インフラ構築 - ネットワーク - ISPL3SW-共通L3SW

前回はISPに相当する箇所を準備した(ISPL3SW)。
今回はISPとネットワークの入り口との接続部分を構築する。

ISPとの接続にはBGPを使用するのが一般的のようだ。
この場合、ISPから必要な情報(BGP neighborのIP、AS番号など)が付与されるらしい。

作業対象

ホスト名	機種	OS
ISPL3SW#1(ISPSW01)	WS-C3550-12T
共通L3SW#1(CMNSW01)	WS-C3550-24
共通L3SW#2(CMNSW02)	WS-C3550-48

作業概要

・ISP向け経路の設定

設定項目

・eBGP

設定投入

ISPL3SW#1

ISPSW01>enable
ISPSW01#configure terminal
!--- Loopbackインターフェースの作成
ISPSW01(config)#interface Loopback1
ISPSW01(config-if)#ip address 1.1.1.252 255.255.255.255
ISPSW01(config-if)#exit
!--- 共通L3SW向けインターフェースの設定
ISPSW01(config)#interface Vlan106
ISPSW01(config-if)#ip address 10.5.0.6 255.255.255.252
ISPSW01(config-if)#exit
ISPSW01(config)#interface GigabitEthernet0/1
ISPSW01(config-if)#switchport mode access
ISPSW01(config-if)#switchport access vlan 106
ISPSW01(config-if)#exit
ISPSW01(config)#interface Vlan107
ISPSW01(config-if)#ip address 10.5.0.10 255.255.255.252
ISPSW01(config-if)#exit
ISPSW01(config)#interface GigabitEthernet0/2
ISPSW01(config-if)#switchport mode access
ISPSW01(config-if)#switchport access vlan 107
ISPSW01(config-if)#exit
!--- eBGPの設定
ISPSW01(config)#router bgp 200
ISPSW01(config-router)#network 10.5.0.4 mask 255.255.255.252
ISPSW01(config-router)#network 10.5.0.8 mask 255.255.255.252
ISPSW01(config-router)#network 192.168.0.0
ISPSW01(config-router)#timers bgp 10 30
ISPSW01(config-router)#neighbor 1.1.1.250 remote-as 100
ISPSW01(config-router)#neighbor 1.1.1.250 ebgp-multihop 255
ISPSW01(config-router)#neighbor 1.1.1.250 update-source Loopback1
ISPSW01(config-router)#neighbor 1.1.1.251 remote-as 100
ISPSW01(config-router)#neighbor 1.1.1.251 ebgp-multihop 255
ISPSW01(config-router)#neighbor 1.1.1.251 update-source Loopback1
ISPSW01(config-router)#exit
!--- eBGP neighbor宛の経路をstatic routeで設定
ISPSW01(config)#ip route 1.1.1.250 255.255.255.255 10.5.0.9
ISPSW01(config)#ip route 1.1.1.251 255.255.255.255 10.5.0.5
ISPSW01(config)#exit

共通L3SW#1

CMNSW01>enable
CMNSW01#configure terminal
!--- ルーティングの有効化
CMNSW01(config)#ip routing
!--- Loopbackインターフェースの作成
CMNSW01(config)#interface Loopback1
CMNSW01(config-if)#ip address 1.1.1.251 255.255.255.255
CMNSW01(config-if)#exit
!--- ISPL3SW向けインターフェース設定
CMNSW01(config)#interface Vlan105
CMNSW01(config-if)#ip address 10.5.0.1 255.255.255.252
CMNSW01(config-if)#exit
CMNSW01(config)#interface FastEthernet0/20
CMNSW01(config-if)#switchport mode access
CMNSW01(config-if)#switchport access vlan 105
CMNSW01(config-if)#exit
!--- eBGPの設定
CMNSW01(config)#router bgp 100
CMNSW01(config-router)#network 10.5.0.4 mask 255.255.255.252
CMNSW01(config-router)#timers bgp 10 30
CMNSW01(config-router)#redistribute static
CMNSW01(config-router)#neighbor 1.1.1.252 remote-as 200
CMNSW01(config-router)#neighbor 1.1.1.252 ebgp-multihop 255
CMNSW01(config-router)#neighbor 1.1.1.252 update-source Loopback1
CMNSW01(config-router)#exit
!--- eBGP neighbor宛の経路をstatic routeで設定
CMNSW01(config)#ip route 1.1.1.252 255.255.255.255 10.5.0.6
CMNSW01(config)#exit

共通L3SW#2

CMNSW02>enable
CMNSW02#configure terminal
!--- ルーティングの有効化
CMNSW02(config)#ip routing
!--- Loopbackインターフェースの作成
CMNSW02(config)#interface Loopback1
CMNSW02(config-if)#ip address 1.1.1.250 255.255.255.255
CMNSW02(config-if)#exit
!--- ISPL3SW向けインターフェース設定
CMNSW02(config)#interface Vlan107
CMNSW02(config-if)#ip address 10.5.0.9 255.255.255.252
CMNSW02(config-if)#exit
CMNSW02(config)#interface FastEthernet0/23
CMNSW02(config-if)#switchport mode access
CMNSW02(config-if)#switchport access vlan 107
CMNSW02(config-if)#exit
!--- eBGPの設定
CMNSW02(config)#router bgp 100
CMNSW02(CMNSW02(config)#)#network 10.5.0.8 mask 255.255.255.252
CMNSW02(CMNSW02(config)#)#timers bgp 10 30
CMNSW02(CMNSW02(config)#)#redistribute static
CMNSW02(CMNSW02(config)#)#neighbor 1.1.1.252 remote-as 200
CMNSW02(CMNSW02(config)#)#neighbor 1.1.1.252 ebgp-multihop 255
CMNSW02(CMNSW02(config)#)#neighbor 1.1.1.252 update-source Loopback1
CMNSW02(CMNSW02(config)#)#exit
!--- eBGP neighbor宛の経路をstatic routeで設定
CMNSW02(config)#ip route 1.1.1.252 255.255.255.255 10.5.0.10
CMNSW02(config)#exit

設定確認

コンフィグ(ISPL3SW#1)

ISPSW01#show running-config
Building configuration...
Current configuration : 3879 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISPSW01
!
!
!
!
no aaa new-model
ip routing
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface Loopback1
ip address 1.1.1.252 255.255.255.255
!
interface GigabitEthernet0/1
switchport access vlan 106
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 107
switchport mode access
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface GigabitEthernet0/9
switchport access vlan 1000
switchport mode access
!
interface GigabitEthernet0/10
switchport access vlan 100
switchport mode access
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface Vlan100
ip address 10.0.0.252 255.255.255.0
!
interface Vlan106
ip address 10.5.0.6 255.255.255.252
!
interface Vlan107
ip address 10.5.0.10 255.255.255.252
!
interface Vlan1000
ip address 192.168.0.254 255.255.255.0
!
router bgp 200
no synchronization
bgp log-neighbor-changes
network 10.5.0.4 mask 255.255.255.252
network 10.5.0.8 mask 255.255.255.252
network 192.168.0.0
timers bgp 10 30
neighbor 1.1.1.250 remote-as 100
neighbor 1.1.1.250 ebgp-multihop 255
neighbor 1.1.1.250 update-source Loopback1
neighbor 1.1.1.251 remote-as 100
neighbor 1.1.1.251 ebgp-multihop 255
neighbor 1.1.1.251 update-source Loopback1
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 1.1.1.250 255.255.255.255 10.5.0.9
ip route 1.1.1.251 255.255.255.255 10.5.0.5
ip http server
ip http secure-server
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜!
end

コンフィグ(共通L3SW#1)

CMNSW01#show running-config
Building configuration...
Current configuration : 5200 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CMNSW01
!
!
!
!
no aaa new-model
!
ip routing
no ip domain-lookup
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface Loopback1
ip address 1.1.1.251 255.255.255.255
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface FastEthernet0/23
switchport access vlan 106
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 100
switchport mode access
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface Vlan100
ip address 10.0.0.251 255.255.255.0
!
interface Vlan106
ip address 10.5.0.5 255.255.255.252
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 10.5.0.4 mask 255.255.255.252
timers bgp 10 30
redistribute static
neighbor 1.1.1.252 remote-as 200
neighbor 1.1.1.252 ebgp-multihop 255
neighbor 1.1.1.252 update-source Loopback1
no auto-summary
!
ip classless
ip route 1.1.1.252 255.255.255.255 10.5.0.6
ip http server
ip http secure-server
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
end

コンフィグ(共通L3SW#2)

CMNSW02#show running-config
Building configuration...
Current configuration : 6811 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CMNSW02
!
!
!
!
no aaa new-model
!
ip routing
no ip domain-lookup
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface Loopback1
ip address 1.1.1.250 255.255.255.255
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface FastEthernet0/23
switchport access vlan 107
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 100
switchport mode access
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
interface Vlan100
ip address 10.0.0.250 255.255.255.0
!
interface Vlan107
ip address 10.5.0.9 255.255.255.252
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 10.5.0.8 mask 255.255.255.252
timers bgp 10 30
redistribute static
neighbor 1.1.1.252 remote-as 200
neighbor 1.1.1.252 ebgp-multihop 255
neighbor 1.1.1.252 update-source Loopback1
no auto-summary
!
ip classless
ip route 1.1.1.252 255.255.255.255 10.5.0.10
ip http server
ip http secure-server
!
〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜
!
end

ルーティングテーブル(ISPL3SW#1)

ISPSW01#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.0.1 to network 0.0.0.0
1.0.0.0/32 is subnetted, 3 subnets
S 1.1.1.251 [1/0] via 10.5.0.5
S 1.1.1.250 [1/0] via 10.5.0.9
C 1.1.1.252 is directly connected, Loopback1
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.5.0.8/30 is directly connected, Vlan107
C 10.0.0.0/24 is directly connected, Vlan100
C 10.5.0.4/30 is directly connected, Vlan106
C 192.168.0.0/24 is directly connected, Vlan1000
S* 0.0.0.0/0 [1/0] via 192.168.0.1

ルーティングテーブル(共通L3SW#1)

CMNSW01#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 2 subnets
C 1.1.1.251 is directly connected, Loopback1
S 1.1.1.252 [1/0] via 10.5.0.6
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.5.0.8/30 [20/0] via 1.1.1.252, 00:02:54
C 10.0.0.0/24 is directly connected, Vlan100
C 10.5.0.4/30 is directly connected, Vlan106
B 192.168.0.0/24 [20/0] via 1.1.1.252, 00:02:54

ルーティングテーブル(共通L3SW#2)

CMNSW02#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 2 subnets
C 1.1.1.250 is directly connected, Loopback1
S 1.1.1.252 [1/0] via 10.5.0.10
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.5.0.8/30 is directly connected, Vlan107
C 10.0.0.0/24 is directly connected, Vlan100
B 10.5.0.4/30 [20/0] via 1.1.1.252, 00:04:11
B 192.168.0.0/24 [20/0] via 1.1.1.252, 00:12:11

BGPテーブル(ISPL3SW#1)

ISPSW01#show ip bgp
BGP table version is 59, local router ID is 1.1.1.252
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
r 1.1.1.252/32 1.1.1.251 0 0 100 ?
r> 1.1.1.250 0 0 100 ?
* 10.5.0.4/30 1.1.1.251 0 0 100 i
*> 0.0.0.0 0 32768 i
* 10.5.0.8/30 1.1.1.250 0 0 100 i
*> 0.0.0.0 0 32768 i
*> 192.168.0.0 0.0.0.0 0 32768 i

BGPテーブル(共通L3SW#1)

CMNSW01#show ip bgp
BGP table version is 7, local router ID is 1.1.1.251
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.252/32 10.5.0.6 0 32768 ?
* 10.5.0.4/30 1.1.1.252 0 0 200 i
*> 0.0.0.0 0 32768 i
*> 10.5.0.8/30 1.1.1.252 0 0 200 i
*> 192.168.0.0 1.1.1.252 0 0 200 i

BGPテーブル(共通L3SW#2)

CMNSW02#show ip bgp
BGP table version is 21, local router ID is 1.1.1.250
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.252/32 10.5.0.10 0 32768 ?
*> 10.5.0.4/30 1.1.1.252 0 0 200 i
* 10.5.0.8/30 1.1.1.252 0 0 200 i
*> 0.0.0.0 0 32768 i
*> 192.168.0.0 1.1.1.252 0 0 200 i