🦊
JANOG57 NETCON Level 3-5 問題解説
はじめに
JANOG57 NETCONに参加いただきありがとうございます。
本記事では、私が出題した「Level 3-5」について解説します。
問題文
あなたはとあるカンファレンスにて会場ネットワークの構築を任されています。
今回は複数のフロアにまたがっているので、フロアごとに収容ルータを設置することになりました。
構成上、外部接続用のルータとフロアごとのルータでルーティングをしなければなりません。
そこで、最近巷で流行っている EVPN/VXLAN を試してみたくなり、ラボにて上記のような NW 構成を考えました。
検証をしてみたところ、SV 間で ping が通らないことが判明しました。
発生している問題を特定して、直してあげましょう。
達成条件
- SV 間で ping が通ること
- SV-01 → SV-02
- ping 192.168.20.2
- ping 2001:db8:cafe:c02::2
- SV-01 → SV-02
- SV-01 or SV-02 → SV-03
- ping 192.168.30.2
- ping 2001:db8:cafe:c03::2
- Spine 側で
show bgp summaryを実行すると以下のような BGP のピアが張れていること
Spine-01#show bgp summary
BGP summary information for VRF default
Router identifier 10.1.10.1, local AS number 65057
Neighbor AS Session State AFI/SAFI AFI/SAFI State NLRI Rcd NLRI Acc NLRI Adv
----------------------------- ----------- ------------- ----------------------- -------------- ---------- ---------- ----------
10.1.20.1 65100 Established L2VPN EVPN Negotiated 3 3 8
10.1.30.1 65200 Established L2VPN EVPN Negotiated 4 4 7
10.1.40.1 65300 Established L2VPN EVPN Negotiated 4 4 7
fe80::a8c1:abff:fe4d:aa4e%Et2 65200 Established IPv4 Unicast Negotiated 3 3 7
fe80::a8c1:abff:fe7e:c04d%Et3 65300 Established IPv4 Unicast Negotiated 3 3 7
fe80::a8c1:abff:fec7:dc12%Et1 65100 Established IPv4 Unicast Negotiated 3 3 7
制約
- Static Route を設定するのは禁止です。
- BGP、EVPN/VXLAN を用いて経路を設定すること
- Leaf/Spine 間は IPv6 LLA(Link-Local Address) を用いて EVPN/VXLAN を構成しています。
この設定を削除することは禁止です。
初期状態
Spine-01
! Command: show running-config
! device: Spine-01 (cEOSLab, EOS-4.34.3M-44102239.4343M (engineering build))
!
no aaa root
!
username admin privilege 15 role network-admin secret sha512 $6$rvsaEqoGrJp9LxFa$D1bk/VQv9bWux7M6Pza5OMBdqVqFTiMF4eRHgh0d0yzkTvy3qZZRxZr5Qv.1duQPbleTjef3f3LW7XF27LyWN1
!
management api http-commands
no shutdown
!
no service interface inactive port-id allocation disabled
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname Spine-01
!
spanning-tree mode mstp
!
system l1
unsupported speed action error
unsupported error-correction action error
!
vrf instance VRF-1
rd 10.1.10.1:9999
!
management api gnmi
transport grpc default
!
management api netconf
transport ssh default
!
interface Ethernet1
no switchport
ipv6 enable
!
interface Ethernet2
no switchport
ipv6 enable
!
interface Ethernet3
no switchport
ipv6 enable
!
interface Loopback0
ip address 10.1.10.1/32
!
interface Loopback100
ip address 192.168.100.1/32
ipv6 address 2001:db8:cafe::1/128
!
interface Management0
ip address 172.20.20.7/24
ipv6 address 3fff:172:20:20::7/64
!
ip routing ipv6 interfaces
ip routing vrf VRF-1
!
ipv6 unicast-routing
ipv6 unicast-routing vrf VRF-1
!
ip route 0.0.0.0/0 172.20.20.1
!
ipv6 route ::/0 3fff:172:20:20::1
!
router bgp 65057
router-id 10.1.10.1
no bgp default ipv4-unicast
bgp default ipv4-unicast transport ipv6
distance bgp 20 200 200
maximum-paths 3 ecmp 6
neighbor LEAF-EVPN peer group
neighbor LEAF-EVPN next-hop-unchanged
neighbor LEAF-EVPN update-source Loopback0
neighbor LEAF-EVPN ebgp-multihop 3
neighbor LEAF-EVPN send-community extended
neighbor LEAF-EVPN maximum-routes 12000
neighbor LEAF peer group
neighbor 10.1.20.1 peer group LEAF-EVPN
neighbor 10.1.20.1 remote-as 65100
neighbor 10.1.30.1 peer group LEAF-EVPN
neighbor 10.1.30.1 remote-as 65200
neighbor 10.1.40.1 peer group LEAF-EVPN
neighbor 10.1.40.1 remote-as 65300
redistribute connected
neighbor interface Et1 peer-group LEAF remote-as 65100
neighbor interface Et2 peer-group LEAF remote-as 65200
neighbor interface Et3 peer-group LEAF remote-as 65300
!
address-family evpn
neighbor LEAF activate
!
address-family ipv4
no neighbor LEAF activate
neighbor LEAF-EVPN activate
!
!
router multicast
ipv4
software-forwarding kernel
!
ipv6
software-forwarding kernel
!
end
Leaf-01
! Command: show running-config
! device: Leaf-01 (cEOSLab, EOS-4.34.3M-44102239.4343M (engineering build))
!
no aaa root
!
username admin privilege 15 role network-admin secret sha512 $6$y1LU0f8WtFixovPQ$PvAoRY5MsWbnWgH7FBA7/D9ZBHLLdi1Wkyr0E/yawT1athD1XQ7KFeUuOojpUZlYQbee2AzRHqFBaxYQ9gpeg.
!
management api http-commands
no shutdown
!
no service interface inactive port-id allocation disabled
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname Leaf-01
!
spanning-tree mode mstp
!
system l1
unsupported speed action error
unsupported error-correction action error
!
vlan 100
!
vrf instance VRF-1
rd 10.1.20.2:9999
!
management api gnmi
transport grpc default
!
management api netconf
transport ssh default
!
interface Ethernet1
no switchport
ipv6 enable
!
interface Ethernet2
switchport mode access
switchport access vlan 100
!
interface Loopback0
ip address 10.1.20.1/32
!
interface Loopback1
ip address 10.1.20.2/32
!
interface Management0
ip address 172.20.20.5/24
ipv6 address 3fff:172:20:20::5/64
!
interface Vlan100
vrf VRF-1
ip address 192.168.10.1/24
ipv6 address 2001:db8:cafe:c01::1/64
!
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan vlan 100 vni 10100
vxlan vrf VRF-1 vni 9999
!
ip virtual-router mac-address 00:00:00:00:00:0a
!
ip routing ipv6 interfaces
ip routing vrf VRF-1
!
ipv6 unicast-routing
ipv6 unicast-routing vrf VRF-1
!
ip route 0.0.0.0/0 172.20.20.1
!
ipv6 route ::/0 3fff:172:20:20::1
!
router bgp 65100
router-id 10.1.20.1
bgp default ipv4-unicast transport ipv6
distance bgp 20 200 200
maximum-paths 3 ecmp 6
neighbor SPINE peer group
neighbor SPINE remote-as 65057
neighbor SPINE allowas-in 1
neighbor SPINE send-community
neighbor SPINE-EVPN peer group
neighbor SPINE-EVPN remote-as 65057
neighbor SPINE-EVPN update-source Loopback0
neighbor SPINE-EVPN ebgp-multihop 3
neighbor SPINE-EVPN send-community extended
neighbor SPINE-EVPN maximum-routes 12000
neighbor 10.1.10.1 peer group SPINE-EVPN
redistribute connected
neighbor interface Et1 peer-group SPINE remote-as 65057
!
vlan 100
rd 10.1.20.2:100
route-target both 100:10100
redistribute learned
!
address-family evpn
neighbor SPINE-EVPN activate
!
address-family ipv4
neighbor SPINE activate
neighbor SPINE next-hop address-family ipv6 originate
no neighbor SPINE-EVPN activate
!
vrf VRF-1
rd 10.1.20.2:9999
route-target import 99:9999
route-target export 99:9999
redistribute connected
!
address-family ipv6
redistribute connected
!
router multicast
ipv4
software-forwarding kernel
!
ipv6
software-forwarding kernel
!
end
Leaf-02
! Command: show running-config
! device: Leaf-02 (cEOSLab, EOS-4.34.3M-44102239.4343M (engineering build))
!
no aaa root
!
username admin privilege 15 role network-admin secret sha512 $6$y1LU0f8WtFixovPQ$PvAoRY5MsWbnWgH7FBA7/D9ZBHLLdi1Wkyr0E/yawT1athD1XQ7KFeUuOojpUZlYQbee2AzRHqFBaxYQ9gpeg.
!
management api http-commands
no shutdown
!
no service interface inactive port-id allocation disabled
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname Leaf-02
!
spanning-tree mode mstp
!
system l1
unsupported speed action error
unsupported error-correction action error
!
vlan 100
!
vrf instance VRF-1
rd 10.1.30.2:9999
!
management api gnmi
transport grpc default
!
management api netconf
transport ssh default
!
interface Ethernet1
no switchport
ipv6 enable
!
interface Ethernet2
switchport mode access
switchport access vlan 100
!
interface Loopback0
ip address 10.1.30.1/32
!
interface Loopback1
ip address 10.1.30.2/32
!
interface Management0
ip address 172.20.20.5/24
ipv6 address 3fff:172:20:20::5/64
!
interface Vlan100
vrf VRF-1
ip address 192.168.20.1/24
ipv6 address 2001:db8:cafe:c02::1/64
!
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan vlan 100 vni 10100
vxlan vrf VRF-1 vni 9999
!
ip virtual-router mac-address 00:00:00:00:00:0a
!
ip routing ipv6 interfaces
ip routing vrf VRF-1
!
ipv6 unicast-routing
ipv6 unicast-routing vrf VRF-1
!
ip route 0.0.0.0/0 172.20.20.1
!
ipv6 route ::/0 3fff:172:20:20::1
!
router bgp 65200
router-id 10.1.30.1
bgp default ipv4-unicast transport ipv6
distance bgp 20 200 200
maximum-paths 3 ecmp 6
neighbor SPINE peer group
neighbor SPINE remote-as 65057
neighbor SPINE allowas-in 1
neighbor SPINE send-community
neighbor SPINE-EVPN peer group
neighbor SPINE-EVPN remote-as 65057
neighbor SPINE-EVPN update-source Loopback0
neighbor SPINE-EVPN ebgp-multihop 3
neighbor SPINE-EVPN send-community extended
neighbor SPINE-EVPN maximum-routes 12000
neighbor 10.1.10.1 peer group SPINE-EVPN
redistribute connected
neighbor interface Et1 peer-group SPINE remote-as 65057
!
vlan 100
rd 10.1.30.2:100
route-target both 100:10100
redistribute learned
!
address-family evpn
neighbor SPINE-EVPN activate
!
address-family ipv4
neighbor SPINE activate
neighbor SPINE next-hop address-family ipv6 originate
no neighbor SPINE-EVPN activate
!
vrf VRF-1
rd 10.1.30.2:9999
route-target import 99:9999
route-target export 99:9999
redistribute connected
!
address-family ipv6
redistribute connected
!
router multicast
ipv4
software-forwarding kernel
!
ipv6
software-forwarding kernel
!
end
Leaf-03
! Command: show running-config
! device: Leaf-03 (cEOSLab, EOS-4.34.3M-44102239.4343M (engineering build))
!
no aaa root
!
username admin privilege 15 role network-admin secret sha512 $6$y1LU0f8WtFixovPQ$PvAoRY5MsWbnWgH7FBA7/D9ZBHLLdi1Wkyr0E/yawT1athD1XQ7KFeUuOojpUZlYQbee2AzRHqFBaxYQ9gpeg.
!
management api http-commands
no shutdown
!
no service interface inactive port-id allocation disabled
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname Leaf-03
!
spanning-tree mode mstp
!
system l1
unsupported speed action error
unsupported error-correction action error
!
vlan 100
!
vrf instance VRF-1
rd 10.1.40.2:9999
!
management api gnmi
transport grpc default
!
management api netconf
transport ssh default
!
interface Ethernet1
no switchport
ipv6 enable
!
interface Ethernet2
switchport mode access
switchport access vlan 100
!
interface Loopback0
ip address 10.1.40.1/32
!
interface Loopback1
ip address 10.1.40.2/32
!
interface Management0
ip address 172.20.20.5/24
ipv6 address 3fff:172:20:20::5/64
!
interface Vlan100
vrf VRF-1
ip address 192.168.30.1/24
ipv6 address 2001:db8:cafe:c03::1/64
!
interface Vxlan1
vxlan source-interface Loopback1
vxlan udp-port 4789
vxlan vlan 100 vni 10100
vxlan vrf VRF-1 vni 9999
!
ip virtual-router mac-address 00:00:00:00:00:0a
!
ip routing ipv6 interfaces
ip routing vrf VRF-1
!
ipv6 unicast-routing
ipv6 unicast-routing vrf VRF-1
!
ip route 0.0.0.0/0 172.20.20.1
!
ipv6 route ::/0 3fff:172:20:20::1
!
router bgp 65300
router-id 10.1.40.1
bgp default ipv4-unicast transport ipv6
distance bgp 20 200 200
maximum-paths 3 ecmp 6
neighbor SPINE peer group
neighbor SPINE remote-as 65057
neighbor SPINE allowas-in 1
neighbor SPINE send-community
neighbor SPINE-EVPN peer group
neighbor SPINE-EVPN remote-as 65057
neighbor SPINE-EVPN update-source Loopback0
neighbor SPINE-EVPN ebgp-multihop 3
neighbor SPINE-EVPN send-community extended
neighbor SPINE-EVPN maximum-routes 12000
neighbor 10.1.10.1 peer group SPINE-EVPN
redistribute connected
neighbor interface Et1 peer-group SPINE remote-as 65057
!
vlan 100
rd 10.1.40.2:100
route-target both 100:10100
redistribute learned
!
address-family evpn
neighbor SPINE-EVPN activate
!
address-family ipv4
neighbor SPINE activate
neighbor SPINE next-hop address-family ipv6 originate
no neighbor SPINE-EVPN activate
!
vrf VRF-1
rd 10.1.40.2:9999
route-target import 99:9999
route-target export 99:9999
redistribute connected
!
address-family ipv6
redistribute connected
!
router multicast
ipv4
software-forwarding kernel
!
ipv6
software-forwarding kernel
!
end
解説
トラブルの原因は大きく分けて2つあります。
- Underlay/Overlayの設定が逆になっている
- IPv6 LLAでIPv4のトラフィックが運べていない
Underlay/Overlayの設定が逆になっている
Spine側でBGPの状態を見てみると、そもそもSpine側のBGPはEstablishedになっていないことがわかります。
Spine-01#show bgp summary
BGP summary information for VRF default
Router identifier 10.1.10.1, local AS number 65057
Neighbor AS Session State AFI/SAFI AFI/SAFI State NLRI Rcd NLRI Acc NLRI Adv
----------------------------- ----------- ------------- ----------------------- -------------- ---------- ---------- ----------
10.1.20.1 65100 Connect IPv4 Unicast Configured 0 0 0
10.1.30.1 65200 Connect IPv4 Unicast Configured 0 0 0
10.1.40.1 65300 Connect IPv4 Unicast Configured 0 0 0
fe80::a8c1:abff:fe8a:a44d%Et3 65300 Active IPv4 Unicast Configured 0 0 0
fe80::a8c1:abff:fe8a:a44d%Et3 65300 Active L2VPN EVPN Configured 0 0 0
fe80::a8c1:abff:fe93:4c68%Et2 65200 Active IPv4 Unicast Configured 0 0 0
fe80::a8c1:abff:fe93:4c68%Et2 65200 Active L2VPN EVPN Configured 0 0 0
fe80::a8c1:abff:fefb:7779%Et1 65100 Active IPv4 Unicast Configured 0 0 0
fe80::a8c1:abff:fefb:7779%Et1 65100 Active L2VPN EVPN Configured 0 0 0
また、SV間はIPv4/IPv6両方でDestination Net Unreachableと出力されています。
SV-01:~# ping 192.168.20.2
PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.
From 192.168.10.1 icmp_seq=1 Destination Net Unreachable
From 192.168.10.1 icmp_seq=2 Destination Net Unreachable
From 192.168.10.1 icmp_seq=3 Destination Net Unreachable
^C
--- 192.168.20.2 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2002ms
SV-01:~# ping 2001:db8:cafe:c02::2
PING 2001:db8:cafe:c02::2 (2001:db8:cafe:c02::2) 56 data bytes
From 2001:db8:cafe:c01::1 icmp_seq=1 Destination unreachable: No route
From 2001:db8:cafe:c01::1 icmp_seq=2 Destination unreachable: No route
From 2001:db8:cafe:c01::1 icmp_seq=3 Destination unreachable: No route
^C
--- 2001:db8:cafe:c02::2 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2002ms
ここで、Leafからはどのような経路情報が送信されているのかを確認するため、Spineにてshow bgp evpnを実行します。
すると、SpineにてEVPNの経路情報が受信されていないことがわかります。
Spine-01#show bgp evpn
BGP routing table information for VRF default
Router identifier 10.1.10.1, local AS number 65057
Route status codes: * - valid, > - active, S - Stale, E - ECMP head, e - ECMP
c - Contributing to ECMP, % - Pending best path selection
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
Network Next Hop Metric LocPref Weight Path
Leaf-01#show bgp evpn
BGP routing table information for VRF default
Router identifier 10.1.20.1, local AS number 65100
Route status codes: * - valid, > - active, S - Stale, E - ECMP head, e - ECMP
c - Contributing to ECMP, % - Pending best path selection
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
Network Next Hop Metric LocPref Weight Path
* > RD: 10.1.20.2:100 mac-ip aac1.abc0.bcc7
- - - 0 i
* > RD: 10.1.20.2:100 imet 10.1.20.2
- - - 0 i
* > RD: 10.1.20.2:9999 ip-prefix 192.168.10.0/24
- - - 0 i
* > RD: 10.1.20.2:9999 ip-prefix 2001:db8:cafe:c01::/64
- - - 0 i
これだけではよくわからないので、Spineでログを確認してみます。
Spine-01# show logging
Feb 1 08:15:55 Spine-01 Bgp: %BGP-3-NOTIFICATION: sent to neighbor fe80::a8c1:abff:feec:8e28%Et1 (VRF default AS 65100) 6/7 (Cease/connection collision resolution) 0 bytes
Feb 1 08:15:55 Spine-01 Bgp: %BGP-3-NOTIFICATION: sent to neighbor fe80::a8c1:abff:feec:8e28%Et1 (VRF default AS 65100) 2/7 (Open Message Error/unsupported capability) 6 bytes 0x010400190046
Feb 1 08:37:54 Spine-01 Bgp: %BGP-3-NOTIFICATION: sent to neighbor fe80::a8c1:abff:fed5:a965%Et3 (VRF default AS 65300) 6/7 (Cease/connection collision resolution) 0 bytes
Feb 1 08:37:54 Spine-01 Bgp: %BGP-3-NOTIFICATION: sent to neighbor fe80::a8c1:abff:fed5:a965%Et3 (VRF default AS 65300) 2/7 (Open Message Error/unsupported capability) 6 bytes 0x010400190046
すると、2つのエラーメッセージが出力されています。
- Open Message Error/unsupported capability:
- Cease/connection collision resolution:
後者のエラー(コネクション衝突)は前者のエラーが原因なので、ここでは問題視しません。
さて1つ目のエラーunsupported capabilityですが、このメッセージの後に0x010400190046というビット列が書かれています。(詳しくはRFC 5492を参照)
ビット列を解読すると以下のようになります。
- 01: Capability Code 1 = Multiprotocol Extensions (MBGP)
- 04: Length (長さ4バイト)
- 00 19: AFI (Address Family Identifier) = 25 (L2VPN)
- 00 46: SAFI (Subsequent Address Family Identifier) = 70 (EVPN)
つまり、エラーの原因が「L2VPN EVPNの機能を要求しているが、相手が対応していない」ということが推察されます。
これは「EVPNの経路情報を送ろうとしているが、必須の設定(拡張コミュニティの送信)が不足しているため、重要な情報(Route-Target)が欠落した状態で送信される」状態を示しています。
つまり、SpineはLeafから経路を受信したが、どこに投げればいいのかわからなくなって、経路を破棄している状態です。
そこで、SpineにてEVPNの経路設定を確認するためaddress-familyに関する設定を見てみます。
address-family evpn
neighbor LEAF activate
!
address-family ipv4
no neighbor LEAF activate
neighbor LEAF-EVPN activate
上記のconfigより、UnderlayとOverlayが逆になっていることがわかります。
IPv6 LLAでIPv4のトラフィックが運べていない
今回はアドレス節約のためIPv6 LLAでEVPN/VXLANを構成しています。
今回はデュアルスタックなのでIPv6 LLAでIPv4のトラフィックを運ぶにはRFC5549を有効化する必要があります。
想定回答
router bgp 65057
address-family evpn
- neighbor LEAF activate
+ neighbor LEAF-EVPN activate
!
address-family ipv4
- no neighbor LEAF activate
- neighbor LEAF-EVPN activate
+ neighbor LEAF activate
+ neighbor LEAF next-hop address-family ipv6 originate
!
すると、少し時間が経ってから以下のようにEstablishedとなります。
Spine-01(config)#show bgp summary
BGP summary information for VRF default
Router identifier 10.1.10.1, local AS number 65057
Neighbor AS Session State AFI/SAFI AFI/SAFI State NLRI Rcd NLRI Acc NLRI Adv
----------------------------- ----------- ------------- ----------------------- -------------- ---------- ---------- ----------
10.1.20.1 65100 Established L2VPN EVPN Negotiated 3 3 8
10.1.30.1 65200 Established L2VPN EVPN Negotiated 4 4 7
10.1.40.1 65300 Established L2VPN EVPN Negotiated 4 4 7
fe80::a8c1:abff:fe4d:aa4e%Et2 65200 Established IPv4 Unicast Negotiated 3 3 7
fe80::a8c1:abff:fe7e:c04d%Et3 65300 Established IPv4 Unicast Negotiated 3 3 7
fe80::a8c1:abff:fec7:dc12%Et1 65100 Established IPv4 Unicast Negotiated 3 3 7
EVPNの経路情報もちゃんと学習されてますね。
Spine-01(config)#show bgp evpn
BGP routing table information for VRF default
Router identifier 10.1.10.1, local AS number 65057
Route status codes: * - valid, > - active, S - Stale, E - ECMP head, e - ECMP
c - Contributing to ECMP, % - Pending best path selection
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
Network Next Hop Metric LocPref Weight Path
* > RD: 10.1.20.2:100 imet 10.1.20.2
10.1.20.2 - 100 0 65100 i
* > RD: 10.1.30.2:100 imet 10.1.30.2
10.1.30.2 - 100 0 65200 i
* > RD: 10.1.40.2:100 imet 10.1.40.2
10.1.40.2 - 100 0 65300 i
* > RD: 10.1.20.2:9999 ip-prefix 192.168.10.0/24
10.1.20.2 - 100 0 65100 i
* > RD: 10.1.30.2:9999 ip-prefix 192.168.20.0/24
10.1.30.2 - 100 0 65200 i
* > RD: 10.1.40.2:9999 ip-prefix 192.168.30.0/24
10.1.40.2 - 100 0 65300 i
* > RD: 10.1.20.2:9999 ip-prefix 2001:db8:cafe:c01::/64
10.1.20.2 - 100 0 65100 i
* > RD: 10.1.30.2:9999 ip-prefix 2001:db8:cafe:c02::/64
10.1.30.2 - 100 0 65200 i
* > RD: 10.1.40.2:9999 ip-prefix 2001:db8:cafe:c03::/64
10.1.40.2 - 100 0 65300 i
最後に達成条件のSV間のpingを確認します。
SV-01:~# ping 192.168.20.2
PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.
64 bytes from 192.168.20.2: icmp_seq=1 ttl=62 time=13.3 ms
64 bytes from 192.168.20.2: icmp_seq=2 ttl=62 time=3.79 ms
64 bytes from 192.168.20.2: icmp_seq=3 ttl=62 time=3.76 ms
^C
--- 192.168.20.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.759/6.956/13.318/4.498 ms
SV-01:~# ping 2001:db8:cafe:c02::2
PING 2001:db8:cafe:c02::2 (2001:db8:cafe:c02::2) 56 data bytes
64 bytes from 2001:db8:cafe:c02::2: icmp_seq=1 ttl=62 time=7.50 ms
64 bytes from 2001:db8:cafe:c02::2: icmp_seq=2 ttl=62 time=3.79 ms
64 bytes from 2001:db8:cafe:c02::2: icmp_seq=3 ttl=62 time=3.88 ms
^C
--- 2001:db8:cafe:c02::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.785/5.057/7.504/1.730 ms
SV-01:~# ping 192.168.30.2
PING 192.168.30.2 (192.168.30.2) 56(84) bytes of data.
64 bytes from 192.168.30.2: icmp_seq=1 ttl=62 time=6.26 ms
64 bytes from 192.168.30.2: icmp_seq=2 ttl=62 time=3.77 ms
64 bytes from 192.168.30.2: icmp_seq=3 ttl=62 time=3.96 ms
^C
--- 192.168.30.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.767/4.663/6.259/1.131 ms
SV-01:~# ping 2001:db8:cafe:c03::2
PING 2001:db8:cafe:c03::2 (2001:db8:cafe:c03::2) 56 data bytes
64 bytes from 2001:db8:cafe:c03::2: icmp_seq=1 ttl=62 time=7.42 ms
64 bytes from 2001:db8:cafe:c03::2: icmp_seq=2 ttl=62 time=4.02 ms
64 bytes from 2001:db8:cafe:c03::2: icmp_seq=3 ttl=62 time=3.87 ms
^C
--- 2001:db8:cafe:c03::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 3.866/5.102/7.421/1.640 ms
正常にpingが通ることが確認できました。
最後に
本問題は複数のトラブルが重なって生じていたものになります。
問題作成のきっかけは私が純粋にEVPN/VXLANを勉強したかったことが理由です。
あと、unnumbered系にも興味があったので、興味本位で検証を続けていました。
元々、この問題はIPv4でEVPN/VXLANが構成されている環境下で、IPv6対応してもらうために参加者にIPv6 LLA対応してもらう予定でしたが、参加者の負担が凄そうなのでボツにしました。
(今考えるとこれでも良かった気がしますが...)
Level3という高難易度に設定されていたのか正答率は低かったです。私が作問した中でも最高難易度でしたが、難易度順に正答率が減少していくのが興味深かったです。
これを機にEVPN/VXLANの勉強を始める人が増えたら嬉しいです。
NETCONに参加していただきありがとうございました!
Discussion