MPLS-VPNのトラブル その1 【CCIEレベル】

ネットワーク構成

下記のネットワーク構成で、MPLS-VPNを通じてR4とR5間の通信ができるようにしたいと考えています。

mpls04.jpg
図 MPLS-VPN ネットワーク構成

ルータの役割は、次の通りです。

PEルータ:R1、R3
Pルータ :R2
CEルータ:R4、R5

PEルータであるR1、R3ではともにVRFとして次のように定義します。

VRF名:VPN
RD:100:100
Import RT:100:100
Export RT:100:100

設定概要

各ルータで行われているMPLS-VPNでの通信に関連する設定は次の通りです。

R1
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ip vrf VPN
rd 100:100
route-target export 100:100
route-target import 100:100
!
interface Loopback0
ip address 192.168.0.1 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding VPN
ip address 10.14.14.1 255.255.255.0
!
interface Serial1/0
ip address 192.168.12.1 255.255.255.0
encapsulation ppp
mpls ip
no peer neighbor-route
!
router ospf 14 vrf VPN
log-adjacency-changes
redistribute bgp 100 subnets
network 10.14.14.1 0.0.0.0 area 0
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 192.168.0.3 remote-as 100
neighbor 192.168.0.3 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 192.168.0.3 activate
neighbor 192.168.0.3 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN
redistribute ospf 14 vrf VPN
no synchronization
exit-address-family
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R2
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
interface Loopback0
ip address 192.168.0.2 255.255.255.255
!
interface Serial1/0
ip address 192.168.12.2 255.255.255.0
encapsulation ppp
no peer neighbor-route
!
interface Serial1/1
ip address 192.168.23.2 255.255.255.0
encapsulation ppp
mpls ip
no peer neighbor-route
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R3
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
ip vrf VPN
rd 100:100
route-target export 100:100
route-target import 100:100
!
interface Loopback0
ip address 192.168.0.3 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding VPN
ip address 10.35.35.3 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 192.168.23.3 255.255.255.0
encapsulation ppp
mpls ip
no peer neighbor-route
!
router ospf 35 vrf VPN
log-adjacency-changes
redistribute bgp 100 subnets
network 10.35.35.3 0.0.0.0 area 0
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 192.168.0.1 remote-as 100
neighbor 192.168.0.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 192.168.0.1 activate
neighbor 192.168.0.1 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN
redistribute ospf 35 vrf VPN
no synchronization
exit-address-family
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R4
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
interface Loopback0
ip address 172.16.4.4 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
ip address 10.14.14.4 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 10.14.14.4 0.0.0.0 area 0
network 172.16.4.4 0.0.0.0 area 0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R5
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
interface Loopback0
ip address 172.16.5.5 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
ip address 10.35.35.5 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 10.35.35.5 0.0.0.0 area 0
network 172.16.5.5 0.0.0.0 area 0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

トラブルの症状

R4、R5のルーティングテーブルを見ると、お互いのルートを確認できます。

R4 show ip route
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R4#show ip route
~省略~
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
C       172.16.4.0 is directly connected, Loopback0
O E2    172.16.5.0 [110/2] via 10.14.14.1, 00:20:00, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
O E2    10.35.35.0 [110/1] via 10.14.14.1, 00:20:00, FastEthernet0/0
C       10.14.14.0 is directly connected, FastEthernet0/0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R5 show ip route
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R5#show ip route
~省略~
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
O E2    172.16.4.0 [110/2] via 10.35.35.3, 00:23:01, FastEthernet0/0
C       172.16.5.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 2 subnets
C       10.35.35.0 is directly connected, FastEthernet0/0
O E2    10.14.14.0 [110/1] via 10.35.35.3, 00:23:01, FastEthernet0/0
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

ところが、実際には通信ができません。R4から172.16.5.5へPingすると失敗します。

R4から172.16.5.5へPing
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R4#ping 172.16.5.5 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.5.5, timeout is 2 seconds:
Packet sent with a source address of 172.16.4.4
.....
Success rate is 0 percent (0/5)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

CEルータであるR4、R5でお互いのルートが確認できているので、R4とR5には設定ミスがないことが明らかです。そこで、MPLS-VPNバックボーンを構成するR1、R2、R3でそれぞれ次のshowコマンドで原因の切り分けを行いました。

R1
show mpls interface
show mpls ldp neighbor
show ip bgp summary
show ip bgp vpnv4 all
show ip route vrf VPN
show ip cef vrf VPN 172.16.5.0
R2
show mpls interface
show mpls ldp neighbor
show mpls forwarding-table
R3
show mpls interface
show mpls ldp neighbor
show ip bgp summary
show ip bgp vpnv4 all
show ip route vrf VPN
show ip cef vrf VPN 172.16.4.0
R1 showコマンドの結果
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R1#show mpls interface
Interface              IP            Tunnel   Operational
Serial1/0              Yes (ldp)     No       Yes
R1#show mpls ldp neighbor
R1#show ip bgp summary
BGP router identifier 192.168.0.1, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.0.3     4   100      43      43        1    0    0 00:33:52        0
R1#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 192.168.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:100 (default for vrf VPN)
*> 10.14.14.0/24    0.0.0.0                  0         32768 ?
*>i10.35.35.0/24    192.168.0.3              0    100      0 ?
*> 172.16.4.0/24    10.14.14.4               2         32768 ?
*>i172.16.5.0/24    192.168.0.3              2    100      0 ?
R1#show ip route vrf VPN
Routing Table: VPN
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
O       172.16.4.0 [110/2] via 10.14.14.4, 00:35:16, FastEthernet0/0
B       172.16.5.0 [200/2] via 192.168.0.3, 00:33:31
10.0.0.0/24 is subnetted, 2 subnets
B       10.35.35.0 [200/0] via 192.168.0.3, 00:33:31
C       10.14.14.0 is directly connected, FastEthernet0/0
R1#show ip cef vrf VPN 172.16.5.0
172.16.5.0/24, version 14, epoch 0, cached adjacency to Serial1/0
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with
Recursive rewrite via 192.168.0.3/32, tags imposed {21}
via 192.168.0.3, 0 dependencies, recursive
next hop 192.168.12.2, Serial1/0 via 192.168.0.3/32
valid cached adjacency
tag rewrite with
Recursive rewrite via 192.168.0.3/32, tags imposed {21}
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R2 showコマンドの結果
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R2#show mpls interface
Interface              IP            Tunnel   Operational
Serial1/1              Yes (ldp)     No       Yes
R2#show mpls ldp neighbor
Peer LDP Ident: 192.168.0.3:0; Local LDP Ident 192.168.0.2:0
TCP connection: 192.168.0.3.48691 - 192.168.0.2.646
State: Oper; Msgs sent/rcvd: 89/90; Downstream
Up time: 01:12:09
LDP discovery sources:
Serial1/1, Src IP addr: 192.168.23.3
Addresses bound to peer LDP Ident:
192.168.23.3    192.168.0.3
R2#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Untagged    192.168.0.1/32    3317       Se1/0      point2point
17     Pop tag     192.168.0.3/32    2809       Se1/1      point2point
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R3 showコマンドの結果
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
R3#show mpls interface
Interface              IP            Tunnel   Operational
Serial1/0              Yes (ldp)     No       Yes
R3#show mpls ldp neighbor
Peer LDP Ident: 192.168.0.2:0; Local LDP Ident 192.168.0.3:0
TCP connection: 192.168.0.2.646 - 192.168.0.3.48691
State: Oper; Msgs sent/rcvd: 90/90; Downstream
Up time: 01:12:51
LDP discovery sources:
Serial1/0, Src IP addr: 192.168.23.2
Addresses bound to peer LDP Ident:
192.168.12.2    192.168.23.2    192.168.0.2
R3#show ip bgp summary
BGP router identifier 192.168.0.3, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.0.1     4   100      45      45        1    0    0 00:35:25        0
R3#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 192.168.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:100 (default for vrf VPN)
*>i10.14.14.0/24    192.168.0.1              0    100      0 ?
*> 10.35.35.0/24    0.0.0.0                  0         32768 ?
*>i172.16.4.0/24    192.168.0.1              2    100      0 ?
*> 172.16.5.0/24    10.35.35.5               2         32768 ?
R3#show ip route vrf VPN
Routing Table: VPN
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
B       172.16.4.0 [200/2] via 192.168.0.1, 00:35:09
O       172.16.5.0 [110/2] via 10.35.35.5, 00:36:41, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
C       10.35.35.0 is directly connected, FastEthernet0/0
B       10.14.14.0 [200/0] via 192.168.0.1, 00:35:09
R3#show ip cef vrf VPN 172.16.4.0
172.16.4.0/24, version 14, epoch 0, cached adjacency to Serial1/0
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Se1/0, point2point, tags imposed: {16 22}
via 192.168.0.1, 0 dependencies, recursive
next hop 192.168.23.2, Serial1/0 via 192.168.0.1/32
valid cached adjacency
tag rewrite with Se1/0, point2point, tags imposed: {16 22}
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

R1~R3のshowコマンドによって設定ミスがわかったので修正すると、正常にMPLS-VPNを通じてR4-R5間の通信ができるようになりました。

問題

  • R4、R5ではお互いのルートを学習できているのになぜ通信できないのですか?
  • MPLS-VPN経由でR4-R5間の通信ができるようにするためには、どのように設定を修正すればよいですか?

Follow me!