv6 ユニキャスト構成の確認例
switch(config-vrf)# show bgp ipv6 unicast 2001:DB8:1::1/64
BGP routing table information for VRF default, address family IPv6 Unicast
BGP routing table entry for 2001:DB8:1::1/64, version 13
Paths: (1 available, best #1)
Flags: (0x08041a) on xmit-list, is in u6rib, is best u6rib route, is in HW
Advertised path-id 1
Path type: internal, path is valid, is best path
Imported from 192.168.3.3:3:2001:DB8:1::1/64 (VRF vni100)
AS-Path: 150 , path sourced external to AS
::ffff:192.168.1.0 (metric 81) from 192.168.101.101 (192.168.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 100
Extcommunity:
RT:100:100
ENCAP:8
Router MAC:5254.004e.a437
Originator: 192.168.1.0 Cluster list: 192.168.101.101
Path-id 1 advertised to peers:
30::2
VRF ごとの BGP IPv6 ユニキャスト構成の確認例
switch(config-vrf)# show bgp vrf vni100 ipv6 unicast 2001:DB8:1::1/64
BGP routing table information for VRF vni100, address family IPv6 Unicast
BGP routing table entry for 2001:DB8::1/128, version 6
Paths: (1 available, best #1)
Flags: (0x08041e) on xmit-list, is in u6rib, is best u6rib route, is in HW
vpn: version 7, (0x100002) on xmit-list
Advertised path-id 1, VPN AF advertised path-id 1
Path type: internal, path is valid, is best path
Imported from 192.168.1.0:3:[5]:[0]:[0]:[128]:[2001:DB8:1::1]:[0::]/416
AS-Path: 150 , path sourced external to AS
::ffff:192.168.1.0 (metric 81) from 192.168.101.101 (192.168.101.101)
Origin incomplete, MED 0, localpref 100, weight 0
Received label 100
Extcommunity:
RT:100:100
ENCAP:8
Router MAC:5254.004e.a437
Originator: 192.168.1.0 Cluster list: 192.168.101.101
VRF advertise information:
Path-id 1 not advertised to any peer
VPN AF advertise information:
Path-id 1 not advertised to any peer
IPv4 ルート構成の確認例
switch(config-if)# show ip route
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
0.0.0.0/0, ubest/mbest: 1/0
*via vrf vni100, Null0, [20/0], 1d04h, bgp-100, external, tag 100
192.168.1.0/32, ubest/mbest: 1/0
*via 192.168.103.1, Eth1/1, [110/81], 1d04h, ospf-100, intra
192.168.2.2/32, ubest/mbest: 1/0
*via 192.168.103.1, Eth1/1, [110/81], 1d04h, ospf-100, intra
192.168.3.3/32, ubest/mbest: 2/0, attached
*via 192.168.3.3, Lo0, [0/0], 1d04h, local
*via 192.168.3.3, Lo0, [0/0], 1d04h, direct
192.168.9.9/32, ubest/mbest: 1/0, attached
*via 192.168.9.9%vni100, Lo9, [20/0], 1d03h, bgp-100, external, tag 100
192.168.10.0/24, ubest/mbest: 1/0
*via 192.168.1.0, [200/0], 1d04h, bgp-100, internal, tag 100 (evpn) segid: 100 tunnelid: 0x1010101 encap: VXLAN
192.168.11.11/32, ubest/mbest: 1/0
*via 192.168.1.0, [200/0], 1d04h, bgp-100, internal, tag 150 (evpn) segid: 100 tunnelid: 0x1010101 encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0
*via 192.168.2.2, [200/0], 1d04h, bgp-100, internal, tag 100 (evpn) segid: 200 tunnelid: 0x2020202 encap: VXLAN
192.168.22.22/32, ubest/mbest: 1/0
*via 192.168.2.2, [200/0], 1d04h, bgp-100, internal, tag 250 (evpn) segid: 200 tunnelid: 0x2020202 encap: VXLAN
192.168.30.0/24, ubest/mbest: 1/0, attached
*via 192.168.30.1, Eth1/2, [0/0], 1d04h, direct
192.168.30.1/32, ubest/mbest: 1/0, attached
*via 192.168.30.1, Eth1/2, [0/0], 1d04h, local
192.168.33.0/32, ubest/mbest: 1/0
*via 192.168.30.2, [20/0], 1d04h, bgp-100, external, tag 300
192.168.100.0/24, ubest/mbest: 1/0, attached
*via 192.168.100.3%vni100, Vlan100, [20/0], 1d04h, bgp-100, external, tag 100
192.168.101.0/24, ubest/mbest: 1/0
*via 192.168.103.1, Eth1/1, [110/80], 1d04h, ospf-100, intra
192.168.101.101/32, ubest/mbest: 1/0
*via 192.168.103.1, Eth1/1, [110/41], 1d04h, ospf-100, intra
192.168.102.0/24, ubest/mbest: 1/0
*via 192.168.103.1, Eth1/1, [110/80], 1d04h, ospf-100, intra
192.168.103.0/24, ubest/mbest: 1/0, attached
*via 192.168.103.2, Eth1/1, [0/0], 1d04h, direct
192.168.103.2/32, ubest/mbest: 1/0, attached
IPv6 ルート構成の確認例switch(config-if)# show ipv6 route
IPv6 Routing Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
::/0, ubest/mbest: 1/0
*via vrf vni100, Null0, [20/0], 1d04h, bgp-100, external, tag 100
2001:DB8:1::/64, ubest/mbest: 1/0, attached
*via 2001:DB8:1::1, Eth1/1, [0/0], 1d04h, direct
2001:DB8:2:2::/128, ubest/mbest: 1/0
*via 2001:DB8:103:1::1, Eth1/1, [110/81], 1d04h, ospf-100, intra
2001:DB8:3:3::/128, ubest/mbest: 2/0, attached
*via 2001:DB8:3:3::3, Lo0, [0/0], 1d04h, local
*via 2001:DB8:3:3::3, Lo0, [0/0], 1d04h, direct
2001:DB8:9:9::/128, ubest/mbest: 1/0, attached
*via 2001:DB8:9:9::9%vni100, Lo9, [20/0], 1d03h, bgp-100, external, tag 100
2001:DB8:10::/64, ubest/mbest: 1/0
*via 2001:DB8:1::, [200/0], 1d04h, bgp-100, internal, tag 100 (evpn) segid: 100 tunnelid: 0x1010101 encap: VXLAN
2001:DB8:11:11::/128, ubest/mbest: 1/0
*via 2001:DB8:1::, [200/0], 1d04h, bgp-100, internal, tag 150 (evpn) segid: 100 tunnelid: 0x1010101 encap: VXLAN
2001:DB8:20::/64, ubest/mbest: 1/0
*via 2001:DB8:2:2::2, [200/0], 1d04h, bgp-100, internal, tag 100 (evpn) segid: 200 tunnelid: 0x2020202 encap: VXLAN
2001:DB8:22:22::/128, ubest/mbest: 1/0
*via 2001:DB8:2:2::2, [200/0], 1d04h, bgp-100, internal, tag 250 (evpn) segid: 200 tunnelid: 0x2020202 encap: VXLAN
2001:DB8:30::/64, ubest/mbest: 1/0, attached
*via 2001:DB8:30::1, Eth1/2, [0/0], 1d04h, direct
2001:DB8:30::1/128, ubest/mbest: 1/0
フィードバック