はじめに
このドキュメントでは、Virtual Routing and Forwarding(VRF)ルートリークの一般的な方法について説明し、設定例を示します。
前提条件
要件
次の項目に関する知識があることが推奨されます。
- ボーダー ゲートウェイ プロトコル(BGP)
- ルーティングプロトコルの再配布
- VRF
- Cisco IOS® XEソフトウェア
これらのトピックの詳細は、次の項目を参照してください。
ルーティングプロトコルの再配布
EIGRP と BGP の間の相互再配布の設定例
BGPへのOSPFルートの再配布について
使用するコンポーネント
このドキュメントの情報は、Cisco IOS® XEバージョン16.12.Xおよび17.Xを搭載したルータに基づいています
このドキュメントの情報は、特定のラボ環境にあるデバイスに基づいて作成されました。このドキュメントで使用するすべてのデバイスは、クリアな(デフォルト)設定で作業を開始しています。本稼働中のネットワークでは、各コマンドによって起こる可能性がある影響を十分確認してください。
背景説明
VRFを使用すると、ルータは異なる仮想ネットワークに対して個別のルーティングテーブルを維持できます。例外が必要な場合、VRFルート漏出により、スタティックルートを使用せずに一部のトラフィックをVRF間でルーティングできます。
シナリオ1:BGPとIGP間のVRFルートリーク(EIGRP)
シナリオ1は、BGPとEIGRPの間のVRFルート漏出の例を示しています。この方法は、他のIGPに使用できます。
ネットワーク図
図1に示されているネットワークダイアグラムは、ルート漏出が必要なレイヤ3トポロジを示しています。
画像 1.シナリオ1のルート漏出トポロジ
ルータLEAKには、VRF Aのネイバーに対するBGPネイバーシップと、グローバルVRFのEIGRPネイバーがあります。デバイス192.168.11.11は、ネットワークを介してデバイス172.16.10.10に接続できる必要があります。
ルートが異なるVRFにあるため、ルータLEAKはこの2つの間をルーティングできません。 これらのルーティングテーブルは、VRFごとの現在のルートを示し、どのルートをグローバルVRFとVRF Aの間でリークする必要があるかを示します。
ルーティングテーブルのリーク
EIGRPルーティングテーブル(グローバルルーティング) |
LEAK#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet2
L 192.168.1.1/32 is directly connected, GigabitEthernet2
192.168.11.0/32 is subnetted, 1 subnets
D 192.168.11.11 [90/130816] via 192.168.1.2, 02:30:29, GigabitEthernet2 >> Route to be exchange to the VRF A routing table.
LEAK#show ip route vrf A
Routing Table: A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/30 is directly connected, GigabitEthernet1
L 10.0.0.1/32 is directly connected, GigabitEthernet1
172.16.0.0/32 is subnetted, 1 subnets
B 172.16.10.10 [200/0] via 10.0.0.2, 01:47:58 >> Route to be exchange to the global routing table.
設定
2つのルーティングテーブル間のリークを作成するには、次の手順を実行します。
Step 1.
Create route-maps to filter the routes to be injected in both routing tables.
LEAK(config)#Route-map VRF_TO_EIGRP
LEAK(config-route-map)#match ip address prefix-list VRF_TO_EIGRP
LEAK(config-route-map)#exit
!
Prefix-list created to match the host that is attached to the previous route-map configured.
!
ip prefix-list VRF_TO_EIGRP permit 172.16.10.10/32
or
LEAK(config)#Route-map VRF_TO_EIGRP
LEAK(config-route-map)# match ip address 10
LEAK(config-route-map)#exit
!
ACL created to match the host that is attached to the previous route-map.
!
LEAK#show ip access-lists 10
10 permit 172.16.10.10
LEAK(config)#Route-map EIGRP_TO_VRF
LEAK(config-route-map)#match ip address prefix-list EIGRP_TO_VRF
LEAK(config-route-map)#exit
LEAK(config)#
!
Prefix-list created to match the host that is attached to the previous route-map configured.
!
ip prefix-list EIGRP_TO_VRF permit 192.168.11.11/32
or
LEAK(config)#Route-map EIGRP_TO_VRF
LEAK(config-route-map)#match ip address 20
LEAK(config-route-map)#exit
LEAK(config)#
!
ACL created to match the host that is attached to the previous route-map.
!
LEAK#show ip access-list 20
10 permit 192.168.11.11
Step 2.
Define the import/export maps and add the route-map names.
LEAK(config)#vrf definition A
LEAK(config-vrf)#address-family ipv4
LEAK(config-vrf-af)#import ipv4 unicast map EIGRP_TO_VRF >> Import the global routing table routes at the VRF routing table.
LEAK(config-vrf-af)#export ipv4 unicast map VRF_TO_EIGRP >> Export the VRF routes to the Global Routing Table.
LEAK(config-vrf-af)#end
Step 3.
Proceed with the dual redistribution.
Redistribute EIGRP
LEAK(config)#router bgp 1
LEAK(config-router)#redistribute eigrp 1
LEAK(config-router)#end
Redistribution BGP
LEAK(config)#router eigrp 1
LEAK(config-router)#redistribute bgp 1 metric 100 1 255 1 1500
LEAK(config-router)#end
確認
Routing table from VRF A
LEAK#show ip route vrf A
Routing Table: A
< Snip for resume >
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/30 is directly connected, GigabitEthernet1
L 10.0.0.1/32 is directly connected, GigabitEthernet1
172.16.0.0/32 is subnetted, 1 subnets
B 172.16.10.10 [200/0] via 10.0.0.2, 00:58:53
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.1.0/24 is directly connected, 00:01:00, GigabitEthernet2
L 192.168.1.1/32 is directly connected, GigabitEthernet2
192.168.11.0/32 is subnetted, 1 subnets
B 192.168.11.11 [20/130816] via 192.168.1.2, 00:01:00, GigabitEthernet2 >> Route from global routing table at VRF A routing table.
Global Routing Table (EIGRP)
LEAK#show ip route
< snip for resume >
Gateway of last resort is not set
172.16.0.0/32 is subnetted, 1 subnets
B 172.16.10.10 [200/0] via 10.0.0.2 (A), 00:04:47 >> Route from VRF A at global routing table.
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet2
L 192.168.1.1/32 is directly connected, GigabitEthernet2
192.168.11.0/32 is subnetted, 1 subnets
D 192.168.11.11 [90/130816] via 192.168.1.2, 01:03:35, GigabitEthernet2
LEAK#
シナリオ2:VRF AとVRF Bの間のVRFリーク
シナリオ2では、2つの異なるVRF間のリークについて説明します。
ネットワーク図
このドキュメントでは、次のネットワーク構成を使用しています。
画像 2.シナリオ2のルート漏出トポロジ
ルータリークには、VRF Aのネイバーに対するBGPネイバーシップと、VRF BのOSPFネイバーがあります。デバイス192.168.11.11は、ネットワークを介してデバイス172.16.10.10に接続する必要があります。
ルートが異なるVRFにあるため、ルータLEAKはこの2つの間をルーティングできません。これらのルーティングテーブルは、VRFごとの現在のルートを示し、VRF AとVRF Bの間でリークする必要があるルートを示します。
リークルーティングテーブル:
LEAK#show ip route vrf A
Routing Table: A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/30 is directly connected, Ethernet0/0
L 10.0.0.2/32 is directly connected, Ethernet0/0
172.16.0.0/32 is subnetted, 1 subnets
B 172.16.10.10 [200/0] via 10.0.0.1, 00:03:08 >> Route to be exchange to routing table VRF B.
LEAK#show ip route vrf B
Routing Table: B
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Ethernet0/1
L 192.168.1.2/32 is directly connected, Ethernet0/1
192.168.11.0/32 is subnetted, 1 subnets
O 192.168.11.11 [110/11] via 192.168.1.1, 00:58:45, Ethernet0/1 >> Route to be exchange to routing table VRF A.
設定
2つのルーティングテーブル間のリークを作成するには、次の手順を実行します。
Step 1.
Create route-maps to filter the routes to be injected in both routing tables.
LEAK(config)#Route-map VRFA_TO_VRFB
LEAK(config-route-map)#match ip address prefix-list VRFA_TO_VRFB
LEAK(config-route-map)#exit
!
Prefix-list created to match the host and IP segment that is attached to the previous route-map configured.
!
ip prefix-list VRFA_TO_VRFB permit 172.16.10.10/32
ip prefix-list VRFA_TO_VRFB permit 10.0.0.0/30
or
LEAK(config)#Route-map VRFA_TO_VRFB
LEAK(config-route-map)#match ip address 10
LEAK(config-route-map)#exit
!
ACL created to match the host and IP segment that is attached to the previous route-map.
!
LEAK#show ip access-lists 10
10 permit 172.16.10.10
20 permit 10.0.0.0
LEAK(config)#Route-map VRFB_TO_VRFA
LEAK(config-route-map)#match ip address prefix-list VRFB_TO_VRFA
LEAK(config-route-map)#exit
!
Prefix-list created to match the host and IP segment that is attached to the previous route-map configured.
!
ip prefix-list VRFB_TO_VRFA permit 192.168.11.11/32
ip prefix-list VRFB_TO_VRFA permit 192.168.1.0/24
or
LEAK(config)#Route-map VRFB_TO_VRFA
LEAK(config-route-map)#match ip address 20
LEAK(config-route-map)#exit
!
ACL created to match the host and IP segment that is attached to the previous route-map configured.
!
LEAK#show ip access-lists 20
10 permit 192.168.11.11
20 permit 192.168.1.0
Step 2.
At the VRFs configure the import/export map, use the route-map names to leak the routes.
LEAK(config)#vrf definition A
LEAK(config-vrf)#address-family ipv4
LEAK(config-vrf-af)#export map VRFA_TO_VRFB
LEAK(config-vrf-af)#import map VRFB_TO_VRFA
LEAK(config)#vrf definition B
LEAK(config-vrf)#address-family ipv4
LEAK(config-vrf-af)#export map VRFB_TO_VRFA
LEAK(config-vrf-af)#import map VRFA_TO_VRFB
Step 3.
Add the route-target to import and export the route distinguisher from both VRFs.
! --- Current configuration for VRF A
vrf definition A
rd 1:2
!
address-family ipv4
route-target export 1:2
route-target import 1:1
exit-address-family
! --- Current configuration from VRF B
vrf definition B
rd 2:2
!
address-family ipv4
exit-address-family
! --- Import the routes from VRF B into VRF A
LEAK(config)#vrf definition A
LEAK(config-vrf)#address-family ipv4
LEAK(config-vrf-af)#route-target import 2:2
! --- Import routes from VRF A to VRF B and export routes from VRF B
LEAK(config-vrf-af)#vrf definition B
LEAK(config-vrf)#address-family ipv4
LEAK(config-vrf-af)#route-target import 1:2
LEAK(config-vrf-af)#route-target export 2:2
確認
Check the Routing Tables
VRF A Routing Table
LEAK#show ip route vrf A
Routing Table: A
< Snip for resume >
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/30 is directly connected, Ethernet0/0
L 10.0.0.2/32 is directly connected, Ethernet0/0
172.16.0.0/32 is subnetted, 1 subnets
B 172.16.10.10 [200/0] via 10.0.0.1, 00:07:20
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.1.0/24 is directly connected, 00:00:10, Ethernet0/1
L 192.168.1.2/32 is directly connected, Ethernet0/1
192.168.11.0/32 is subnetted, 1 subnets
B 192.168.11.11 [20/11] via 192.168.1.1 (B), 00:00:10, Ethernet0/1 >> Route from VRF B routing table at VRF A.
VRF B Routing Table
LEAK#show ip route vrf B
Routing Table: B
< Snip for resume >
10.0.0.0/30 is subnetted, 1 subnets
B 10.0.0.0 [200/0] via 10.0.0.1 (A), 00:00:15
172.16.0.0/32 is subnetted, 1 subnets
B 172.16.10.10 [200/0] via 10.0.0.1 (A), 00:00:15 >> Route from VRF A routing table at VRF B.
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Ethernet0/1
L 192.168.1.2/32 is directly connected, Ethernet0/1
192.168.11.0/32 is subnetted, 1 subnets
O 192.168.11.11 [110/11] via 192.168.1.1, 01:05:12, Ethernet0/1
シナリオ3:BGPを使用したOSPF(VRF)とEIGRP(グローバル)間のVRFリーク(オプション)
シナリオ3では、2つのIGP(VRF BとグローバルVRF)間のルートリークについて説明します。
ネットワーク図
このドキュメントでは、次のネットワーク セットアップを使用します。
画像 3.シナリオ3のルート漏出トポロジ
ルータリークには、VRF B内のネイバーに対するOSPFネイバー関係と、グローバルVRF内のEIGRPネイバー関係があります。デバイス172.16.10.10は、ネットワーク経由でデバイス192.168.11.11に接続できる必要があります。
ルータリークでは、これら2つのホストを接続できません。これらのルーティングテーブルは、VRFごとの現在のルートを示し、どのルートをVRF BとグローバルVRFの間でリークする必要があるかを示します。
リークルーティングテーブル:
LEAK#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Ethernet0/1
L 192.168.1.1/32 is directly connected, Ethernet0/1
192.168.11.0/32 is subnetted, 1 subnets
D 192.168.11.11 [90/1024640] via 192.168.1.2, 01:08:38, Ethernet0/1 >> Route to be exchange from global routing table at VRF B routing table.
LEAK#show ip route vrf B
Routing Table: B
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/30 is directly connected, Ethernet0/0
L 10.0.0.2/32 is directly connected, Ethernet0/0
172.16.0.0/32 is subnetted, 1 subnets
O 172.16.10.10 [110/11] via 10.0.0.1, 01:43:45, Ethernet0/0 >> Route to be exchange from routing table VRF B at global routing table.
設定
2つのルーティングテーブル間のリークを作成するには、次の手順を実行します。
Step 1.
Create route-maps for import and export to be injected in both routing tables.
LEAK(config)#Route-map OSPF_TO_EIGRP
LEAK(config-route-map)#match ip address prefix-list OSPF_TO_EIGRP
LEAK(config-route-map)#exit
!
Prefix-list created to match the host that is attached to the previous route-map configured.
!
ip prefix-list OSPF_TO_EIGRP permit 172.16.10.10/32
ip prefix-list OSPF_TO_EIGRP permit 10.0.0.0/30
or
LEAK(config)#Route-map OSPF_TO_EIGRP
LEAK(config-route-map)#match ip address 10
LEAK(config-route-map)#exit
!
ACL created to match the host that is attached to the previous route-map.
!
LEAK#show ip access-lists 10
10 permit 172.16.10.10
20 permit 10.0.0.0
LEAK(config)#Route-map EIGRP_TO_OSPF
LEAK(config-route-map)#match ip address prefix-list EIGRP_TO_OSPF
LEAK(config-route-map)#exit
!
Prefix-list created to match the host that is attached to the previous route-map configured.
!
ip prefix-list EIGRP_TO_OSPF permit 192.168.11.11/32
ip prefix-list EIGRP_TO_OSPF permit 192.168.1.0/24
or
LEAK(config)#Route-map EIGRP_TO_OSPF
LEAK(config-route-map)#match ip address 20
LEAK(config-route-map)#exit
!
ACL created to match the host that is attached to the previous route-map.
!
LEAK#show ip access-lists 20
10 permit 192.168.11.11
20 permit 192.168.1.0/24
Step 2.
Add the import/export maps in order to match the route-map names.
Current configuration
!
vrf definition B
rd 1:2
!
address-family ipv4
exit-address-family
!
!
LEAK(config-vrf)#vrf definition B
LEAK(config-vrf)#address-family ipv4
LEAK(config-vrf-af)#import ipv4 unicast map EIGRP_TO_OSPF
LEAK(config-vrf-af)#export ipv4 unicast map OSPF_TO_EIGRP
Step 3.
To perform the leak is necessary to create a BGP process, in order to redistribute
the IGPs protocols.
router bgp 1
bgp log-neighbor-changes
!
address-family ipv4 vrf B >> Include the address-family to inject VRF B routing table (OSPF)
!
exit-address-family
注:エラーを回避するために、VRFにルート識別子(RD)が設定されていることを確認します。
"%vrf B does not have rd configured, configure "rd" before configuring import route-map"
Step 4.
Create a Dual Redistribution.
IGPs redistribution.
LEAK(config-router)#router bgp 1
LEAK(config-router)#redistribute eigrp 1
!
LEAK(config-router)#address-family ipv4 vrf B
LEAK(config-router-af)#redistribute ospf 1 match internal external 1 external 2
LEAK(config-router-af)#end
BGP Redistribution
LEAK(config)#router ospf 1 vrf B
LEAK(config-router)#redistribute bgp 1
!
LEAK(config-router)#router eigrp TAC
LEAK(config-router)#
LEAK(config-router)# address-family ipv4 unicast autonomous-system 1
LEAK(config-router-af)#
LEAK(config-router-af)# topology base
LEAK(config-router-af-topology)#redistribute bgp 1 metric 100 1 255 1 1500
確認
ルーティングテーブルの確認
LEAK#show ip route
< Snip for resume >
172.16.0.0/32 is subnetted, 1 subnets
B 172.16.10.10 [20/11] via 10.0.0.1, 00:14:48, Ethernet0/0 >> Route from VRF B routing table at global routing table ( EIGRP ).
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Ethernet0/1
L 192.168.1.1/32 is directly connected, Ethernet0/1
192.168.11.0/32 is subnetted, 1 subnets
D 192.168.11.11 [90/1024640] via 192.168.1.2, 02:16:51, Ethernet0/1
LEAK#show ip route vrf B
Routing Table: B
< Snip for resume >
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.0.0/30 is directly connected, Ethernet0/0
L 10.0.0.2/32 is directly connected, Ethernet0/0
172.16.0.0/32 is subnetted, 1 subnets
O 172.16.10.10 [110/11] via 10.0.0.1, 00:34:25, Ethernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.1.0/24 is directly connected, 00:08:51, Ethernet0/1
L 192.168.1.1/32 is directly connected, Ethernet0/1
192.168.11.0/32 is subnetted, 1 subnets
B 192.168.11.11 [20/1024640] via 192.168.1.2, 00:08:51, Ethernet0/1 >> Route from global routing table ( EIGRP ) at VRF B routing table.
関連情報