DynagenでCCIEを目指す
20010517 route-mapによる再配送の制御
最終更新:
it_certification
-
view
目的
- route-mapによって再配送を制限する方法を確認します。
構成
- 設定概要
- IPv4, IPv6並存環境です。
- ISIS, RIPng, EIGRPによってルーティングします。
- 構成図
- netファイル
model = 3620 [localhost] [[3620]] image = C:\Program Files\Dynamips\images\c3620-j1s3-mz.123-18.bin ram = 128 [[ROUTER R1]] f0/0 = R2 f1/0 [[ROUTER R2]] f0/0 = R3 f1/0 [[ROUTER R3]]
- 初期設定 R1
! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ! ! ! ip cef ipv6 unicast-routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 192.168.2.1 255.255.255.0 secondary ip address 192.168.3.1 255.255.255.0 secondary ip address 192.168.4.1 255.255.255.0 secondary ip address 192.168.1.1 255.255.255.0 ip router isis ipv6 address 2000::1:1/112 ipv6 address 2000::2:1/112 ipv6 address 2000::3:1/112 ipv6 address 2000::4:1/112 ipv6 enable ipv6 router isis ! interface FastEthernet0/0 ip address 192.168.10.1 255.255.255.0 ip router isis duplex auto speed auto ipv6 address 2000::10:1/112 ipv6 enable ipv6 router isis ! router isis net 01.0000.0000.0001.00 is-type level-1 ! ip http server ip classless ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
- 初期設定 R2
! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ! ! ! ip cef ipv6 unicast-routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.20.2 255.255.255.0 duplex auto speed auto ipv6 address 2000::20:2/112 ipv6 enable ipv6 rip HOGE enable ! interface FastEthernet1/0 ip address 192.168.10.2 255.255.255.0 ip router isis duplex auto speed auto ipv6 address 2000::10:2/112 ipv6 enable ipv6 router isis ! router eigrp 1 network 192.168.20.0 auto-summary ! router isis net 01.0000.0000.0002.00 is-type level-1 ! ip http server ip classless ! ! ipv6 router rip HOGE ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
- 初期設定 R3
! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ! ! ! ip cef ipv6 unicast-routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 192.168.32.3 255.255.255.0 secondary ip address 192.168.33.3 255.255.255.0 secondary ip address 192.168.34.3 255.255.255.0 secondary ip address 192.168.31.3 255.255.255.0 ipv6 address 2000::31:3/112 ipv6 address 2000::32:3/112 ipv6 address 2000::33:3/112 ipv6 address 2000::34:3/112 ipv6 rip HOGE enable ! interface FastEthernet1/0 ip address 192.168.20.3 255.255.255.0 duplex auto speed auto ipv6 address 2000::20:3/112 ipv6 enable ipv6 rip HOGE enable ! router eigrp 1 network 192.168.20.0 network 192.168.31.0 network 192.168.32.0 network 192.168.33.0 network 192.168.34.0 auto-summary ! ip http server ip classless ! ! ipv6 router rip HOGE ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
検証1 再配送の設定
- 再配送の設定
再配送の設定をします。RIP, EIGRPは再配送時のメトリックがデフォルトで無限大になるため、必ず明示的にメトリックを指定して下さい。
R2(config)#router isis R2(config-router)#redistribute eigrp 1 level-1 R2(config-router)#address-family ipv6 R2(config-router-af)#redistribute rip HOGE level-1 R2(config-router-af)#exit R2(config-router)#exit R2(config)# R2(config)# R2(config)# R2(config)#router eigrp 1 R2(config-router)#redistribute isis level-1 metric 100 10 255 1 1 R2(config-router)#exit R2(config)#ipv6 router rip HOGE R2(config-rtr)#redistribute isis level-1 metric 5
- ルーティングテーブルの確認
ルーティングテーブルの確認をします。再配送によって、R1, R3が互いに経路を交換できるようになった事を確認して下さい。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
i L1 192.168.31.0/24 [115/10] via 192.168.10.2, FastEthernet0/0
C 192.168.10.0/24 is directly connected, FastEthernet0/0
C 192.168.4.0/24 is directly connected, Loopback0
i L1 192.168.20.0/24 [115/10] via 192.168.10.2, FastEthernet0/0
i L1 192.168.34.0/24 [115/10] via 192.168.10.2, FastEthernet0/0
C 192.168.1.0/24 is directly connected, Loopback0
C 192.168.2.0/24 is directly connected, Loopback0
i L1 192.168.32.0/24 [115/10] via 192.168.10.2, FastEthernet0/0
C 192.168.3.0/24 is directly connected, Loopback0
i L1 192.168.33.0/24 [115/10] via 192.168.10.2, FastEthernet0/0
R1#
R1#
R1#show ipv6 route
IPv6 Routing Table - 16 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
C 2000::1:0/112 [0/0]
via ::, Loopback0
L 2000::1:1/128 [0/0]
via ::, Loopback0
C 2000::2:0/112 [0/0]
via ::, Loopback0
L 2000::2:1/128 [0/0]
via ::, Loopback0
C 2000::3:0/112 [0/0]
via ::, Loopback0
L 2000::3:1/128 [0/0]
via ::, Loopback0
C 2000::4:0/112 [0/0]
via ::, Loopback0
L 2000::4:1/128 [0/0]
via ::, Loopback0
C 2000::10:0/112 [0/0]
via ::, FastEthernet0/0
L 2000::10:1/128 [0/0]
via ::, FastEthernet0/0
I1 2000::31:0/112 [115/10]
via FE80::CE01:4FF:FED0:10, FastEthernet0/0
I1 2000::32:0/112 [115/10]
via FE80::CE01:4FF:FED0:10, FastEthernet0/0
I1 2000::33:0/112 [115/10]
via FE80::CE01:4FF:FED0:10, FastEthernet0/0
I1 2000::34:0/112 [115/10]
via FE80::CE01:4FF:FED0:10, FastEthernet0/0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
R1#
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
D 192.168.31.0/24 [90/156160] via 192.168.20.3, 00:03:29, FastEthernet0/0
C 192.168.10.0/24 is directly connected, FastEthernet1/0
i L1 192.168.4.0/24 [115/20] via 192.168.10.1, FastEthernet1/0
C 192.168.20.0/24 is directly connected, FastEthernet0/0
D 192.168.34.0/24 [90/156160] via 192.168.20.3, 00:03:29, FastEthernet0/0
i L1 192.168.1.0/24 [115/20] via 192.168.10.1, FastEthernet1/0
i L1 192.168.2.0/24 [115/20] via 192.168.10.1, FastEthernet1/0
D 192.168.32.0/24 [90/156160] via 192.168.20.3, 00:03:29, FastEthernet0/0
i L1 192.168.3.0/24 [115/20] via 192.168.10.1, FastEthernet1/0
D 192.168.33.0/24 [90/156160] via 192.168.20.3, 00:03:29, FastEthernet0/0
R2#
R2#
R2#show ipv6 route
IPv6 Routing Table - 14 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
I1 2000::1:0/112 [115/20]
via FE80::CE00:4FF:FED0:0, FastEthernet1/0
I1 2000::2:0/112 [115/20]
via FE80::CE00:4FF:FED0:0, FastEthernet1/0
I1 2000::3:0/112 [115/20]
via FE80::CE00:4FF:FED0:0, FastEthernet1/0
I1 2000::4:0/112 [115/20]
via FE80::CE00:4FF:FED0:0, FastEthernet1/0
C 2000::10:0/112 [0/0]
via ::, FastEthernet1/0
L 2000::10:2/128 [0/0]
via ::, FastEthernet1/0
C 2000::20:0/112 [0/0]
via ::, FastEthernet0/0
L 2000::20:2/128 [0/0]
via ::, FastEthernet0/0
R 2000::31:0/112 [120/2]
via FE80::CE02:4FF:FED0:10, FastEthernet0/0
R 2000::32:0/112 [120/2]
via FE80::CE02:4FF:FED0:10, FastEthernet0/0
R 2000::33:0/112 [120/2]
via FE80::CE02:4FF:FED0:10, FastEthernet0/0
R 2000::34:0/112 [120/2]
via FE80::CE02:4FF:FED0:10, FastEthernet0/0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
R2#
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.31.0/24 is directly connected, Loopback0
D EX 192.168.4.0/24 [170/25605120] via 192.168.20.2, 00:01:21, FastEthernet1/0
C 192.168.20.0/24 is directly connected, FastEthernet1/0
C 192.168.34.0/24 is directly connected, Loopback0
D EX 192.168.1.0/24 [170/25605120] via 192.168.20.2, 00:01:21, FastEthernet1/0
D EX 192.168.2.0/24 [170/25605120] via 192.168.20.2, 00:01:21, FastEthernet1/0
C 192.168.32.0/24 is directly connected, Loopback0
D EX 192.168.3.0/24 [170/25605120] via 192.168.20.2, 00:01:21, FastEthernet1/0
C 192.168.33.0/24 is directly connected, Loopback0
R3#
R3#
R3#show ipv6 route
IPv6 Routing Table - 16 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
R 2000::1:0/112 [120/6]
via FE80::CE01:4FF:FED0:0, FastEthernet1/0
R 2000::2:0/112 [120/6]
via FE80::CE01:4FF:FED0:0, FastEthernet1/0
R 2000::3:0/112 [120/6]
via FE80::CE01:4FF:FED0:0, FastEthernet1/0
R 2000::4:0/112 [120/6]
via FE80::CE01:4FF:FED0:0, FastEthernet1/0
C 2000::20:0/112 [0/0]
via ::, FastEthernet1/0
L 2000::20:3/128 [0/0]
via ::, FastEthernet1/0
C 2000::31:0/112 [0/0]
via ::, Loopback0
L 2000::31:3/128 [0/0]
via ::, Loopback0
C 2000::32:0/112 [0/0]
via ::, Loopback0
L 2000::32:3/128 [0/0]
via ::, Loopback0
C 2000::33:0/112 [0/0]
via ::, Loopback0
L 2000::33:3/128 [0/0]
via ::, Loopback0
C 2000::34:0/112 [0/0]
via ::, Loopback0
L 2000::34:3/128 [0/0]
via ::, Loopback0
L FE80::/10 [0/0]
via ::, Null0
L FF00::/8 [0/0]
via ::, Null0
R3#
検証2 ISISからEIGRPへのフィルタ
- 設定の投入
第3オクテットが奇数であるもののみ許可します。すなわち、192.168.1.0/24, 192.168.3.0/24のみを許可するように設定します。(実践的な設定とは思えませんが、筆記試験で出題されそうな予感がするので試してみました)
R2(config)#access-list 1 permit 192.168.1.0 0.0.254.0 R2(config)# R2(config)# R2(config)#route-map TO_EIGRP permit 10 R2(config-route-map)#match ip address 1 R2(config-route-map)#exit R2(config)# R2(config)# R2(config)#router eigrp 1 R2(config-router)#redistribute isis level-1 route-map TO_EIGRP metric 100 10 255 1 1
- ルーティングテーブルの確認
許可されたルートのみ再配送された事を確認します。
R3#show ip route eigrp D EX 192.168.1.0/24 [170/25605120] via 192.168.20.2, 00:54:40, FastEthernet1/0 D EX 192.168.3.0/24 [170/25605120] via 192.168.20.2, 00:54:40, FastEthernet1/0
検証3 EIGRPからISISへのフィルタ
- 設定の投入
192.168.32.0の上位23ビットが一致しサブネットマスクが24以上であるルートを拒否します。すなわち、192.168.31.0/24, 192.168.34.0/24を許可します。
R2(config)#ip prefix-list PL_TO_ISIS permit 192.168.32.0/23 ge 24 R2(config)# R2(config)#route-map TO_ISIS deny 10 R2(config-route-map)#match ip address prefix-list PL_TO_ISIS R2(config-route-map)#exit R2(config)#route-map TO_ISIS permit 20 R2(config-route-map)#exit <- match句がひとつもない場合は、「全て許可する」の意味 R2(config)# R2(config)#router isis R2(config-router)#redistribute eigrp 1 level-1 route-map TO_ISIS R2(config-router)#exit R2(config)#
- ルーティングテーブルの確認
許可されたルートのみ再配送された事を確認します。
R1#show ip route isis i L1 192.168.31.0/24 [115/10] via 192.168.10.2, FastEthernet0/0 i L1 192.168.20.0/24 [115/10] via 192.168.10.2, FastEthernet0/0 i L1 192.168.34.0/24 [115/10] via 192.168.10.2, FastEthernet0/0
検証4 ISISからRIPngへのフィルタ
- 設定の投入
2000::2:0/112, 2000::3:0/112のみを許可します。
R2(config)#ipv6 access-list ACL_TO_RIP R2(config-ipv6-acl)#permit 2000::2:0/111 any R2(config-ipv6-acl)#exit R2(config)# R2(config)# R2(config)#route-map TO_RIP permit 10 R2(config-route-map)#match ipv6 address ACL_TO_RIP R2(config-route-map)#exit R2(config)# R2(config)# R2(config)#ipv6 router rip HOGE R2(config-rtr)#redistribute isis level-1 route-map TO_RIP metric 5
- ルーティングテーブルの確認
許可されたルートのみ再配送された事を確認します。
R3#show ipv6 route rip
IPv6 Routing Table - 14 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
R 2000::2:0/112 [120/6]
via FE80::CE01:DFF:FEF0:0, FastEthernet1/0
R 2000::3:0/112 [120/6]
via FE80::CE01:DFF:FEF0:0, FastEthernet1/0
検証5 RIPngからISISへのフィルタ
- 設定の投入
2000::32:0/112, 2000::33:0/112のみを許可します。
R2(config)#ipv6 prefix-list PREFIX_LIST_TO_ISIS_V6 seq 5 permit 2000::32:0/111 ge 112 R2(config)# R2(config)# R2(config)#route-map TO_ISIS_V6 permit 10 R2(config-route-map)#match ipv6 address prefix-list PREFIX_LIST_TO_ISIS_V6 R2(config-route-map)#exit R2(config)# R2(config)# R2(config)#router isis R2(config-router)#address-family ipv6 R2(config-router-af)#redistribute rip HOGE level-1 route-map TO_ISIS_V6 R2(config-router-af)#exit R2(config-router)#exit
- ルーティングテーブルの確認
許可されたルートのみ再配送された事を確認します。
R1#show ipv6 route isis
IPv6 Routing Table - 14 entries
Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP
U - Per-user Static route
I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary
O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
I1 2000::32:0/112 [115/10]
via FE80::CE01:4FF:FED0:10, FastEthernet0/0
I1 2000::33:0/112 [115/10]
via FE80::CE01:4FF:FED0:10, FastEthernet0/0
補足 prefix-list トラブルシュート
以下のように「ge 24」を省略すると合致するprefixがひとつもなくなってしまいます。
ip prefix-list PL_TO_ISIS permit 192.168.32.0/23
prefix-listの使用例とその意味は以下の通りです。
| 例 | 意味 |
| 192.168.32.0/23 | 192.168.32.0に上位23ビットが一致し、サブネットマスクが23のもの |
| 192.168.32.0/23 ge 24 | 192.168.32.0に上位23ビットが一致し、サブネットマスクが24以上のもの |
| 192.168.32.0/23 le 30 | 192.168.32.0に上位23ビットが一致し、サブネットマスクが23以上30以下のもの |
| 0.0.0.0/0 le 32 | 全てのエントリ |
| 0.0.0.0/0 | デフォルトルート |
prefix-listがうまく効かない場合は、show prefix-listで確認する事ができます。hit countはprefix-listに合致した回数、refcountはprefix-listを参照した回数です。hit countが0ならば、prefix-listに一致するものはないという事になります。
R2#show ip prefix-list detail Prefix-list with the last deletion/insertion: PL_TO_ISIS ip prefix-list PL_TO_ISIS: count: 2, range entries: 1, sequences: 5 - 10, refcount: 3 seq 5 permit 192.168.32.0/23 (hit count: 0, refcount: 1) seq 10 permit 192.168.32.0/23 ge 24 (hit count: 4, refcount: 0) R2# R2#show ipv6 prefix-list detail Prefix-list with the last deletion/insertion: PREFIX_LIST_TO_ISIS_V6 ipv6 prefix-list PREFIX_LIST_TO_ISIS_V6: count: 1, range entries: 1, sequences: 5 - 5, refcount: 3 seq 5 permit 2000::32:0/111 ge 112 (hit count: 4, refcount: 1) R2#
添付ファイル
