DynagenでCCIEを目指す
20010513 AD値によるルートフィルタ
最終更新:
it_certification
-
view
目的
- distribution-listによるルートフィルタの方法を確認します。
- AD値によるルートフィルタの方法を確認します。
構成
- 設定概要
- RIPとOSPFによってルーティングします。
- 構成図
- netファイル
model = 3660 [localhost] [[3660]] image = C:\Program Files\Dynamips\images\c3660-ik9o3s-mz.124-6.T.bin ram = 128 [[ROUTER R1]] e1/0 = R2 e1/1 [[ROUTER R2]] e1/0 = R3 e1/1 [[ROUTER R3]] e1/0 = R4 e1/1 [[ROUTER R4]] e1/0 = R1 e1/1
- 初期設定 R1
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef ! ! ! ipv6 unicast-routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.10.1 255.255.255.0 speed auto full-duplex ipv6 address 2000::10:1/112 ipv6 enable no keepalive ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Ethernet1/0 ip address 192.168.12.1 255.255.255.0 full-duplex ipv6 address 2000::12:1/112 ipv6 enable ipv6 rip HOGE enable ! interface Ethernet1/1 ip address 192.168.14.1 255.255.255.0 full-duplex ipv6 address 2000::14:1/112 ipv6 enable ipv6 rip HOGE enable ! interface Ethernet1/2 no ip address shutdown half-duplex ! interface Ethernet1/3 no ip address shutdown half-duplex ! router rip version 2 redistribute connected network 192.168.12.0 network 192.168.14.0 no auto-summary ! ip http server no ip http secure-server ! ! ! ipv6 router rip HOGE redistribute connected ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
- 初期設定 R2
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef ! ! ! ipv6 unicast-routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown speed auto full-duplex ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Ethernet1/0 ip address 192.168.23.2 255.255.255.0 full-duplex ipv6 address 2000::23:2/112 ipv6 enable ipv6 ospf 1 area 0 ! interface Ethernet1/1 ip address 192.168.12.2 255.255.255.0 full-duplex ipv6 address 2000::12:2/112 ipv6 enable ipv6 rip HOGE enable ! interface Ethernet1/2 no ip address shutdown half-duplex ! interface Ethernet1/3 no ip address shutdown half-duplex ! router ospf 1 log-adjacency-changes redistribute rip subnets network 192.168.23.2 0.0.0.0 area 0 ! router rip version 2 redistribute ospf 1 network 192.168.12.0 no auto-summary ! ip http server no ip http secure-server ! ! ! ipv6 router ospf 1 log-adjacency-changes redistribute rip HOGE ! ipv6 router rip HOGE redistribute ospf 1 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! ! end
- 初期設定 R3
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef ! ! ! ipv6 unicast-routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.30.3 255.255.255.0 speed auto full-duplex ipv6 address 2000::30:3/112 ipv6 enable no keepalive ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Ethernet1/0 ip address 192.168.34.3 255.255.255.0 full-duplex ipv6 address 2000::34:3/112 ipv6 ospf 1 area 0 ! interface Ethernet1/1 ip address 192.168.23.3 255.255.255.0 full-duplex ipv6 address 2000::23:3/112 ipv6 ospf 1 area 0 ! interface Ethernet1/2 no ip address shutdown half-duplex ! interface Ethernet1/3 no ip address shutdown half-duplex ! router ospf 1 log-adjacency-changes redistribute connected subnets network 192.168.23.3 0.0.0.0 area 0 network 192.168.34.3 0.0.0.0 area 0 ! ip http server no ip http secure-server ! ! ! ipv6 router ospf 1 log-adjacency-changes redistribute connected ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
- 初期設定 R4
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R4 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef ! ! ! ipv6 unicast-routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown speed auto half-duplex ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface Ethernet1/0 ip address 192.168.14.4 255.255.255.0 full-duplex ipv6 address 2000::14:4/112 ipv6 enable ipv6 rip HOGE enable ! interface Ethernet1/1 ip address 192.168.34.4 255.255.255.0 full-duplex ipv6 address 2000::34:4/112 ipv6 enable ipv6 ospf 1 area 0 ! interface Ethernet1/2 no ip address shutdown half-duplex ! interface Ethernet1/3 no ip address shutdown half-duplex ! router ospf 1 log-adjacency-changes redistribute rip subnets network 192.168.34.4 0.0.0.0 area 0 ! router rip version 2 redistribute ospf 1 network 192.168.14.0 no auto-summary ! ip http server no ip http secure-server ! ! ! ipv6 router ospf 1 log-adjacency-changes redistribute rip HOGE ! ipv6 router rip HOGE redistribute ospf 1 ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 login ! ! end
検証1 metricの修正
- ルーティングテーブルの確認
R3のルーティングテーブルを見ると、全ネットワークを認識している事が分かります。
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O E2 192.168.12.0/24 [110/20] via 192.168.23.2, 00:30:35, Ethernet1/1
O E2 192.168.14.0/24 [110/20] via 192.168.34.4, 00:28:28, Ethernet1/0
C 192.168.30.0/24 is directly connected, FastEthernet0/0
O E2 192.168.10.0/24 [110/20] via 192.168.23.2, 00:28:37, Ethernet1/1
C 192.168.23.0/24 is directly connected, Ethernet1/1
C 192.168.34.0/24 is directly connected, Ethernet1/0
R3#
R3#
R3#show ipv6 route
IPv6 Routing Table - 13 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
OE2 2000::10:0/112 [110/20]
via FE80::CE01:9FF:FE4C:10, Ethernet1/1
OE2 2000::12:0/112 [110/20]
via FE80::CE03:9FF:FE4C:11, Ethernet1/0
OE2 2000::14:0/112 [110/20]
via FE80::CE01:9FF:FE4C:10, Ethernet1/1
OE2 2000::20:0/112 [110/20]
via FE80::CE03:9FF:FE4C:11, Ethernet1/0
C 2000::23:0/112 [0/0]
via ::, Ethernet1/1
L 2000::23:3/128 [0/0]
via ::, Ethernet1/1
C 2000::30:0/112 [0/0]
via ::, FastEthernet0/0
L 2000::30:3/128 [0/0]
via ::, FastEthernet0/0
C 2000::34:0/112 [0/0]
via ::, Ethernet1/0
L 2000::34:3/128 [0/0]
via ::, Ethernet1/0
OE2 2000::40:0/112 [110/20]
via FE80::CE01:9FF:FE4C:10, Ethernet1/1
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
R3#
一方、R1のルーティングテーブルを見ると、OSPFによるエリアを認識しておりません。RIPからOSPFへの再配送はできていますが、OSPFからRIPへの再配送はできていません。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet1/0
C 192.168.14.0/24 is directly connected, Ethernet1/1
C 192.168.10.0/24 is directly connected, FastEthernet0/0
R1#
R1#
R1#show ipv6 route
IPv6 Routing Table - 8 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
C 2000::10:0/112 [0/0]
via ::, FastEthernet0/0
L 2000::10:1/128 [0/0]
via ::, FastEthernet0/0
C 2000::12:0/112 [0/0]
via ::, Ethernet1/0
L 2000::12:1/128 [0/0]
via ::, Ethernet1/0
C 2000::14:0/112 [0/0]
via ::, Ethernet1/1
L 2000::14:1/128 [0/0]
via ::, Ethernet1/1
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
R1#
- メトリックの確認
ルーティングプロトコルを再配送する際、metric値を省略すると以下の値が採用されます。すなわち、OSPF以外の場合はmetricを明示しないと到達不能なルートとして扱われてしまいます。
| protocol | metric | 備考 |
| RIP | 無限大, connected, staticの場合は1 | |
| EIGRP | 無限大 | connected, staticは例外かも…(未調査) |
| OSPF | 20 BGPの場合は1 |
OSPFからRIPへ再配送できるよう、metric値を明示的に定義します。
R2(config)#router rip R2(config-router)#redistribute ospf 1 metric 5 R2(config-router)#exit R2(config)#ipv6 router rip HOGE R2(config-rtr)#redistribute ospf 1 metric 5 R4(config)#router rip R4(config-router)#redistribute ospf 1 metric 5 R4(config-router)#exit R4(config)#ipv6 router rip HOGE R4(config-rtr)#redistribute ospf 1 metric 5
- ルーティングテーブルの確認
R1のルーティングテーブルを確認します。OSPFからRIPへ再配送できた事が確認できます。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet1/0
C 192.168.14.0/24 is directly connected, Ethernet1/1
R 192.168.30.0/24 [120/5] via 192.168.14.4, 00:00:26, Ethernet1/1
[120/5] via 192.168.12.2, 00:00:21, Ethernet1/0
C 192.168.10.0/24 is directly connected, FastEthernet0/0
R 192.168.23.0/24 [120/5] via 192.168.14.4, 00:00:26, Ethernet1/1
[120/5] via 192.168.12.2, 00:00:22, Ethernet1/0
R 192.168.34.0/24 [120/5] via 192.168.14.4, 00:00:26, Ethernet1/1
[120/5] via 192.168.12.2, 00:00:22, Ethernet1/0
R1#
R1#
R1#show ipv6 route
IPv6 Routing Table - 13 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
D - EIGRP, EX - EIGRP external
C 2000::10:0/112 [0/0]
via ::, FastEthernet0/0
L 2000::10:1/128 [0/0]
via ::, FastEthernet0/0
C 2000::12:0/112 [0/0]
via ::, Ethernet1/0
L 2000::12:1/128 [0/0]
via ::, Ethernet1/0
C 2000::14:0/112 [0/0]
via ::, Ethernet1/1
L 2000::14:1/128 [0/0]
via ::, Ethernet1/1
R 2000::20:0/112 [120/6]
via FE80::CE01:9FF:FE4C:11, Ethernet1/0
R 2000::23:0/112 [120/6]
via FE80::CE03:9FF:FE4C:10, Ethernet1/1
R 2000::30:0/112 [120/6]
via FE80::CE01:9FF:FE4C:11, Ethernet1/0
via FE80::CE03:9FF:FE4C:10, Ethernet1/1
R 2000::34:0/112 [120/6]
via FE80::CE01:9FF:FE4C:11, Ethernet1/0
R 2000::40:0/112 [120/6]
via FE80::CE03:9FF:FE4C:10, Ethernet1/1
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
R1#
検証2 ACLによるルートフィルタ
- 問題点の把握
RIPよりOSPFの方がAD値が小さいため、RIPから教わったルートよりもRIPからOSPFに再配送されたルートの方が優先されてしまいます。そのため、遠回りな経路を選択してしまう事があります。
例えば、R2からR1 e1/1(192.168.14.1)への疎通を考えると以下のような遠回りの経路を通ってしまいます。
例えば、R2からR1 e1/1(192.168.14.1)への疎通を考えると以下のような遠回りの経路を通ってしまいます。
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet1/1
O E2 192.168.14.0/24 [110/20] via 192.168.23.3, 00:00:49, Ethernet1/0 <- RIPよりも外部OSPFの方が優先されます
O E2 192.168.30.0/24 [110/20] via 192.168.23.3, 00:00:49, Ethernet1/0
R 192.168.10.0/24 [120/1] via 192.168.12.1, 00:00:00, Ethernet1/1
C 192.168.23.0/24 is directly connected, Ethernet1/0
O 192.168.34.0/24 [110/20] via 192.168.23.3, 00:00:49, Ethernet1/0
R2#
R2#
R2#traceroute 192.168.14.1
Type escape sequence to abort.
Tracing the route to 192.168.14.1
1 192.168.23.3 480 msec 220 msec 56 msec
2 192.168.34.4 472 msec 500 msec 52 msec
3 192.168.14.1 508 msec 556 msec *
R2#
- distribution-listの定義
R2, R4で遠回りの経路を通らないよう、distribution-listを定義します。
R2(config)#access-list 1 permit 192.168.10.0 R2(config)#access-list 1 permit 192.168.14.0 R2(config)#access-list 2 permit 192.168.30.0 R2(config)#access-list 2 permit 192.168.34.0 R2(config)# R2(config)# R2(config)#router rip R2(config-router)#distribute-list 1 in R2(config-router)#exit R2(config)# R2(config)# R2(config)#router ospf 1 R2(config-router)#distribute-list 2 in R4(config)#access-list 1 permit 192.168.10.0 R4(config)#access-list 1 permit 192.168.12.0 R4(config)#access-list 2 permit 192.168.30.0 R4(config)#access-list 2 permit 192.168.23.0 R4(config)# R4(config)# R4(config)#router rip R4(config-router)#distribute-list 1 in R4(config-router)#exit R4(config)# R4(config)# R4(config)#router ospf 1 R4(config-router)#distribute-list 2 in
- ルーティングテーブルの確認
遠回りな経路を通らなくなった事を確認します。
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet1/1
R 192.168.14.0/24 [120/1] via 192.168.12.1, 00:00:25, Ethernet1/1 <- distriburion-listによってRIP経由に変化
O E2 192.168.30.0/24 [110/20] via 192.168.23.3, 00:04:32, Ethernet1/0
R 192.168.10.0/24 [120/1] via 192.168.12.1, 00:00:25, Ethernet1/1
C 192.168.23.0/24 is directly connected, Ethernet1/0
O 192.168.34.0/24 [110/20] via 192.168.23.3, 00:04:33, Ethernet1/0
R2#
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R 192.168.12.0/24 [120/1] via 192.168.14.1, 00:00:25, Ethernet1/0
C 192.168.14.0/24 is directly connected, Ethernet1/0
O E2 192.168.30.0/24 [110/20] via 192.168.34.3, 00:00:42, Ethernet1/1
R 192.168.10.0/24 [120/1] via 192.168.14.1, 00:00:25, Ethernet1/0
O 192.168.23.0/24 [110/20] via 192.168.34.3, 00:00:42, Ethernet1/1
C 192.168.34.0/24 is directly connected, Ethernet1/1
R4#
検証3 AD値によるフィルタ
- 問題点の把握
検証2構成の問題点として、冗長性が保証されない事が挙げられます。例えば、R2 e1/1がdownした場合、R1へ疎通できなくなります。
R2(config)#interface Ethernet 1/1
R2(config-if)#shutdown
R2(config-if)#
*Mar 1 01:26:02.167: %LINK-5-CHANGED: Interface Ethernet1/1, changed state to administratively down
*Mar 1 01:26:03.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1/1, changed state to down
R2(config-if)#
R2(config-if)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O E2 192.168.30.0/24 [110/20] via 192.168.23.3, 00:10:37, Ethernet1/0
C 192.168.23.0/24 is directly connected, Ethernet1/0
O 192.168.34.0/24 [110/20] via 192.168.23.3, 00:10:37, Ethernet1/0
R2(config-if)#
R2(config-if)#
R2(config-if)#do ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R2(config-if)#
R2(config-if)#
R2(config-if)#no shutdown
R2(config-if)#
*Mar 1 01:27:20.443: %LINK-3-UPDOWN: Interface Ethernet1/1, changed state to up
*Mar 1 01:27:21.443: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1/1, changed state to up
R2(config-if)#
- AD値によるフィルタ
RIPからOSPFに再配送される遠回りな経路のAD値を130にして、RIPよりも優先されないようにします。
R2(config)#router rip R2(config-router)#no distribute-list 1 in R2(config-router)#exit R2(config)# R2(config)# R2(config)#router ospf 1 R2(config-router)#no distribute-list 2 in R2(config-router)#distance 130 0.0.0.0 255.255.255.255 1 R4(config)#router rip R4(config-router)#no distribute-list 1 in R4(config-router)#exit R4(config)# R4(config)# R4(config)#router ospf 1 R4(config-router)#no distribute-list 2 in R4(config-router)#distance 130 0.0.0.0 255.255.255.255 1
- ルーティングテーブルの確認
AD値を変更する事によって、遠回りなOSPF外部ルートよりもRIPの方が優先された事が確認できます。
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet1/1
R 192.168.14.0/24 [120/1] via 192.168.12.1, 00:00:05, Ethernet1/1 <- OSPFよりもRIPが優先されたルート
O E2 192.168.30.0/24 [110/20] via 192.168.23.3, 00:00:39, Ethernet1/0
R 192.168.10.0/24 [120/1] via 192.168.12.1, 00:00:05, Ethernet1/1 <- OSPFよりもRIPが優先されたルート
C 192.168.23.0/24 is directly connected, Ethernet1/0
O 192.168.34.0/24 [110/20] via 192.168.23.3, 00:00:39, Ethernet1/0
R2#
- 障害時のルーティングテーブルの確認
障害時のルーティングテーブルを確認します。AD値120のRIPによる経路が到達不能になったので、AD値130の遠回りOSPF経路が浮かびあがります。
R2(config)#interface Ethernet 1/1
R2(config-if)#shutdown
R2(config-if)#
*Mar 1 01:45:26.523: %LINK-5-CHANGED: Interface Ethernet1/1, changed state to administratively down
*Mar 1 01:45:27.523: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1/1, changed state to down
R2(config-if)#
R2(config-if)#
R2(config-if)#do show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O E2 192.168.14.0/24 [130/20] via 192.168.23.3, 00:00:14, Ethernet1/0 <- AD値が130のルートが浮かび上がります
O E2 192.168.30.0/24 [110/20] via 192.168.23.3, 00:06:11, Ethernet1/0
O E2 192.168.10.0/24 [130/20] via 192.168.23.3, 00:00:11, Ethernet1/0 <- AD値が130のルートが浮かび上がります
C 192.168.23.0/24 is directly connected, Ethernet1/0
O 192.168.34.0/24 [110/20] via 192.168.23.3, 00:06:11, Ethernet1/0
R2(config-if)#
- 障害時の疎通確認
R2からR1の疎通確認を行います。するとpingが届きません。
R2#do ping 192.168.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) R2#
疎通不能の原因を調べるために、R1のルーティングテーブルを表示させます。すると、障害発生前の経路が残っている事が分かります。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet1/0
C 192.168.14.0/24 is directly connected, Ethernet1/1
R 192.168.30.0/24 [120/5] via 192.168.14.4, 00:00:03, Ethernet1/1
[120/5] via 192.168.12.2, 00:02:05, Ethernet1/0
C 192.168.10.0/24 is directly connected, FastEthernet0/0
R 192.168.23.0/24 [120/5] via 192.168.14.4, 00:00:03, Ethernet1/1
[120/5] via 192.168.12.2, 00:02:05, Ethernet1/0
R 192.168.34.0/24 [120/5] via 192.168.14.4, 00:00:03, Ethernet1/1
[120/5] via 192.168.12.2, 00:02:05, Ethernet1/0
R1#
しばらく待つか、ルーティングテーブルを消去すると、以下のようなルーティングテーブルになります。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Ethernet1/0
C 192.168.14.0/24 is directly connected, Ethernet1/1
R 192.168.30.0/24 [120/5] via 192.168.14.4, 00:00:13, Ethernet1/1
C 192.168.10.0/24 is directly connected, FastEthernet0/0
R 192.168.23.0/24 [120/5] via 192.168.14.4, 00:00:13, Ethernet1/1
R 192.168.34.0/24 [120/5] via 192.168.14.4, 00:00:13, Ethernet1/1
R1#
再びpingを送信すると、今後はちゃんと応答が返ってきました。
R2#do ping 192.168.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 196/449/648 ms R2#
添付ファイル
