株式会社プログデンス
💣

OSPFマルチエリア設計の新しい方法:Area構成を変更してABR設定を簡素化

KK
に公開
routing
OSPF
tech

はじめに

OSPF(Open Shortest Path First)のマルチエリア設計では、通常Area 0をバックボーンとして使用します。しかし、本社と複数の支社間で「本社↔支社は通信可能、支社間は通信不可」という通信要件がある場合、ABR(Area Border Router)上で複雑なフィルタリング設定が必要になります。

本記事では、従来とは少し異なる視点で工夫することで、Area境界に位置するABRの設定を大幅に簡素化する方法を紹介します。

従来のOSPFマルチエリア設計とその課題

設計概要

パラメータシート

基本設定

デバイス 役割 Router-ID 疑似NW_IPv4 疑似NW_IPv6
R1 本社 10.0.1.1 192.168.10.0/24 2001:db8:1010::/64
R2 ABR/支社A 10.0.2.1 - -
R5 支社A 10.0.2.2 192.168.20.0/24 2001:db8:1020::/64
R3 ABR/支社B 10.0.3.1 - -
R6 支社B 10.0.3.2 192.168.30.0/24 2001:db8:1030::/64
R4 ABR/支社C 10.0.4.1 - -
R7 支社C 10.0.4.2 192.168.40.0/24 2001:db8:1040::/64

インターフェース

Link Interface IPv4 IPv6
R1-R2 R1 G0/1, R2 G0/1 10.11.0.x/30 2001:db8:11::x/96
R1-R3 R1 G0/2, R3 G0/2 10.12.0.x/30 2001:db8:12::x/96
R1-R4 R1 G0/3, R4 G0/3 10.13.0.x/30 2001:db8:13::x/96
R2-R5 R2 G0/0, R5 G0/0 192.168.20.x/24 2001:db8:1020::x/64
R3-R6 R3 G0/0, R6 G0/0 192.168.30.x/24 2001:db8:1030::x/64
R4-R7 R4 G0/0, R7 G0/0 192.168.40.x/24 2001:db8:1040::x/64

ルートフィルタリング適用前

OSPFv2 show ip route ospf

R5#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
      10.0.0.0/30 is subnetted, 3 subnets
O IA     10.11.0.0 [110/2] via 192.168.20.2, 00:44:28, GigabitEthernet0/0
O IA     10.12.0.0 [110/3] via 192.168.20.2, 00:44:28, GigabitEthernet0/0
O IA     10.13.0.0 [110/3] via 192.168.20.2, 00:44:28, GigabitEthernet0/0
      192.168.10.0/32 is subnetted, 1 subnets
O IA     192.168.10.1 [110/3] via 192.168.20.2, 00:44:28, GigabitEthernet0/0
O IA  192.168.30.0/24 [110/4] via 192.168.20.2, 00:18:03, GigabitEthernet0/0
O IA  192.168.40.0/24 [110/4] via 192.168.20.2, 00:13:57, GigabitEthernet0/0
R6#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
      10.0.0.0/30 is subnetted, 3 subnets
O IA     10.11.0.0 [110/3] via 192.168.30.3, 00:17:39, GigabitEthernet0/0
O IA     10.12.0.0 [110/2] via 192.168.30.3, 00:17:39, GigabitEthernet0/0
O IA     10.13.0.0 [110/3] via 192.168.30.3, 00:17:39, GigabitEthernet0/0
      192.168.10.0/32 is subnetted, 1 subnets
O IA     192.168.10.1 [110/3] via 192.168.30.3, 00:17:39, GigabitEthernet0/0
O IA  192.168.20.0/24 [110/4] via 192.168.30.3, 00:17:39, GigabitEthernet0/0
O IA  192.168.40.0/24 [110/4] via 192.168.30.3, 00:15:48, GigabitEthernet0/0
R7#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
      10.0.0.0/30 is subnetted, 3 subnets
O IA     10.11.0.0 [110/3] via 192.168.40.4, 00:13:50, GigabitEthernet0/0
O IA     10.12.0.0 [110/3] via 192.168.40.4, 00:13:50, GigabitEthernet0/0
O IA     10.13.0.0 [110/2] via 192.168.40.4, 00:13:50, GigabitEthernet0/0
      192.168.10.0/32 is subnetted, 1 subnets
O IA     192.168.10.1 [110/3] via 192.168.40.4, 00:13:50, GigabitEthernet0/0
O IA  192.168.20.0/24 [110/4] via 192.168.40.4, 00:13:50, GigabitEthernet0/0
O IA  192.168.30.0/24 [110/4] via 192.168.40.4, 00:13:50, GigabitEthernet0/0

OSPFv3 show ipv6 route ospf

R5#show ipv6 route ospf
IPv6 Routing Table - default - 9 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
OI  2001:DB8:11::/96 [110/2]
     via FE80::5054:FF:FEE8:A9DA, GigabitEthernet0/0
OI  2001:DB8:12::/96 [110/3]
     via FE80::5054:FF:FEE8:A9DA, GigabitEthernet0/0
OI  2001:DB8:13::/96 [110/3]
     via FE80::5054:FF:FEE8:A9DA, GigabitEthernet0/0
OI  2001:DB8:1010::1/128 [110/2]
     via FE80::5054:FF:FEE8:A9DA, GigabitEthernet0/0
OI  2001:DB8:1030::/64 [110/4]
     via FE80::5054:FF:FEE8:A9DA, GigabitEthernet0/0
OI  2001:DB8:1040::/64 [110/4]
     via FE80::5054:FF:FEE8:A9DA, GigabitEthernet0/0
R6#show ipv6 route ospf
IPv6 Routing Table - default - 9 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
OI  2001:DB8:11::/96 [110/3]
     via FE80::5054:FF:FECC:227D, GigabitEthernet0/0
OI  2001:DB8:12::/96 [110/2]
     via FE80::5054:FF:FECC:227D, GigabitEthernet0/0
OI  2001:DB8:13::/96 [110/3]
     via FE80::5054:FF:FECC:227D, GigabitEthernet0/0
OI  2001:DB8:1010::1/128 [110/2]
     via FE80::5054:FF:FECC:227D, GigabitEthernet0/0
OI  2001:DB8:1020::/64 [110/4]
     via FE80::5054:FF:FECC:227D, GigabitEthernet0/0
OI  2001:DB8:1040::/64 [110/4]
     via FE80::5054:FF:FECC:227D, GigabitEthernet0/0
R7#show ipv6 route ospf
IPv6 Routing Table - default - 9 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
OI  2001:DB8:11::/96 [110/3]
     via FE80::5054:FF:FE94:950E, GigabitEthernet0/0
OI  2001:DB8:12::/96 [110/3]
     via FE80::5054:FF:FE94:950E, GigabitEthernet0/0
OI  2001:DB8:13::/96 [110/2]
     via FE80::5054:FF:FE94:950E, GigabitEthernet0/0
OI  2001:DB8:1010::1/128 [110/2]
     via FE80::5054:FF:FE94:950E, GigabitEthernet0/0
OI  2001:DB8:1020::/64 [110/4]
     via FE80::5054:FF:FE94:950E, GigabitEthernet0/0
OI  2001:DB8:1030::/64 [110/4]
     via FE80::5054:FF:FE94:950E, GigabitEthernet0/0

ABRにルートフィルタリング適用

R2 ルートフィルタリング
ip prefix-list ALLOW_HONSHA permit 192.168.10.1/32
!
router ospf 100
 area 0 filter-list prefix ALLOW_HONSHA out
!
ipv6 prefix-list ALLOW_HONSHA_V6 permit 2001:DB8:1010::1/128
!
ipv6 router ospf 100
 area 0 filter-list prefix ALLOW_HONSHA_V6 out
R3 ルートフィルタリング
ip prefix-list ALLOW_HONSHA permit 192.168.10.1/32
!
router ospf 100
 area 0 filter-list prefix ALLOW_HONSHA out
!
ipv6 prefix-list ALLOW_HONSHA_V6 permit 2001:DB8:1010::1/128
!
ipv6 router ospf 100
 area 0 filter-list prefix ALLOW_HONSHA_V6 out
R4 ルートフィルタリング
ip prefix-list ALLOW_HONSHA permit 192.168.10.1/32
!
router ospf 100
 area 0 filter-list prefix ALLOW_HONSHA out
!
ipv6 prefix-list ALLOW_HONSHA_V6 permit 2001:DB8:1010::1/128
!
 ipv6 router ospf 100
area 0 filter-list prefix ALLOW_HONSHA_V6 out

通常の運用を考慮すると、可能な限り全ABRで同一内容のルートフィルタリングを設定することが推奨されます

ABRにルートフィルタリング後

OSPFv2 show ip route ospf

R5#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
      192.168.10.0/32 is subnetted, 1 subnets
O IA     192.168.10.1 [110/3] via 192.168.20.2, 04:52:33, GigabitEthernet0/0
R6#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
      192.168.10.0/32 is subnetted, 1 subnets
O IA     192.168.10.1 [110/3] via 192.168.30.3, 04:24:01, GigabitEthernet0/0
R7#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
      192.168.10.0/32 is subnetted, 1 subnets
O IA     192.168.10.1 [110/3] via 192.168.40.4, 04:21:39, GigabitEthernet0/0

OSPFv3 show ipv6 route ospf

R5#show ipv6 route ospf
IPv6 Routing Table - default - 9 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application

OI  2001:DB8:1010::1/128 [110/2]
     via FE80::5054:FF:FEE8:A9DA, GigabitEthernet0/0
R6#show ipv6 route ospf
IPv6 Routing Table - default - 9 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application

OI  2001:DB8:1010::1/128 [110/2]
     via FE80::5054:FF:FECC:227D, GigabitEthernet0/0
R7#show ipv6 route ospf
IPv6 Routing Table - default - 9 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application

OI  2001:DB8:1010::1/128 [110/2]
     via FE80::5054:FF:FE94:950E, GigabitEthernet0/0

設定の複雑性・導入の手間(運用負荷)

ABRでのフィルタリング設定の運用課題:

  • 本社ネットワークの追加・変更時に全ABRでの設定変更が必要
  • IPv4とIPv6両方でOSPFを運用している場合、単純に作業量は通常の2倍
  • 設定の同期漏れによる意図しない通信のリスク

新しい設計アプローチ

Area構成の変更

ポイント:

  • Area 1をバックボーンとして使用
  • 各支社をそれぞれ独立したArea 0として構成

OSPFの動作原理を活用

OSPFでは、複数の独立したArea 0間における直接的なルート情報交換は行われません。これはOSPFの階層構造の設計原理によるものです。
結果:

  • 支社A(Area 0)のルート情報は本社(Area 1)には届きます。
  • しかし、支社B、C(別拠点のArea 0)には支社Aのルート情報は自動的に届きません。
  • これにより、ABRでの特別な設定は不要となります。

技術的な実装詳細

LSAの伝播制御

  1. Type-1、Type-2 LSA:各Area 0内でのみ伝播
  2. Type-3 LSA:Area 1から各Area 0への一方向のみ
  3. Area 0間の直接交換:発生しない

新しい設計適用後

OSPFv2 show ip route ospf

R1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
O IA  192.168.20.0/24 [110/2] via 10.11.0.2, 00:00:15, GigabitEthernet0/1
O IA  192.168.30.0/24 [110/2] via 10.12.0.2, 00:00:15, GigabitEthernet0/2
O IA  192.168.40.0/24 [110/2] via 10.13.0.2, 00:00:15, GigabitEthernet0/3
R5#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
      10.0.0.0/30 is subnetted, 3 subnets
O IA     10.11.0.0 [110/2] via 192.168.20.2, 00:13:34, GigabitEthernet0/0
O IA     10.12.0.0 [110/3] via 192.168.20.2, 00:03:08, GigabitEthernet0/0
O IA     10.13.0.0 [110/3] via 192.168.20.2, 00:03:08, GigabitEthernet0/0
      192.168.10.0/32 is subnetted, 1 subnets
O IA     192.168.10.1 [110/3] via 192.168.20.2, 00:03:08, GigabitEthernet0/0
R6#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
      10.0.0.0/30 is subnetted, 3 subnets
O IA     10.11.0.0 [110/3] via 192.168.30.3, 00:05:36, GigabitEthernet0/0
O IA     10.12.0.0 [110/2] via 192.168.30.3, 00:10:53, GigabitEthernet0/0
O IA     10.13.0.0 [110/3] via 192.168.30.3, 00:05:36, GigabitEthernet0/0
      192.168.10.0/32 is subnetted, 1 subnets
O IA     192.168.10.1 [110/3] via 192.168.30.3, 00:05:36, GigabitEthernet0/0
R7#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
      10.0.0.0/30 is subnetted, 3 subnets
O IA     10.11.0.0 [110/3] via 192.168.40.4, 00:06:48, GigabitEthernet0/0
O IA     10.12.0.0 [110/3] via 192.168.40.4, 00:06:48, GigabitEthernet0/0
O IA     10.13.0.0 [110/2] via 192.168.40.4, 00:08:42, GigabitEthernet0/0
      192.168.10.0/32 is subnetted, 1 subnets
O IA     192.168.10.1 [110/3] via 192.168.40.4, 00:06:48, GigabitEthernet0/0

OSPFv3 show ipv6 route ospf

R1#show ipv6 route ospf
IPv6 Routing Table - default - 12 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
OI  2001:DB8:1020::/64 [110/2]
     via FE80::5054:FF:FE8F:DE, GigabitEthernet0/1
OI  2001:DB8:1030::/64 [110/2]
     via FE80::5054:FF:FEEC:CA06, GigabitEthernet0/2
OI  2001:DB8:1040::/64 [110/2]
     via FE80::5054:FF:FEF0:CCA9, GigabitEthernet0/3
R5#show ipv6 route ospf
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
OI  2001:DB8:11::/96 [110/2]
     via FE80::5054:FF:FEE8:A9DA, GigabitEthernet0/0
OI  2001:DB8:12::/96 [110/3]
     via FE80::5054:FF:FEE8:A9DA, GigabitEthernet0/0
OI  2001:DB8:13::/96 [110/3]
     via FE80::5054:FF:FEE8:A9DA, GigabitEthernet0/0
OI  2001:DB8:1010::1/128 [110/2]
     via FE80::5054:FF:FEE8:A9DA, GigabitEthernet0/0
R6#show ipv6 route ospf
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
OI  2001:DB8:11::/96 [110/3]
     via FE80::5054:FF:FECC:227D, GigabitEthernet0/0
OI  2001:DB8:12::/96 [110/2]
     via FE80::5054:FF:FECC:227D, GigabitEthernet0/0
OI  2001:DB8:13::/96 [110/3]
     via FE80::5054:FF:FECC:227D, GigabitEthernet0/0
OI  2001:DB8:1010::1/128 [110/2]
     via FE80::5054:FF:FECC:227D, GigabitEthernet0/0
R7#show ipv6 route ospf
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
OI  2001:DB8:11::/96 [110/3]
     via FE80::5054:FF:FE94:950E, GigabitEthernet0/0
OI  2001:DB8:12::/96 [110/3]
     via FE80::5054:FF:FE94:950E, GigabitEthernet0/0
OI  2001:DB8:13::/96 [110/2]
     via FE80::5054:FF:FE94:950E, GigabitEthernet0/0
OI  2001:DB8:1010::1/128 [110/2]
     via FE80::5054:FF:FE94:950E, GigabitEthernet0/0

メリットとデメリット

評価
項目		 従来設計(Area 0 + フィルタリング) 新設計(複数Area 0 + Area 1)
OSPF
理解		 容易
・一般的なOSPF設計パターン		 やや難
・OSPFの動作原理への深い理解が必要
OSPF
実装		 一般
・各ABRでフィルタリング設定が必要
・IPv4/IPv6で設定が2倍		 容易
・Area番号の割り当てのみ
・特別な設定は不要
運用 負荷大
・本社NW変更時に全ABRの設定変更が必要
・設定同期漏れのリスクあり
・IPv4/IPv6両対応で作業量増加		 負荷小
・フィルタリング設定が不要
・設定ミスのリスクが大幅に減少
・IPv4/IPv6で同じ効果
制約 柔軟性高
・支社間通信が必要になった場合、フィルタ変更で対応可能		 柔軟性低
・支社間通信が必要な場合、Virtual-Link設計が必要
効果 要件達成
・ただし運用負荷が継続的に発生		 要件達成
・運用負荷を大幅に削減し、設定の簡素化を実現

まとめ

従来のOSPFマルチエリア設計では、支社間通信の制限に複雑な設定が必要でした。このようにArea構成を少し工夫して変更することで、特別な設定をすることなくOSPFに元々備わっている機能を活用した形で、OSPFに参加する本社/支社ルータの設定を大幅に削減・簡素化できます。

効果:

  • 設定数の大幅削減
  • 運用負荷の軽減
  • 設定ミスのリスク削減

この方法は特定の要件を持つネットワークに有効ですが、導入前には十分な検討と動作検証などの準備が重要です。
これをお読みの皆様も日頃から感じていらっしゃると思いますが、ネットワーク設計では、要件に応じて最適な解を検討し、最適な解を選択することが大切です。
是非、最適な設計で日々の運用負荷を軽減していってください。

株式会社プログデンス
株式会社プログデンス

株式会社プログデンス/BtoB向けのITソリューションを提供する企業です。 技術スタック: SASE / Prisma Access / Zscaler / Netskope / Cato Networks / Tanium / M365 / Cisco / Automation / Ansible

設定によりコメント欄が無効化されています