ol-13637-01-j warning
TRANSCRIPT
ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ãNetwork Virtualization-Services Edge Design Guide
OL-13637-01-J
Cisco Validated Design
2009/02/23
å ±æãµãŒãã¹ã«å¯Ÿããã¢ã¯ã»ã¹ãéäžåããããšã§ããã¹ãŠã® VPN ã«ããªã·ãŒãå®æœãããããã管
çããããã®å ±éãšãªã¢ãæäŸãããŸããããã¯ããµãŒãã¹ ãšããžæ©èœãšãªã¢ãšåŒã°ããŸãããµãŒã
ã¹ ãšããžã«ã¯ç©ççãªæå³ãšãããããè«ççãªæå³ããããŸããç¹å®ã®ãããã¯ãŒã¯ ãã¶ã€ã³ã§ã¯ã
ããªã·ãŒãå®æœãããã€ã³ãã¯ç¹å®ã®ãããã¯ãŒã¯ ãšãªã¢ã«ç©ççã«é 眮ã§ããŸããããããã¯ãŒã¯
å šäœã«åæ£ããããšãã§ããŸãã
é¢é£ããæ å ±ã«ã€ããŠã¯ã次ã®ããã¥ã¢ã«ãåç §ããŠãã ããã
⢠ãNetwork VirtualizationâGuest and Partner Access Deployment GuideãïŒhttp://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/GuestAcc.html
⢠ãNetwork VirtualizationâNetwork Admission Control Deployment GuideãïŒUS/docs/solutions/Enterprise/Network_Virtualization/NACDepl.html
⢠ãNetwork VirtualizationâPath Isolation Design GuideãïŒhttp://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html
ã泚æãã·ã¹ã³è£œåãã䜿çšã«ãªãåã«ãå®å šäžã®æ³šæ
ïŒwww.cisco.com/jp/go/safety_warning/ïŒãã確èªãã ããã
æ¬æžã¯ãç±³åœã·ã¹ã³ã·ã¹ãã ãºçºè¡ããã¥ã¡ã³ãã®åèåèš³ã§ãã
ç±³åœãµã€ãæ²èŒããã¥ã¡ã³ããšã®å·®ç°ãçããå Žåãããããã
æ£åŒãªå 容ã«ã€ããŠã¯ç±³åœãµã€ãã®ããã¥ã¡ã³ããåç §ãã ããã
ãŸããå¥çŽçã®èšè¿°ã«ã€ããŠã¯ãåŒç€Ÿè²©å£²ããŒãããŒããŸãã¯ã
åŒç€Ÿæ åœè ã«ã確èªãã ããã
æŠèŠ
æŠèŠãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ãšããèšèã¯ãå ±éã®ç©ççãªäŒæ¥ãããã¯ãŒã¯ ã€ã³ãã©ã¹ã
ã©ã¯ãã£ã®äžäœã«äœçœ®ä»ãããããè«ççãªåé¢ãããããã¯ãŒã¯ ããŒãã£ã·ã§ã³ãæ§ç¯ããããšã
æå³ããŸãïŒå³ 1ãåç §ïŒã
å³ 1 ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³
åããŒãã£ã·ã§ã³ã¯ãä»ã®ããŒãã£ã·ã§ã³ããè«ççã«åé¢ãããŠãããåŸæ¥ã®å°çšã®äŒæ¥ãããã¯ãŒ
ã¯ã§å©çšå¯èœã ã£ããµãŒãã¹ãåæ§ã«æäŸããå¿ èŠããããŸããããã¯ãåºæ¬çã«ã¯ããšã³ã ãŠãŒã¶
ãããããå°çšã®ãããã¯ãŒã¯ã«æ¥ç¶ãããŠããããã«ããã©ã€ãã·ãã»ãã¥ãªãã£ãç¬ç«ããããª
ã·ãŒã®ã»ããããµãŒãã¹ ã¬ãã«ãã«ãŒãã£ã³ã°æ±ºå®ãæäŸãããããšãæå³ããŸãã
åæã«ããããã¯ãŒã¯ç®¡çè ã¯ãããŸããŸãªãŠãŒã¶ ã°ã«ãŒãã®ããã«ä»®æ³äœæ¥ç°å¢ã®æ§ç¯ãšå€æŽã容
æã«è¡ããåŸæ¥ãããæè»ã«æ¥åäžã®èŠä»¶ã®å€åãžå¯Ÿå¿ã§ããŸããåŸè ã«ã€ããŠã¯ãäžå çã«å®æœãã
ãããªã·ãŒã«ãã£ãŠå¶åŸ¡ãããã»ãã¥ãªã㣠ãŸãŒã³ãäœæã§ããããšã«ãã£ãŠå®çŸããŸããããªã·ãŒ
ãäžå 管çããããããVPN ã§ãŠãŒã¶ããµãŒãã¹ãè¿œå ãŸãã¯åé€ããéã«ãããªã·ãŒã®åèšå®ãäž
èŠã§ãããŸããã°ã«ãŒãå šäœã«åœ±é¿ããæ°ããããªã·ãŒããäžå 管çã«ãããVPN å¢çã«é©çšã§ããŸ
ãããã®ãããäŒæ¥ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ãä»®æ³åãããšãè€æ°ã®ãããã¯ãŒã¯ãå©çš
ã§ããããã«ãªããŸãããåäœäžã¯ 1 ã€ã®ãããã¯ãŒã¯ã®ããã«æ©èœãããããé¢é£ã³ã¹ãã¯ããããŸ
ããïŒçžå¯Ÿçãªéå¶è²»çšã®åæžïŒã
ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ã¯ãç°¡åããã³è€éãªããžãã¹èŠå ã®äž¡æ¹ã«å¯Ÿå¿ããŸããç°¡å
ãªã·ããªãªãšããŠã¯ãããžã¿ãŒã«ã€ã³ã¿ãŒããã ã¢ã¯ã»ã¹ïŒã²ã¹ã ã¢ã¯ã»ã¹ïŒãæäŸããããšããäŒ
æ¥ãèããããŸãããã®å Žåã«å³ããæ±ããããã®ã¯ãããžã¿ãŒã«å€éšã€ã³ã¿ãŒããã ã¢ã¯ã»ã¹ãèš±
å¯ããªããããåæã«äŒæ¥ã®å éšãªãœãŒã¹ããã³ãµãŒãã¹ãžã®äžæ£æ¥ç¶ã¯çŠæ¢ããããšã§ãããããå®
çŸããã«ã¯ãã²ã¹ãã®éä¿¡ãã¹å šäœãåŠçããããã®å°çšã®è«çãä»®æ³ãããã¯ãŒã¯ããçšæããå¿ èŠ
ããããŸããããŒãã㌠ã¢ã¯ã»ã¹å±éã®å Žåãšåæ§ã«ãã€ã³ã¿ãŒããã ã¢ã¯ã»ã¹ããäŒæ¥å éšãªãœãŒ
ã¹ã®ãµãã»ãããžã®æ¥ç¶ãšçµåããããšãã§ããŸãã
ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ãæ±ããããããã²ãšã€ã®äŸã¯ãNetwork Admission ControlïŒNACïŒã®ãã¹ãã£æ€èšŒã«ãã£ãŠæ€ç«ããããã·ã³ã«å°çšã®è«çããŒãã£ã·ã§ã³ãäœæãããããªå Žå
ã§ãããã®å Žåããããã¯ãŒã¯ãžã®ä¿®åŸ©ã®ããã®ã»ã°ã¡ã³ãå ã§ãããã®è£ 眮ã確å®ã«åé¢ãããã·ã³
ã®ã¯ãªãŒãã³ã°ãšãããé©çšãæ£åžžã«çµäºãããŸã§ä¿®åŸ©ãµãŒããžã®ã¢ã¯ã»ã¹ä»¥å€ã¯çŠæ¢ããå¿ èŠããã
ãŸãã
2210
35
2ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
æŠèŠ
è€éãªã·ããªãªãšããŠã¯ãããããã®éã§è«ççãªåé¢ãå¿ èŠããâã«ã¹ã¿ããŒâã«äŒæ¥ãããã¯ãŒã¯
ã®ã¢ã¯ã»ã¹ãæäŸãããµãŒãã¹ ãããã€ããŒãšããŠæ¯èãäŒæ¥ IT éšéãèããããŸããå°æ¥çã«ã¯ã
åãè«çããŒãã£ã·ã§ã³ã«å±ãããŠãŒã¶ã¯ãäºãã«éä¿¡ããå°çšã®ãããã¯ãŒã¯ ãªãœãŒã¹ãå ±æã§ã
ãããã«ãªãã§ããããããããã°ã«ãŒãéã®çŽæ¥ãªçžäºéä¿¡ã®äžéšã¯ãçŠæ¢ããããããããŸããã
éåžžããã®ã«ããŽãªã®å±éã·ããªãªãšããŠã¯ãããªã¹ã¯ã«ãããã¯ãŒã¯ã¢ã¯ã»ã¹ãæäŸãããªããŒã«
ã·ã§ããïŒããšãã° Best Buyãã¢ã«ããŒããœã³ãºã Wal-Mart ãªã© )ããããã¹ããã ãããã€ããŒã
èããããŸãã
ãã®ãããªèŠä»¶ãæºããããã®ãšã³ãããŒãšã³ãã®ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ ãœãªã¥ãŒ
ã·ã§ã³ã®ã¢ãŒããã¯ãã£ã¯ã次㮠3 ã€ã®è«çæ©èœãšãªã¢ã«åé¡ã§ããŸãïŒå³ 2ãåç §ïŒã
⢠ã¢ã¯ã»ã¹ ã³ã³ãããŒã«
⢠ãã¹åé¢
⢠ãµãŒãã¹ ãšããž
å³ 2 ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ïŒ3 ã€ã®æ©èœãšãªã¢
åãšãªã¢ã¯è€æ°ã®æ©èœãæãããä»ã®æ©èœãšãªã¢ãšé£åããŠå®å šã«çµ±åããããšã³ãããŒãšã³ãã®ãœ
ãªã¥ãŒã·ã§ã³ãæäŸããŸãã
ãããã®ãšãªã¢ããšã«ãåå¥ã®ãã¶ã€ã³ ã¬ã€ãã§è©³çŽ°ã説æããŸãããã®ããã¥ã¢ã«ã§ã¯ããµãŒãã¹ ãšããžã®èŠä»¶ãæ±ããŸããä»ã® 2 ã€ã®æ©èœãšãªã¢ã«ã€ããŠã¯ã次ã®ããã¥ã¢ã«ãåç §ããŠãã ããã
⢠ãNetwork Virtualizationâ Access Control Design GuideãïŒ http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/AccContr.html
⢠ãNetwork VirtualizationâPath Isolation Design GuideãïŒhttp://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html
2210
36
GRE
VRF
MPLS
- WAN MAN -
VLAN ACL
3
3
3 VLAN
- -
IP
LWAPP
3ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ãµãŒãã¹ ãšããžïŒããã¥ã¢ã«ã®ç¯å²
äŒæ¥ãããã¯ãŒã¯ã®ããŒãã£ã©ã€ãŒãŒã·ã§ã³ã«ãã£ãŠãç©ççãªã€ã³ãã©ã¹ãã©ã¯ãã£ã®äžã«å¥ã®è«ç
ãããã¯ãŒã¯ãäœæã§ããŸãããããã®ä»®æ³ãããã¯ãŒã¯ïŒVPNïŒã®ããã©ã«ãã®ç¶æ ã¯ããäºãã
å®å šã«éé¢ãããŠããããšã§ãåå¥ã®ç©çãããã¯ãŒã¯ãã·ãã¥ã¬ãŒãããŠããŸãã
ããŸããŸãª VPN ããDHCPãDNSãããã³ãµãŒã ãã¡ãŒã ãªã©ã®ãããã¯ãŒã¯ ãµãŒãã¹ãã€ã³ã¿ãŒ
ããã ã¢ã¯ã»ã¹ãªã©ã®ç¹å®ã®ãµãŒãã¹ãå ±æããå¿ èŠãããå Žåããã®ããã©ã«ãã®åäœãå€æŽãã
å¿ èŠããããŸãã
ãã®ããã¥ã¢ã«ã§ã¯ãããŸããŸãª VPN éã«ããããªãœãŒã¹å ±æãå®çŸããããã®å¥ã®æ¹æ³ã瀺ããŸ
ããå ±æãå¿ èŠãªãµãŒãã¹ã«å ããŠãä¿è·ããããµãŒãã¹ãšä¿è·ãããŠããªããµãŒãã¹ã®éãã«ã€ããŠ
説æããŸãããã®ããã¥ã¢ã«ã§ã¯ãä¿è·ããããµãŒãã¹ããŸãã¯ä¿è·ãããŠããªããµãŒãã¹ãšããŠããŸ
ããŸãª VPN ãå ±æãããµãŒãã¹ããã¢ã¯ã»ã¹æ¹æ³ã«å¿ããŠå€§ãŸãã«åé¡ããŠããŸãã
ç°ãªããããã¯ãŒã¯ ããŒãã£ã·ã§ã³éã§ãªãœãŒã¹ãå ±æã§ããããã«ããããŸããŸãªæè¡ã«ã€ããŠèª¬
æããŸãããã®ããã¥ã¢ã«ãããŸãå©çšããã«ã¯ã次ã«æ³šæããŠãã ããã
⢠ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ ãœãªã¥ãŒã·ã§ã³ãšã®é¢é£ã§ããŸããŸãªæè¡ã«ã€ããŠèª¬æã
ãŸããã€ãŸãããããã®æè¡ã«é¢ããŠãåã«èšèŒããããžãã¹äžã®åé¡ã«çããæäŸããããã«æ
å¹æ§ã確èªããããããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ ãããžã§ã¯ãã®äžéšãšããŠäœçœ®ã¥ããã
ã詳现äºé ã«ã€ããŠèª¬æããŸãã
⢠ãã®ãã¶ã€ã³ ã¬ã€ãã®ãã¹ãŠã®æè¡ããããžãã¹äžã®è«žåé¡ã«é©åããããã§ã¯ãããŸãããã
ãšãã°ããªãœãŒã¹ãç¹å®ã®ä»®æ³ãããã¯ãŒã¯å°çšã§å ±æããå¿ èŠããŸã£ãããªããããªã·ããªãª
ïŒã²ã¹ãã«ããã¢ã¯ã»ã¹ãªã©ïŒãèããããŸããããã§èª¬æããæè¡ãšãç¹å®ã®ããžãã¹äžã®è«žå
é¡ãšã®é¢é£ã«ã€ããŠã¯ãé 眮ã«é¢ãã次ã®ããã¥ã¢ã«ãåç §ããŠãã ããã
â ãNetwork VirtualizationâAccess Control Design GuideãïŒhttp://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/AccContr.html
â ãNetwork VirtualizationâGuest and Partner Access Deployment GuideãïŒhttp://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/GuestAcc.html
â ãNetwork VirtualizationâNetwork Admission Control Deployment GuideãïŒUS/docs/solutions/Enterprise/Network_Virtualization/NACDepl.html
â ãNetwork VirtualizationâPath Isolation Design GuideãïŒhttp://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html
ãµãŒãã¹ ãšããžïŒããã¥ã¢ã«ã®ç¯å²ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ã®ããã»ã¹å šäœã«ããããµãŒãã¹ ãšããžãå ããéšåã§ã¯ãã
ãªã·ãŒå®æœããã³ãã©ãã£ãã¯æäœã®å€§éšåãè¡ãããŸãããµãŒãã¹ ãšããžãå°å ¥ããåã«ããã®ã
ãã¥ã¢ã«ã§èª¬æãããŠããæ¹æ³ã®ã©ããå®æœããã®ããããã³ãããã®æ¹æ³ãéžæããå Žåã®ãã¬ãŒã
ãªãã¯äœãã«ã€ããŠå®å šã«ç解ããŠããããšãéèŠã§ãããŸããå šäœçãªãããã¯ãŒã¯ é©åããã»ã¹
ã«åœ¹ç«ã€ã¢ããªã±ãŒã·ã§ã³ããã³é¢é£ãããã©ãã£ãã¯ã®æµããã客æ§ãç解ããŠããããšãéèŠã§
ãã
ãã®ããã¥ã¢ã«ã§ã¯ã次ã®å 容ãéæããããšãç®çãšããŠããŸãã
⢠ä¿è·ãããŠããªãã¢ã¯ã»ã¹ãšä¿è·ãããŠããã¢ã¯ã»ã¹ã® 2 ã€ã®ã¢ã¯ã»ã¹æ¹æ³ãåºå¥ããªãããå¥ã
ã®è«çããŒãã£ã·ã§ã³éã§ãµãŒãã¹ãå ±æã§ããããã«ããæ¹æ³ã«ã€ããŠã®ã¬ã€ãã©ã€ã³ãæäŸã
ãŸãã
⢠ãµãŒãã¹ ãšããžæ©èœãæäŸããããã§ã®ãµãŒãã¹ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ã®éèŠæ§ã Cisco Firewall Services Module ïŒFWSMïŒã®èŠ³ç¹ãã説æããŸãã
⢠Unified Communication ïŒUCïŒã¢ããªã±ãŒã·ã§ã³ïŒé³å£°ããããªïŒãä»®æ³åããããããã¯ãŒã¯
ç°å¢ã«çµ±åããããã® åã®æè¡çãªãã·ã§ã³ã玹ä»ããŸãããã®ãœãªã¥ãŒã·ã§ã³ã®ç¯å²ã¯ãåœå
ã¯ãã£ã³ãã¹é 眮ã«éå®ãããŠããããããã¯ãŒã¯å ã®å ±æãµãŒãã¹ ãšãªã¢ã®æŠå¿µãå©çšã㊠UC
4ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ãµãŒãã¹ ãšããžïŒããã¥ã¢ã«ã®ç¯å²
ãµãŒãã¹ïŒCisco Call ManagerãTFTP ãµãŒããªã©ïŒãé 眮ããŸããä»®æ³ãããã¯ãŒã¯ãå¥ã ã«å
ãããŠããç¶æ³ã§é 眮ãããŠãããããã¯ãŒã¯ ãšã³ãã£ãã£ïŒIP é»è©±ãPC ãªã©ïŒã¯ããããã®
ãµãŒãã¹ã«ã¢ã¯ã»ã¹ããå¿ èŠããããŸãã
⢠ãã®ããã¥ã¢ã«ã§ã¯ãããŸããŸãªæè¡ãšãªã¢ã«ã€ããŠæ±ã£ãŠããŸãããç°ãªã VPN ã«ãããéè€
ãã IP ã¢ãã¬ã¹ã®äœ¿çšã«ã€ããŠã¯çŸæç¹ã§ã¯èª¬æããŠããŸããïŒIP ã¢ãã¬ã¹ã®éè€ã«ã€ããŠã¯å°
æ¥çã«æ±ãããå¯èœæ§ããããŸãïŒãéè€ãã IP ã¢ãã¬ã¹ã®äœ¿çšã¯ããããã¯ãŒã¯ ã€ã³ãã©ã¹ã
ã©ã¯ãã£ã®éçšããã³ç®¡çé¢ã§ã客æ§ã®ãããã¯ãŒã¯ã«éçšäžåœ±é¿ãåãã§ããŸãã®ã§ãéåžžã¯æš
奚ãããŸãããã¢ãã¬ã¹ã®éè€ãé¿ããããªãã·ããªãªïŒM&A ãªã©ïŒã«ãããŠã ãã䜿çšããã
ãã«ããŠãã ããã
ïŒæ³šïŒ ãã以éããã®ããã¥ã¢ã«ã®äžã§ã¯ãä»®æ³ãããã¯ãŒã¯ïŒVPNïŒãš VRF ãšããçšèªã¯äºæçã«äœ¿çšã
ããŸãããã®äžã§ããããã®çšèªã¯ãã¹ãŠãå ±æã®ç©çãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£äžã«é 眮
ãããè«çããŒãã£ã·ã§ã³ãæããŸãã
ãã®ããã¥ã¢ã«ã§èª¬æãããµãŒãã¹ ãšããžæ©èœã¯ãããŸããŸãªãããã¯ãŒã¯ ãšã³ãã£ãã£ã«å·®å¥åã
ããã¢ã¯ã»ã¹ãæäŸããããã«å®è£ ãããã¢ã¯ã»ã¹ ã³ã³ãããŒã«æ¹åŒãããã¹åé¢çšã«å®è£ ãããæ
è¡çãªä»£æ¿æ¹æ³ããç¬ç«ããŠãããšããããšã匷調ããããšãéèŠã§ããããã¯ããšã³ãããŒãšã³ãã®
ãœãªã¥ãŒã·ã§ã³ãæäŸããããã«ã3 ã€ã®æ©èœãšãªã¢ïŒã¢ã¯ã»ã¹ ã³ã³ãããŒã«ããã¹åé¢ãããã³ãµãŒ
ãã¹ ãšããžïŒãç¬ç«ããŠé 眮ãããäºãã«é£åãããããªãœãªã¥ãŒã·ã§ã³ ãã¬ãŒã ã¯ãŒã¯ãäœæãã
ãšããèãã«äžèŽããŸãã
ãŸãããããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ãä»®æ³åããäž»èŠãªå©ç¹ã®ãã¡ã® 1 ã€ã¯ãããŸããŸãªä»®æ³
ãããã¯ãŒã¯éã«æè»ãªã€ã³ã¿ãŒãã§ã€ã¹ãäœæã§ããããšã§ããããã«ãããVPN éã®éä¿¡ãæäŸ
ããããç¹å®ã®ãªãœãŒã¹ ã»ãããžã®ã¢ã¯ã»ã¹ãå ±æãããã§ããŸãã
åŸã«ãå°å ¥ã®èŠ³ç¹ããèãããšããµãŒãã¹ ãšããžã¯ç©ççãªãšã³ãã£ãã£ãšããããã¯ãè«ççã§
æœè±¡çãªãšã³ãã£ãã£ãšèšããŸãããµãŒãã¹ ãšããžæ©èœã¯ãããŒã¿ã»ã³ã¿ãŒãã€ã³ã¿ãŒããã ãšããžã
ãã£ã³ãã¹ ã³ã¢ã«æ¥ç¶ãããå°çšãµãŒãã¹ ãããã¯ãªã©ã®äŒæ¥ãããã¯ãŒã¯ã®ç°ãªããšãªã¢ã«ç©çç
ã«é 眮ã§ããŸãããŸãããã®æ©èœãè€æ°ã®ç©ççãªå Žæã«é 眮ããããšã§ããœãªã¥ãŒã·ã§ã³ã®å šäœçãª
ã〠ã¢ãã€ã©ããªãã£ãå¢å€§ãããããšãã§ããŸãããã®ããã¥ã¢ã«ãšã®é¢é£ã§ããµã€ãå éšããã³
ãµã€ãéäž¡æ¹ã®ãã¶ã€ã³ã«ã€ããŠèª¬æããŸãã
ä¿è·ãããŠããªããµãŒãã¹ ã¢ã¯ã»ã¹
ä¿è·ãããŠããªããµãŒãã¹ ã¢ã¯ã»ã¹ãšã¯ããã©ãã£ãã¯ã«ãããªãçš®é¡ã®ã»ãã¥ãªã㣠ãã§ãã¯ãå
ããããšãªããå ±æãµãŒãã¹ãšã®éä¿¡ãèš±å¯ãããšããããšãæå³ããŸããä¿è·ãããŠããªããµãŒãã¹
ã¯ããµãŒãã¹ãšèŠæ±ãã¹ãéã«ããªã·ãŒå®æœãã€ã³ãããªãç¶æ ã§ãã1 ã€ä»¥äžã® VPN ããå°éå¯èœ
ã§ãããã®ãããä¿è·ãããŠããªããµãŒãã¹ã¯ãäžå€®ã®ãã±ãŒã·ã§ã³ãžãã©ãã£ãã¯ã®ãã¢ããã³ã°ã
匷å¶ããããšãªãïŒãã®åŒ·å¶ã¯ããããä¿è·ãããã¢ã¯ã»ã¹ã«äœ¿çšãããäžè¬çãªã¢ãã«ã§ãïŒãããŸ
ããŸãª VPN ã®ã«ãŒãã£ã³ã° ããŒãã«ã«ãã é©ãªãã¹ ã«ãŒãã«åŸã£ãŠéåžžã¯å®è¡ãããŸãã
ä¿è·ãããŠããªããµãŒãã¹ ã¢ã¯ã»ã¹ãå®è£ ããæè¡ãœãªã¥ãŒã·ã§ã³ãšã¯ãå®çŸ©ãããããããã® VPN ã«çµã³ä»ããã«ãŒãã£ã³ã° ããŒãã«éã§ãã¬ãã£ã¯ã¹ããªãŒã¯ããããšã«ãããŸãããããã®è«ç
ããŒãã£ã·ã§ã³ã®ãã¹ãŠã¯ãåå¥ã®ç©çãããã¯ãŒã¯ãæš¡å£ç®çã§ãããå®éã¯å ±éã®åºæ¬ã€ã³ãã©ã¹
ãã©ã¯ãã£äžã«é 眮ãããŠãããããã«ãããããã¯ãŒã¯éã§éä¿¡ãã£ãã«ãéãããã®ããã€ãã®ã¡
ã«ããºã ãå©çšã§ããŸããå³ 3 ã¯ãäžèšã®æŠå¿µå³ã瀺ããŸãã
5ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ãµãŒãã¹ ãšããžïŒããã¥ã¢ã«ã®ç¯å²
å³ 3 ä¿è·ãããŠããªããµãŒãã¹ ã¢ã¯ã»ã¹
ãã®æè¡ãªãã·ã§ã³ã¯ããã®æ§è³ªã®ããã«æ¬è³ªçã«å®å šã§ãªããVPN éã«å¥œãŸãããªãè£å£ãéãã
ãŠããŸãããšãé¿ããããã«æ éã«å°å ¥ããå¿ èŠããããŸãããã®ããšã¯ããã¢ããŒãã¢ïŒVPN éïŒ
æ¥ç¶ãæäŸããããã«ã«ãŒã ãªãŒã¯ã䜿çšããã®ã§ã¯ãªããç°ãªã VPN éã«äžç¶ãŸãŒã³ãæäŸããã
ãšãªããããã® VPN ãšéä¿¡ã§ããããšã¯ã¹ãã©ããã VPNãã®äœæã«å¶éããå¿ èŠããããšããããš
ãæå³ããŸããä¿è·ãããŠããªããµãŒãã¹å ±æã¯ãå¶éãããæ¹æ³ã§å°å ¥ããããšãæšå¥šããŸããããš
ãã°ãä¿è·ãå¿ èŠãªä»ã®å ±æãµãŒãã¹ãžã®ã¢ã¯ã»ã¹ãå¶åŸ¡ããã®ã«äœ¿çšãããŠãããã¡ã€ã¢ãŠã©ãŒã«ãž
äžèŠãªè² è·ããããããšãªããããŸããŸãª VPN ãž DHCP ãŸã㯠DNS ãµãŒãã¹ãžã®ã¢ã¯ã»ã¹ãæäŸã
ãããšãªã©ãæããããŸãã
ä¿è·ããããµãŒãã¹ ã¢ã¯ã»ã¹
ä¿è·ããããµãŒãã¹ã¯ãç¹å®ã®ã»ãã¥ãªã㣠ããªã·ãŒãå®æœãããŠåããŠãVPN ããã¢ã¯ã»ã¹ã§ãã
å¿ èŠããããŸãã管çå¯èœãªæ¹æ³ã§å¿ èŠãªã»ãã¥ãªã㣠ããªã·ãŒãå®æœããã«ã¯ããµãŒãã¹ãžã®ã¢ã¯
ã»ã¹ãããªã·ãŒå®æœãã€ã³ããééããå¿ èŠããããŸãããã®ããããµãŒãã¹ã«å°éãããã¹ãŠã®ãã©
ãã£ãã¯ã¯ãå ±éã®ããªã·ãŒå®æœãã€ã³ããééããããã«ã«ãŒãã£ã³ã°ãããå¿ èŠããããŸãããã®
çµæãèŠæ±ãã¹ããšãµãŒãã¹éã®ã«ãŒãã£ã³ã°ã¯ã é©ãšã¯èšããªãç¶æ ã«ãªãå¯èœæ§ããããŸããã
ã ãããã®ããšã¯ãå ±æãµãŒãã¹èªäœã VPN ã®äžéšã§ãããããªéåžžã«ç¹å¥ãªã·ããªãªã«ãããŠã ã
åœãŠã¯ãŸãããšã§ããäžè¬çã«ã¯ãä¿è·ãå¿ èŠãªå ±æãµãŒãã¹ã¯ã é©ãªã¢ã¯ã»ã¹ãæäŸããããã«äž
倮ã«é 眮ãããŠããŸãã
ä¿è·ããããµãŒãã¹ã®äŸã«ã¯ããµãŒã ãã¡ãŒã ãã€ã³ã¿ãŒããããå«ãŸããŸããã€ã³ã¿ãŒãããã«ã¢
ã¯ã»ã¹ããå ŽåãVPN ãããµãŒãã¹ãžã®ã¢ã¯ã»ã¹ãå¶åŸ¡ããå¿ èŠãããã ãã§ãªãããµãŒãã¹ ãšãªã¢
ãã VPN ã«å¯ŸããŠéå§ããããã¹ãŠã®ã¢ã¯ã»ã¹ãå¶åŸ¡ããããšãéåžžã«éèŠã§ããçæ³ãšããŠã¯ã
VPN å éšããéä¿¡ãéå§ãããªãéããã€ã³ã¿ãŒããããã VPN ãžã®ã¢ã¯ã»ã¹ã¯è¡ãããªãããã«ã
ãå¿ èŠãããã®ã§ããµãŒãã¹ ãšãªã¢ãã VPN å éšãžã¢ã¯ã»ã¹ããããšã¯éåžžã¯çŠæ¢ãããŠããŸãã
å¶åŸ¡ãããæ¹æ³ã«ãã£ãŠ VPN éã§ãäºãã«éä¿¡ããå¿ èŠãããå Žåã¯ãVPN å¢çã«ãããããªã·ãŒã
å€æŽããŠãã®ãããªã¢ã¯ã»ã¹ãå¯èœã«ã§ããŸãããã®ç¹å¥ãª VPN éæ¥ç¶ã®çšéã§ã¯ãVPN å éšã«å¯Ÿã
ãŠå€éšããéä¿¡ãéå§ã§ããããã«ããªã·ãŒãéãå¿ èŠããããŸãã
ã¢ãŒããã¯ãã£ã®èŠ³ç¹ãããä¿è·ããããµãŒãã¹ ã¢ã¯ã»ã¹ãæäŸã§ããããã«ãããã¶ã€ã³ãå³ 4 ã§ç€ºããŸãã
RedVPN
GreenVPNYellow
VPN22
6245
6ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ãµãŒãã¹ ãšããžïŒããã¥ã¢ã«ã®ç¯å²
å³ 4 ä¿è·ããããµãŒãã¹ ãšããž
åè¿°ã®ããã«ãå®çŸ©ãããåä»®æ³ãããã¯ãŒã¯ã§ã¯ãã»ãã¥ãªã㣠ããã€ã¹ïŒéåžžã¯ãã¡ã€ã¢ãŠã©ãŒ
ã«ïŒãããã³ããšã³ãã«ãªã£ãŠãããã€ã³ããŠã³ããšã¢ãŠãããŠã³ãã®äž¡æ¹åã§èš±å¯ãããéä¿¡ã®çš®é¡
ãå³å¯ã«å¶åŸ¡ã§ããŸããVPN ããšã«å¥ã ã®ãã¡ã€ã¢ãŠã©ãŒã«ã䜿çšããããšã§ãä»®æ³ãããã¯ãŒã¯ã
ãšã«åå¥ã«ã»ãã¥ãªã㣠ããªã·ãŒã®é©çšããã³ç®¡çãè¡ãããšãã§ããŸãããã®çç±ããããã®é 眮
ã¢ãã«ã䜿çšããããšãæšå¥šããŸãããã®åŸã®ã»ã¯ã·ã§ã³ã§ããã«èª¬æããããã«ãCisco FWSM ããã³ Cisco ASA ã®äž¡æ¹ã§å©çšå¯èœãªãã¡ã€ã¢ãŠã©ãŒã« ãµãŒãã¹ã®ããŒãã£ã©ã€ãŒãŒã·ã§ã³ã«ãã£ãŠã
åè«çããŒãã£ã·ã§ã³ã«å°çšã®ä»®æ³ãã¡ã€ã¢ãŠã©ãŒã« ã€ã³ã¹ã¿ã³ã¹ïŒéåžžã¯ååä»ãã³ã³ããã¹ãïŒ
ã䜿çšã§ããŸãã
ãã¥ãŒãžã§ã³ ã«ãŒã¿ãšã¯ããœãªã¥ãŒã·ã§ã³ã®é è³ãšèãããããã®ã§ãå VPN ããã³ãªãœãŒã¹ã®å ±æ
ããŒã«éãããã«ã¯ãåå¥ã® VPN éã®ãã©ãã£ãã¯ãé©åã«ã«ãŒãã£ã³ã°ãã圹å²ãæ ã£ãŠããŸãã
ãªãœãŒã¹ã®å ±æããŒã«ããå®éã¯ã©ã®ããã«å°çš VPN ã®äžéšãšããŠãé 眮å¯èœã§ããããç¥ãããšã¯
圹ã«ç«ã¡ãŸãããã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãéåžžãéçã«ãŒãã£ã³ã°èšå®ãŸãã¯ã«ãŒãã£ã³ã° ãã¢ãªã³ã°
ã®ãããããéã㊠VPN å éšã§å©çšå¯èœãªãã¬ãã£ã¯ã¹ãèªèããŠããŸãããµãŒãã¹ ãšããžã®å°å ¥ã®
詳现ãªèª¬æã§ã¯ãéžæããããããã³ã«ããæ¡çšããããã¹éé¢æ¹æ³ããã³ãã¡ã€ã¢ãŠã©ãŒã«èšå®ïŒã
ã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒããŸãã¯ã«ãŒããã ã¢ãŒãïŒã«ã©ã®ããã«äŸåããããæããã«ãããŸãã
ãã¥ãŒãžã§ã³ ã«ãŒã¿æ©èœã¯ã次ã®ç°ãªã 2 ã€æ¹æ³ã§å°å ¥ã§ããŸãã
1. ç©ççã«å¥åã®ã«ãŒã¿ïŒãŸãã¯ã¬ã€ã€ 3 ã¹ã€ããïŒããã®æ©èœå°çšã«ããã
2. ãã®ç®çã®ããã«ç¹å®ã® VRF ã䜿çšããããã«å®çŸ©ããã
ãããã® 2 ã€ã®ãªãã·ã§ã³ã®åºå¥ã«ãã£ãŠããã®ããã¥ã¢ã«å ã§ãã¥ã¢ã« ãã£ã¢å®è£ ãšã·ã³ã°ã« ãã£
ã¢å®è£ ãšåŒã°ãã 2 ã€ã®ç°ãªããã¶ã€ã³ãå°ãããŸãã
åŸã«ãå ±æãµãŒãã¹ãšããæŠå¿µã¯ãé 眮ãç°ãªãå Žåã¯ãå¥ã®æå³ãæã€å ŽåããããŸããå ±æãµãŒ
ãã¹ã®äžè¬çãªäŸãšããŠã¯ã次ãæããããŸãã
⢠ãµãŒã ãã¡ãŒã
⢠ã€ã³ã¿ãŒãããå šäœ
RedVPN
GreenVPN
YellowVPN
2262
46
7ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥
⢠äŒæ¥ãããã¯ãŒã¯ã®ä»®æ³åãããŠããªãéšåïŒã€ãŸããã°ããŒãã« ããŒãã«ãïŒ
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥ä¿è·ãããŠããªãå ±æãµãŒãã¹ãå°å ¥ããã«ã¯ãç°ãªã VPN éã§äžå®ã®åœ¢åŒã®ã«ãŒã ãªãŒã¯ãå°å ¥ã
ãå¿ èŠããããŸãããã®çš®é¡ã®æ§æã®è©³çŽ°ã«ã€ããŠã¯ã次ã®ã»ã¯ã·ã§ã³ã§èª¬æããŸãã
VRF éã®ã«ãŒã ãªãŒã¯
å¥ã ã® VRF éã§ã«ãŒã ãªãŒã¯ãå®è¡ããåºæ¬èŠçŽ ã¯ãBGP ã® route-target å±æ§ã§ãããã®ããããã®
ã¡ã«ããºã ãå©çšãããã³ã« BGP ãæå¹ã«ããå¿ èŠããããŸããéžæãããã¹åé¢æ¹æ³ã«ãã£ãŠã¯ã
BGP ãå VPN ã®å éšã«ã«ãŒãã£ã³ã°æ©èœãå®è£ ããããã«å°å ¥ãããã³ã³ãããŒã« ãã¬ãŒã³ ããã
ã³ã«ã§ã¯ãªãå ŽåããããŸãããã¹åé¢ã®ããã¥ã¢ã«ã§ã¯ãMPLS VPN æ§æçšã« VPN ã«ãŒãã亀æ
ããããã«ãéåžžã©ã®ããã« BGP ãé 眮ãããã«ã€ããŠèª¬æããŠããŸããåæã«ããããã¯ãŒã¯é㧠VRF-Lite ããšã³ãããŒãšã³ãã§å©çšããããããªã·ããªãªã§ã¯ãå®çŸ©ãããå VRF çšã®ã³ã³ãããŒ
ã« ãããã³ã«ã¯ãã°ããŒãã« ããŒãã«å ã«ãã§ã«é 眮ããã IGP ïŒEIGRP ãŸã㯠OSPFïŒãšéåžžåã
ãã®ã§ãã
ïŒæ³šïŒ ç°ãªããã¹åé¢æ¹æ³ã®è©³çŽ°ã«ã€ããŠã¯ã
http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html ãåç §ã
ãŠãã ããã
äžèšã®ãããªçç±ãããVRF éã§ã«ãŒã ãªãŒã¯ãå®è¡ããã®ã« BGP ã䜿çšããããã㪠2 ã€ã®äž»èŠ
ãªã·ããªãªãåºå¥ã§ããŸãã
⢠ãã«ãããã€ã¹ã®é 眮ïŒãã®å ŽåãéåžžãMPLS VPN ããã¹åé¢æ¹æ³ãšããŠéžæãããMP-BGP ãå®çŸ©ããã PE ããã€ã¹é㧠VPN ã«ãŒãã亀æããã®ã«å©çšãããã³ã³ãããŒã« ãããã³ã«ã§
ãïŒå³ 5 ãåç §ïŒã
8ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥
å³ 5 ä¿è·ãããŠããªãã¢ã¯ã»ã¹ïŒãã«ãããã€ã¹ã®é 眮
⢠ã·ã³ã°ã«ããã€ã¹ã®é 眮ïŒãããã®é 眮ã§ã¯ããã¹åé¢æ©èœãæäŸããã®ã«éåžž VRF-Lite ãå©çš
ãããBGP ã¯ã³ã³ãããŒã« ãã¬ãŒã³ã«äœ¿çšãããŸããïŒãã®æ©èœã¯ãå VPN ãå®çŸ©ãããç¶æ³
ã§å®è¡äžã® IGP ã«ãã£ãŠå®è¡ãããŸãïŒããã®çµæãéåžž BGP ã¯ãå€éšããã€ã¹ãšã® BGP é£æ¥é¢
ä¿ã®ç¢ºç«ãèŠæ±ããããšãªããã«ãŒã ãªãŒã¯ãå®è¡ãããå¿ èŠãããããã€ã¹ã§ã ããããŒã«ã«
ã§æå¹åãããŸãããã®æŠå¿µãå³ 6 ã«ç€ºããŸãã
Si
PC Red PC Green
PE2PE1
PE3
MP-BGPMP-BGP
2262
47
9ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥
å³ 6 ä¿è·ãããŠããªãã¢ã¯ã»ã¹ïŒã·ã³ã°ã«ããã€ã¹ã®é 眮
次㮠2 ã€ã®ã»ã¯ã·ã§ã³ã§ã¯ããã«ãããã€ã¹ ã¢ãã«ãšã·ã³ã°ã«ããã€ã¹ ã¢ãã«ã®äž¡æ¹ãé 眮ããã®ã«
å¿ èŠãªèšå®æé ã«ã€ããŠæããã«ããŸãã
ãã«ãããã€ã¹ ã¢ãã«ã®èšå®
次ã§èª¬æããèšå®æé ã¯ãå³ 7ã§ç€ºãç¹å®ã®äŸãåèã«ããŠããŸãã
PC Red PC Green
IGPIGP
BGP
2262
48
10ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥
å³ 7 ãã«ãããã€ã¹ã®é 眮äŸ
ãã®ã·ããªãªã§ã¯ã äžéšã® PE1 ããã³ PE2 ããã€ã¹ã«æ¥ç¶ããã Red ãš Green ã®ãŠãŒã¶é㧠PE3 ããã€ã¹ã«çŽæ¥æ¥ç¶ãããŠãããµãŒããå ±æããå¿ èŠããããŸããããã¯ãRed ãš Green éã®ä»®æ³
ãããã¯ãŒã¯ã®è«ççãªåé¢ãæãªãããšãªããããå®çŸããå¿ èŠããããŸãã
⢠åææ¡ä»¶ïŒå ±æãªãœãŒã¹ã® IP ãã¬ãã£ã¯ã¹ã¯ãå ±æ VRF ãšã®é¢é£ã§ PE3 äžã§ã ãç¥ãããŠããã
PE1 ããã³ PE2 ã® Red ãš Green ã® VRF ã§ã¯ç¥ãããŠããŸããã
PE3PE1#sh ip route vrf Shared 10.138.32.0Routing entry for 10.138.32.0/24 Known via "connected", distance 0, metric 0 (connected, via interface) Redistributing via eigrp 100 Routing Descriptor Blocks: * directly connected, via Vlan32 Route metric is 0, traffic share count is 1PE1PE2#sh ip route vrf Red 10.138.32.0% Subnet not in tablePE2PE3#sh ip route vrf Green 10.138.32.0% Subnet not in table
⢠3 ã€ã®ããã€ã¹äžã®èšå®ãé©åã«å€æŽãããå ±æãã¬ãã£ã¯ã¹ã®ã«ãŒãã Red ãš Green ã® VRF ã«ãŒãã£ã³ã° ããŒãã«ã«ãªãŒã¯ã§ããããã«ãªããŸãã
1. å ±æ IP ãã¬ãã£ã¯ã¹ããšã¯ã¹ããŒãããiBGP ãã€ã㌠ããã€ã¹ããåŠç¿ãã Red ãš Green ã®ãã¬ãã£ã¯ã¹ã BGP ããŒãã«ã«ã€ã³ããŒãããããã® route-target å±æ§ã PE3 äžã§èšå®ã
ãŸãã
PE3ip vrf Shared
Si
10.138.32.0/24
Red 10.137.12.0/24
Green 10.137.23.0/24
PE2PE1
PE3
MP-BGPMP-BGP
2262
49
11ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥
rd 3:3 route-target export 300:300 route-target import 100:100 route-target import 200:200
2. Red ã® IP ãã¬ãã£ã¯ã¹ããšã¯ã¹ããŒãããPE3 ããåŠç¿ããå ±æãã¬ãã£ã¯ã¹ã BGP ããŒã
ã«ã«ã€ã³ããŒãããããã® route-target å±æ§ã PE1 äžã§èšå®ããŸãã
PE1ip vrf Red rd 1:1 route-target export 100:100 route-target import 300:300 route-target import 100:100
3. Green ã® IP ãã¬ãã£ã¯ã¹ããšã¯ã¹ããŒãããPE3 ããåŠç¿ããå ±æãã¬ãã£ã¯ã¹ã BGP ããŒ
ãã«ã«ã€ã³ããŒãããããã® route-target å±æ§ã PE2 äžã§èšå®ããŸãã
PE2ip vrf Green rd 2:2 route-target export 200:200 route-target import 300:300 route-target import 200:200
ïŒæ³šïŒ PE1 ãš PE2 ã®äž¡æ¹ã®èšå®äŸïŒ100:100 ããã³ 200:200 ãã€ã³ããŒãïŒã®äžã® åŸã® route-target ã³ãã³ãã¯ãå ±æãµãŒãã¹ãžã®ã¢ã¯ã»ã¹ãæäŸããã«ã¯å¿ èŠãããŸããããå VRF å 㧠any-to-any æ¥ç¶ãæäŸããã®ã«é垞䜿çšãããã®ã§ãäžèšã§ã瀺ãããŠããŸãã
⢠èšå®ãå®æœããããšãå ±æãã¬ãã£ã¯ã¹ã Red ããã³ Green VRF å ã§åŠç¿ãããããã«ãªã£ã
ïŒããã³ãçŽæ¥æ¥ç¶ããšè¡šç€ºãããããã«ãªã£ãïŒããšã確èªã§ããŸããåæã«ãå ±æ VRF å ã« Red ãš Green ã®ãµãã»ãããæ³šå ¥ãããŸãã
PE1PE1#sh ip route vrf Red 10.138.32.0Routing entry for 10.138.32.0/24 Known via "bgp 100", distance 200, metric 0, type internal Last update from 192.168.100.100 00:29:47 ago Routing Descriptor Blocks: * 192.168.100.100 (Default-IP-Routing-Table), from 192.168.100.100, 00:29:47 ago Route metric is 0, traffic share count is 1 AS Hops 0 MPLS label: 18 MPLS Flags: MPLS Required
PE2PE2#sh ip route vrf Green 10.138.32.0Routing entry for 10.138.32.0/24 Known via "bgp 100", distance 200, metric 0, type internal Last update from 192.168.100.100 00:30:35 ago Routing Descriptor Blocks: * 192.168.100.100 (Default-IP-Routing-Table), from 192.168.100.100, 00:30:35 ago Route metric is 0, traffic share count is 1 AS Hops 0 MPLS label: 18 MPLS Flags: MPLS Required
PE3
12ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥
PE3#sh ip route vrf Shared 10.137.12.0Routing entry for 10.137.12.0/24 Known via "bgp 100", distance 200, metric 0, type internal Last update from 192.168.100.1 00:31:51 ago Routing Descriptor Blocks: * 192.168.100.1 (Default-IP-Routing-Table), from 192.168.100.1, 00:31:51 ago Route metric is 0, traffic share count is 1 AS Hops 0 MPLS label: 16 MPLS Flags: MPLS RequiredPE3#sh ip route vrf Shared 10.137.23.0 Routing entry for 10.137.23.0/24 Known via "bgp 100", distance 200, metric 0, type internal Last update from 192.168.100.2 00:31:59 ago Routing Descriptor Blocks: * 192.168.100.2 (Default-IP-Routing-Table), from 192.168.100.2, 00:31:59 ago Route metric is 0, traffic share count is 1 AS Hops 0 MPLS label: 17 MPLS Flags: MPLS Required
⢠äžèšã®èšå®æé ã®çµæãRed ãš Green ã® VRF ã®ã«ãŒãã£ã³ã° ããŒãã«ã«ã¯ãå ±æãµãŒãã¹ã® IP ãµããããã®ã«ãŒããå«ãããã«ãªããŸãïŒéã®å ŽåãåãïŒããã ããå ±æ VRF ã¯ãVPN éã®
ééãšãªã¢ãšããŠã¯æ©èœãããRed ãš Green ã®ä»®æ³ãããã¯ãŒã¯éã§ã¯æãŸããè«ççãªåé¢ãä¿
æãããŸãããã®åäœã¯ãiBGP ã®éæšç§»çãªæ§è³ªã«ãããã®ã§ãããã®æŠå¿µãæ確ã«ãããã
ã«ãå ±æ VRF ã® route-target èšå®ãå床次ã«ç€ºããŸãã
ip vrf Shared rd 3:3 route-target export 300:300 route-target import 100:100 route-target import 200:200
Red ãš Green ã®ã«ãŒããïŒroute-target import ã³ãã³ãã«ãã£ãŠïŒå ±æ VRF ããŒãã«ã«ã€ã³ããŒ
ãããããã®çµæãBGP ã®éæšç§»çãªæ§è³ªã®ããã«ããããã®ã«ãŒãã¯ïŒroute-target export ã³ãã³ãã䜿çšããŠïŒå床ãšã¯ã¹ããŒããããŸããããã®ä»ã®å Žåã¯ãã«ãŒãã¯ãªã¢ãŒã PEïŒPE1 ããã³ PE2ïŒ ã«ãã Red ãš Green ã® VRF ã«ã€ã³ããŒãããããããã®ä»®æ³ãããã¯ãŒã¯éã®è«ç
çãªåé¢ãåæãããŸãã
ãã® BGP ã®åäœãå«ããã 1 ã€ã®æå³ã¯ãç¹å®ã®ç©çã«ãŒã¿äžã® VRF ã«ã«ãŒããã€ã³ããŒãããŠ
ããåã VRF ãæ¡åŒµãããä»ã®ããã€ã¹ã®ã«ãŒãã£ã³ã° ããŒãã«ã«ã¯ãããã®ã«ãŒããå ¥åãã
ãªããšããäºå®ã§ããããšãã°ãå³ 8 ã«ç€ºãããã«ãRed ã® VRF ã PE2 ããã€ã¹äžã§ãå®çŸ©ãã
ããšããŸãã
13ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥
å³ 8 MP-iBGP ã®éæšç§»çãªæ§è³ª
å ±æ IP ãã¬ãã£ã¯ã¹ã PE1 ããã€ã¹äžã® Red ã® VRF ã«ã€ã³ããŒããããïŒåè¿°ã®èšå®æé ã«åº
ã¥ãïŒãšããäºå®ããã£ããšããŠããPE2 äžã® Red ã® VRF ã«ãŒãã£ã³ã° ããŒãã«ã§åãæ å ±ã¯å©
çšã§ããŸãããå©çšã§ããããã«ããã«ã¯ã次ã«ç€ºãããã« PE1 ã«é©çšãããã®ãšåã route-target èšå®ã PE2 äžã«è¿œå ããå¿ èŠããããŸãã
PE2ip vrf Red rd 1:1 route-target export 100:100 route-target import 300:300
ã·ã³ã°ã«ããã€ã¹ ã¢ãã«ã®èšå®
次ã§èª¬æããèšå®æé ã¯ãå³ 9 ã§ç€ºãäŸãåèã«ããŠããŸãã
Si
PC Red PC Green PC Red
PE2PE1
PE3
MP-BGPMP-BGP
2262
50
14ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥
å³ 9 ã·ã³ã°ã«ããã€ã¹ ã¢ãã«ã®äŸ
ãã¶ã€ã³ã®ç®çã¯ããã«ãããã€ã¹ ã¢ãã«ã®äžã§èª¬æãããã®ãšåäžã§ããã€ãŸããRed ãš Green ã®ãŠãŒã¶äž¡æ¹ãããããã®éã®è«ççãªåé¢ã倱ãããšãªããå ±æãµãŒãã¹ã«ã¢ã¯ã»ã¹ã§ããããã«ãã
ããšã§ãã
⢠åææ¡ä»¶ïŒå ±æãªãœãŒã¹ã® IP ãã¬ãã£ã¯ã¹ã¯ãå ±æ VRF ãšã®é¢é£ã§ R1 äžã§ã ãç¥ãããŠããã
ã«ãŒã¿ R2 ããã³ R3 ã® Red ãš Green ã® VRF ã§ã¯ç¥ãããŠããŸããã
R1R1#sh ip route vrf Shared 10.138.32.0Routing entry for 10.138.32.0/24 Known via "connected", distance 0, metric 0 (connected, via interface) Redistributing via eigrp 100 Routing Descriptor Blocks: * directly connected, via Vlan32 Route metric is 0, traffic share count is 1
R2R2#sh ip route vrf Red 10.138.32.0% Subnet not in table
R3R3#sh ip route vrf Green 10.138.32.0% Subnet not in table
10.138.32.0/24
Red 10.137.12.0/24
Green 10.137.23.0/24
R1
R3R2
IGPIGP
BGP
2262
51
15ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥
⢠ããŒã«ã« ã«ãŒãã®ãªãŒã¯ã¯ããªãœãŒã¹ãçŽæ¥æ¥ç¶ãããŠããããã€ã¹äžã«é 眮ãããŸãïŒãã®äŸ
ã§ã¯ R1ïŒãåãã®æ³å®ã§ã¯ãVRF-Lite ã®é 眮ã«ã¯ãã·ã³ã°ã« ãã©ãããã©ãŒã ã®ã¢ãããŒã
ïŒã«ãŒãã£ã³ã° ãããã³ã«ãšã㊠IGP ã䜿çšãããMP-BGP ã¯äœ¿çšãããªãïŒã䜿çšããããšã
ãããšã ã£ãã®ã§ã次ã®èšå®æé ãå®è¡ããå¿ èŠããããŸãã
1. VRF çšã« route-target ãã©ã¡ãŒã¿ãèšå®ããŸããå ±æ IP ãã¬ãã£ã¯ã¹ãå ±æ VRF ãããšã¯ã¹
ããŒãããRed ãš Green ã®ãŠãŒã¶ VRF ã«ã€ã³ããŒãããå¿ èŠããããŸããåæã«ãRed ãš Green ã® VRF ãããšã¯ã¹ããŒãããããŠãŒã¶ ãµãããããå ±æ VRF ã«ã€ã³ããŒãããŠãå
æ¹åã®æ¥ç¶ãã§ããããã«ããå¿ èŠããããŸãã
R1ip vrf Red rd 1:1 route-target export 100:100 route-target import 300:300!ip vrf Green rd 2:2 route-target export 200:200 route-target import 300:300!ip vrf Shared rd 3:3 route-target export 300:300 route-target import 200:200 route-target import 100:100
2. route-target èšå®ãå©çšããŠãã¬ãã£ã¯ã¹ã®äº€æãèµ·åããããã« BGP ããã»ã¹ãæå¹ã«ããŸ
ãããã®å Žåãããã»ã¹ã«ã¯ããŒã«ã«æ©èœã ããå«ãŸããã®ã§ãBGP èšå®ã®äžã§ãã€ããŒé¢
ä¿ãæå®ããå¿ èŠããªãããšã«æ³šæããŠãã ããããŸããroute-map æããªãã·ã§ã³ã§äœ¿çšã
ããšãç°ãªãã«ãŒãã£ã³ã° ããŒãã«éã§ãªãŒã¯ããã IP ãã¬ãã£ã¯ã¹ããã匷åã«å¶åŸ¡ã§ã
ãŸãã
R1access-list 1 permit 10.138.32.0 0.0.0.255access-list 2 permit 10.137.12.0 0.0.0.255access-list 3 permit 10.137.23.0 0.0.0.255!route-map Allowed_Green_Users permit 10 match ip address 3!route-map Allowed_Red_Users permit 10 match ip address 2!route-map Shared_Services permit 10 match ip address 1
EIGRP ç¹æã®èšå®
router bgp 100 no synchronization bgp log-neighbor-changes no auto-summary ! address-family ipv4 vrf Shared redistribute connected route-map Shared_Services no synchronization exit-address-family ! address-family ipv4 vrf Green redistribute eigrp 100 route-map Allowed_Green_Users
16ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥
no synchronization exit-address-family ! address-family ipv4 vrf Red redistribute eigrp 100 route-map Allowed_Red_Users no synchronization exit-address-family
OSPF ç¹æã®èšå®
router bgp 100 no synchronization bgp log-neighbor-changes no auto-summary ! address-family ipv4 vrf Shared redistribute connected route-map Shared_Services no synchronization exit-address-family ! address-family ipv4 vrf Green redistribute ospf 2 route-map Allowed_Green_Users no synchronization exit-address-family ! address-family ipv4 vrf Red redistribute ospf 1 route-map Allowed_Red_Users no synchronization exit-address-family
å ±æãµãŒãã¹ãžã¢ã¯ã»ã¹ããå¿ èŠã®ãããŠãŒã¶ ãµããããïŒVRF Red ãš Green å ïŒã¯ããµãŒãã¹
ïŒãã®äŸã§ã¯ EIGRP ãŸã㯠OSPFïŒãåŠç¿ããã®ã«äœ¿çšããã IGP ãååé ããããšã«ãã£ãŠã
代ããã« BGP ã«æ³šå ¥ãããŸãããã®äŸã§ã¯ãã«ãŒã ãªãŒã¯ãå®è¡ãããã¬ã€ã€ 3 ããã€ã¹ã«å ±æ
ãµãŒãã¹ãçŽæ¥æ¥ç¶ãããã®ã§ããã®ãµãŒãã¹ã®ãã¬ãã£ã¯ã¹ã¯ãredistribute connected ã³ãã³
ãã䜿çšã㊠BGP ã«æ³šå ¥ãããŸãããµãŒãã¹ã代ããã«å¥ã®ã¬ã€ã€ 3 ããã€ã¹ã«æ¥ç¶ãããå Žå
ã¯ããŠãŒã¶ ãµããããã®å Žåãšåæ§ã«ããµãŒãã¹ãåŠç¿ããã®ã«äœ¿çšããã IGP ãååé ããã
ãšã§ãBGP ã«æ³šå ¥ãããå ŽåããããŸãã
ïŒæ³šïŒ route-map ãèšå®ãããªãã£ãå Žåã¯ã çµçã« Red ãš Green ã®ãã¹ãŠã® VRF ãã¬ãã£ã¯ã¹
ãå ±æ VRF ã«ãŒãã£ã³ã° ããŒãã«ã«ãªãŒã¯ãããçµæãšãªããŸããäºæ³ãããããã«ããã
ã«ãã£ãŠ Red ãš Green ã® VPN éã®è«ççãªåé¢ãæãªãããããšã¯ãªãããšã«æ³šæããŠãã
ããã
⢠èšå®ãå®æœããããšãå ±æãã¬ãã£ã¯ã¹ã Red ããã³ Green VRF ã«ãŒãã£ã³ã° ããŒãã«å ã«æ³šå ¥
ãããïŒããã³ãçŽæ¥æ¥ç¶ããšè¡šç€ºãããããã«ãªã£ãïŒããšã確èªã§ããŸããåæã«ãå ±æ VRF ã«ãŒãã£ã³ã° ããŒãã«å ã« Red ãš Green ã®ãµãã»ãããæ³šå ¥ãããŸãã
R1R1#sh ip route vrf Red 10.138.32.0Routing entry for 10.138.32.0/24 Known via "bgp 100", distance 20, metric 0 (connected, via interface), type external Redistributing via eigrp 100, bgp 100 Routing Descriptor Blocks: * directly connected, via Vlan32 Route metric is 0, traffic share count is 1 AS Hops 0 MPLS label: none
17ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããŠããªãå ±æãµãŒãã¹ã®å°å ¥
R1#sh ip route vrf Green 10.138.32.0Routing entry for 10.138.32.0/24 Known via "bgp 100", distance 20, metric 0 (connected, via interface), type external Redistributing via eigrp 100, bgp 100 Routing Descriptor Blocks: * directly connected, via Vlan32 Route metric is 0, traffic share count is 1 AS Hops 0 MPLS label: none
R1#sh ip route vrf Shared 10.137.12.0Routing entry for 10.137.12.0/24 Known via "bgp 100", distance 20, metric 3840, type external Last update from 10.122.15.18 on GigabitEthernet1/3.412, 00:57:13 ago Routing Descriptor Blocks: * 10.122.15.18 (Red), from 0.0.0.0, 00:57:13 ago, via GigabitEthernet1/3.412 Route metric is 3840, traffic share count is 1 AS Hops 0 MPLS label: none
R1#sh ip route vrf Shared 10.137.23.0Routing entry for 10.137.23.0/24 Known via "bgp 100", distance 20, metric 3840, type external Last update from 10.122.25.18 on GigabitEthernet1/3.422, 00:57:18 ago Routing Descriptor Blocks: * 10.122.25.18 (Green), from 0.0.0.0, 00:57:18 ago, via GigabitEthernet1/3.422 Route metric is 3840, traffic share count is 1 AS Hops 0 MPLS label: none
ãã ãããã®æç¹ã§ã Red ãš Green ã®ãŠãŒã¶ããã³å ±æãªãœãŒã¹éã®éä¿¡ã¯å®çŸããŸãããçç±
ãšããŠã¯ãå ±æ IP ãã¬ãã£ã¯ã¹ã Red ãš Green ã® VRF ã«ãŒãã£ã³ã° ããŒãã«ã«ãªãŒã¯ãããŠã
ãŸãããR1 ããã€ã¹ã§ã¯ããŒã«ã«ã ãã«ãªãŒã¯ãããŠããããã§ããR2 ããã³ R3 ã®ã«ãŒãã£ã³
ã° ããŒãã«ã«ã¯ãããŸã ã«ãã®æ å ±ã¯å«ãŸããŸãããå ±æãã¬ãã£ã¯ã¹ã R2 ãš R3 ã«äŒæããã«
ã¯ããã®ãµããããããããã¯ãŒã¯å šäœã§ Red ãš Green ã® VRF ã®ãšã³ãããŒãšã³ãçšã«ã³ã³ã
ããŒã« ãã¬ãŒã³ãšããŠäœ¿çšããã IGP ã«éç¥ããå¿ èŠããããŸããããã¯ã次ã®èšå®äŸã§ç€ºãã
ãã«ãR1 äžã§å ±æãã¬ãã£ã¯ã¹ã BGP ãã IGP ã«ååé ããããšã§å®çŸããŸãã
EIGRP ç¹æã®èšå®
router eigrp 100 address-family ipv4 vrf Green redistribute bgp 100 metric 100000 1 255 1 1500! address-family ipv4 vrf Red redistribute bgp 100 metric 100000 1 255 1 1500
OSPF ç¹æã®èšå®
router ospf 1 vrf Red redistribute bgp 100 subnets!Router ospf 2 vrf Green redistribute bgp 100 subnets
ãã®æç¹ã§ãR1 ãš R2 ã®äž¡æ¹ã§å ±æãã¬ãã£ã¯ã¹ã IGP çµç±ã§ã©ã®ããã«åŠç¿ããããã確èªã§
ããŸãããã®åŠç¿ã«ãããã¯ã©ã€ã¢ã³ããšãµãŒãéã®éä¿¡ãæ£åžžã«è¡ãããŸãïŒæ¬¡ã®äŸã¯ã
EIGRP é 眮ã§æå¹ã§ãïŒã
R2R2#sh ip route vrf Red 10.138.32.0Routing entry for 10.138.32.0/24
18ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
Known via "eigrp 100", distance 90, metric 3840, type internal Redistributing via eigrp 100 Last update from 10.137.11.7 on GigabitEthernet5/2.612, 00:06:06 ago Routing Descriptor Blocks: * 10.137.11.7, from 10.137.11.7, 00:06:06 ago, via GigabitEthernet5/2.612 Route metric is 3840, traffic share count is 1 Total delay is 50 microseconds, minimum bandwidth is 1000000 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 4
R3R3#sh ip route vrf Green 10.138.32.0Routing entry for 10.138.32.0/24 Known via "eigrp 100", distance 90, metric 3840, type internal Redistributing via eigrp 100 Last update from 10.137.21.11 on Vlan123, 00:02:18 ago Routing Descriptor Blocks: * 10.137.21.11, from 10.137.21.11, 00:02:18 ago, via Vlan123 Route metric is 3840, traffic share count is 1 Total delay is 50 microseconds, minimum bandwidth is 1000000 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 4
⢠äžèšã®èšå®æé ã§ã¯ã çµçã«ããµãããã 10.137.12.0 ïŒVRF Red å ïŒããã³ 10.137.23.0 ïŒVRF Green å ïŒã«å±ãããŠãŒã¶ã ããåæ¹åã®æ¥ç¶ãçµéšããããŸãã¯äœ¿çšã§ããçµæãšãªããŸ
ããå ±æãµãŒãã¹ã® IP ãã¬ãã£ã¯ã¹ã¯ãVRF Red ãš Green ãé 眮ãããŠãããã¹ãŠã®ã¬ã€ã€ 3 ããã€ã¹ã«åé ãããŸããããã«ãããRed ãš Green ã® VRF ã®ãŠãŒã¶éšåããã¹ãŠ R1 äžã®å ±æãµ
ããããã«å°éã§ããããã«ãªããŸãããã ãããªã¿ãŒã³ ãã©ãã£ãã¯ã¯ããŠãŒã¶ ãã¬ãã£ã¯ã¹
ã BGP ã«ååé ããéã« route-map ã䜿çšããçµæãäžèšã® 2 ã€ã®ãµããããã«éå®ãããŠããŸ
ãã
å ±æãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ããä¿è·ãããŠããªãããšå®çŸ©ãããŠããå Žåã§ããACL ãé©çšãã
ããšã§ããã«å¶éã§ããŸããããšãã°ãå ±æãµããããã VLAN 32 çµç±ã§çŽæ¥æ¥ç¶ãããŠãããš
ããäºå®ãèžãŸãããšã次ã®èšå®ã¯ãVRF Red å ã® 10.137.12.0 ãµããããã«å«ãŸãããŠãŒã¶ã«ã
ãæ¥ç¶ãå¶éãããŸãã
access-list 133 permit ip 10.137.12.0 0.0.0.255 any!interface Vlan32 ip vrf forwarding Shared ip address 10.138.32.3 255.255.255.0 ip access-group 133 out
éçšäžã®èŠ³ç¹ããã¯ãããã«ã¯æããã«ããé«åºŠãªèšå®ãšä¿å®ãå¿ èŠã§ããããã®èšå®ã¯äžå€®ã®ã
ã±ãŒã·ã§ã³ã§é©çšããããšããäºå®ã«ãã£ãŠå©çãåŸãããŸãïŒåŸæ¥ã®åæ£ ACL ã«ããã¢ãããŒ
ããšã®æ¯èŒã§ïŒã
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥å ±æãµãŒãã¹ãžã®ä¿è·ãããã¢ã¯ã»ã¹ïŒå床ãå³ 10 ãåç §ïŒã«ã€ããŠèª¬æããå Žåããã¶ã€ã³ã«é¢ã
ãããã€ãã®å€æ°ãèæ ®ããå¿ èŠããããŸãããããã¯ãé 眮ãããç¹å®ã®ãœãªã¥ãŒã·ã§ã³ã«åœ±é¿ããŸ
ãã
19ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 10 ä¿è·ããããµãŒãã¹ ãšããž
â¢ å ±æãµãŒãã¹ã®å®çŸ©ïŒããŸããŸãªé 眮ã®äžã§ãã€ã³ã¿ãŒãããã¯ãç°ãªãä»®æ³ãããã¯ãŒã¯éã§å ±
æããå¿ èŠã®ããäžè¬çãªãªãœãŒã¹ãè¡šããŸãããã®ä»ã®ã·ããªãªã§ã¯ãç¹å®ã®ãµãŒãã¹ïŒäŸãšã
ãŠã¯ Call ManagerïŒãå ±æãªãœãŒã¹ãè¡šãå ŽåããããŸãããŸããå¯èœæ§ãšããŠã¯å°ãªãã®ã§ã
ããã°ããŒãã« ããŒãã«å šäœãããã¹ãŠã®ä»®æ³ãããã¯ãŒã¯ãæœåšçã«æ¥ç¶ã§ããå ±æãµãŒãã¹
ãšããŠèããããšãã§ããŸãã
⢠åä»®æ³ãããã¯ãŒã¯ã®ããã³ã ãšã³ããšããŠæ©èœããã»ãã¥ãªã㣠ããã€ã¹ïŒããã¯ãéåžžã¯
ãã¡ã€ã¢ãŠã©ãŒã« ããã€ã¹ã§ãããCisco Firewall ïŒFWSMãASAããŸã㯠PIXïŒã®ããŒãã£ã©
ã€ãŒãŒã·ã§ã³æ©èœãå©çšããä»®æ³ã³ã³ããã¹ãïŒç©çããã€ã¹ã®ä»£ããã«ïŒããé 眮ãããåè«ç
ããŒãã£ã·ã§ã³å°çšã«ããã®ãäžè¬çãªæ¹æ³ã§ãã
⢠é 眮ããããã¡ã€ã¢ãŠã©ãŒã« ããã€ã¹ã®åäœã¢ãŒãïŒéåžžããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãïŒãã¡ã€
ã¢ãŠã©ãŒã«ãã¬ã€ã€ 2 ã®ããªããž ããã€ã¹ã®ãããªåœ¹å²ãæããïŒãŸãã¯ã«ãŒããã ã¢ãŒã
ïŒãã¡ã€ã¢ãŠã©ãŒã«ãã«ãŒããã ãããã«ãªãïŒã® 2 ã€ã®ãªãã·ã§ã³ããããŸãã
⢠ãã®ãã¶ã€ã³ã«ãããŠããããã¯ãŒã¯ã®ä»®æ³åãããŠããªãéšåïŒã°ããŒãã« ããŒãã«ïŒã«æ¥ç¶
ããã«ã¯ã©ãããã°ãããïŒæ¬¡ã®ããã«ãäžè¬çã«å°å ¥ããããªãã·ã§ã³ãããã€ããããŸãã
1. ã°ããŒãã« ããŒãã«ã¯ããã 1 ã€ã® VPN ãšèãããïŒå®éãéåžžã¯ããã©ã«ãã® VPN ãšè
ããããïŒãããèªèº«ã®ã»ãã¥ãªã㣠ããã€ã¹ãããã³ããšã³ãã®åœ¹å²ãæãããŸãã
2. ã°ããŒãã« ããŒãã«ã¯å ±æãµãŒãã¹ãšããŠæ±ãããå VPN ããã°ããŒãã« ããŒãã«ãžã®ã¢ã¯
ã»ã¹ã¯ããµãŒãã¹ ãšããžãæäŸããããªã·ãŒå®æœã«åŸããŸãã
以äžã® 2 ã€ã®ãªãã·ã§ã³ãå³ 11 ã«ç€ºããŸãã
RedVPN
GreenVPN
YellowVPN
2262
46
20ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 11 ã°ããŒãã« ããŒãã«ã®é 眮ãªãã·ã§ã³
⢠ãã¥ãŒãžã§ã³ ã«ãŒã¿æ©èœãã©ã®ããã«é 眮ããããïŒ2 ã€ã® ãäžè¬çãªãªãã·ã§ã³ã¯ããã®åœ¹å²
ãæããåå¥ã®ç©çãããã¯ãŒã¯ ããã€ã¹ãå°çšã«ãããããµãŒãã¹ ãšããžã® VPN ãšåãã¹ã€ã
ãå ã«ãã¥ãŒãžã§ã³ ã«ãŒã¿ãå®è£ ãããªãã·ã§ã³ã§ããããã«ããããã¥ã¢ã« ãã£ã¢ããã³ã·ã³
ã°ã« ãã£ã¢ã®ãµãŒãã¹ ãšããž ã¢ãã«ãšãã 2 ã€ã®é 眮ã·ããªãªãåºå¥ã§ããŸãã
ãã®åŸã®ã»ã¯ã·ã§ã³ã§ã¯ããã¥ãŒãžã§ã³ VRF ã®å®çŸ©ãããã«ã·ã³ã°ã« ãã£ã¢ã®é 眮ã®èŠä»¶ã«ãªãåŸã
ãã«ã€ããŠèª¬æããŸãã2 ãã£ã¢ã®å®è£ ã§ã¯ããã¥ãŒãžã§ã³ã®æ©èœãå€éšããã€ã¹äžã§å®è¡ãããããš
ããããã¥ãŒãžã§ã³ VRF ã®å®çŸ©ã¯å¿ èŠãªãå¯èœæ§ããããŸãããã ããã°ããŒãã« ããŒãã«ãããå ±
æãµãŒãã¹ã«ã¢ã¯ã»ã¹ããå¿ èŠããããããªé 眮ã§ã¯ããã¥ãŒãžã§ã³ VRF ã®äœ¿çšãå¿ é ã«ãªããŸãã
ãã¹ãŠã®ã·ããªãªã«ãã®ãã¶ã€ã³ãäžè¬çã«åœãŠã¯ãŸãããã«ããã®ããã¥ã¢ã«ã®æ®ãã®éšåã§ã¯ãåžž
ã«ãã¥ãŒãžã§ã³ VRF ãå©çšããé 眮ã«ã€ããŠè°è«ããŸãã
ãã®åŸã®ã»ã¯ã·ã§ã³ã§ã¯ãäžèšã§èª¬æããå€æ°ã«åºã¥ããŠèãããããã¶ã€ã³ã®ããªãšãŒã·ã§ã³ã«ã€ã
ãŠãç¹å®ã®ã·ããªãªããšã«é·æãšçæã匷調ããªãã説æããŸãã次㮠2 ã€ã®ã¢ãã«ã«ã€ããŠèª¬æããŸ
ãã
⢠ãã¥ã¢ã« ãã£ã¢
⢠ã·ã³ã°ã« ãã£ã¢
ããããã®ã¢ãã«ã§ã次ã®ãã¶ã€ã³ ãªãã·ã§ã³ã䜿çšã§ããŸãã
⢠ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ã
ã«ãŒãã£ã³ã° ãã¢ãªã³ã° ãªãã·ã§ã³ïŒEIGRPãOSPFãããã³ eBGP
⢠ã«ãŒããã ã¢ãŒãã§ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ã
ã«ãŒãã£ã³ã° ãã¢ãªã³ã° ãªãã·ã§ã³ïŒeBGP
RedVPN
YellowVPN
RedVPN
GreenVPN
YellowVPN
2262
52
21ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
ãã¥ã¢ã« ãã£ã¢ã®å®è£
å³ 12 ã«ããã¥ã¢ã« ãã£ã¢ã®ãµãŒãã¹ ãšããž ã¢ãã«ã瀺ããŸãã
å³ 12 ãã¥ã¢ã« ãã£ã¢ã®å®è£ ã¢ãã«
D1 ããã³ D2 ããã€ã¹ã¯ããããã¯ãŒã¯ã®ã³ã¢ã«æ¥ç¶ãããŠãããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ã¹ã€ãããè¡šããŸããäžèšã®ããã«ãããã㯠VRF ãå®çŸ©ããããšã§ä»®æ³åãããŠããŸããä»®æ³åãã
ããããã¯ãŒã¯ã§ãããã®ããã€ã¹ãæãã圹å²ã¯ããã®å€§éšåãæ¡çšãããã¹åé¢æ¹æ³ã«äŸåããŸ
ãã
⢠MPLS VPN ãã¶ã€ã³ã§ã¯ããããã®ããã€ã¹ã¯ PE ãšããŠé 眮ãããŸãã
⢠VRF-Lite ãšã³ãããŒãšã³ã ã·ããªãªã§ã¯ããããã¯ä»®æ³åããããªã³ã¯çµç±ã§ã³ã¢ã«æ¥ç¶ãããŸ
ãïŒãµãã€ã³ã¿ãŒãã§ã€ã¹ãŸã㯠ã¬ã€ã€ 2 ãã©ã³ã¯ãš SVI ã®ããããã䜿çšããŠïŒã
⢠VRF-Lite ããã³ GRE ãã³ãã«ãé 眮ããå Žåã¯ããããã®ããã€ã¹ã¯ããªã¢ãŒã ã¹ãã€ã¯ãå§
ç¹ãšãªã GRE ãã³ãã«ãéçŽãããããšããŠæ©èœããå¯èœæ§ã ãé«ããªããŸãã
S1 ããã³ S2 ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ãšããŠæ©èœããããã€ã¹ã§ãããã«ã¯ïŒéåžžã¯ãFirewall Services Module ïŒFWSMïŒãçµ±åããããšã«ãã£ãŠïŒãã¡ã€ã¢ãŠã©ãŒã«ã®æ©èœãæãããŸããããã
ã®æ©èœã®ããã«ãS1 ããã³ S2 ã¯ããã®ããã¥ã¢ã«ãšã®é¢é£ã§ã¯ååä»ãã®ãµãŒãã¹ ã¹ã€ããã§ãã
Si
D1 D2
S1 S2
3
3
3
3
Red VPN
Yellow VPN
Green VPN
HSRP
HSRP
HSRP
D1Si L3
L2
L2 L2
L2 L2
Red VPNRed VPN
Red VPN
S2S1
D2
2262
53
22ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 12 ã®äžã®è«çæ§æå³ã§ã¯ãå¥åã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããå VPN ã®ããã³ã ãšã³ãå°çš
ãšããŠæ©èœããæ§åãè¡šãããŠããŸããç°ãªãã³ã³ããã¹ããïŒåã VPN ã«å¯ŸããŠïŒã¢ã¯ãã£ã /ã¹ã¿ã³ã〠ã¢ãŒããšããŠæ©èœããŸããããã©ãã£ãã¯ã®è² è·åæ£ãåäžãããããã«ç°ãªãã³ã³ããã¹
ãçšã® S1 ããã³ S2 äžã®ã¢ã¯ãã£ã㪠ãã¡ã€ã¢ãŠã©ãŒã«ã亀代ãããããšãã§ããŸãã
ãã¥ã¢ã« ãã£ã¢ã®æšå¥šãããé 眮ã«é¢ããè¿œå ã®èæ ®äºé ã次ã«ããã€ã瀺ããŸãã
⢠ãµãŒãã¹ ã¹ã€ããå ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ããã³ãã£ã¹ããªãã¥ãŒã·ã§ã³ ããã€ã¹å ã«å®çŸ©ãã
ã VRF ã¯ãã¬ã€ã€ 3 æ¥ç¶ãšãã¢ãªã³ã°ããŸãããã¥ãŒãžã§ã³ ã«ãŒã¿ã«é¢ããŠã¯ããã®ç®çã®ãã
ã«ç¹å®ã® VLAN ãå°çšã«æå®ããããšã§ãããéæã§ããŸãããã® VLAN ã¯ããµãŒãã¹ ã¹ã€ã
ãã«æ¥ç¶ããŠããã¬ã€ã€ 2 ã®ããŒããã£ãã« ãã©ã³ã¯äžã§äŒéãããŸãããã£ã¹ããªãã¥ãŒã·ã§
ã³ VRF ã«é¢ããŠã¯ãç©çã«ãŒããã ãªã³ã¯ã D1 ããã³ D2 ã«æ¥ç¶ããŸãããã®ãªã³ã¯ã¯ããã®
åŸãå VRF ãã¢ãžã®ã¬ã€ã€ 3 æ¥ç¶ãæäŸã§ããããã«ãä»®æ³åãããŸãïŒãµãã€ã³ã¿ãŒãã§ã€ã¹
ãå©çšïŒã
ïŒæ³šïŒ 2 ã€ã®ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«éã§åŸ©å åã®é«ãæ¥ç¶ãæäŸããããã«ããµãŒãã¹ ã¹ã€ã
ãéã«ããŒããã£ãã«ã䜿çšããããšã匷ãæšå¥šããŸãã
⢠åãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã®å éšã€ã³ã¿ãŒãã§ã€ã¹ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿åŽã«ãªã£ãŠã
ããå€éšã€ã³ã¿ãŒãã§ã€ã¹ã¯ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ã¹ã€ããåŽã«ãªã£ãŠããŸãããã®éž
æã¯ãå ±æãšãªã¢å ã«é 眮ããããµãŒãã¹ãä¿è·ããããã®èŠä»¶ã«ãã£ãŠæ±ºãŸããŸãã
⢠VLAN ã®å éšããã³å€éšäž¡æ¹ã®ãã¡ã€ã¢ãŠã©ãŒã«ããµãŒãã¹ ã¹ã€ããéã§æ¡åŒµãããŸããïŒããŒ
ããã£ãã« ã¬ã€ã€ 2 ãã©ã³ã¯äžã§äŒéãããïŒãVLAN å éšã®ãã¡ã€ã¢ãŠã©ãŒã«ã«ã¯åœãŠã¯ãŸããŸ
ããããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§ã®ãã¡ã€ã¢ãŠã©ãŒã«ã®é 眮ã«ã€ããŠèª¬æããéã«ããã®éžæ
ã®èšèšäžã®çç±ãæããã«ãªããŸãã
⢠ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ã¹ã€ããã¯ãã¬ã€ã€ 2 ãã©ã³ã¯ãå©çšããŠãæ£æ¹åœ¢ã®ããããžã«
ãã£ãŠãµãŒãã¹ ã¹ã€ããã«æ¥ç¶ãããŸããVLAN å€éšã®ãã¡ã€ã¢ãŠã©ãŒã«ã¯ããã¥ã¢ã« ãã£ã¢ ããã€ã¹éã§ããããã®ãã©ã³ã¯æ¥ç¶äžãäŒéãããŸãã
⢠äžèšã®èšèšãéžæããçµæããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ãããšãµãŒãã¹ ã¹ã€ããéã«ã«ãŒãã
ãªãŒã®ããããžãäœæãããŸããã¹ããã³ã° ããªãŒãã¢ã¯ãã£ãã«ããããšãåžžã«ãå§ãããŸã
ãïŒèšå®ãŸãã¯ã±ãŒãã«æ¥ç¶ãšã©ãŒã«ããã«ãŒããé²ãããïŒããªã³ã¯ã®ãããã¯ã«ã¯èšèšäžé¢äž
ããŸãããããã¯ãå šäœçãªãµãŒãã¹ ãšããž ãã¶ã€ã³ã®åŸ©å åã«åœ¹ç«ã¡ãŸãã
ãã®ã¿ã€ãã®é 眮ã¯ãããŒã¿ã»ã³ã¿ãŒã®é 眮ã§éåžžæšå¥šããããã®ãšã¯ãããã«ç°ãªãç¹ã«æ³šæããŠã
ã ãããããŒã¿ã»ã³ã¿ãŒã®èšèšæéã®è©³çŽ°ã«ã€ããŠã¯ã次ãåç §ããŠãã ããã
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/dc_servchas/service-chassis_design.html
ãã®åŸã®ã»ã¯ã·ã§ã³ã§ã¯ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒããŸãã¯ã«ãŒããã ã¢ãŒãã§æ©èœããŠãããã¡ã€
ã¢ãŠã©ãŒã« ã³ã³ããã¹ããå©çšããããã¥ã¢ã« ãã£ã¢ ã¢ãã«çšã® 2 ã€ã®ç°ãªãé 眮ã«ã€ããŠèª¬æããŸ
ãã衚瀺ãããŠããèšå®äŸããã³ã³ã³ããŒãžã§ã³ã¹çµæã¯ã次ã®ç¹åŸŽãæã€ãã¹ããããã§åŸãããã
ã®ã§ãã
⢠ãµãŒãã¹ ã¹ã€ããããã³ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ãããšã㊠Sup720 3BXL ãæèŒãã Catalyst 6500 ãé 眮ãããŸããããã¹ãããã IOS ãªãªãŒã¹ã¯ 12.2(33)SXH4 ã§ãããeBGP ããã£ã¹ããªãã¥ãŒã·ã§ã³ VRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã° ãããã³ã«ãš
ããŠå©çšããå Žåãããã€ãã®ä¿®æ£ãè¡ãããŠããã®ã§ïŒCSCsl39233 ããã³ CSCsu03167ïŒããµãŒãã¹ ãšããžã®é 眮ã«ãã®ãªãªãŒã¹ã䜿çšããããšã匷ããå§ãããŸãã
⢠Firewall Services Module ïŒFWSMïŒ ãã3.2(8) ãªãªãŒã¹ã§åäœãããã«ãã³ã³ããã¹ã ã¢ãŒãã§
é 眮ãããŠããŸãããã¡ã€ã¢ãŠã©ãŒã«ã®ãã§ãŒã«ãªãŒã㌠ã·ããªãªã«åœ¹ç«ã€éèŠãªä¿®æ£ ïŒCSCsr11309ïŒãå©çšã§ããããã«ããããã«ããã® å°éã®ãªãªãŒã¹ã®äœ¿çšãå¿ èŠã«ãªããŸãã
23ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
ïŒæ³šïŒ Cisco ASA ãåãç®çã§äœ¿çšããããã®ããã¥ã¢ã«ã¯ããã®ããã¥ã¢ã«ã®å°æ¥çãªãªãªãŒã¹ã§äºå®ã
ããŠããŸãã
ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§é 眮ããããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ã
ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããé 眮ããã®ã¯ãéåžžã«äžè¬çãªã¢ã
ããŒãã§ããããã¯ããã§ã«äœ¿çšäžã® IP ã¢ãã¬ã¹ãå€æŽããå¿ èŠãªãã«ãããã¯ãŒã¯ã«ãã¡ã€ã¢
ãŠã©ãŒã«ãæ¿å ¥ã§ããããã§ããããã¯äž»ã«ããã¡ã€ã¢ãŠã©ãŒã«ãã¬ã€ã€ 2 ã®ããã€ã¹ã®ããã«åãã
ã€ã³ã¿ãŒãã§ã€ã¹ã®å éšãšå€éšã®éã§ãã©ãã£ãã¯ãããªããžããããã§ãã
ïŒæ³šïŒ ãã®ããã¥ã¢ã«ãäœæãããæç¹ã§ã¯ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ã
ãé 眮ããå Žåã«å®çŸ©ã§ããã®ã¯ 2 ã€ã®ã€ã³ã¿ãŒãã§ã€ã¹ã ãã§ããã
ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã䜿çšãããã 1 ã€ã®å©ç¹ãšããŠãå³ 13 ã§ç€ºãããã«ã äžéšã«å®çŸ©ãã
ã VRF ãš äžéšã«å®çŸ©ããããã¥ãŒãžã§ã³ ã«ãŒã¿éã§ã«ãŒãã£ã³ã° ãã¢ãªã³ã°ã確ç«ã§ããããšãæ
ããããŸãã
å³ 13 ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããšã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°
ãã®æ©èœã§äœ¿çšãããã«ãŒãã£ã³ã° ãããã³ã«ã®çš®é¡ã¯ãéåžžã¯ãæ¡çšããããã¹åé¢æ¹æ³ã«ãã£ãŠ
決ãŸããŸãã
⢠MPLS VPN æ§æã§ã¯ããã£ã³ãã¹ ã€ã³ãã©ã¹ãã©ã¯ãã£å šå㧠VPN ã«ãŒãã亀æããŠãã PE ããã€ã¹éã« iBGP ããã§ã«ååšããããã«ãeBGP ã䜿çšããããã«æšå¥šãããŸãã
⢠VRF-Lite ãšã³ãããŒãšã³ãïŒãŸã㯠VRF-Lite + GREïŒã®æ§æã§ã¯ãéåžžã¯ãåä»®æ³ãããã¯ãŒ
ã¯å éšã§ã³ã³ãããŒã« ãã¬ãŒã³ ãããã³ã«ãšããŠãã§ã«äœ¿çšãããŠããåã IGP ããã®çš®é¡ã®ã
ã¢ãªã³ã°ã«ãå©çšãããŸãã
VPN
L2L2 L2
OSPF EiGRPeBGP
2262
54
24ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§é 眮ããããã¡ã€ã¢ãŠã©ãŒã«ã䜿çšãããµãŒãã¹ ãšããžçšã«æšå¥šããã
é 眮ã¢ãã«ãå³ 14 ã«ç€ºããŸãããã®äŸã§ã¯ã2 ã€ã® VPN ïŒRed ããã³ GreenïŒã®é 眮ã瀺ããŠããŸ
ããå³ 14 ã§ç€ºããŠããç¹å®ã® VPN/IP ãµããããæ å ±ã¯ããã®ã»ã¯ã·ã§ã³ã®æ®ãã®éšåã§ç€ºãããŠã
ãèšå®äŸã«äœ¿çšãããŠããŸãã
å³ 14 ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã®äŸ
å³ 14 ã§ç€ºãããã«ãRed ããã³ Green ã® VPN ã¯ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§é 眮ãããŠãã 2 ã€ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããããã³ããšã³ãã«ãªã£ãŠãããã€ã³ã¿ãŒãã§ã€ã¹ã®å€éšãšå éšã®
ãã¡ã€ã¢ãŠã©ãŒã«äžã«é 眮ããã VLAN ããã®ãã©ãã£ãã¯ãããªããžããŠããŸãããŸããS1 å éšã®
ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã¯ã¢ã¯ãã£ãã§ãS2 å ã®ãã¡ã€ã¢ãŠã©ãŒã«çšã®ã³ã³ããã¹ãã¯ã¹ã¿ã³
ã〠ã¢ãŒãã«ãªã£ãŠããŸããRed ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã S1 ã§ã¢ã¯ãã£ãã§ãããGreen ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã S2 ã§ã¢ã¯ãã£ãã§ãããããªãã¢ã¯ãã£ã -ã¢ã¯ãã£ã ã¢ãã«ãé
眮ããããšãã§ããŸãã
æšå¥šãããé 眮ã¢ãã«ã«é¢ããè¿œå ã®èæ ®äºé ã次ã«ããã€ã瀺ããŸãã
⢠HSRP ã¯ããã®å Žåã« é©ãª First Hop Redundancy Protocol ã§ã次ã®ã€ã³ã¿ãŒãã§ã€ã¹çšã«ä»®æ³
ã²ãŒããŠã§ã€æ©èœãæäŸããã®ã«å©çšãããŸãã
D1 D2
.3
.3
.2
.2
10.136.0.42/30
.33 .34
.43 .44
S1 S2VLAN 903 10.136.103.0/24 VLAN 904 10.136.104.0/24
VLAN 1054 10.136.104.0/24VLAN 1053 10.136.103.0/24
HSRP VIP .4VLAN 903 904
HSRP VIP .1VLAN 1053 1054
.6 .5.6 .5
VLAN 32 10.136.32.0/24
HSRP VIP .1
10.136.200.0/30.1 .2
Red VPN
Green VPN
10.136.0.32/30
2262
55
25ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
â å ±æãµãŒãã¹ ãµããããïŒVLAN 32ïŒïŒããã¯ããã¥ãŒãžã§ã³ ããã€ã¹ã«çŽæ¥æ¥ç¶ãããŠã
ããµããããå ã«å ±æãµãŒãã¹ãé 眮ãããŠããããšãåæã§ãã
â ãµããããå ã®ãã¡ã€ã¢ãŠã©ãŒã«ïŒRed VPN ã«ã¯ VLAN 903ãGreen VPN ã«ã¯ VLAN 904ïŒã
â ãµããããå€ã®ãã¡ã€ã¢ãŠã©ãŒã«ïŒRed VPN ã«ã¯ VLAN 1053ãGreen VPN ã«ã¯ VLAN 1054ïŒã
⢠ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ã¹ã€ããå ã«é 眮ããããã¥ãŒãžã§ã³ ã«ãŒã¿ããã³ VRF ã¯ã
ã«ãŒããã ãªã³ã¯ã«ãæ¥ç¶ãããŠããŸããããã¯ãç¹å®ã®é害ç¶æ ã«ãããŠããã©ãã£ãã¯ã®å
ã«ãŒãã£ã³ã°ãè¡ãã®ã«äœ¿çšãããã¬ã€ã€ 3 ãã¹ãæäŸããããã®ãã®ã§ãïŒåŸã»ã©èª¬æããŸãïŒã
⢠ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ããã£ã³ãã¹ VPN ããšã«å°çšã§äœ¿çšãããåå¥ã®ã€ã³ã¿ãŒãã§ã€ã¹ïŒãã
ã§ã¯ VLAN ã€ã³ã¿ãŒãã§ã€ã¹ïŒãå®çŸ©ããŸããäžèšã®äŸã§ã¯ãSVI 903 ãå©çšã㊠Red VPN ãšã®
éä¿¡ã確ç«ããïŒRed ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãçµç±ïŒãSVI 904 ã䜿çšã㊠Green VPN ãžã®
æ¥ç¶ã確ç«ãããŸãã
ãã¡ã€ã¢ãŠã©ãŒã«ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§é 眮ããå ŽåãBPDU ã®ãããŒãèš±å¯ããããã«ã
ç¹å®ã® ACL ãåãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãäžã«å®çŸ©ããã®ãäžè¬çãªãã¹ããã©ã¯ãã£ã¹ã§ãã
ããã¯ãïŒåè¿°ã®ãããªïŒåé·ã·ããªãªã«ãããŠãäž¡æ¹ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããïŒããšã
ã°ãããŒãã¢ã©ã€ã ã¡ãã»ãŒãžã®æ¶å€±ãåå ã§ïŒã¢ã¯ãã£ããªç¶æ ã«ãªãéã«äœæãããå¯èœæ§ãã
ãã¹ããã³ã° ããªãŒ ã«ãŒããæ€åºã§ããããã«ããããã«éèŠã§ããç¹å®ã® ACL ïŒéåžžã¯ååä»ã
ã® EtherType ACLïŒ ã次ã«ç€ºããŸãã
access-list BPDU ethertype permit bpdu
EtherType ãã©ãã£ãã¯ã¯ã³ãã¯ã·ã§ã³ã¬ã¹åãªã®ã§ãå éšããã³å€éšã€ã³ã¿ãŒãã§ã€ã¹ã®äž¡æ¹ã«ãã® ACL ãé©çšããå¿ èŠããããŸãã
access-group BPDU in interface outside-vrf-redaccess-group BPDU in interface inside-vrf-red
ïŒæ³šïŒ å šäœçãªãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãèšå®ã®èª¬æã¯ããã®ããã¥ã¢ã«ã®ç¯å²å€ã§ããå ·äœçãªæ å ±
ã«ã€ããŠã¯ã次ã®ããŒã¿ã»ã³ã¿ãŒã®ãã¶ã€ã³ ã¬ã€ããåç §ããŠãã ãããhttp://www.cisco.com/en/US/netsol/ns743/networking_solutions_program_home.html
äžèšã®èšå®ã§ã¯ãHSRP ãã±ããããã¡ã€ã¢ãŠã©ãŒã«ãééã§ãããšããèå³æ·±ãçµæãåŸãããŸãã
ãã®ããšã¯ããã¡ã€ã¢ãŠã©ãŒã«ã®å åŽããã³å€åŽã«ãã VLAN ã«é¢é£ä»ããããå ±éãµãã»ãããå
å ã§ã䜿çšããã·ããªãªã«åé¡ãåŒãèµ·ããå¯èœæ§ããããŸããHSRP ãé©åã«æ©èœããæãŸããåäœ
ã瀺ãããã«ããã«ã¯ã次ã«ç€ºãããã«ããµãŒãã¹ããã³ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ããã€ã¹çš
ã«å¥ã® HSRP ã°ã«ãŒããèšå®ããå¿ èŠããããŸãã
ãµãŒãã¹ ã¹ã€ããïŒS1 ããã³ S2ïŒinterface Vlan903 interface Vlan903 description Firewall Inside Red VRF description Firewall Inside Red VRF ip vrf forwarding fusion ip vrf forwarding fusion ip address 10.136.103.6 255.255.255.0 ip address 10.136.103.5 255.255.255.0 standby 1 ip 10.136.103.4 standby 1 ip 10.136.103.4 standby 1 timers msec 250 msec 750 standby 1 timers msec 250 msec 750 standby 1 priority 105 standby 1 preempt delay minimum 180
ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããïŒD1 ããã³ D2ïŒinterface Vlan1053interface Vlan1053 description Firewall Outside Red VRF description Firewall Outside Red VRF ip vrf forwarding Red ip vrf forwarding Red ip address 10.136.103.3 255.255.255.0 ip address 10.136.103.2 255.255.255.0 standby 2 ip 10.136.103.1 standby 2 ip 10.136.103.1
26ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
standby 2 timers msec 250 msec 750 standby 2 timers msec 250 msec 750 standby 2 priority 105 standby 2 preempt delay minimum 180
ãã®èšå®ã«ãã£ãŠãS1 ããµããããå ã®ãã¡ã€ã¢ãŠã©ãŒã«äžã®ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã«ãªãã
D1 ããµããããå€ã®ãã¡ã€ã¢ãŠã©ãŒã«äžã®ã¢ã¯ãã£ã㪠HSRP ã®åœ¹å²ãæããããã«ãªããŸãã
é©ãªã«ãŒãã£ã³ã° ãããã³ã«ãééã§ããããã«åãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãäžã®ãã£ã«ã¿ã
é©åã«é 眮ãããŠããå Žåã«ã¯ïŒEIGRPãOSPFãããã³ eBGP ã«å¿ èŠãªèšå®ã¯ããã®ããã¥ã¢ã«ã®ã
ããã³ã«ç¹æã®ã»ã¯ã·ã§ã³ã§åŸã»ã©èª¬æãããŸãïŒãå³ 15 ã§ç€ºãããã«ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããå ã§å®çŸ©ããã VRF ãäž¡æ¹ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãšãã¢ãªã³ã°ããŸãã
å³ 15 ãã«ã¡ãã·ã¥ã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°
ç¹å®ã®ã«ãŒãã£ã³ã° ãã¡ã€ã³å ã§å®å ãäžæã§ããå Žåã¯ãå VPN ãåžžã«ãã©ãã£ãã¯ããµãŒãã¹ ãšããžã«åããããã«ãããã®ã§ãéåžžã®é 眮ã§ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãD1 ããã³ D2 å ã§å®çŸ©
ãããŠããå VRF ã«ããã©ã«ã ã«ãŒããéç¥ããã ãã«ãªããŸããåæã«ãå VRF ã¯ããªã¢ãŒã ãã£ã³ãã¹ã®ãµããããããã¥ãŒãžã§ã³ ã«ãŒã¿ã«éç¥ããŸããçµæçã«ãã³ã¢ãšå ±æãµãŒãã¹ ãšãªã¢
éã®ãã©ãã£ãã¯ã¯ãå³ 16 ã§èª¬æããããã¹ãããã©ã«ãã§æµããããšã«ãªããŸãã
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPN
S2S1
2262
56
27ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 16 ã³ã¢ãããµãŒãã¹ãžã®ãã©ãã£ã㯠ãããŒ
ãã®ããã«åäœããçç±ã¯ãããã©ã«ãã§ã¯ãåãã¥ãŒãžã§ã³ ã«ãŒã¿ãäž¡æ¹ã® VRF ã«å¯Ÿããçã³ã¹ã
ã®ããã©ã«ã ã«ãŒããéç¥ããããã§ãããã¹ãŠã®ãã©ãã£ã㯠ãããŒã¯ããã¯ã¹ããããã S1 ãŸã
㯠S2 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã§ãããšããäºå®ãšã¯é¢ä¿ãªãã«ãS1 å ã®ã¢ã¯ãã£ããªãã¡ã€ã¢
ãŠã©ãŒã«ãééããããã«èŠæ±ãããŸãã
ïŒæ³šïŒ ããã«ãïŒäžè¬çãªããã©ã«ã ã«ãŒãã®ä»£ããã«ïŒç¹å®ã®å ±æãµãŒãã¹ ãµããããããã¥ãŒãžã§ã³ ã«ãŒã¿ãããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ã¹ã€ããå ã§å®çŸ©ããã VRF ã«éç¥ãããå Žåãåããã©
ãã£ã㯠ãããŒãèŠãããŸãã
å³ 16 ã§ç€ºããããŒã¯ãæº é©ãªãã®ã§ããµãŒãã¹ ã¹ã€ããéã®ãã©ã³ãžãã ãªã³ã¯ãå©çšãéããŠã
ãŸãããã®ã·ããªãªã é©åããããã«æšå¥šããããœãªã¥ãŒã·ã§ã³ã¯ãS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã
ããã©ã«ã ã«ãŒãçšã®åªå ãããã¡ããªãã¯ããã£ã¹ããªãã¥ãŒã·ã§ã³ VRF ã«éç¥ããããã«ã«ãŒ
ãã£ã³ã°ã調æŽããããšã§ãããã®èª¿æŽã«é¢ãã詳现ã«ã€ããŠã¯ããã®åŸã®ã«ãŒãã£ã³ã° ãããã³ã«
åºæã®ã»ã¯ã·ã§ã³ã§èª¬æããŸãããã©ãã£ã㯠ãããŒã«é¢ãã çµçµæã¯å³ 17 ã§ç€ºãããŠããŸãã
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPNRed VPN
S2S1 S2S1
2262
57
28ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 17 ã³ã¢ãããµãŒãã¹ãžã®ãã©ãã£ã㯠ãããŒã®æé©å
å³ 18 ã§ã¯ãå¥æ¹åã®ãããŒïŒå ±æãµãŒãã¹ãããã£ã³ãã¹ ã³ã¢ãžã®ãããŒïŒã瀺ãããŠããŸãã
å³ 18 å ±æãµãŒãã¹ããã³ã¢ãžã®ãã©ãã£ã㯠ãããŒ
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPNRed VPN
S2S1 S2S1
2262
58
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPNRed VPN
S2S1 S2S1
HSRP HSRP 22
6259
29ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
ãã¹ãŠã®ãªã¿ãŒã³ ãã©ãã£ã㯠ãããŒã¯ããŸã S1 ã«éä¿¡ãããŸããããã¯ãS1 ãå ±æãµãŒãã¹ ãµã
ãããïŒVLAN 32ïŒäžã®ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã§ããããã§ããããã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿
ã«çŽæ¥æ¥ç¶ãããŠãããµããããäžã«å ±æãµãŒãã¹ãé 眮ãããŠããå Žåã§ãããã®æç¹ã§ããããŒã® 50% ã D1 ã«éä¿¡ããïŒå ãã¡ã€ãã«ããçŽæ¥ãªã³ã¯çµç±ïŒãæ®ãã® 50% ããµãŒãã¹ ã¹ã€ããéã®ã
ã©ã³ãžãã ãªã³ã¯ãå©çšã㊠D2 ã«éä¿¡ãããŸããããã¯ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ã¹ã€ãã
å ã§å®çŸ©ããã Red VRF ããªã¢ãŒã ãã£ã³ãã¹ã®å®å ãžã®çã³ã¹ãã®ãã¹ãæäŸããããã§ãããã©
ãã£ã㯠ãããŒããå³ 17 ã§ç€ºããããŒãšããã«å¯Ÿç§°çã§ãããã«æ³šæããŠãã ããã
ãã®åŸã®ã»ã¯ã·ã§ã³ã§ã¯ãç°ãªãé害ã·ããªãªã«ããã埩æ§åäœã«ã€ããŠèª¬æããŸããé害ãçºçãã
ãã³ã«èµ·ãããã©ãã£ã㯠ãããŒã«é¢ããèæ ®äºé ã¯ãVRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã«å°å ¥ããã
ã«ãŒãã£ã³ã° ãããã³ã«ãšã¯é¢ä¿ãããŸããããã®åŸã®ã»ã¯ã·ã§ã³ã§ã¯ãåã«ãŒãã£ã³ã° ãããã³ã«
ã«é¢ããŠãå ·äœçãªåŸ©æ§æ¹æ³ãšåŸ©æ§æéã«ã€ããŠèª¬æããŸãã
ïŒæ³šïŒ ããã¥ã¢ã«ã®ãã®éšåã«ãããåé·æ§ã«é¢ãã話é¡ã¯ãã·ã³ã°ã« ãµã€ãã®é 眮ã§ã®åŸ©æ§æ¹æ³ã«çŠç¹ã
åœãŠãããŸããåé·ãµã€ãã®èæ ®äºé ã«é¢ããŠã¯ããä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»ã ãåç §ããŠãã ããã
ã³ã³ããŒãžã§ã³ã¹åæ
ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ãããšãµãŒãã¹ ã¹ã€ããéã®å ãã¡ã€ãé害
D1 ãš S1 éã®å ãã¡ã€ãã«ããæ¥ç¶ã«é害ãçºçãããšãD1 ã«ã¯ãæ°ããã¢ã¯ãã£ãã«ãªã£ããã¡ã€
ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ã«å¯ŸããŠã¢ã¯ãã£ããªã¬ã€ã€ 2 ãã¹ãååšããªãã®ã§ãD1 å ã® VRF ãšãã¥ãŒ
ãžã§ã³ ã«ãŒã¿éã®ãã¢ãªã³ã°ãåé€ãããŸãããã©ãã£ã㯠ãããŒã«åœ±é¿ããçµæããå³ 19 ã«ç€ºããŸ
ãã
å³ 19 D1 ãš S1 éã®å ãã¡ã€ãé害åŸã®ãã©ãã£ã㯠ãããŒ
S2
S1 S2S1
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPNRed VPN
HSRP
2262
60
30ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒD1 ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ããããã©ã«ã ã«ãŒãïŒãŸãã¯ãå ±æ
ãµãŒãã¹ ãµããããçšã®ããå ·äœçãªã«ãŒãïŒãåä¿¡ããã®ãåæ¢ããåæ§ã®æ å ±ããã£ã¹ããª
ãã¥ãŒã·ã§ã³ ã¹ã€ããã«æ¥ç¶ããŠããã«ãŒããã ãªã³ã¯çµç±ã§ D2 ããåä¿¡ãå§ããŸãããã®çµ
æããã®æ å ±ã D2 ãããå£ãã¡ããªãã¯ã§ D1 ããã£ã³ãã¹ ã³ã¢ã«éç¥ãå§ããã®ã§ãã³ã¢ãã
å ±æãµãŒãã¹ ãšãªã¢ã«åãããããã¹ãŠã®ãã©ãã£ãã¯ã D2 ã«é ä¿¡ãããããã«ãªããŸãããã®
å Žåã«çºçããã³ã³ããŒãžã§ã³ã¹ã¯ãD1 ãå ãã¡ã€ãã®é害ãæ€ç¥ããéãã«åºã¥ããŸãããªã³
ã¯é害æ€åºãæ©èœããå Žåãããã¯éåžžã«é«éã§ããµãã»ã«ã³ãã®äžææéããçããŸããã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãå ãã¡ã€ãã®é害ãšã¯é¢ä¿ãªã HSRP ãšããŠã®ã¢ã¯ãã£ããªåœ¹å²ãç¶æããŸãããã ãããã¥ãŒãžã§ã³ ã«ãŒã¿ãš D1 å ã® VRF éã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°ãããŠã³ãããŸã§ããã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ããã® VRF å ã®ãªã¢ãŒã ãã£ã³ãã¹ ãã±ãŒã·ã§ã³å®ãŠã®ãããŒã® 50% ã D1 ã«éä¿¡ããããšããã®ã§ããããã®ãã©
ãã£ã㯠ãããŒã«å¯ŸããŠãã©ãã¯ããŒã«ãçºçããŠããŸããŸãããã¢ãªã³ã°ãåé€ããããšãS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã D2 å ã® VRF ã ãããªã¢ãŒã ãã£ã³ãã¹å®å ã«å¯Ÿãã次ã®ããããšã
ãŠäœ¿çšãå§ããŸããããã¯ããããã®ãããŒããµãŒãã¹ ã¹ã€ããéã®ãã©ã³ãžãã ãªã³ã¯çµç±ã§ D2 ã«å°éããå¿ èŠãããããšãæå³ããŸããã³ã³ããŒãžã§ã³ã¹ã®èŠ³ç¹ãããããšãããã§äžææ
éã®é·ãã決å®ããäž»ãªèŠå ã¯ãS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã D1 å ã® VRF ãšã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°ãé€å»ããã®ã«èŠããæéã§ããããã¯ãéåžžã¯èšå®ãããã«ãŒãã£ã³ã° ãããã³ã«
ã®ä¿ææéã«çŽæ¥é¢ä¿ããŸãã
ãµãŒãã¹ ã¹ã€ãããšå ±æãµãŒãã¹ ãšãªã¢éã®å ãã¡ã€ãé害
ãµãŒãã¹ ã¹ã€ãã S1 ãå ±æãµãŒãã¹ ãšãªã¢ã«æ¥ç¶ããŠããå ãã¡ã€ã ãªã³ã¯ã«é害ãçºçããŠãã
VRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°ã«ã¯å€åã¯ãããŸããããã©ãã£ã㯠ãããŒ
ã¯ãå³ 20 ã§ç€ºãããã«ãªããŸãã
å³ 20 S1 ãšå ±æãµãŒãã¹ ãšãªã¢éã®å ãã¡ã€ãé害åŸã®ãã©ãã£ã㯠ãããŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€å ã® VRF ã«éç¥ããããã©ã«ã ã«ãŒããåŠç¿ããæ¹æ³ã«å¿ããŠããã©ãã£ã㯠ãããŒã«ã¯æ¬¡ã® 2 ã€ã®
ç°ãªãã·ããªãªãèããããŸãã
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPN
S2S1 S2S1
Red VPN
HSRP 22
6261
31ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
â ã¹ã¿ãã£ã㯠ã«ãŒãããã¯ã¹ãããã ããã€ã¹ããåŠç¿ãããã®ã§ã¯ãªããããŒã«ã«ã§çæ
ãããå ŽåïŒããã¯ãåŸã»ã©èª¬æããããã«ãå°å ¥ãããã«ãŒãã£ã³ã° ãããã³ã«ã«å¿ããŠ
ç°ãªãæ¹æ³ã§å®çŸãããŸãïŒãS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯å ãã¡ã€ãã®é害åŸãããã©ã«ã ã«ãŒãã®éç¥ãç¶è¡ããŸããããã¯ãå ±æãµãŒãã¹ã«é ä¿¡ãããã«ã¯ãå³ 14
ïŒ10.136.200.0/24 ãµããããïŒã§ç€ºãããã«ã«ãŒããã ãªã³ã¯è¶ãã«ãã©ãã£ãã¯ãåã«ãŒ
ãã£ã³ã°ããå¿ èŠãããããšãæå³ããŸãã
â ã¹ã¿ãã£ã㯠ã«ãŒããéåžžã¯å ±æãµãŒãã¹ ãšãªã¢å ã®ãã¯ã¹ãããã ããã€ã¹ããåŠç¿ãã
ãå Žåã¯ãS1 ã¯ãã®æ å ±ãåŠç¿ãããã³ VRF ã«å¯Ÿãããã®æ å ±ã®éç¥ãåæ¢ããŸãããã
ããS1 å éšã«ã¢ã¯ãã£ããªãã¡ã€ã¢ãŠã©ãŒã«ãæ®ãã®ã§ããã©ãã£ã㯠ãããŒã¯ãåã®ç®æ¡
æžãé ç®å ã®ã·ããªãªãšãŸã£ããåãã«èŠããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒS2 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã å ±æãµããããäžã§ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã«ãªãïŒHSRP ã¡ãã»ãŒãžã¯ããµãŒãã¹ ãšãªã¢å ã®ã¹ã€ãããžã®æ¥ç¶çµç±ã§äº€æã
ããïŒãã¢ã¯ãã£ããªãã¡ã€ã¢ãŠã©ãŒã«ããã®ããã€ã¹å ã«ããã®ã§ããã¹ãŠã®ãã©ãã£ã㯠ãããŒããã©ã³ãžãã ãªã³ã¯è¶ãã« S1 ã«éä¿¡ããå¿ èŠããããŸãããã©ãã£ã㯠ãããŒã¯ãéæ¹å
ã§ãåäžã®ããã«èŠããŸããã³ã³ããŒãžã§ã³ã¹ã®èŠ³ç¹ãããããšãäžææéã¯ãS2 å ã®ãã¥ãŒ
ãžã§ã³ ã«ãŒã¿ãå ±æãµãŒãã¹ ãµããããïŒVLAN 32ïŒäžã§ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã«ãªãã®
ã«å¿ èŠãªæéã«ãã£ãŠæ±ºãŸããŸãããã®å€ã å°åããã«ã¯ã次ã«ç€ºãããã«ãµãã»ã«ã³ã HRSP ã¿ã€ããŒãèšå®ããããšããå§ãããŸãã
S1interface Vlan32 description Shared Services ip vrf forwarding fusion ip address 10.136.32.3 255.255.255.0 standby 1 ip 10.136.32.1 standby 1 timers msec 250 msec 750 standby 1 priority 105 standby 1 preempt delay minimum 180
S2interface Vlan32 description Shared Services ip vrf forwarding fusion ip address 10.136.32.2 255.255.255.0 ip flow ingress standby 1 ip 10.136.32.1 standby 1 timers msec 250 msec 750
150 以äžã® VLAN ã®é 眮ã§ã¯ããµãã»ã«ã³ã HRSP ã¿ã€ããŒã®äœ¿çšããå§ãããŸãã詳现ã«ã€ã
ãŠã¯ã次ã®ãã£ã³ãã¹ ãã¶ã€ã³ ã¬ã€ããåç §ããŠãã ãããhttp://www.cisco.com/en/US/netsol/ns815/networking_solutions_program_home.html
ïŒæ³šïŒ å³ 20 ã§ç€ºãããã©ã³ãžãã ãªã³ã¯è¶ãã®æº é©ãªãã¹ãé¿ããããã«ãå¯èœã§ããã°åãµãŒãã¹ ã¹ã€ããããã³å ±æãµãŒãã¹ ãšãªã¢éã«ããŒããã£ãã«ãé 眮ããããšããå§ãããŸãã
ã¢ã¯ãã£ããªãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ã®é害
S1 å ã§ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ã«é害ãçºçãããšãVRF ããã³ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãS2 å éšã§æ°ããã¢ã¯ãã£ãã«ãªã£ããã¡ã€ã¢ãŠã©ãŒã«ã«ãã£ãŠã«ãŒãã£ã³ã° ãã¢ãªã³ã°ãä¿æããŸããçµ
æçã«çãããã©ãã£ã㯠ãããŒãå³ 21 ã«ç€ºããŸãã
32ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 21 ãã¡ã€ã¢ãŠã©ãŒã«ã®é害åŸã®ãã©ãã£ã㯠ãããŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒD1 ããã³ D2 ã¯ãS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿çµç±ã§ãã¹ã ã«ãŒã
ãåŠç¿ãç¶ããŸãããã®çµæããã©ãã£ã㯠ãããŒã® 50% ãå³ 21 ã«ç€ºãæº é©ãªãã¹ãçµç±ãã
ãµãŒãã¹ ã¹ã€ããéã®ãã©ã³ãžãã ãªã³ã¯ã 2 åééããŸãããããã®ãããŒã確ç«ããããŸã§
ã®å šäœã®äžææéã¯ã䞻㫠S2 å ã®ãã¡ã€ã¢ãŠã©ãŒã«ãã¢ã¯ãã£ãã«ãªããŸã§ã®æéã«å·Šå³ãããŸ
ããããã¯ããã®æéãããèšå®ãããã«ãŒãã£ã³ã° ãããã³ã«ã®ä¿ææéãé·ãããšãåæã§
ããããã§ãªãå Žåã¯ããã¡ã€ã¢ãŠã©ãŒã«ã®ãã§ãŒã«ãªãŒããŒæéã«å ããŠãã«ãŒãã£ã³ã° ãã
ãã³ã«ã®ãã¢ãªã³ã°ãå確ç«ããã«ãŒãã£ã³ã°æ å ±ãéç¥ããã®ã«å¿ èŠãªæéãèæ ®ããå¿ èŠãã
ããŸãïŒããã«å ·äœçãªèæ ®äºé ã«ã€ããŠã¯ããã®åŸã®ãããã³ã«åºæã®ã»ã¯ã·ã§ã³ãåç §ããŠã
ã ããïŒãS2 å ã®ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ãä»æ¹ã®ãã¡ã€ã¢ãŠã©ãŒã«ã®é害ãæ€ç¥ããã¢ã¯
ãã£ã ããã€ã¹ã«ãªãã®ã«å¿ èŠãªæéã¯ããã¡ã€ã¢ãŠã©ãŒã«éã§èšå®ãããä¿ææéã«äŸåãã
ããšã«æ³šæããŠãã ãããFWSM ã§ã¯ã次ã«ç€ºãããã«ãä¿ææéã 3 ç§æªæºã«ã¯èšå®ã§ããŸã
ãã
FWSM(config)# failover polltime unit msec 500 holdtime ?configure mode commands/options: <3-45> Hold time in seconds, default is 3 X poll time but minimum is 3 Seconds
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒãã¡ã€ã¢ãŠã©ãŒã«ã®é害ãšã¯é¢ä¿ãªããS1 ã¯ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã®ãŸãŸã«ãªãã®ã§ãå ±æãµãŒãã¹ ãšãªã¢ããã®ãã¹ãŠã®ãã©ãã£ãã¯ã¯ããã®ããã€ã¹
ã«é ä¿¡ãããŸããS1 ã¯ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€å ã®äž¡æ¹ã® VRF çµç±ã§ãªã¢ãŒã ãã£ã³
ãã¹ã®å®å ãåŠç¿ãç¶ããã®ã§ããã©ãã£ãã¯ã® 50% ã¯ãåè¿°ã®æº é©ãªãã¹ãšåããã¹ãéé
ããŸãããã®æ¹åã«ããã埩æ§æéã«ã¯ãåã®ç®æ¡æžãé ç®ã§èª¬æããã®ãšåãèæ ®äºé ãåœãŠã¯
ãŸããã³ã³ããŒãžã§ã³ã¹ã¯ããã¡ã€ã¢ãŠã©ãŒã«ããã§ãŒã«ãªãŒããŒã§ããé床ãããã®éã«ããã€
ã¹éã®ãã¢ãªã³ã°ãåæãããåŠãã«äŸåããŸãã
æšå¥šèšèšïŒS2 å éšã§ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ãã¢ã¯ãã£ããªå Žåã«ãå³ 21 ã§ç€ºããæº é©ãªã
ã¹ã䜿çšãããã®ã§ãS1 å éšã®ãã¡ã€ã¢ãŠã©ãŒã«ãïŒåäœäžã«ïŒåžžã«ã¢ã¯ãã£ãã®åœ¹å²ãæãããã
ã«ãã¡ã€ã¢ãŠã©ãŒã«ã®å åããèšå®ããããã«ãå§ãããŸãã
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPN
S2S1 S2S1
Red VPN
HSRP
2262
62
33ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
ãµãŒãã¹ ã¹ã€ããã®é害
ãã®é害ã·ããªãªãå³ 22 ã«ç€ºããŸãã
å³ 22 ãµãŒãã¹ ã¹ã€ããã®é害åŸã®ãã©ãã£ã㯠ãããŒ
ãµãŒãã¹ ã¹ã€ãã S1 å šäœã®é害ã®ãããS1 å ã® VRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã®ãã¢ãªã³ã°ãåé€ã
ããŸãããŸããD1 ã¯ãæ°ããã¢ã¯ãã£ãã«ãªã£ããã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ãžã®ã¢ã¯ãã£ããªã¬ã€
〠2 ãã¹ãæããªãã®ã§ãD2 å ã® VRF ã ãã S2 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãšã®ã«ãŒãã£ã³ã° ãã¢ãª
ã³ã°ã確ç«ã§ããŸããçµæçã«ããã©ãã£ã㯠ãããŒã¯æ¬¡ã®ããã«ãªããŸãã
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒD2 ãš S2 éã®ãªã³ã¯ã¯ãã³ã¢ããå ±æãµãŒãã¹ãžã®å¯äžå©çšå¯èœ
ãªãã¹ã§ããã³ã³ããŒãžã§ã³ã¹ã®èŠ³ç¹ãããããšãäžææéã¯ãã¡ã€ã¢ãŠã©ãŒã«ãã¢ã¯ãã£ãã«ãª
ããŸã§ã®æéã«ãã£ãŠæ±ºãŸããã«ãŒãã£ã³ã° ãã¢ãªã³ã°ãé£ç¶çã«ç¢ºç«ã§ããŸãããã®äžææé
ã®å®äœã¯ããã¡ã€ã¢ãŠã©ãŒã«ã®é害ã®ã·ããªãªã§èª¬æãããã®ãšåãã§ãããšèããããšãå¯èœã§
ãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãD2 å ã® VRF çµç±ã®ããªã¢ãŒã ãã£ã³ã
ã¹ã®å®å ãžã®æå¹ãªãã¹ã ããæã£ãŠããŸããS1 ã¹ã€ããã®é害ã®ããã«ãS2 ãã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã«ãªããŸãã埩æ§ã®ã¡ã«ããºã ã¯ãåã®ç®æ¡æžãé ç®å ã§èª¬æãããã®ãšåãã§
ãã
ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã®é害
åŸã®é¢é£ã·ããªãªã¯ãå³ 23 ã«ç€ºãããã«ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã®é害ã§ãã
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPNRed VPN
S2S1 S2S1
HSRP
2262
63
34ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 23 ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã®é害åŸã®ãã©ãã£ã㯠ãããŒ
ãã©ãã£ã㯠ãããŒããã³ã«ãŒãã£ã³ã° ãã¢ãªã³ã°ã®èŠ³ç¹ããã¯ããã®ã·ããªãªã¯ D1 ãš S1 éã®å
ãã¡ã€ãé害ã«é¢é£ããã·ããªãªãšéåžžã«äŒŒãŠããŸãã
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒD1 ã¹ã€ããå šäœã«é害ãçºçããŠããã®ã§ãã³ã¢ ããã€ã¹ã¯ãã
ãééããæå¹ãªãã¹ãåé€ãããã¹ãŠã®ãã©ãã£ãã¯ã D2 çµç±ã§åã«ãŒãã£ã³ã°ããŸããåãš
åæ§ããªã³ã¯é害æ€åºãæ©èœããå Žåãããã¯ãµãã»ã«ã³ãã®äžææéããçããªã ECMP ã®å
ã«ãŒãã£ã³ã°ã§ãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒãã¥ãŒãžã§ã³ ã«ãŒã¿ã«ã¯ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã«é
害ãçºçããããšãæ€ç¥ããæ¹æ³ããããŸããïŒãããã®éã«ãã¡ã€ã¢ãŠã©ãŒã«ãããããã§ãïŒã
ãã®çµæããã®ã«ãŒã¿ã¯ãã«ãŒãã£ã³ã° ãã¢ãªã³ã°ãåé€ããããŸã§ D1 å ã® VRF ã«ãã©ãã£ã
ã¯ãéä¿¡ãç¶ããŸãããããããã®å Žåã«ã³ã³ããŒãžã§ã³ã¹ã決å®ããäž»ãªã¡ã«ããºã ã«ãªããŸ
ãã
ãã®åŸã®ã»ã¯ã·ã§ã³ã§ã¯ãç°ãªãã«ãŒãã£ã³ã° ãããã³ã«ã®å°å ¥ã«ã€ããŠãå ·äœçãªèšèšãšèšå®ã«é¢
ããèæ ®äºé ã«ã€ããŠèª¬æããŸããããããã®ã±ãŒã¹ã«ã¯ãåã«èª¬æãããã¹ãŠã®é害ã®ã·ããªãªã®ã³
ã³ããŒãžã§ã³ã¹ã®çµæãå«ãŸããŸãã
VRF ããã³ãã¥ãŒãžã§ã³ ã«ãŒã¿éã§ã® EIGRP ã®äœ¿çš
ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããïŒD1 ããã³ D2ïŒäžã«å®çŸ©ããã VRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã®
ãã¢ãªã³ã°ã«å©çšã§ãã åã®ãªãã·ã§ã³ã¯ãEIGRP ãå©çšãããªãã·ã§ã³ã§ããããã¯ç¹ã«ãå®çŸ©
ãããåä»®æ³ãããã¯ãŒã¯ãšã®é¢é£ã§ EIGRP ãå©çšãã VRF-Lite ãšã³ãããŒãšã³ãã®é 眮ã«å¯ŸããŠ
æšå¥šãããŸãã
å¿ èŠãªèšå®æé ã¯æ¬¡ã®ãšããã§ãã
1. ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããè¶ãã EIGRP ã®é£æ¥é¢ä¿ã®ç¢ºç«ã®èš±å¯ïŒãã£ã¹ããªãã¥ãŒã·ã§
ã³ ã¬ã€ã€ã®å VRF ã«å¯Ÿã㊠EIGRP ããã§ã«æå¹ã«ãªã£ãŠãããããããµãŒãã¹ ã¹ã€ããäžã§æ
å¹åããå¿ èŠãããããšãåæã§ããããã¯éåžžãVRF-Lite ãšã³ãããŒãšã³ããå©çšã㊠VPN ããšã«ãã£ã³ãã¹éã®æ¥ç¶æ§ãæäŸããå Žåã§ãã
S2
S1 S2S1
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPNRed VPN
HSRP
2262
64
35ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å¿ èŠãªèšå®ã¯æ¬¡ã®ãšããã§ãïŒS1 ãš S2 ã®äž¡æ¹ã«æå¹ïŒã
router eigrp 100!address-family ipv4 vrf fusion network 10.0.0.0 no auto-summary autonomous-system 100 exit-address-family
ïŒæ³šïŒ VRF-Lite ç°å¢ã«ããã EIGRP ã®é 眮ã«é¢ãã詳现ã«ã€ããŠã¯ãhttp://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html ãåç §ããŠãã ããã
ç°ãªãé害ã®ã·ããªãªã«ããããã©ãã£ãã¯åŸ©æ§ã¯ãèšå®ãããä¿ææéã«å·Šå³ãããã®ã§ã
EIGRP ã¿ã€ããŒã調æŽã㊠Hello ã¿ã€ããŒãšä¿ææéã¿ã€ããŒã å°å€ã«äœæžããããšããå§ã
ããŸããããã¯ããµãŒãã¹ ã¹ã€ããäžã® SVIs 903 ããã³ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããäžã® SVIs 1053 ã«é©çšããå¿ èŠã®ããã次ã«ç€ºãèšå®ã䜿çšããŠå®è¡ããå¿ èŠããããŸãã
interface Vlan1053 ip vrf forwarding Red ip address 10.136.103.3 255.255.255.0 ip hello-interval eigrp 100 1 ip hold-time eigrp 100 3
次ã®ç¹å®ã® EtherType ãããã£ããã€ã³ã¿ãŒãã§ã€ã¹ã®å éšããã³å€éšã«é©çšããããšãEIGRP ãããã³ã«ã¯ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§å®è¡ãããŠãããã¡ã€ã¢ãŠã©ãŒã«ãèªåçã«ééã§
ããããã«ãªãããšã«æ³šæããŠãã ããã
access-list BPDU ethertype permit bpdu
ãã®çµæã次ã§ç€ºãããã«ãEIGRP ã®é£æ¥é¢ä¿ã S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãšãã£ã¹ããª
ãã¥ãŒã·ã§ã³ ã¬ã€ã€ ã¹ã€ããå ã® VRF éã«ç¢ºç«ãããŸãã
D1D1#sh ip eigrp vrf Red neighbors IP-EIGRP neighbors for process 100H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num2 10.136.103.2 Vl1053 2 00:04:06 4 200 0 417514901 10.136.103.5 Vl1053 2 00:04:06 6 200 0 500 10.136.103.6 Vl1053 2 00:04:06 3 200 0 1145 10.136.0.33 Te1/3.532 13 15:44:26 1 200 0 417514894 10.122.35.34 Te1/1.632 7 15:45:08 1 200 0 49261383 10.122.35.38 Te1/2.732 2 15:45:09 1 200 0 51781844
D2D2#sh ip eigrp vrf Red neighbors IP-EIGRP neighbors for process 100H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num1 10.136.103.3 Vl1053 2 00:05:39 10 200 0 12545 10.136.0.32 Te1/3.532 12 15:45:59 1 200 0 12554 10.122.35.36 Te1/1.732 7 15:46:02 1 200 0 49261373 10.122.35.40 Te1/2.632 2 15:46:03 1 200 0 517818422 10.136.103.6 Vl1053 2 15:46:04 1 200 0 1140 10.136.103.5 Vl1053 2 15:46:04 1 200 0 50
36ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
Red VRF ã¯ãäºãã«ãã¢ãªã³ã°ããããã« S1 ãš S2 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãš SVI 1053 çµç±ã§
ãã¢ãªã³ã°ããŸãããŸãããããã¯ãäºãã«ãã¢ãªã³ã°ããTen1/1ãTen1/2ãããã³ Ten1/3 ã®ãµ
ãã€ã³ã¹ã¿ã³ã¹ãå®çŸ©ãããé 眮ãããã«ãŒããã ãªã³ã¯çµç±ã§ã³ã¢ã«é 眮ãããããã€ã¹ãšã
ãã¢ãªã³ã°ããŸãã
S1S1#sh ip eigrp vrf fusion neighbors IP-EIGRP neighbors for process 100H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num3 10.136.200.2 Vl200 13 00:00:34 1 200 0 610 10.136.103.3 Vl903 2 00:13:51 4 200 0 12541 10.136.103.2 Vl903 2 15:54:16 1 200 0 417514902 10.136.103.5 Vl903 2 15:58:18 1 200 0 62
S2S2#sh ip eigrp vrf fusion neighbors IP-EIGRP neighbors for process 100H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num3 10.136.200.1 Vl200 11 00:01:16 1 200 0 1240 10.136.103.3 Vl903 2 00:14:34 4 200 0 12582 10.136.103.2 Vl903 2 15:54:58 1 200 0 417514931 10.136.103.6 Vl903 2 15:59:00 1 200 0 122
ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ããã€ã¹ã® D1 ãš D2 äžã«å®çŸ©ããã VRF ãšãã¢ãªã³ã°ããVLAN 903 äžã§ãäºãã«ãã¢ãªã³ã°ããŸãããµãŒãã¹ ã¹ã€ããéã§ã¬ã€ã€ 3 ã®ãã¢ãªã³ã°ã確ç«ããããã«ãå¥ã® SVI 200 ãå®çŸ©ãããŸãããã®ãã¢ãªã³ã°ã¯ãç¹å®ã®é害
ã·ããªãªã«ãããŠãå ±æãµãŒãã¹ãããã£ã³ãã¹ ã³ã¢ã«åããŠãã©ãã£ãã¯ãåã«ãŒãã£ã³ã°ã
ãå Žåã«äœ¿çšãããå¯èœæ§ããããŸãã
2. å VPN ã«ããã©ã«ã ã«ãŒããéç¥ããããã«ãã¥ãŒãžã§ã³ ã«ãŒã¿ãèšå®ïŒãã§ã«è¿°ã¹ãããã«ã
å®çŸ©ãããå VPN ããç¹å®ã® VPN ã«é¢é£ããŠå®å ãäžæã§ããå Žåã¯åžžã«ããã©ãã£ãã¯ãã
ã®äžå€®ã®ãã±ãŒã·ã§ã³ã«åããããã«ããã®ãç®çã§ããããã§ã¯ãããã©ã«ã ã«ãŒãããã¥ãŒ
ãžã§ã³ ã«ãŒã¿ã®ã«ãŒãã£ã³ã° ããŒãã«ã«ååšããããšãåæã§ããããã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿
ããã®æ å ±ããã¯ã¹ãããã ã«ãŒã¿ããåŠç¿ãããïŒããã¯ãããšãã°ã€ã³ã¿ãŒããã ãšããžã
é 眮ããå ŽåïŒãéçã«å®çŸ©ãããŠããããã§ãããã©ãã£ã㯠ãããŒã é©åããããã«ã¯ãS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãèšèšäžããã©ã«ã ã«ãŒãçšã«ããè¯ãã¡ããªãã¯ãéç¥ããããã«ã
ã«ãŒãã£ã³ã° ãããã³ã«ã調æŽããããšãå¿ èŠã§ããæãŸããåäœã«ãªããããªèšå®ã次ã«ç€ºã
ãŸãïŒS1 ãš S2 äž¡æ¹ã®ããã€ã¹çšïŒã
S1router eigrp 100 ! address-family ipv4 vrf fusion redistribute static network 10.0.0.0 default-metric 100000 100 255 1 1500 distribute-list Default out Vlan903 no auto-summary autonomous-system 100 eigrp router-id 10.136.200.1 exit-address-family!ip access-list standard Default permit 0.0.0.0
S2router eigrp 100
37ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
offset-list Default out 1000 Vlan903 ! address-family ipv4 vrf fusion redistribute static network 10.0.0.0 default-metric 100000 100 255 1 1500 distribute-list Default out Vlan903 no auto-summary autonomous-system 100 eigrp router-id 10.136.200.2 exit-address-family!ip access-list standard Default permit 0.0.0.0
äžã®äŸã«æå¹ãªããã€ãã®èæ ®äºé ïŒ
⢠redistribute static ã³ãã³ãã¯ãããã©ã«ã ã«ãŒããã«ãŒãã£ã³ã° ããŒãã«ã«æ¿å ¥ããã®ã«äœ¿çšã
ããŸããããã¯ãS1 ãš S2 ããã¯ã¹ãããã ããã€ã¹ããããã©ã«ããåŠç¿ãããããªã·ããªãª
ã§ã¯å¿ èŠãããŸããã
⢠SVI 903 ããéç¥ãããã«ãŒãã®ã¡ããªãã¯ãå¢ããããšã§ããã£ã¹ããªãã¥ãŒã·ã§ã³ VRF ã S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã«ãã£ãŠéç¥ãããã«ãŒããåžžã«åªå ããããã«ãS2 äžã§ offset-list ãèšå®ãããŸããoffset-list ã³ãã³ããããã¥ãŒãžã§ã³ VRF ã«ãããã³ã°ãããã€ã³ã¿ãŒãã§ã€ã¹
ã«é©çšãããã«ãããããããã°ããŒãã« EIGRP èšå®ã¹ããŒã¹ã®äžã§ã©ã®ããã«ãªã¹ããããŠã
ããã«æ³šæããŠãã ããã
⢠distribute-list ã¯ãS1 ãš S2 ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããå ã® VRF ã«éç¥ããã«ãŒãããã£
ã«ã¿ãªã³ã°ããã®ã«é©çšãããŸãããã®ç¹å®ã®äŸã§ã¯ãããã©ã«ã ã«ãŒãã ããèš±å¯ãããŸãã
distribute-list ã®äœ¿çšã匷ããå§ãããŸããããã䜿çšããªããšããã¥ãŒãžã§ã³ ã«ãŒã¿ã Red VRF ã«ä»ã® VPN ã®ã«ãŒãã£ã³ã°æ å ±ãéç¥ããŠããŸããŸãïŒãã¥ãŒãžã§ã³ ã«ãŒã¿ã§ã¯ããã¹ãŠã®ãã£
ã³ãã¹ ãã¬ãã£ã¯ã¹ã®å®å šãª VPN éã®ãã¥ãŒãå¯èœãªããšãèŠããŠãããŠãã ããïŒãããã«ã
ããããã©ã«ã㧠VPN ééä¿¡ã確ç«ãããªããŠãïŒç¢ºç«ããã«ã¯ãç¹å®ã®ããªã·ãŒãåãã¡ã€ã¢
ãŠã©ãŒã« ã³ã³ããã¹ãäžã§èšå®ããå¿ èŠããããŸãïŒãåè¿°ã®åäœã¯æãŸãããã®ã§ã¯ãããŸã
ãã
çµæçã«ã¯ã以äžã«ç€ºãããã«ãD1 ãš D2 ã®äž¡æ¹ã S1 ããããã©ã«ã ã«ãŒããåŠç¿ããŸãã
D1D1#show ip route vrf Red supernets-only Routing Table: RedCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 10.136.103.6 to network 0.0.0.0D*EX 0.0.0.0/0 [170/51456] via 10.136.103.6, 1d00h, Vlan1053
D2D2#show ip route vrf Red supernets-only Routing Table: RedCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
38ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
Gateway of last resort is 10.136.103.6 to network 0.0.0.0D*EX 0.0.0.0/0 [170/51456] via 10.136.103.6, 5d22h, Vlan1053
çµæçã«ãã³ã¢ããå ±æãµãŒãã¹ ãšãªã¢ãžã®ãã©ãã£ã㯠ãããŒã¯ãå³ 17 ã§ç€ºããããã«ãªããŸãã
EIGRP ã³ã³ããŒãžã§ã³ã¹ã®çµæ
åã«èª¬æããå¥ã®é害ã·ããªãªã§ã®ã³ã³ããŒãžã§ã³ã¹ã®çµæã次ã«ãŸãšããŸãã
ãã¹ã 1 ïŒS1 ãš D1 éã®å ãã¡ã€ãã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
ãã®å€ã¯ãS1 ãžæ¥ç¶ããå ãã¡ã€ã ãªã³ã¯ã®é害ã D1 ããã€ã¹ã«ãã£ãŠæ€ç¥ãããé床ã«ãã£
ãŠæ±ºãŸããŸããããã«ãããSVI 1053 ã DOWN ç¶æ ã«ãªãããã®çµæãã«ãŒãã£ã³ã° ããŒãã«
ãããã®ã€ã³ã¿ãŒãã§ã€ã¹çµç±ã§åŠç¿ããããã©ã«ãã®ã«ãŒããåé€ãããŸãããã®ã€ãã³ãã¯ã
éåžžã¯ãªã³ã¯é害æ€ç¥ã®ã¡ã«ããºã ã«ãã£ãŠéå§ããããã®ããã«éåžžã«é«éã§ãïŒãµãã»ã«ã³ã
ã®ã³ã³ããŒãžã§ã³ã¹ïŒã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ ïœ 3 ç§
ãã®å€ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ã D1 ããåŠç¿ããã«ãŒããã«ãŒãã£ã³ã° ããŒãã«ããåé€ã§ã
ãé床ã«ãã£ãŠæ±ºãŸããŸããåè¿°ããããã«ãSVI 㯠D1 äžã§ DOWN ç¶æ ãªã®ã§ãã«ãŒããåé€
ããããŸã§ãã©ãã£ãã¯ã¯ãã©ãã¯ããŒã«ã«å ¥ã£ãŠããŸããŸãããã®æ€ç¥ã®äž»ãªèŠå ã¯ãèšå®ãã
ã EIGRP ã®ä¿ææéã§ãããã®å€ã«ãã£ãŠãæ€ç¥ãŸã§ã®æéã 3 ç§ã«ã¢ã°ã¬ãã·ãã«èª¿æŽããã
ããªæšå¥šãæ£åœåãããŸãããã®åäœã¯ãS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿äžã§ååŸããã次ã®åºåã®
ããã«ãªããŸãã
Dec 9 16:13:10.414 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/23, changed state to downDec 9 16:13:10.426 EST: %LINK-3-UPDOWN: Interface GigabitEthernet2/23, changed state to downDec 9 16:13:10.418 EST: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface GigabitEthernet2/23, changed state to downDec 9 16:13:10.422 EST: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/23, changed state to downDec 9 16:13:12.894 EST: %DUAL-5-NBRCHANGE: IP-EIGRP(1) 100: Neighbor 10.136.103.3 (Vlan903) is down: holding time expiredDec 9 16:13:12.894 EST: RT(fusion): delete route to 10.137.32.0 via 10.136.103.3, eigrp metric [90/3840]
åè¿°ã®ããã«ãS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãš D1 å ã® VRF éã® EIGRP ã®ãã¢ãªã³ã°ãåé€ãã
ããšãEIGRP ã®ä¿ææéã®æéãåããããããªã¢ãŒãå®å ïŒ10.137.32.0ïŒãžã®ã«ãŒããåé€ã
ããŸãã
ãã¹ã 2 ïŒS1 ãšå ±æãµãŒãã¹ ãšãªã¢éã®å ãã¡ã€ãã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿å®ãŠã®ãã¹ãŠã®ãã©ãã£ã㯠ãããŒãããã©ã³ãžãã ãªã³ã¯è¶ãã« S2 ãžåã«ãŒãã£ã³ã°ããå¿ èŠããããŸããåã«ãŒãã£ã³ã°ã«ãã£ãŠãéåžžããµãã»ã«ã³ãã®äžæ
æéãçããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ<1 ç§
å ±æãµãŒãã¹ ãšãªã¢ããã®ãã©ãã£ãã¯ã¯ãS2 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãå ±æãµãŒãã¹ã®ãµã
ãããïŒVLAN 32ïŒäžã§ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã«ãªããŸã§ããã©ãã¯ããŒã«ã«å ¥ã£ãŠããŸ
ããŸãããµãã»ã«ã³ãã® HSRP ã¿ã€ããŒãèšå®ãããšããã®ã³ã³ããŒãžã§ã³ã¹ ã€ãã³ãããµãã»
ã«ã³ã以å ã«åãŸããŸãã
ãã¹ã 3 ïŒãã¡ã€ã¢ãŠã©ãŒã«ã®é害ïŒ
39ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ ïœ 4ã5 ç§
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ ïœ 4ã5 ç§
åè¿°ã®ãã©ãã£ãã¯ã®äžææéã®äžå ãšãªã 2 ã€ã®äž»èŠãªã³ã³ããŒãã³ãïŒ
â S2 å ã®ãã¡ã€ã¢ãŠã©ãŒã«ãã¢ã¯ãã£ããªåœ¹å²ãæ ããŸã§ã«å¿ èŠãªæéïŒããã¯çŸåšãFWSM ã®é 眮ã§ã¯ 3 ç§æªæºã«èšå®ã§ããŸããã
â EIGRP ã¿ã€ããŒãã¢ã°ã¬ãã·ãã«èšå®ãããå Žåãé£æ¥é¢ä¿ããªã»ãããããå¯èœæ§ããã
ãŸãïŒæ°ãããã¡ã€ã¢ãŠã©ãŒã«ããã©ãã£ãã¯ãéä¿¡ãå§ããã®ã«å¿ èŠãª 3 ç§ãäžããããå Ž
åïŒãEIGRP ã®ãã¢ãªã³ã°ãå確ç«ããã®ã«å¿ èŠãªæéãèæ ®ããå¿ èŠãããã®ã§ãå šäœã®äž
ææé㯠4 ïœ 5 ç§ã«ãªããŸããEIGRP ã®é£æ¥é¢ä¿ããªã»ãããããªãããã«ããã«ã¯ã
EIGRP ã¿ã€ããŒã®ã¢ã°ã¬ãã·ãèšå®ãäœãã«ã§ããŸããããã«ãããEIGRP ã®ä¿ææéãã
ãã©ãã£ãã¯ã®å šäœçãªäžææéã決ããäž»ãªèŠå ã«ãªããããªå Žåãé害ã·ããªãªïŒããšã
ã°ãå ãã¡ã€ãã®é害ã®ã·ããªãªïŒã®åŸ©æ§æéã«åœ±é¿ãåãã§ããŸãããšã«æ³šæããŠãã ã
ãã
ãã¹ã 4 ïŒãµãŒãã¹ ã¹ã€ããã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ ïœ 4ã5 ç§
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ ïœ 4ã5 ç§
ãã¡ã€ã¢ãŠã©ãŒã«ã®é害ã®ã·ããªãªã«ãããèæ ®äºé ãããã§ãåœãŠã¯ãŸããŸãã
ãã¹ã 5 ïŒãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
ãã®å Žåã®åŸ©æ§ã¡ã«ããºã ã¯ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã«é害ãçºçããå Žåã®ãã³ã¢ ããã€ã¹ããã® ECMP ã«ãªããŸããé害ãçºçããã¹ã€ããã«çŽæ¥æ¥ç¶ãããŠããã³ã¢ ããã€ã¹
äžã§ãªã³ã¯æ€ç¥ã¡ã«ããºã ãé©åã«æ©èœããŠããå Žåãããã¯éåžžã«é«éã«è¡ãããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ ïœ 3 ç§
S1 äžã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ïŒã¢ã¯ãã£ã㪠HSRP ããã€ã¹ïŒããäžèšã®ãã¹ã 1 ã®ã·ããªãªãšå
æ§ãEIGRP ãã¢ãªã³ã°ãåé€ããããŸã§é害ã®çºçããã¹ã€ããå éšã® VRF ã«ãã©ãã£ãã¯ãé
ä¿¡ãç¶ããããã埩æ§æéã¯èšå®ããã EIGRP ä¿ææéã«äŸåããŸãã
VRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã§ã® OSPF ã®äœ¿çš
å®çŸ©ãããåä»®æ³ãããã¯ãŒã¯ãšã®é¢é£ã§ OSPF ãå©çšãã VRF-Lite ãšã³ãããŒãšã³ãã®é 眮ã«ã¯ã
ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããïŒD1 ããã³ D2ïŒãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã®ãã¢ãªã³ã°ã« OSPF ã䜿çšããããšãç¹ã«ãå§ãããŸãã
å¿ èŠãªèšå®æé ã次ã«ç€ºããŸãã
1. ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããè¶ãã OSPF ã®é£æ¥é¢ä¿ã®ç¢ºç«ã®èš±å¯ïŒãã£ã¹ããªãã¥ãŒã·ã§
ã³ ã¬ã€ã€ã®å VRF ãšã®é¢é£ã§ OSPF ããã§ã«æå¹ã«ãªã£ãŠãããããããµãŒãã¹ ã¹ã€ããäžã§æ
å¹åããå¿ èŠãããããšãåæã§ããå¿ èŠãªèšå®ã¯æ¬¡ã®ãšããã§ãïŒS1 ãš S2 ã®äž¡æ¹ã«æå¹ã
router-id ã®å€ã¯äŸå€ïŒã
router ospf 100 vrf fusion router-id 10.136.100.1 log-adjacency-changes auto-cost reference-bandwidth 10000 capability vrf-lite timers throttle spf 10 100 5000 timers throttle lsa all 10 100 5000 timers lsa arrival 80 passive-interface default no passive-interface Vlan200 no passive-interface Vlan903
40ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
network 10.136.0.0 0.0.255.255 area 136
ïŒæ³šïŒ VRF-Lite ç°å¢ã«ããã OSPF ã®é 眮ã«é¢ãã詳现ã«ã€ããŠã¯ãhttp://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html ãåç §ããŠãã ããã
ç°ãªãé害ã®ã·ããªãªã«ããããã©ãã£ãã¯åŸ©æ§ã¯ãèšå®ãããä¿ææéã«å·Šå³ãããã®ã§ã
OSPF ã¿ã€ããŒã調æŽã㊠Hello ã¿ã€ããŒãšä¿ææéã¿ã€ããŒã®å€ãäœæžããããšããå§ãããŸ
ããããã¯ããµãŒãã¹ ã¹ã€ããäžã® SVIs 903 ããã³ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããäžã® SVIs 1053 ã«é©çšããå¿ èŠã®ããã次ã«ç€ºãèšå®ã䜿çšããŠå®è¡ããå¿ èŠããããŸãã
interface Vlan1053 ip vrf forwarding Red ip address 10.136.103.3 255.255.255.0 ip ospf hello-interval 1
ãŸãã次ã«ç€ºãããã«ãhello ã®ééã®èšå®ã¯ããã ã¿ã€ããŒã®å€ãæé»ã®ãã¡ã« 4 å倧ããªå€ã«
èšå®ããŸãã
D1#sh ip ospf 4 interface vlan1054Vlan1054 is up, line protocol is up <snip> Timer intervals configured, Hello 1, Dead 4, Wait 4, Retransmit 5
ïŒæ³šïŒ ãµãã»ã«ã³ãã® OSPF ã¿ã€ããŒã®èšå®ã¯æšå¥šãããŸããã
EIGRP ãããã³ã«ãšã¯ç°ãªããOSPF ãã±ããã¯ãEtherType ACL ã§ã¯ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒ
ãã§å®è¡äžã®ãã¡ã€ã¢ãŠã©ãŒã«ãééã§ããªãããšã«æ³šæããŠãã ããã次ã«ç€ºãããã«ãOSPF ããã¡ã€ã¢ãŠã©ãŒã«ãééã§ããããã«ããã«ã¯ãç¹å®ã® ACE ãå¿ èŠã§ãã
access-list <ACL_NAME> extended permit ospf any any
åã®èšå®æé ã®çµæã次ã§ç€ºãããã«ãOSPF ã®é£æ¥é¢ä¿ã S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãšãã£ã¹
ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ã¹ã€ããå ã® VRF éã«ç¢ºç«ãããŸãã
D1D1 #sh ip ospf 4 neighbor Neighbor ID Pri State Dead Time Address Interface10.122.233.4 1 FULL/BDR 00:00:03 10.122.35.34 TenGigabitEthernet1/1.63210.136.4.2 1 FULL/BDR 00:00:03 10.136.103.2 Vlan105310.136.100.2 1 FULL/DR 00:00:03 10.136.103.5 Vlan105310.136.4.2 1 FULL/DR 00:00:03 10.136.0.33 TenGigabitEthernet1/3.53210.122.233.5 1 FULL/DR 00:00:03 10.122.35.38 TenGigabitEthernet1/2.732
D2D2 #sh ip ospf 4 neighbor Neighbor ID Pri State Dead Time Address Interface10.122.233.4 1 FULL/BDR 00:00:03 10.122.35.36 TenGigabitEthernet1/1.73210.136.4.1 1 FULL/DROTHER 00:00:03 10.136.103.3 Vlan105310.136.100.2 1 FULL/DR 00:00:03 10.136.103.5 Vlan105310.136.4.1 1 FULL/BDR 00:00:03 10.136.0.32 TenGigabitEthernet1/3.532
41ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
10.122.233.5 1 FULL/DR 00:00:03 10.122.35.38 TenGigabitEthernet1/2.632
VRF ããäºãã«ãã¢ãªã³ã°ããããã« S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãš SVI 1053 çµç±ã§ãã¢ãªã³ã°
ããããšã«æ³šæããŠãã ããããŸãããããã¯ãäºãã«ãã¢ãªã³ã°ããïŒTen1/1ãTen1/2ãããã³ Ten1/3 ã®ãµãã€ã³ã¹ã¿ã³ã¹çµç±ã§ïŒã³ã¢ã«é 眮ãããããã€ã¹ãšããã¢ãªã³ã°ããŸãã
S1S1#sh ip ospf 100 neighborNeighbor ID Pri State Dead Time Address Interface10.136.100.2 1 FULL/BDR 00:00:03 10.136.200.2 Vlan20010.136.3.1 1 2WAY/DROTHER 00:00:03 10.136.103.3 Vlan90310.136.3.2 1 FULL/BDR 00:00:03 10.136.103.2 Vlan90310.136.100.2 1 FULL/DR 00:00:03 10.136.103.5 Vlan903
S2S2#sh ip ospf 100 neighbor Neighbor ID Pri State Dead Time Address Interface10.136.100.1 1 FULL/DR 00:00:03 10.136.200.1 Vlan20010.136.3.1 1 FULL/DROTHER 00:00:03 10.136.103.3 Vlan90310.136.3.2 1 FULL/BDR 00:00:03 10.136.103.2 Vlan90310.136.100.1 1 FULL/DROTHER 00:00:03 10.136.103.6 Vlan903
S1 ããã³ S2 ã¯ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ããã€ã¹ã® D1 ãš D2 äžã«å®çŸ©ããã VRF ãš SVI 903 çµç±ã§ãã¢ãªã³ã°ããŸãããµãŒãã¹ ã¹ã€ããéã§ã¬ã€ã€ 3 ã®ãã¢ãªã³ã°ã確ç«ãããã
ã«ãå¥ã® SVI 200 ãå®çŸ©ãããŸãããã®ãã¢ãªã³ã°ã¯ãç¹å®ã®é害ã·ããªãªã«ãããŠãå ±æãµãŒã
ã¹ãããã£ã³ãã¹ ã³ã¢ã«åããŠãã©ãã£ãã¯ãåã«ãŒãã£ã³ã°ããå Žåã«äœ¿çšãããå¯èœæ§ãã
ããŸãã
2. å VPN ã«ããã©ã«ã ã«ãŒããéç¥ããããã«ãã¥ãŒãžã§ã³ ã«ãŒã¿ãèšå®ïŒãã§ã«è¿°ã¹ãããã«ã
å®çŸ©ãããå VPN ããç¹å®ã® VPN ã«é¢é£ããŠå®å ãäžæã§ããå Žåã¯åžžã«ããã©ãã£ãã¯ãã
ã®äžå€®ã®ãã±ãŒã·ã§ã³ã«åããããã«ããã®ãç®çã§ããããã§ã¯ãããã©ã«ã ã«ãŒãããã¥ãŒ
ãžã§ã³ ã«ãŒã¿ã®ã«ãŒãã£ã³ã° ããŒãã«ã«ååšããããšãåæã§ããããã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿
ããã®æ å ±ããã¯ã¹ãããã ã«ãŒã¿ããåŠç¿ãããïŒããã¯ãããšãã°ã€ã³ã¿ãŒããã ãšããžã
é 眮ããå ŽåïŒãéçã«å®çŸ©ãããŠããããã§ããæãŸããåäœã«ãªããããªèšå®ã次ã«ç€ºããŸã
ïŒããã¯ãS1 ãš S2 äž¡æ¹ã®ããã€ã¹ã«åœãŠã¯ãŸããŸãïŒã
S1router ospf 100 vrf fusion router-id 10.136.100.1 default-information originate metric 10 metric-type 1
S2router ospf 100 vrf fusion router-id 10.136.100.2 default-information originate metric 20 metric-type 1
äžèšã®äŸã§ã¯ãdefault-information originate ã³ãã³ããå©çšããŠããã©ã«ã ã«ãŒããæ¿å ¥ããŸ
ãããã®ã³ãã³ãã§ã¯ãããã©ã«ã ã«ãŒããå®éã«ã¯ãã¥ãŒãžã§ã³ ã«ãŒã¿ã®ã«ãŒãã£ã³ã° ããŒã
ã«ã«ãªãå Žåã«ãããéç¥ã§ããããã«ãã always ããŒã¯ãŒããæäŸãããããšã«æ³šæããŠãã
ããããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã«ãããäžèšã®ç¹å®ã®èšå®ã«ããçµæã次ã«ç€ºããŸãã
D1D1#show ip route vrf Red supernets-only Routing Table: RedCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
42ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 10.136.103.6 to network 0.0.0.0O*E1 0.0.0.0/0 [110/20] via 10.136.103.6, 00:09:13, Vlan1053
D2D2#show ip route vrf Red supernets-only Routing Table: RedCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.136.103.6 to network 0.0.0.0O*E1 0.0.0.0/0 [110/20] via 10.136.103.6, 00:00:00, Vlan1053
åè¿°ã®ããã«ãD1 ãš D2 ã¯ããããã®ã«ãŒãã£ã³ã° ããŒãã«ã®äžã« S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿
ããåä¿¡ããããã©ã«ã ã«ãŒããã€ã³ã¹ããŒã«ããŸããå³ 17 ã«çµæçãªãã©ãã£ã㯠ãããŒã瀺
ããŸããã
ãã£ã¹ããªãã¥ãŒã·ã§ã³ VRF ããã¥ãŒãžã§ã³ ã«ãŒã¿ããå¥ã® VPN ã®ãã¬ãã£ã¯ã¹æ å ±ãåä¿¡ã
ãããšã¯æ³šç®ã«å€ããŸããEIGRP ã®é 眮ãªãã·ã§ã³ã«ã€ããŠèª¬æããéã«ãã§ã«è¿°ã¹ãããã«ã
ãã¥ãŒãžã§ã³ ã«ãŒã¿ã§ã¯ããã¹ãŠã®ãã£ã³ãã¹ ãã¬ãã£ã¯ã¹ã®å®å šãª VPN éã®ãã¥ãŒãå¯èœã§
ããOSPF ã§ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ã«ãã£ãŠéç¥ãããã«ãŒãã£ã³ã°æ å ±ããã£ã«ã¿ãªã³ã°ã§ã
ãªãããã«ãåããšãªã¢ã«å±ãããã¹ãŠã®ã«ãŒã¿ã OSPF ããŒã¿ããŒã¹ãšåæããããšãèŠæ±ãã
ãŸããéžæãããã«ãŒã¿ã ãïŒæ¬¡ã®äŸã§ã¯ãããã©ã«ã ã«ãŒãïŒãã«ãŒãã£ã³ã° ããŒãã«ã«ã€ã³
ããŒããããããã«åä¿¡åŽã®é ä¿¡ VRF äžã®é ä¿¡ãªã¹ããèšå®ããããšããå§ãããŸãïŒæ¬¡ã®èšå®
äŸã¯ãD1 ãš D2 ã®äž¡æ¹ã«æå¹ïŒã
router ospf 4 vrf Red distribute-list Default in Vlan1053!ip access-list standard Default permit 0.0.0.0
OSPF ã³ã³ããŒãžã§ã³ã¹ã®çµæ
åã«èª¬æããå¥ã®é害ã·ããªãªã§ã®ã³ã³ããŒãžã§ã³ã¹ã®çµæã次ã«ãŸãšããŸãã
ãã¹ã 1 ïŒS1 ãš D1 éã®å ãã¡ã€ãã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
ãã®å€ã¯ãS1 ãžæ¥ç¶ããå ãã¡ã€ã ãªã³ã¯ã®é害ã D1 ããã€ã¹ã«ãã£ãŠæ€ç¥ãããé床ã«ãã£
ãŠæ±ºãŸããŸããããã«ãããSVI 1053 ã DOWN ç¶æ ã«ãªãããã®çµæãã«ãŒãã£ã³ã° ããŒãã«
ãããã®ã€ã³ã¿ãŒãã§ã€ã¹çµç±ã§åŠç¿ããããã©ã«ãã®ã«ãŒããåé€ãããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ<1 ç§
EIGRP ã®åäœãšã¯ç°ãªããS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãã«ãŒãã£ã³ã° ãã¢ãªã³ã°ãæéåã
ã«ãªãåã« D1 å ã® VRF ããåŠç¿ããã«ãŒããåé€ã§ããŸããããã«ããã以äžã«ç€ºãããã«ã
ã®ã³ã³ããŒãžã§ã³ã¹ ã€ãã³ãããµãã»ã«ã³ãã«æããããšãã§ããŸãã
Dec 9 16:13:10.414 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/23, changed state to downDec 9 16:13:10.418 EST: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface GigabitEthernet2/23, changed state to downDec 9 16:13:10.422 EST: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/23, changed state to down
43ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
Dec 9 16:13:10.426 EST: %LINK-3-UPDOWN: Interface GigabitEthernet2/23, changed state to downDec 9 16:13:10.806 EST: RT(fusion): del 10.137.42.0/24 via 10.136.104.3, ospf metric [110/23]Dec 9 16:13:13.374 EST: %OSPF-5-ADJCHG: Process 100, Nbr 10.136.4.1 on Vlan904 from 2WAY to DOWN, Neighbor Down: Dead timer expired
ãã¹ã 2 ïŒS1 ãšå ±æãµãŒãã¹ ãšãªã¢éã®å ãã¡ã€ãã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿å®ãŠã®ãã¹ãŠã®ãã©ãã£ã㯠ãããŒãããã©ã³ãžãã ãªã³ã¯è¶ãã« S2 ãžåã«ãŒãã£ã³ã°ããå¿ èŠããããŸããåã«ãŒãã£ã³ã°ã«ãã£ãŠãéåžžããµãã»ã«ã³ãã®äžæ
æéãçããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ<1 ç§
å ±æãµãŒãã¹ ãšãªã¢ããã®ãã©ãã£ãã¯ã¯ãS2 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãå ±æãµãŒãã¹ã®ãµã
ãããïŒVLAN 32ïŒäžã§ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã«ãªããŸã§ããã©ãã¯ããŒã«ã«å ¥ã£ãŠããŸ
ããŸãããµãã»ã«ã³ãã® HSRP ã¿ã€ããŒãèšå®ãããšããã®ã³ã³ããŒãžã§ã³ã¹ ã€ãã³ãããµãã»
ã«ã³ã以å ã«åãŸããŸãã
ãã¹ã 3 ïŒãã¡ã€ã¢ãŠã©ãŒã«ã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ ïœ 4ã5 ç§
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ ïœ 4ã5 ç§
åè¿°ã®ãã©ãã£ãã¯ã®äžææéã®äžå ãšãªã 2 ã€ã®äž»èŠãªã³ã³ããŒãã³ãïŒ
â S2 å ã®ãã¡ã€ã¢ãŠã©ãŒã«ãã¢ã¯ãã£ããªåœ¹å²ãæ ããŸã§ã«å¿ èŠãªæéïŒããã¯çŸåšãFWSM ã®é 眮ã§ã¯ 3 ç§æªæºã«èšå®ã§ããŸããã
â OSPF ã¿ã€ããŒãã¢ã°ã¬ãã·ãã«èšå®ãããå Žåãé£æ¥é¢ä¿ããªã»ãããããå¯èœæ§ããããŸ
ãïŒæ°ãããã¡ã€ã¢ãŠã©ãŒã«ããã©ãã£ãã¯ãéä¿¡ãå§ããã®ã«å¿ èŠãª 3 ç§ãäžããããå Ž
åïŒãOSPF ã®ãã¢ãªã³ã°ãå確ç«ããã®ã«å¿ èŠãªæéãèæ ®ããå¿ èŠãããã®ã§ãå šäœã®äž
ææé㯠4 ïœ 5 ç§ã«ãªããŸããOSPF ã®é£æ¥é¢ä¿ããªã»ãããããªãããã«ããã«ã¯ãOSPF ã¿ã€ããŒã®ã¢ã°ã¬ãã·ãèšå®ãäœãã«ã§ããŸããããã«ãããOSPF ã®äžææéãããã©
ãã£ãã¯ã®å šäœçãªäžææéã決ããäž»ãªèŠå ã«ãªããããªå Žåãé害ã·ããªãªïŒããšãã°ã
å ãã¡ã€ãã®é害ã®ã·ããªãªïŒã®åŸ©æ§æéã«åœ±é¿ãåãã§ããŸãããšã«æ³šæããŠãã ããã
ãã¹ã 4 ïŒãµãŒãã¹ ã¹ã€ããã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ ïœ 4ã5 ç§
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ ïœ 4ã5 ç§
åè¿°ã®ãã¡ã€ã¢ãŠã©ãŒã«ã®é害ã®ã·ããªãªã«ãããèæ ®äºé ãããã§ãåœãŠã¯ãŸããŸãã
ãã¹ã 5 ïŒãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
ãã®å Žåã®åŸ©æ§ã¡ã«ããºã ã¯ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã«é害ãçºçããå Žåã®ãã³ã¢ ããã€ã¹ããã® ECMP ã«ãªããŸããé害ãçºçããã¹ã€ããã«çŽæ¥æ¥ç¶ãããŠããã³ã¢ ããã€ã¹
äžã§ãªã³ã¯æ€ç¥ã¡ã«ããºã ãé©åã«æ©èœããŠããå Žåãããã¯éåžžã«é«éã«è¡ãããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ ïœ 4 ç§
埩æ§æéã¯ãOSPF ããã ã¿ã€ããŒã«äŸåããŸããS1 äžã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ïŒã¢ã¯ãã£ã㪠HSRP ããã€ã¹ïŒãã次ã«ç€ºãããã« OSPF ãã¢ãªã³ã°ãåé€ãããŸã§é害ã®çºçããã¹ã€ããå
ã® VRF ãžãã©ãã£ãã¯ãéä¿¡ãç¶ããããã§ãã
Dec 9 16:42:56.666 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/23, changed state to down
44ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
Dec 9 16:42:56.674 EST: %LINK-3-UPDOWN: Interface GigabitEthernet2/23, changed state to downDec 9 16:42:56.666 EST: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface GigabitEthernet2/23, changed state to downDec 9 16:42:56.674 EST: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/23, changed state to downDec 9 16:42:59.990 EST: %OSPF-5-ADJCHG: Process 100, Nbr 10.136.4.1 on Vlan904 from 2WAY to DOWN, Neighbor Down: Dead timer expiredDec 9 16:43:00.014 EST: RT(fusion): del 10.137.32.0/24 via 10.136.103.3, ospf metric [110/23]
VRF ããã³ãã¥ãŒãžã§ã³ ã«ãŒã¿éã§ã® eBGP ã®äœ¿çš
ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããïŒD1 ããã³ D2ïŒäžã«å®çŸ©ããã VRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã®
ãã¢ãªã³ã°ã«ããã eBGP ã®äœ¿çšã¯ãã»ãšãã©ã®å Žå MPLS VPN ãã¹åé¢ãšäœµããŠäœ¿çšãããŸããäž»
ãªçç±ã¯ãMPLS VPN ã§ã¯ãPE ããã€ã¹é㧠VPN ã®ã«ãŒãæ å ±ã亀æããã®ã« MP-iBGP ã«ãŒãã£
ã³ã° ãããã³ã«ã䜿çšãããããã§ããå³ 12 ã§ç€ºãããããã¯ãŒã¯ã®äŸã§ã¯ããã£ã¹ããªãã¥ãŒã·ã§
ã³ ã¬ã€ã€ ã¹ã€ããã PE ã®åœ¹å²ãæãããŸããã€ãŸããiBGP ãèšå®ãããŠããŸãããã®ããããã¥ãŒ
ãžã§ã³ ã«ãŒã¿ãšã® eBGP ãã¢ãªã³ã°ã確ç«ããããã«ãŒãã®äº€æãéå§ãããããã®ã«ãç°¡åã« eBGP èšå®ãã¹ã€ããã«è¿œå ã§ããŸãïŒã«ãŒãã£ã³ã° ãããã³ã«ã®åé åžã¯å¿ èŠãªãïŒã
ïŒæ³šïŒ ãã¹åé¢ã®ä»£æ¿æ段ãšããŠã® MPLS VPN ã®é 眮ã«é¢ãã詳现ã«ã€ããŠã¯ã
http://www.cisco.com/en/US/docs/solutions/Enterprise/Network_Virtualization/PathIsol.html ãåç §ã
ãŠãã ããã
å¿ èŠãªèšå®æé ã次ã«ç€ºããŸãã
1. ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããè¶ã㊠eBGP é£æ¥é¢ä¿ã確ç«ã§ããããã«ããŸãããã¥ãŒãžã§
ã³ ã«ãŒã¿ãšãã£ã¹ããªãã¥ãŒã·ã§ã³ VRF ã«å¿ èŠãªèšå®ã次ã«ç€ºããŸãã
D1router bgp 200 timers bgp 2 10 ! address-family ipv4 vrf Red neighbor 10.136.103.5 remote-as 100 neighbor 10.136.103.5 activate neighbor 10.136.103.6 remote-as 100 neighbor 10.136.103.6 activate maximum-paths 2 no synchronization bgp router-id 10.136.200.1 exit-address-family
D2router bgp 200 timers bgp 2 10 ! address-family ipv4 vrf Red neighbor 10.136.103.5 remote-as 100 neighbor 10.136.103.5 activate neighbor 10.136.103.6 remote-as 100 neighbor 10.136.103.6 activate maximum-paths 2 no synchronization bgp router-id 10.136.200.2 exit-address-family
45ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
S1router bgp 100 timers bgp 2 10 ! address-family ipv4 vrf fusion neighbor 10.136.103.2 remote-as 200 neighbor 10.136.103.2 activate neighbor 10.136.103.3 remote-as 200 neighbor 10.136.103.3 activate neighbor 10.136.103.5 remote-as 100 neighbor 10.136.103.5 activate maximum-paths 2 no synchronization bgp router-id 10.136.100.1 exit-address-family
S2router bgp 100 timers bgp 2 10 ! address-family ipv4 vrf fusion neighbor 10.136.103.2 remote-as 200 neighbor 10.136.103.2 activate neighbor 10.136.103.3 remote-as 200 neighbor 10.136.103.3 activate neighbor 10.136.103.6 remote-as 100 neighbor 10.136.103.6 activate maximum-paths 2 no synchronization bgp router-id 10.136.100.2 exit-address-family
äžã®èšå®äŸã«é¢ããããã€ãã®èæ ®äºé ïŒ
â eBGP ã»ãã·ã§ã³ã¯ãå³ 15 ã§ç€ºããèšèšæ¹éã«åŸã£ãŠããã¥ãŒãžã§ã³ ã«ãŒã¿ãšãã£ã¹ããª
ãã¥ãŒã·ã§ã³ VRF éã§ãã«ã¡ãã·ã¥æ§é ã䜿çšããŠç¢ºç«ãããŸãã
â è¿œå ã® iBGP ãã¢ãªã³ã°ããã¥ãŒãžã§ã³ ã«ãŒã¿éã§ç¢ºç«ãããŸããããã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ãå ±æãµãŒãã¹ ãšãªã¢ãšã®çŽæ¥æ¥ç¶ãåããŠããŸããããªé害ã·ããªãªã«ãããŠãå
ã«ãŒãã£ã³ã°æ©èœãæäŸããã®ã«å¿ èŠã§ãã
â EIGRP ãš OSPF ã®ã·ããªãªã§èª¬æããã®ãšåæ§ã«ãç¹å®ã®é害ã·ããªãªã«ãããŠäžææéã®
é·ããççž®ããããã« eBGP ã§ãã¿ã€ããŒã®èª¿æŽãå¿ èŠã§ããéããšããŠã¯ãeBGP ã§ã¯ãã¿
ã€ããŒãäœãèšå®ãéããªãããšãéèŠãªããšã§ãã確ç«ãããã»ãã·ã§ã³ãåããïŒããšã
ã°ããã¡ã€ã¢ãŠã©ãŒã«ã®ãã§ãŒã«ãªãŒã㌠ã·ããªãªãªã©ïŒå ŽåãeBGP ã§ã¯ãã¢ãªã³ã° ã»ã
ã·ã§ã³ã®ç¢ºç«ãã«ãŒãã£ã³ã°æ å ±ã®äº€æãæ¯èŒçé ãã®ã§ãäžææéã¯å®éã¯é·ããªã£ãŠããŸ
ããŸãïŒ40 ç§ä»¥äžïŒãäžèšã®èšå®ïŒããŒãã¢ã©ã€ãã« 2 ç§ãä¿ææéã« 10 ç§ïŒã¯ããã®ãã
ãªã€ãã³ãããä¿è·ããã«ã¯ååã«æ§ãããªå€ã§ãã
â maximum-paths 2 ã³ãã³ãã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ãäž¡æ¹ã®ãã£ã¹ããªãã¥ãŒã·ã§ã³ VRF ããåä¿¡ããïŒéã®å ŽåãåãïŒã«ãŒãã£ã³ã°æ å ±ãã«ãŒãã£ã³ã° ããŒãã«ã«ç¢ºå®ã«ã€ã³ã¹
ããŒã«ããã®ã«å¿ èŠã§ãã
eBGP ãã¢ãªã³ã° ã»ãã·ã§ã³ãæ£åžžã«ç¢ºç«ãããããã«ããããã«ã¯ã次ã«ç€ºãããã«ãããã®ã
ã±ããããã¡ã€ã¢ãŠã©ãŒã«ãééã§ããããã«ããå¿ èŠããããŸãã
access-list <ACL_NAME> extended permit tcp any any eq bgp
åã®èšå®æé ã®çµæã次ã§ç€ºãããã«ãeBGP ã»ãã·ã§ã³ã S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãšãã£ã¹
ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ã¹ã€ããå ã® VRF éã«ç¢ºç«ãããŸãã
D1
46ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
D1#sh ip bgp vpnv4 vrf Red summary BGP router identifier 10.136.200.1, local AS number 200<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.136.103.5 4 100 37058 37167 1167515 0 0 13:50:39 110.136.103.6 4 100 37051 37173 1167515 0 0 13:50:39 1
D2D2#sh ip bgp vpnv4 vrf Red summaryBGP router identifier 10.136.200.2, local AS number 200<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.136.103.5 4 100 40552 40591 3596185 0 0 23:04:08 110.136.103.6 4 100 143455 143543 3596185 0 0 18:02:45 1
S1S1#sh ip bgp vpnv4 vrf fusion summaryBGP router identifier 10.136.100.1, local AS number 100<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.136.103.2 4 200 38649 38597 2957809 0 0 18:06:11 3210.136.103.3 4 200 38298 38203 2957809 0 0 14:07:05 3210.136.103.5 4 100 2173448 2171218 2957809 0 0 18:06:08 89
S2cr15-6500-2#sh ip bgp vpnv4 vrf fusion summaryBGP router identifier 10.136.100.2, local AS number 100<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.136.103.2 4 200 42475 42462 9446857 0 0 23:09:16 3210.136.103.3 4 200 143736 143590 9446857 0 0 14:08:46 3210.136.103.6 4 100 6534446 6510120 9446857 0 0 18:07:50 90
S1 ããã³ S2 ã¯ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ããã€ã¹ã® D1 ãš D2 äžã«å®çŸ©ããã VRF ãš eBGP çµç±ã§ãã¢ãªã³ã°ããŸããããããã®éã«ã¯ãçŽæ¥ã® iBGP ã»ãã·ã§ã³ã確ç«ãããŠããŸ
ãããã®åŸè ã®ãã¢ãªã³ã°ã¯ãç¹å®ã®é害ã·ããªãªã«ãããŠãå ±æãµãŒãã¹ãããã£ã³ãã¹ ã³ã¢
ã«åããŠãã©ãã£ãã¯ãåã«ãŒãã£ã³ã°ããå Žåã«äœ¿çšãããå¯èœæ§ããããŸãã
2. å VPN ã«ããã©ã«ã ã«ãŒããéç¥ããããã«ãã¥ãŒãžã§ã³ ã«ãŒã¿ãèšå®ïŒãã§ã«è¿°ã¹ãããã«ã
å®çŸ©ãããå VPN ããç¹å®ã® VPN ã«é¢é£ããŠå®å ãäžæã§ããå Žåã¯åžžã«ããã©ãã£ãã¯ãã
ã®äžå€®ã®ãã±ãŒã·ã§ã³ã«åããããã«ããã®ãç®çã§ããããã§ã¯ãããã©ã«ã ã«ãŒãããã¥ãŒ
ãžã§ã³ ã«ãŒã¿ã®ã«ãŒãã£ã³ã° ããŒãã«ã«ååšããããšãåæã§ããããã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿
ããã®æ å ±ããã¯ã¹ãããã ã«ãŒã¿ããåŠç¿ãããïŒããã¯ãããšãã°ã€ã³ã¿ãŒããã ãšããžã
é 眮ããå ŽåïŒãéçã«å®çŸ©ãããŠããããã§ããæãŸããåäœã«ãªããããªèšå®ã次ã«ç€ºããŸãã
S1router bgp 100 ! address-family ipv4 vrf fusion neighbor 10.136.105.2 remote-as 200 neighbor 10.136.105.2 activate neighbor 10.136.105.2 default-originate route-map default_only neighbor 10.136.105.2 route-map default_only out neighbor 10.136.105.3 remote-as 200 neighbor 10.136.105.3 activate neighbor 10.136.105.3 default-originate route-map default_only neighbor 10.136.105.3 route-map default_only out exit-address-family! ip access-list standard Default
47ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
permit 0.0.0.0!route-map default_only permit 10 match ip address Default set metric 10
S2router bgp 100 ! address-family ipv4 vrf fusion neighbor 10.136.105.2 remote-as 200 neighbor 10.136.105.2 activate neighbor 10.136.105.2 default-originate route-map default_only neighbor 10.136.105.2 route-map default_only out neighbor 10.136.105.3 remote-as 200 neighbor 10.136.105.3 activate neighbor 10.136.105.3 default-originate route-map default_only neighbor 10.136.105.3 route-map default_only outexit-address-family!ip access-list standard Default permit 0.0.0.0!route-map default_only permit 10 match ip address Default set metric 20
äžèšã®äŸã§ã¯ãdefault-originate neighbor ã³ãã³ããå©çšããŠããã©ã«ã ã«ãŒããæ¿å ¥ããŸãã
ããã©ã«ã ã«ãŒãã ãããã£ã¹ããªãã¥ãŒã·ã§ã³ VRF ã«éç¥ãããããã«ããããã«ãè¿œå ã® route-map ãåãã€ããŒã«é©çšãããããšã«æ³šæããŠãã ãããroute-map default-only ããã£ãš
詳ããèŠããšãããã« S2 ããS1 ãããäžäœã®ã¡ããªãã¯ãããã©ã«ã ã«ãŒãã«èšå®ããæ¹æ³ã«
æ°ä»ããŸããããã¯ãå ±æãµãŒãã¹ ãšãªã¢ã«å¯Ÿã㊠S1 ãåžžã«åªå ããããã¯ã¹ããããã«ãªãã
ãã«å®è¡ãããŸãïŒå³ 17 ã§ç€ºããèšèšæ¹éãåç §ããŠãã ããïŒã
ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã«ãããäžèšã®ç¹å®ã®èšå®ã«ããçµæã次ã«ç€ºããŸãã
D1D1#show ip route vrf Red supernets-only Routing Table: RedCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 10.136.103.6 to network 0.0.0.0B* 0.0.0.0/0 [20/10] via 10.136.103.6, 00:20:11
D2D2#show ip route vrf Red supernets-only Routing Table: RedCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 10.136.103.6 to network 0.0.0.0B* 0.0.0.0/0 [20/10] via 10.136.103.6, 00:20:11
48ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
åè¿°ã®ããã«ãD1 ãš D2 ã¯ããããã®ã«ãŒãã£ã³ã° ããŒãã«ã®äžã« S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãã
åä¿¡ããããã©ã«ã ã«ãŒããã€ã³ã¹ããŒã«ããŸããçµæçãªãã©ãã£ã㯠ãããŒãå³ 17 ã«ç€ºããŸãã
eBGP ã³ã³ããŒãžã§ã³ã¹çµæ
åã«èª¬æããå¥ã®é害ã·ããªãªã§ã®ã³ã³ããŒãžã§ã³ã¹ã®çµæã次ã«ãŸãšããŸãã
ãã¹ã 1 ïŒS1 ãš D1 éã®å ãã¡ã€ãã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
ãã®å€ã¯ãS1 ãžæ¥ç¶ããå ãã¡ã€ã ãªã³ã¯ã®é害ã D1 ããã€ã¹ã«ãã£ãŠæ€ç¥ãããé床ã«ãã£
ãŠæ±ºãŸããŸããããã«ãããSVI 1053 ã DOWN ç¶æ ã«ãªãããã®çµæãã«ãŒãã£ã³ã° ããŒãã«
ãããã®ã€ã³ã¿ãŒãã§ã€ã¹çµç±ã§åŠç¿ããããã©ã«ãã®ã«ãŒããåé€ãããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ ïœ 9ã10 ç§
ãã®å€ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ã D1 ããåŠç¿ããã«ãŒããã«ãŒãã£ã³ã° ããŒãã«ããåé€ã§ã
ãé床ã«ãã£ãŠæ±ºãŸããŸããåè¿°ããããã«ãSVI 㯠D1 äžã§ DOWN ç¶æ ãªã®ã§ãã«ãŒããåé€
ããããŸã§ãã©ãã£ãã¯ã¯ãã©ãã¯ããŒã«ã«å ¥ã£ãŠããŸããŸãããã®æ€ç¥ã®äž»ãªèŠå ã¯ãèšå®ãã
ã BGP ã®ä¿ææéã§ãããã®å€ã¯ãå¥ã®é害ã·ããªãªã«ãããŠãã¢ãªã³ã°ãåæãããã®ãé¿ã
ãããã«ã10 ç§æªæºã«ã¯å€æŽããªãã§ãã ããïŒåæããããšã40 ç§ä»¥äžäžæãããŠããŸããŸ
ãïŒããã®åäœã¯ãS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿äžã§ååŸããã次ã®åºåã®ããã«ãªããŸãã
Dec 9 16:53:57.780 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/23, changed state to downDec 9 16:53:57.788 EST: %LINK-3-UPDOWN: Interface GigabitEthernet2/23, changed state to downDec 9 16:53:57.784 EST: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface GigabitEthernet2/23, changed state to downDec 9 16:53:57.788 EST: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/23, changed state to downDec 9 16:54:07.840 EST: %BGP-5-ADJCHANGE: neighbor 10.136.103.3 vpn vrf fusion Down BGP Notification sentDec 9 16:54:07.840 EST: %BGP-3-NOTIFICATION: sent to neighbor 10.136.103.3 4/0 (hold time expired) 0 bytes Dec 9 16:54:07.840 EST: RT(fusion): del 10.137.32.0/24 via 10.136.103.3, bgp metric [20/3584]
åè¿°ã®ããã«ãS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãš D1 å ã® VRF éã® BGP ã®ãã¢ãªã³ã°ãåé€ããã
ãšãBGP ã®ä¿ææéã®æéãåããããããªã¢ãŒãå®å ïŒ10.137.32.0ïŒãžã®ã«ãŒããåé€ãããŸ
ãã
ãã¹ã 2 ïŒS1 ãšå ±æãµãŒãã¹ ãšãªã¢éã®å ãã¡ã€ãã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿å®ãŠã®ãã¹ãŠã®ãã©ãã£ã㯠ãããŒãããã©ã³ãžãã ãªã³ã¯è¶ãã« S2 ãžåã«ãŒãã£ã³ã°ããå¿ èŠããããŸããåã«ãŒãã£ã³ã°ã«ãã£ãŠãéåžžããµãã»ã«ã³ãã®äžæ
æéãçããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ<1 ç§
å ±æãµãŒãã¹ ãšãªã¢ããã®ãã©ãã£ãã¯ã¯ãS2 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãå ±æãµãŒãã¹ã®ãµã
ãããïŒVLAN 32ïŒäžã§ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã«ãªããŸã§ããã©ãã¯ããŒã«ã«å ¥ã£ãŠããŸ
ããŸãããµãã»ã«ã³ãã® HSRP ã¿ã€ããŒãèšå®ãããšããã®ã³ã³ããŒãžã§ã³ã¹ ã€ãã³ãããµãã»
ã«ã³ã以å ã«åãŸããŸãã
ãã¹ã 3 ïŒãã¡ã€ã¢ãŠã©ãŒã«ã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒïœ 3ã4 ç§
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒïœ 3ã4 ç§
49ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
äžèšã®ãã©ãã£ãã¯ã®äžææéã¯ãS2 å ã®ãã¡ã€ã¢ãŠã©ãŒã«ãã¢ã¯ãã£ããªåœ¹å²ãæ ãããã«ãª
ããŸã§ã«å¿ èŠãªæéãåå ã§ããããã¯çŸåšãFWSM ã®é 眮ã§ã¯ 3 ç§æªæºã«èšå®ã§ããŸããã
ãã¹ã 4 ïŒãµãŒãã¹ ã¹ã€ããã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ ïœ 9ã10 ç§
ãã®äžææéã¯ããã¹ãŠã®ãããŒã«åœ±é¿ãåãŒãããã£ã¹ããªãã¥ãŒã·ã§ã³ VRF ã S1 å ã®
ãã¥ãŒãžã§ã³ ã«ãŒã¿ã«é害ãçºçããããšãèªèãããŸã§ããã®ã«ãŒã¿ã«ãã©ãã£ãã¯ãéä¿¡ã
ç¶ããããã«èµ·ãããŸãããã®ç¶æ ã¯ãäžèšã®å€ã«åŸ©æ§æéãèšå®ãã BGP ã®ä¿ææéã®æéå
ãã«ãã£ãŠã ãè¡šãããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ ïœ 9ã10 ç§
S1 ã«é害ãçºçãããšãS1 ã«ãã©ãã£ãã¯ãé ä¿¡ããã®ã«ã¬ã€ã€ 2 ãã¹ã¯å©çšã§ããªããªãã®
ã§ãå ±æãµãŒãã¹ ãšãªã¢ããã®ãããŒïŒD1 å ã® VRF å®ãŠã®ãããŒïŒã®ååã¯ã9 ïœ 10 ç§éäžæ
ãããŸãããããŒã®æ®ãååã¯ãD2 å ã® VRF ã«éä¿¡ãããS2 å ã® FWSM ãã¢ã¯ãã£ãã«ãªãã®
ã«å¿ èŠãªæéã«ãã£ãŠãããã 3 ïœ 4 ç§éã ãäžæãããŸãã
ãã¹ã 5 ïŒãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
ãã®å Žåã®åŸ©æ§ã¡ã«ããºã ã¯ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã«é害ãçºçããå Žåã®ãã³ã¢ ããã€ã¹ããã® ECMP ã«ãªããŸããé害ãçºçããã¹ã€ããã«çŽæ¥æ¥ç¶ãããŠããã³ã¢ ããã€ã¹
äžã§ãªã³ã¯æ€ç¥ã¡ã«ããºã ãé©åã«æ©èœããŠããå Žåãããã¯éåžžã«é«éã«è¡ãããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ ïœ 9ã10 ç§
埩æ§æéã¯ãããã§ã BGP ä¿ææéã«äŸåããŸããS1 äžã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ïŒã¢ã¯ãã£ã㪠HSRP ããã€ã¹ïŒããeBGP ãã¢ãªã³ã°ãåé€ãããŸã§é害ã®çºçããã¹ã€ããå ã® VRF ãžãã©
ãã£ãã¯ãéä¿¡ãç¶ããããã§ãã
ã«ãŒããã ã¢ãŒãã§é 眮ããããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ã
ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããã«ãŒããã ã¢ãŒãã§é 眮ããå Žåãã³ã³ããã¹ãã«é¢ããã«ãŒãã£
ã³ã° ãããã³ã«ããµããŒããããŠããªããšããããšããçŸåšã®å¶éäºé ã§ãïŒCisco ãã¡ã€ã¢ãŠã©ãŒã«
ã§ã¯ãä»®æ³ããããŠããªãå ŽåïŒã€ãŸããã·ã³ã°ã« ã³ã³ããã¹ãã¢ãŒãïŒã ããã«ãŒããã ã¢ãŒãã§
ã®ã«ãŒãã£ã³ã° ãããã³ã«ããµããŒãããŸãïŒããã®ããã¥ã¢ã«ãšã®é¢é£ã§æšå¥šãããæ¹æ³ãšããŠã¯ã
å³ 24 ã«ç€ºãããã«ãeBGP ãå©çšããŠãã¥ãŒãžã§ã³ ã«ãŒã¿ãšãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ã§å®çŸ©ã
ããŠããããŸããŸãª VRF éã§ã«ãŒãã£ã³ã°æ å ±ã亀æã§ããããã«ããæ¹æ³ãæããããŸãã
50ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 24 ã«ãŒããã ã¢ãŒãã§ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããšã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°
ïŒæ³šïŒ 代ããã®æ¹æ³ãšããŠã¯ãVRFããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããããã³ãã¥ãŒãžã§ã³ ã«ãŒã¿éã§åçŽ
ã«éçã«ãŒãã£ã³ã°ã䜿çšããæ¹æ³ãæããããŸãããã®æ¹æ³ã¯ãç¹å®ã®ã·ããªãªãç¹ã«åé·ãµã€ãã«
ãµãŒãã¹ ãšããžæ©èœãé 眮ããå Žåã¯ããã©ãã£ãã¯ããã©ãã¯ããŒã«ã«å ¥ã£ãŠããŸãå¯èœæ§ããã
ã®ã§æšå¥šãããŸããã
ã«ãŒããã ã¢ãŒãã§é 眮ããããã¡ã€ã¢ãŠã©ãŒã«ã䜿çšãããµãŒãã¹ ãšããžçšã«æšå¥šãããé 眮ã¢ã
ã«ãå³ 25 ã«ç€ºããŸãã
RedVPN
GreenVPN
YellowVPN
L3L3 L3
eBGP
2262
65
51ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 25 ã«ãŒããã ã¢ãŒãã§ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã®äŸ
ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã«ãããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã®é 眮ãšã®é¢é£ã§ããã®ãããã¯ãŒ
㯠ããããžãå³ 14 ã®ããããžãšæ¯èŒããå Žåã¯ã次ã®ããšã«æ³šæããŠãã ããã
⢠åãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã¯ããããã¯ãŒã¯å ã§ã«ãŒããã ãããã«ãªããŸããããã¯ã
VLAN ã®å éšããã³å€éšã®ãã¡ã€ã¢ãŠã©ãŒã«ãç°ãªã 2 ã€ã® IP ãµããããã«å±ããããã«ãªãã
ãšãæå³ããŸãã
⢠HSRP ã¯ã é©ãª First Hop Redundancy Protocol ã§ã次ã®ã€ã³ã¿ãŒãã§ã€ã¹çšã«ä»®æ³ã²ãŒããŠã§
ã€æ©èœãæäŸããã®ã«å©çšãããŸãã
â å ±æãµãŒãã¹ ãµããããïŒVLAN 32ïŒïŒããã¯ããã¥ãŒãžã§ã³ ããã€ã¹ã«çŽæ¥æ¥ç¶ãããŠã
ããµããããå ã«å ±æãµãŒãã¹ãé 眮ãããŠããããšãåæã§ãã
â ãµããããå ã®ãã¡ã€ã¢ãŠã©ãŒã«ïŒRed VPN ã«ã¯ VLAN 903ãGreen VPN ã«ã¯ VLAN 904ïŒã
â ãµããããå€ã®ãã¡ã€ã¢ãŠã©ãŒã«ïŒRed VPN ã«ã¯ VLAN 1053ãGreen VPN ã«ã¯ VLAN 1054ïŒã
D1 D2
.3
.3
.2
.2
10.136.0.42/30
.33 .34
.43 .44
S1 S2VLAN 903 10.136.113.0/24 VLAN 904 10.136.114.0/24
VLAN 1054 10.136.104.0/24VLAN 1053 10.136.103.0/24
HSRP VIP .1VLAN 903 904
HSRP VIP .1VLAN 1053 1054
.3 .2.3 .2
.5
.5
.5
.5
.4
.4
.4
.4
VLAN 32 10.136.32.0/24
HSRP VIP .1
10.136.200.0/30.1 .2
Red VPN
Green VPN
10.136.0.32/30
2262
66
52ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
⢠ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ã¹ã€ããå ã«é 眮ããããã¥ãŒãžã§ã³ ã«ãŒã¿ããã³ VRF ã¯ã
ã«ãŒããã ãªã³ã¯ã«ãã®ãŸãŸæ¥ç¶ãããŠããŸããããã¯ãç¹å®ã®é害ç¶æ ã«ãããŠããã©ãã£ã
ã¯ã®åã«ãŒãã£ã³ã°ãè¡ãã®ã«äœ¿çšãããã¬ã€ã€ 3 ãã¹ãæäŸããããã®ãã®ã§ãïŒåŸã»ã©èª¬æã
ãŸãïŒã
⢠ééçãªãã¡ã€ã¢ãŠã©ãŒã«ã®é 眮ã®å Žåããã¥ãŒãžã§ã³ ã«ãŒã¿ã«ãã£ãŠãã€ã³ã¿ãŒãã§ã€ã¹ïŒãŸ
ã㯠SVIïŒãåãã£ã³ãã¹ VPN å°çšã«ãªãããã«å®çŸ©ãããŸãã
é©ãªã«ãŒãã£ã³ã° ãããã³ã«ãééã§ããããã«åãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãäžã®ããªã·ãŒã
é©åã«é 眮ãããŠããå Žåã«ã¯ïŒeBGP ã«å¿ èŠãªèšå®ã¯ããã®ããã¥ã¢ã«ã®ãããã³ã«ç¹æã®ã»ã¯ã·ã§
ã³ã§åŸã»ã©èª¬æãããŸãïŒãå³ 26 ã§ç€ºãããã«ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããå ã§å®çŸ©ããã VRF ãäž¡æ¹ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãšãã¢ãªã³ã°ããŸãã
å³ 26 ãã«ã¡ãã·ã¥ã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°
ç¹å®ã®ã«ãŒãã£ã³ã° ãã¡ã€ã³å ã§å®å ãäžæã§ããå Žåã¯ãå VPN ãåžžã«ãã©ãã£ãã¯ããµãŒãã¹ ãšããžã«åããããã«ãããã®ã§ãéåžžã®é 眮ã§ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãD1 ããã³ D2 å ã§å®çŸ©
ãããŠããå VRF ã«ããã©ã«ã ã«ãŒããéç¥ããã ãã«ãªããŸããåæã«ãå VRF ã¯ããªã¢ãŒã ãã£ã³ãã¹ã®ãµããããããã¥ãŒãžã§ã³ ã«ãŒã¿ã«éç¥ããŸããçµæçã«ãã³ã¢ãšå ±æãµãŒãã¹ ãšãªã¢
éã®ãã©ãã£ãã¯ã¯ãå³ 27 ã§èª¬æããããã¹ãããã©ã«ãã§æµããããšã«ãªããŸãã
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPN
S2S1
2262
56
53ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 27 ããã©ã«ãã®ãã©ãã£ã㯠ãããŒ
ãã®åäœã®åå ã¯ã次ã®äŸã§ç€ºãããã«ããã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ããããã¯ãŒã¯å ã®ã«ãŒãã
ã ãããã«ãªããèšå®ãå¿ èŠãªéçã«ãŒãã£ã³ã°æ å ±ã«åºã¥ããŠãã©ãã£ãã¯ãã«ãŒãã£ã³ã°ããã
ãã§ãã
route outside-vrf6 10.137.0.0 255.255.0.0 10.136.113.1 route inside-vrf6 0.0.0.0 0.0.0.0 10.136.103.1
äžèšã®èšå®äŸã§ã¯ã10.137.0.0/16 ã¯ããã£ã³ãã¹å éšã®ç¹å®ã® Red VPN ã䜿çšããã¢ãã¬ã¹ç©ºéã®ã
ã¹ãŠãè¡šããŸãããã®çµæããã¡ã€ã¢ãŠã©ãŒã«ããã£ã³ãã¹ ã³ã¢å ããçºä¿¡ãããå ±æãµãŒãã¹ ãšãª
ã¢å®ãŠã®ãã©ãã£ãã¯ãåä¿¡ãããã³ã«ãHSRP VIP ã®ã¢ãã¬ã¹ã§ãã 10.136.113.1 ïŒVLAN 1053 äžïŒããã¯ã¹ãããããšããŠäœ¿çšãããŸããåæ§ã«ãéæ¹åã®ãã©ãã£ã㯠ãããŒã«ã¯ãHSRP VIP ã®ã¢ãã¬ã¹ 10.136.103.1 ïŒVLAN 903 äžïŒã䜿çšãããŸããäž¡æ¹ã®ãµããããïŒèšèšäž S1 ãš D1ïŒäž
ã®ã¢ã¯ãã£ã ããã€ã¹ã«ã¯ããããã®ãããŒãåä¿¡ããŠã«ãŒãã£ã³ã°ãã責任ããããŸãã
ãã®åŸã»ã¯ã·ã§ã³ã§ã¯ãç°ãªãé害ã·ããªãªã«ãããåäœã«ã€ããŠèª¬æããŸããåŸã®ãããã³ã«ç¹æã®
ã»ã¯ã·ã§ã³ã§ã¯ãeBGP ã®é 眮ã«é¢ããŠãå ·äœçãªåŸ©æ§æ¹æ³ãšåŸ©æ§æéã«ã€ããŠåæããŸãã
ïŒæ³šïŒ ããã¥ã¢ã«ã®ãã®éšåã«ãããåé·æ§ã«é¢ãã話é¡ã¯ãã·ã³ã°ã« ãµã€ãã®é 眮ã§ã®åŸ©æ§æ¹æ³ã«çŠç¹ã
åœãŠãããŸããåé·ãµã€ãã®èæ ®äºé ã«é¢ããŠã¯ããä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»ã ãåç §ããŠãã ããã
ã³ã³ããŒãžã§ã³ã¹åæ
ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ãããšãµãŒãã¹ ã¹ã€ããéã®å ãã¡ã€ãé害
D1 ãš S1 éã®å ãã¡ã€ãã«ããæ¥ç¶ã«é害ãçºçãããšãD1 å ã® VRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã®ã
ã¢ãªã³ã°ãåé€ãããŸããããã«ãVLAN 1053 å€ã®ãã¡ã€ã¢ãŠã©ãŒã«äžã§ D2 ãã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã«ãªããŸãããã©ãã£ã㯠ãããŒã«åœ±é¿ããçµæããå³ 28 ã«ç€ºããŸãã
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPNRed VPN
S2S1 S2S1
HSRP
HSRP HSRP
2262
67
54ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 28 D1 ãš S1 éã®å ãã¡ã€ãé害åŸã®ãã©ãã£ã㯠ãããŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒD1 ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ããããã©ã«ã ã«ãŒãïŒãŸãã¯ãå ±æ
ãµãŒãã¹ ãµããããçšã®ããå ·äœçãªã«ãŒãïŒãåä¿¡ããã®ãåæ¢ããŸãããã®çµæããã®æ å ±
ã® D1 ãããã£ã³ãã¹ ã³ã¢ãžã®éç¥ãåæ¢ãããã®ã§ãã³ã¢ããå ±æãµãŒãã¹ ãšãªã¢ã«åããã
ããã¹ãŠã®ãã©ãã£ãã¯ã D2 ã«é ä¿¡ãããããã«ãªããŸãããã®å Žåã«çºçããã³ã³ããŒãžã§ã³
ã¹ã¯ãD1 ãå ãã¡ã€ãã®é害ãæ€ç¥ããã³ã¢ãžã®ã«ãŒãã£ã³ã°æ å ±ãåæ¢ããéãã«åºã¥ããŸãã
ãªã³ã¯é害æ€åºãæ©èœããå Žåãããã¯éåžžã«é«éã§ããµãã»ã«ã³ãã®äžææéããçããŸããã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒå ãã¡ã€ãã®é害ãšã¯é¢ä¿ãªãã«ãå ±æãµãŒãã¹ ãµãããã
ïŒVLAN 32ïŒäžã§ S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã HSRP ãšããŠã®ã¢ã¯ãã£ããªåœ¹å²ãç¶æããŸãã
å ãã¡ã€ãã«é害ãçºçãããšããµããããïŒVLAN 1053ïŒå€ã®ãã¡ã€ã¢ãŠã©ãŒã«äžã§ D2 ãã¢
ã¯ãã£ã㪠HSRP ããã€ã¹ã«ãªãããã®ç¬éãããã¡ã€ã¢ãŠã©ãŒã«ããã¹ãŠã®ãã©ãã£ã㯠ãããŒã D2 å ã® VRF ãžéä¿¡ãå§ããŸããã³ã³ããŒãžã§ã³ã¹ã®èŠ³ç¹ãããããšãããã§äžææéã®
é·ãã決å®ããäž»ãªèŠå ã¯ãD2 ã HSRP ã®ã¢ã¯ãã£ããªåœ¹å²ãç²åŸããã®ã«èŠããæéã§ããã
ã®å€ããµãã»ã«ã³ãã«ç¶æããã«ã¯ã次ã«ç€ºãããã« HSRP ã¿ã€ããŒãã¢ã°ã¬ãã·ãã«èšå®ãã
å¿ èŠããããŸãã
D1interface Vlan1053 description Firewall Outside VRF Red ip vrf forwarding Red ip address 10.136.103.3 255.255.255.0 standby 1 ip 10.136.103.1 standby 1 timers msec 250 msec 750 standby 1 priority 105 standby 1 preempt delay minimum 180
D2interface Vlan1053 description Firewall Outside VRF Red ip vrf forwarding Red ip address 10.136.103.2 255.255.255.0
S2
S1 S2S1
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPNRed VPN
HSRP
HSRP
2262
68
55ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
standby 1 ip 10.136.103.1 standby 2 timers msec 250 msec 750
ïŒæ³šïŒ 150 以äžã® VLAN ã®é 眮ã§ã¯ããµãã»ã«ã³ã HRSP ã¿ã€ããŒã®äœ¿çšããå§ãããŸãã詳现ã«ã€ããŠã¯ã
次ã®ãã£ã³ãã¹ ãã¶ã€ã³ ã¬ã€ããåç §ããŠãã ãããhttp://www.cisco.com/en/US/netsol/ns815/networking_solutions_program_home.html
ãµãŒãã¹ ã¹ã€ãããšå ±æãµãŒãã¹ ãšãªã¢éã®å ãã¡ã€ãé害
ãµãŒãã¹ ã¹ã€ãã S1 ãå ±æãµãŒãã¹ ãšãªã¢ã«æ¥ç¶ããŠããå ãã¡ã€ã ãªã³ã¯ã«é害ãçºçããŠãã
VRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°ã«ã¯å€åã¯ãããŸããããã©ãã£ã㯠ãããŒ
ã¯ãå³ 29 ã§ç€ºãããã«ãªããŸãã
å³ 29 S1 ãšå ±æãµãŒãã¹ ãšãªã¢éã®å ãã¡ã€ãé害åŸã®ãã©ãã£ã㯠ãããŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒS1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãå ãã¡ã€ãã«é害ãçºçãããšã
ãŠãããµããããïŒVLAN 903ïŒå ã®ãã¡ã€ã¢ãŠã©ãŒã«äžã§ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã®ãŸãŸã«
ãªããŸãïŒããã¯ãHRSP ã¡ãã»ãŒãžããµãŒãã¹ ã¹ã€ããéã§ããŒããã£ãã«è¶ãã«äº€æããã
ããã§ãïŒãããã¯ãå ±æãµãŒãã¹ ãšãªã¢ã«ããå®å ã«å°éããã«ã¯ããã©ã³ãžãã ãªã³ã¯è¶ãã«
ãã©ãã£ãã¯ãåã«ãŒãã£ã³ã°ããå¿ èŠãããããšãæå³ããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒS2 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã å ±æãµããããïŒVLAN 32ïŒäžã§
ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã«ãªããã¢ã¯ãã£ããªãã¡ã€ã¢ãŠã©ãŒã«ããã®ããã€ã¹å ã«ããã®
ã§ããã¹ãŠã®ãã©ãã£ã㯠ãããŒããã©ã³ãžãã ãªã³ã¯è¶ãã« S1 ã«éä¿¡ããå¿ èŠããããŸããã
ã®åŸããµããããïŒVLAN 1053ïŒå€ã®ãã¡ã€ã¢ãŠã©ãŒã«äžã®ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã§ãã D1 å ã® VRF ã«ããã¹ãŠã®ãããŒãé ä¿¡ãããŸãã
æšå¥šèšèšïŒå³ 20 ã§ç€ºãããã©ã³ãžãã ãªã³ã¯è¶ãã®æº é©ãªãã¹ãé¿ããããã«ãå¯èœã§ããã°å
ãµãŒãã¹ ã¹ã€ããããã³å ±æãµãŒãã¹ ãšãªã¢éã«ããŒããã£ãã«ãé 眮ããããšããå§ãããŸãã
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPN
S2S1 S2S1
Red VPN
HSRP HSRP
HSRP
2262
69
56ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
ã¢ã¯ãã£ããªãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ã®é害
S1 å ã§ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ã«é害ãçºçãããšãVRF ããã³ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãS2 å éšã§æ°ããã¢ã¯ãã£ãã«ãªã£ããã¡ã€ã¢ãŠã©ãŒã«ã«ãã£ãŠã«ãŒãã£ã³ã° ãã¢ãªã³ã°ãä¿æããŸããçµ
æçã«çãããã©ãã£ã㯠ãããŒãå³ 30 ã«ç€ºããŸãã
å³ 30 ãã¡ã€ã¢ãŠã©ãŒã«ã®é害åŸã®ãã©ãã£ã㯠ãããŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒãã¡ã€ã¢ãŠã©ãŒã«ã®é害ãšã¯é¢ä¿ãªãã«ããµããããïŒVLAN 903ïŒå ã®ãã¡ã€ã¢ãŠã©ãŒã«äžã§ S1 ã HSRP ãšããŠã®ã¢ã¯ãã£ããªåœ¹å²ãç¶æããŸããããã¯ã
S2 ã®ãã¡ã€ã¢ãŠã©ãŒã«ãã¢ã¯ãã£ãã«ãªã£ãå Žåã§ãããã¹ãŠã®ãã©ãã£ãã¯ããã®ãŸãŸ S1 å ã®
ãã¥ãŒãžã§ã³ ã«ãŒã¿ã«é ä¿¡ãããå³ 30 ã§ç€ºããã©ãã£ã㯠ãã¿ãŒã³ãçããããšãæå³ããŸãã
ãããã®ãããŒã確ç«ããããŸã§ã®å šäœã®äžææéã¯ã䞻㫠S2 å ã®ãã¡ã€ã¢ãŠã©ãŒã«ãã¢ã¯ãã£
ãã«ãªããŸã§ã®æéã«å·Šå³ãããŸããããã¯ããã®æéãããèšå®ãããã«ãŒãã£ã³ã° ãããã³
ã«ã®ä¿ææéãé·ãããšãåæã§ããããã§ãªãå Žåã¯ããã¡ã€ã¢ãŠã©ãŒã«ã®ãã§ãŒã«ãªãŒããŒæ
éã«å ããŠãã«ãŒãã£ã³ã° ãããã³ã«ã®ãã¢ãªã³ã°ãå確ç«ããã«ãŒãã£ã³ã°æ å ±ãéç¥ããã®
ã«å¿ èŠãªæéãèæ ®ããå¿ èŠããããŸãïŒããã«å ·äœçãªèæ ®äºé ã«ã€ããŠã¯ããã®åŸã®ãããã³
ã«åºæã®ã»ã¯ã·ã§ã³ãåç §ããŠãã ããïŒãS2 å ã®ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ãä»æ¹ã®ãã¡ã€ã¢
ãŠã©ãŒã«ã®é害ãæ€ç¥ããã¢ã¯ãã£ã ããã€ã¹ã«ãªãã®ã«å¿ èŠãªæéã¯ããã¡ã€ã¢ãŠã©ãŒã«éã§
èšå®ãããä¿ææéã«äŸåããããšã«æ³šæããŠãã ãããFWSM ã§ã¯ã次ã«ç€ºãããã«ãä¿ææ
éã 3 ç§æªæºã«ã¯èšå®ã§ããŸããã
FWSM(config)# failover polltime unit msec 500 holdtime ?configure mode commands/options: <3-45> Hold time in seconds, default is 3 X poll time but minimum is 3 Seconds
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒãã¡ã€ã¢ãŠã©ãŒã«ã®é害ãšã¯é¢ä¿ãªãã«ãå ±æãµãŒãã¹ ãµããã
ãïŒVLAN 32ïŒäžã§ S1 ãã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã®ãŸãŸã«ãªããŸããåæã«ããµãããã
ïŒVLAN 1053ïŒå€ã®ãã¡ã€ã¢ãŠã©ãŒã«äžã§ D1 å ã® VRF ãã¢ã¯ãã£ã㪠HSRP ã®åœ¹å²ãç¶æãã
ã®ã§ãå ±æãµãŒãã¹ ãšãªã¢ããçºä¿¡ããããã¹ãŠã®ãã©ãã£ã㯠ãããŒã¯ãã® VRF ã«é ä¿¡ãããŸ
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPN
S2S1 S2S1
Red VPN
HSRP HSRP
HSRP
2262
70
57ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
ãããã®æ¹åã«ããã埩æ§æéã«ã¯ãåã®ç®æ¡æžãé ç®ã§èª¬æããã®ãšåãèæ ®äºé ãåœãŠã¯ãŸ
ããã³ã³ããŒãžã§ã³ã¹ã¯ããã¡ã€ã¢ãŠã©ãŒã«ããã§ãŒã«ãªãŒããŒã§ããé床ãããã®éã«ããã€ã¹
éã®ãã¢ãªã³ã°ãåæãããåŠãã«äŸåããŸãã
æšå¥šèšèšïŒS1 å éšã®ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ãïŒåäœäžã«ïŒåžžã«ã¢ã¯ãã£ãã®åœ¹å²ãæãããã
ã«ãã¡ã€ã¢ãŠã©ãŒã«ã®å åããèšå®ããäžèšã®æº é©ãªãã©ãã£ã㯠ãã¹ãåé¿ããããã«ãå§ãã
ãŸãã
ãµãŒãã¹ ã¹ã€ããã®é害
ãã®é害ã·ããªãªãå³ 31 ã«ç€ºããŸãã
å³ 31 ãµãŒãã¹ ã¹ã€ããã®é害åŸã®ãã©ãã£ã㯠ãããŒ
ãµãŒãã¹ ã¹ã€ãã S1 å šäœã®é害ã®ãããS1 å ã® VRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã®ãã¢ãªã³ã°ãåé€ã
ããŸããçµæçã«ããã©ãã£ã㯠ãããŒã¯æ¬¡ã®ããã«ãªããŸãã
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒD2 ãš S2 éã®ãªã³ã¯ã¯ãã³ã¢ããå ±æãµãŒãã¹ãžã®å¯äžå©çšå¯èœ
ãªãã¹ã§ããã³ã³ããŒãžã§ã³ã¹ã®èŠ³ç¹ãããããšãäžææéã¯ãã¡ã€ã¢ãŠã©ãŒã«ãã¢ã¯ãã£ãã«ãª
ããŸã§ã®æéã«ãã£ãŠæ±ºãŸããã«ãŒãã£ã³ã° ãã¢ãªã³ã°ãé£ç¶çã«ç¢ºç«ã§ããŸãããã®äžææé
ã®å®äœã¯ããã¡ã€ã¢ãŠã©ãŒã«ã®é害ã®ã·ããªãªã«é¢ãã以åã®ã»ã¯ã·ã§ã³ã§èª¬æãããã®ãšåãã§
ãããšèããããšãå¯èœã§ãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãD2 å ã® VRF çµç±ã®ããªã¢ãŒã ãã£ã³ã
ã¹ã®å®å ãžã®æå¹ãªãã¹ã ããæã£ãŠããŸããS1 ã¹ã€ããã§é害ãçºçããããã«ãS2 å ã®
ãã¥ãŒãžã§ã³ ã«ãŒã¿ãå ±æãµãŒãã¹ã®ãµããããïŒVLAN 32ïŒäžã§ã¢ã¯ãã£ã㪠HSRP ããã€ã¹
ã«ãªããŸãã埩æ§ã®ã¡ã«ããºã ã¯ãåã®ç®æ¡æžãé ç®å ã§èª¬æãããã®ãšåãã§ãã
ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã®é害
åŸã®é¢é£ã·ããªãªã¯ãå³ 32 ã«ç€ºãããã«ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã®é害ã§ãã
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPNRed VPN
S2S1 S2S1
HSRP HSRP
HSRP
2262
71
58ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 32 ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã®é害åŸã®ãã©ãã£ã㯠ãããŒ
ãã©ãã£ã㯠ãããŒããã³ã«ãŒãã£ã³ã° ãã¢ãªã³ã°ã®èŠ³ç¹ããã¯ããã®ã·ããªãªã¯å ãã¡ã€ãé害ã®
ã·ããªãªãšéåžžã«äŒŒãŠããŸãã
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒD1 ã¹ã€ããå šäœã«é害ãçºçããŠããã®ã§ãã³ã¢ ããã€ã¹ã¯ãã
ãééããæå¹ãªãã¹ãåé€ãããã¹ãŠã®ãã©ãã£ãã¯ã D2 çµç±ã§åã«ãŒãã£ã³ã°ããŸããåãš
åæ§ããªã³ã¯é害æ€åºãæ©èœããå Žåãããã¯ãµãã»ã«ã³ãã®äžææéããçããªã ECMP ã®å
ã«ãŒãã£ã³ã°ã§ãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒS1 å éšã®ãã¡ã€ã¢ãŠã©ãŒã«ã¯ããã¹ãŠã®ãã©ãã£ã㯠ãããŒããµ
ããããïŒVLAN 1053ïŒå€ã®ãã¡ã€ã¢ãŠã©ãŒã«äžã® HSRP VIP ã«éä¿¡ãç¶ããŸããHSRP ãã¢ã¯
ãã£ãã«ãªããšãããããã¹ãŠã®ãããŒã D2 ã® VRF ã«ãã£ãŠããã¯ã¢ãããããŸããåæ¢ã®é·
ãã¯ããã®ããã»ã¹ã§ãããæéã«ãã£ãŠç°ãªããŸããã¿ã€ããŒããµãã»ã«ã³ãã«èšå®ãããšãã
ã®ã³ã³ããŒãžã§ã³ã¹ ã€ãã³ãããµãã»ã«ã³ã以å ã«åãŸããŸãã
次ã®ã»ã¯ã·ã§ã³ã§ã¯ããããŸã§ã«èª¬æããŠãããã¹ãŠã®é害ã·ããªãªã®ã³ã³ããŒãžã§ã³ã¹çµæãå«ãã
eBGP ã®é 眮ã«é¢ããç¹å®ã®èšèšãšèšå®äžã®èæ ®äºé ã«ã€ããŠèª¬æããŸãã
VRF ããã³ãã¥ãŒãžã§ã³ ã«ãŒã¿éã§ã® eBGP ã®äœ¿çš
ã«ãŒããã ã¢ãŒãã§ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããé 眮ãããšãã«é ä¿¡ã¹ã€ããïŒD1 ããã³ D2ïŒãšãã¥ãŒãžã§ã³ ã«ãŒã¿ã§å®çŸ©ããã VRF éã§ã®ãã¢ãªã³ã°ã§ BGP ã䜿çšããå Žåã®èæ ®äºé ã¯ãã
ã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã®ãã¡ã€ã¢ãŠã©ãŒã«ã§ãã§ã«è¡ã£ããã®ãšåºæ¬çã«åãã§ãïŒè©³çŽ°ã«ã€ããŠ
ã¯ã察å¿ããã»ã¯ã·ã§ã³ãåç §ããŠãã ããïŒãå¯äžã®éãã¯ãS1 ã§ã¯ãçµè·¯ã®æ±ºå®ããã¡ã€ã¢ãŠã©ãŒ
ã«ã®å éšãµããããïŒVLAN 903ïŒäžã®ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã«åºã¥ããŠã«ãŒããã ãã¡ã€ã¢
ãŠã©ãŒã«ã«ãã£ãŠè¡ãããããããã¥ãŒãžã§ã³ ã«ãŒã¿ã é©ãªããã©ã«ãçµè·¯ã確å®ã«ã¢ããã¿ã€ãº
ããããã®èŠä»¶ãååšããªãããšã§ãã
eBGP ã³ã³ããŒãžã§ã³ã¹çµæ
ããŸããŸãªé害ã·ããªãªã§å®çŸãããåæçµæã以äžã«ãŸãšããŸãã
ãã¹ã 1 ïŒS1 ãš D1 éã®å ãã¡ã€ãã®é害ïŒ
S2
S1 S2S1
D2D1SiSi L3
L2
L2 L2
L2 L2
D2D1SiSi L3
L2
L2 L2
L2 L2
Red VPNRed VPN
HSRP
HSRP HSRP
2262
72
59ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
ãã®å€ã¯ãS1 ãžæ¥ç¶ããå ãã¡ã€ã ãªã³ã¯ã®é害ã D1 ããã€ã¹ã«ãã£ãŠæ€ç¥ãããé床ã«ãã£
ãŠæ±ºãŸããŸããããã«ãããSVI 1053 ã DOWN ç¶æ ã«ãªãããã®çµæãã«ãŒãã£ã³ã° ããŒãã«
ãããã®ã€ã³ã¿ãŒãã§ã€ã¹çµç±ã§åŠç¿ããããã©ã«ãã®ã«ãŒããåé€ãããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ<1 ç§
ãã®å€ã¯ãD2 äžã® VRF ããµããããïŒVLAN 1053ïŒå€ã®ãã¡ã€ã¢ãŠã©ãŒã«ã§ HSRP ãã¢ã¯ãã£
ãã§ããæ©ãã«ãã£ãŠæ±ºå®ãããŸãããµãã»ã«ã³ãã® HSRP ã¿ã€ããŒãèšå®ãããšã埩æ§æéã
ãµãã»ã«ã³ã以å ã«åãŸããŸãã
ãã¹ã 2 ïŒS1 ãšå ±æãµãŒãã¹ ãšãªã¢éã®å ãã¡ã€ãã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
S1 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿å®ãŠã®ãã¹ãŠã®ãã©ãã£ã㯠ãããŒãããã©ã³ãžãã ãªã³ã¯è¶ãã« S2 ãžåã«ãŒãã£ã³ã°ããå¿ èŠããããŸããåã«ãŒãã£ã³ã°ã«ãã£ãŠãéåžžããµãã»ã«ã³ãã®äžæ
æéãçããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ<1 ç§
å ±æãµãŒãã¹ ãšãªã¢ããã®ãã©ãã£ãã¯ã¯ãS2 å ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãå ±æãµãŒãã¹ã®ãµã
ãããïŒVLAN 32ïŒäžã§ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ã«ãªããŸã§ããã©ãã¯ããŒã«ã«å ¥ã£ãŠããŸ
ããŸãããµãã»ã«ã³ãã® HSRP ã¿ã€ããŒãèšå®ãããšããã®ã³ã³ããŒãžã§ã³ã¹ ã€ãã³ãããµãã»
ã«ã³ã以å ã«åãŸããŸãã
ãã¹ã 3 ïŒãã¡ã€ã¢ãŠã©ãŒã«ã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒïœ 3ã4 ç§
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒïœ 3ã4 ç§
äžèšã®ãã©ãã£ãã¯ã®äžææéã¯ãS2 å ã®ãã¡ã€ã¢ãŠã©ãŒã«ãã¢ã¯ãã£ããªåœ¹å²ãæ ãããã«ãª
ããŸã§ã«å¿ èŠãªæéãåå ã§ããããã¯çŸåšãFWSM ã®é 眮ã§ã¯ 3 ç§æªæºã«èšå®ã§ããŸããã
ãã¹ã 4 ïŒãµãŒãã¹ ã¹ã€ããã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒïœ 3ã4 ç§
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒïœ 3ã4 ç§
äžèšã®ãã©ãã£ãã¯ã®äžææéã¯ãS2 å ã®ãã¡ã€ã¢ãŠã©ãŒã«ãã¢ã¯ãã£ããªåœ¹å²ãæ ãããã«ãª
ããŸã§ã«å¿ èŠãªæéãåå ã§ãããã¡ã€ã¢ãŠã©ãŒã«ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§äœ¿çšããã eBGP æ§æãšã¯ç°ãªããèšå®ãããŠãã BGP ã®ããŒã«ãã¿ã€ã ã¯ããã®ã±ãŒã¹ã§å®çŸãããã³ã³
ããŒãžã§ã³ã¹æéã決å®ããèŠçŽ ãšã¯ãªããŸãããããã¯ããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããã
ãã§ã¯ãããã«ã«ãŒããããŠãããåžžã«ãµããããå ãšãµããããå€ã®äž¡æ¹ã®ãã¡ã€ã¢ãŠã©ãŒã«ã«
ãã©ãã£ãã¯ãéä¿¡ããããã§ãã
ãã¹ã 5 ïŒãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã®é害ïŒ
⢠ã³ã¢ãããµãŒãã¹ãžã®ãããŒïŒ<1 ç§
ãã®å Žåã®åŸ©æ§ã¡ã«ããºã ã¯ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã«é害ãçºçããå Žåã®ãã³ã¢ ããã€ã¹ããã® ECMP ã«ãªããŸããé害ãçºçããã¹ã€ããã«çŽæ¥æ¥ç¶ãããŠããã³ã¢ ããã€ã¹
äžã§ãªã³ã¯æ€ç¥ã¡ã«ããºã ãé©åã«æ©èœããŠããå Žåãããã¯éåžžã«é«éã«è¡ãããŸãã
⢠ãµãŒãã¹ããã³ã¢ãžã®ãããŒïŒ<1 ç§
ãã®åæ¢ã¯ãD2 ã® VRF ããµããããïŒVLAN 1053ïŒå€ã®ãã¡ã€ã¢ãŠã©ãŒã«ã§ã¢ã¯ãã£ã㪠HSRP ããã€ã¹ãšãªãã®ã«å¿ èŠãªæéã«ãã£ãŠæ±ºå®ãããŸããç¹°ãè¿ãã«ãªããŸãããHSRP ã¿ã€
ããŒããµãã»ã«ã³ãã«ããŠäœ¿çšããå Žåã¯ãåæ¢æéã«ãµãã»ã«ã³ãå€ãå ¥åã§ããŸãã
60ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
ãã¥ã¢ã« ãã£ã¢ã®å®è£ ïŒæŠèŠãšèšèšã®æšå¥šäºé
ãã®ã»ã¯ã·ã§ã³ã§èª¬æãã倧èŠæš¡ãªé 眮ã§ã®ãã¥ã¢ã« ãã£ã¢å®è£ ã¢ãã«ã¯ãVRFïŒãã£ã¹ããªãã¥ãŒ
ã·ã§ã³ ã¬ã€ã€ ã¹ã€ããïŒã®çµäºæ©èœãéé¢ããŠããããšã«ã¡ãªãããããããµãŒãã¹ ã¹ã€ããäžã§
ãã¡ã€ã¢ãŠã©ãŒã«ãšãã¥ãŒãžã§ã³ ã«ãŒã¿ ãµãŒãã¹ãæäŸã§ããããšã§ãæšå¥šãããŠããŸãã
å šäœçãªãµãŒãã¹ ãšããžèšèšã®å®å®æ§ã®ããã«ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ãšãµãŒãã¹ ã¹ã€ãã
ã®éã« STP ã«ãŒããäœããªãããã«ããããšãæšå¥šããŸããããã¯ããããã®ããã€ã¹ã U å圢ã§ã¬
ã€ã€ 2 ãã©ã³ã¯ã«æ¥ç¶ããããšã§å®çŸã§ããŸãããã®å Žåããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ ã¹ã€ãã
éã®æ¥ç¶ã¯ã«ãŒããã ãªã³ã¯ãšããŠèšå®ãããŸãã
ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã®åäœã¢ãŒãã«ãã£ãŠãããŸããŸãªã«ãŒãã£ã³ã° ãããã³ã«ãå©çšã
ãŠããã¥ãŒãžã§ã³ ã«ãŒã¿ãšãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¬ã€ã€ã§å®çŸ©ããã VRF éã®ã«ãŒãã£ã³ã°æ å ±ã
åçã«äº€æã§ããŸãã
⢠ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã®ãã¡ã€ã¢ãŠã©ãŒã«ïŒEIGRPãOSPFããŸã㯠eBGP
⢠ã«ãŒããã ã¢ãŒãã®ãã¡ã€ã¢ãŠã©ãŒã«ïŒeBGP
è¡š 1 ã«ã次ã®é害ã·ããªãªã®ããšã§å®çŸãããã³ã³ããŒãžã§ã³ã¹çµæããŸãšããŠããŸãã
⢠ãã¹ã 1ïŒãµãŒãã¹ ã¹ã€ãããšãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããéã®ãã¡ã€ãé害
⢠ãã¹ã 2ïŒãµãŒãã¹ ã¹ã€ãããšå ±æãµãŒãã¹ ãšãªã¢éã®ãã¡ã€ãé害
⢠ãã¹ã 3ïŒFWSM ã®é害
⢠ãã¹ã 4ïŒãµãŒãã¹ ã¹ã€ããã®é害
⢠ãã¹ã 5ïŒãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ããã®é害
ã³ã³ããŒãžã§ã³ã¹çµæã®åæããã次ã®çµè«ãå°ãããšãã§ããŸãã
⢠eBGP ããã«ãŒããã ã¢ãŒãã§é 眮ãããŠãããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããšå ±ã«äœ¿çšããã
ãšãæšå¥šããŸãã埩æ§æéã¯ããã®ã·ããªãªã§ã¯æ¬¡ã® 2 ã€ã®ç¶æ³ã§ã ããµãã»ã«ã³ãã«ãªããŸã
ãã
è¡š 1 2 ãã£ã¢ã¢ãã«ã®ã³ã³ããŒãžã§ã³ã¹çµæ1
1. 倪åã®çµæã¯ãã³ã¢ãããµãŒãã¹ãžã®ãããŒã§ãæäœ ã®çµæã¯ãµãŒãã¹ããã³ã¢ãžã®ãããŒã§ãã
ãã¹ã 1ãã¹ã 2 ãã¹ã 3 ãã¹ã 4 ãã¹ã 5
ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ã
EIGRP<1 ç§
ïœ 3 ç§
<1 ç§
<1 ç§
ïœ 4-5 ç§
ïœ 4.5 ç§
ïœ 4-5 ç§
ïœ 4-5 ç§
<1 ç§
ïœ 3 ç§
OSPF<1 ç§
<1 ç§
<1 ç§
<1 ç§
ïœ 4-5 ç§
ïœ 4.5 ç§
ïœ 4-5 ç§
ïœ 4-5 ç§
<1 ç§
ïœ 4 ç§
eBGP<1 ç§
ïœ 9-10 ç§
<1 ç§
<1 ç§
ïœ 3-4 ç§
ïœ 3-4 ç§
ïœ 9-10 ç§
ïœ 9-10 ç§
<1 ç§
ïœ 9-10 ç§ã«ãŒããã ã¢ãŒãã§ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ã
eBGP<1 ç§
<1 ç§
<1 ç§
<1 ç§
ïœ 3-4 ç§
ïœ 3-4 ç§
ïœ 3-4 ç§
ïœ 3-4 ç§
<1 ç§
<1 ç§
61ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
â ãã¡ã€ã¢ãŠã©ãŒã«ã®é害ïŒãã®ã±ãŒã¹ã§ã³ã³ããŒãžã§ã³ã¹ã決å®ããäž»èŠãªèŠçŽ ã¯ããã¡ã€ã¢
ãŠã©ãŒã«ã®ããŒã«ãã¿ã€ã ã§ããçŸåšãFWSM ã§èšå®å¯èœãª å°å€ã¯ 3 ç§ã§ãããå°æ¥ã®ãª
ãªãŒã¹ã§ã¯ãããæ¹åãããå¯èœæ§ããããŸãã
â ãµãŒãã¹ ã¹ã€ããã®é害ïŒãã¡ã€ã¢ãŠã©ãŒã«ã®ããŒã«ãã¿ã€ã ããã®ã±ãŒã¹ã§ã³ã³ããŒãžã§
ã³ã¹ã«åœ±é¿ããäž»èŠãªèŠçŽ ã§ãããã§ãäžèšãšåãé æ ®ããªãããŠããŸããããã«ãåé·åé»
æºã®å°å ¥ãã¹ãŒããŒãã€ã¶æ©èœã®åé·åãªã©ã«ãããç¹å®ã®ããã€ã¹ã®åŸ©å åãåäžãããã
ãšãå¯èœã§ãã
⢠IGPïŒEIGRP ãŸã㯠OSPFïŒãããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã®ãã¡ã€ã¢ãŠã©ãŒã«ãšäœµçšããããš
ãæšå¥šããŸããäžèšã§è¡ã£ãã®ãšåæ§ã®èæ ®äºé ãããã§ãç¹°ãè¿ããŸããããã«ãããã€ãã®é
害ã·ããªãªïŒEIGRP ã§ã®ãã¹ã 1 ããã³ EIGRP ãš OSPF ã§ã®ãã¹ã 4ïŒã§ã®åŸ©æ§æéã¯ãèšå®ã
ãã IGP ããŒã«ãã¿ã€ã ã«ãã£ãŠæ±ºå®ãããŸããå šäœçãªèšèšã®å®å®æ§ã®ããã«ã¯ããµãã»ã«ã³
ã IGP ã¿ã€ããŒã䜿çšããããšã¯å¥œãŸãããªãããããã®åŸ©æ§æéãççž®ããæ段ã¯éãããŠã
ãŸãã
ã·ã³ã°ã« ãã£ã¢ã®å®è£
ä¿è·ããããµãŒãã¹ ã¢ã¯ã»ã¹ãé 眮ããããã® 2 çªç®ã®ã¢ãã«ã§ã¯ãå³ 33 ã«ç€ºããããªã·ã³ã°ã« ãã£
ã¢ã®å®è£ ãå¿ èŠãšãªããŸãã
62ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 33 ã·ã³ã°ã« ãã£ã¢å®è£ ã¢ãã«
ãã®ã¢ãã«ã§ã¯ãS1/D1 ã®ãããã¯ãŒã¯ ããã€ã¹ããã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ãããšãµãŒãã¹ ã¹ã€ããã®äž¡æ¹ã®åœ¹å²ãæããããããã¹ãŠã®æ©èœïŒVRFããã¡ã€ã¢ãŠã©ãŒã«ããã¥ãŒãžã§ã³ ã«ãŒãã£
ã³ã°ïŒããåãç©çãããã¯ãŒã¯ ããã€ã¹ïŒS1/D1ïŒã§å®è¡ãããŸããä»®æ³ãããã¯ãŒã¯ã§ãããã®ã
ãã€ã¹ãæãã圹å²ã¯ãé 眮ãããŠãããã¹éé¢æŠç¥ã«å€§ããäŸåããŸãã
⢠MPLS VPN ãã¶ã€ã³ã§ã¯ããããã®ããã€ã¹ã¯ PE ãšããŠé 眮ãããŸãã
⢠VRF-Lite ãšã³ãããŒãšã³ã ã·ããªãªã§ã¯ããããã¯ä»®æ³åããããªã³ã¯çµç±ã§ã³ã¢ã«æ¥ç¶ãããŸ
ãïŒãµãã€ã³ã¿ãŒãã§ã€ã¹ãŸã㯠ã¬ã€ã€ 2 ãã©ã³ã¯ãš SVI ã®ããããã䜿çšããŠïŒã
⢠VRF-Lite ãš GRE ãã³ãã«ãé 眮ãããŠããå Žåã¯ããããã®ããã€ã¹ã¯ãå€ãã®å Žåããªã¢ãŒã ã¹ããŒã¯ã§éå§ããã GRE ãã³ãã«ãéçŽãããããšããŠæ©èœããŸãã
è«ççãªèŠ³ç¹ããã¯ãVRF ãšäºãã«æ¥ç¶ããã¬ã€ã€ 3 ãªã³ã¯ã¯ãã¯ãååšããªãããšã«æ³šç®ããŸãã
ããã¯ã2 ãã£ã¢ ã¢ãã«ã§ãã«ãŒãåãããããããžãäœãããã®ãåé¿ããããã«å¿ èŠãšãªããŸã
ããããã§ã¯ã¬ã€ã€ 2 ãªã³ã¯ã ãã 2 ã€ã®ã¹ã€ããéã®ããŒããã£ãã«ãšãªãããã䟿å©ã§ã¯ãããŸã
ãã
ã·ã³ã°ã« ãã£ã¢é 眮ã§ã¯ããã«ããã€ãã®èæ ®äºé ããããŸãïŒ2 ãã£ã¢ ã¢ãã«ã§èª¬æãããã®ãšå
æ§ã®èæ ®äºé ããããŸãïŒã
⢠ãã®ã¢ãã«ã§ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿æ©èœã¯ããã®æ©èœãå®è¡ããéé¢ãããç©çããã€ã¹ãæã€
ããšãã§ããªãããããã®ç®çå°çšã® VRF ãå®çŸ©ããŠå®è£ ããå¿ èŠããããŸãã
Red VPNRed VPN
Red VPND1 D2
S1 S2
3
Red VPN
Yellow VPN
Green VPN
HSRP
HSRP
HSRP
L2
L2 L2
S2/D2
S1/D1
2262
73
63ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
ïŒæ³šïŒ ããã©ã«ãã® VRFïŒaka ã°ããŒãã« ããŒãã«ïŒãããã¥ãŒãžã§ã³ ã«ãŒãã£ã³ã°æ©èœãå®è¡ã
ãã®ã«äœ¿çšã§ããŸãã
⢠ãã¥ãŒãžã§ã³ VRF ã¯ãã¬ã€ã€ 3 æ¥ç¶ã®ãã¢ãšããŠæ©èœããŸãããã®æ©èœã¯ããµãŒãã¹ ã¹ã€ããã
æ¥ç¶ããã¬ã€ã€ 2 ããŒããã£ãã« ãã©ã³ã¯ã«åŒãç¶ãããç¹å®ã® VLAN ãããã®ç®çã§æå®ãã
ããšã§å®çŸã§ããŸãã
ïŒæ³šïŒ 2 ã€ã®ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«éã§åŸ©å åã®é«ãæ¥ç¶ãæäŸããããã«ããµãŒãã¹ ã¹ã€ã
ãéã«ããŒããã£ãã«ã䜿çšããããšã匷ãæšå¥šããŸãã
⢠åãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã®å éšã€ã³ã¿ãŒãã§ã€ã¹ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿åŽã«ãªã£ãŠã
ããå€éšã€ã³ã¿ãŒãã§ã€ã¹ã¯ VRF åŽã«ãªã£ãŠããŸãããã®éžæã¯ãå ±æãšãªã¢å ã«é 眮ããã
ãµãŒãã¹ãä¿è·ããããã®èŠä»¶ã«ãã£ãŠæ±ºãŸããŸãã
⢠VLAN ã®å éšãšå€éšã®ãã¡ã€ã¢ãŠã©ãŒã«ããã¹ã€ãããš HSRP éã«æ¡åŒµãããŠãäž¡æ¹ã®ãµããã
ãã§ããã©ã«ã ã²ãŒããŠã§ã€æ©èœãæäŸããã®ã«äœ¿çšãããŸãã
次ã®ã»ã¯ã·ã§ã³ã§ã¯ãã·ã³ã°ã« ãã£ã¢ ãµãŒãã¹ ãšããž ã¢ãã«ãé 眮ããããã®ãèšèšäžã®èæ ®äºé ãš
èšå®ã¬ã€ãã©ã€ã³ã«éç¹ã眮ããŠèª¬æããŸãã2 ãã£ã¢é 眮ã§ãã§ã«èª¬æããã·ããªãªãšèšå®ããã䌌
ãŠãããããéèŠãªéãã ããåãäžããŠèª¬æããŸãã
ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§é 眮ããããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ã
2 ãã£ã¢ ã¢ãã«ã®èª¬æã§ãã§ã«è¿°ã¹ãããã«ããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§é 眮ããããšã§ããã§ã«äœ¿çšãããŠãã IP ã¢ãã¬ã¹ãå€æŽããããšãªãããã¡ã€ã¢ãŠã©ãŒã«
ããããã¯ãŒã¯ã«æ¿å ¥ã§ããããã«ãªããŸããããã«ãå³ 34 ã«ç€ºãããã«ã äžéšã§å®çŸ©ãããŠãã VRF ãš äžéšã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã®éã§ãããŸããŸãªã¿ã€ãã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°ã確ç«ã§ã
ãŸãã
64ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 34 ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããšã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°
ãã®æ©èœã§äœ¿çšãããã«ãŒãã£ã³ã° ãããã³ã«ã®çš®é¡ã¯ãéåžžã¯ãæ¡çšããããã¹åé¢æ¹æ³ã«ãã£ãŠ
決ãŸããŸãã
⢠MPLS VPN æ§æã§ã¯ããã£ã³ãã¹ ã€ã³ãã©ã¹ãã©ã¯ãã£å šå㧠VPN ã«ãŒãã亀æããŠãã PE ããã€ã¹éã« iBGP ããã§ã«ååšããããã«ãeBGP ã䜿çšããããã«æšå¥šãããŸãã
⢠VRF-Lite ãšã³ãããŒãšã³ãïŒãŸã㯠VRF-Lite + GREïŒæ§æã®å Žåã¯ãéåžžã¯åä»®æ³ãããã¯ãŒ
ã¯å ã§ãã§ã«ã³ã³ãããŒã« ãã¬ãŒã³ ãããã³ã«ãšããŠäœ¿çšãããŠããåã IGP ãããã®ã¿ã€ãã®
ãã¢ãªã³ã°ã§ãå©çšãããŸãã
ãã©ãã£ã㯠ãããŒãšåŸ©æ§ã·ããªãªã«é¢ããèæ ®äºé ã¯ã2 ãã£ã¢é 眮ã§èª¬æãããã®ãšåæ§ã§ããã
ã®ã±ãŒã¹ã§ã¯ãèšèšäž 2 ã€ã®ã¬ã€ã€ 2 ãªã³ã¯ããååšããªãããïŒãµãŒãã¹ ã¹ã€ããéã®ãã©ã³ãžã
ã ãªã³ã¯ïŒããã©ãã£ã㯠ãããŒã¯å®éã«ã¯ç°¡ç¥åãããŸãã
次ã®ã·ããªãªã§ã¯ãèšå®ã®èŠ³ç¹ããã®éããææããŠãEIGRPãOSPFããŸã㯠eBGP ã䜿çšããã«ãŒ
ãã£ã³ã° ãã¢ãªã³ã°ãå¯èœã«ããŸããå³ 35 ã«ç€ºãããã«ããã®ç®ç㯠2 ãã£ã¢èšèšã®å Žåãšåæ§ã«ã
ãã«ã¡ãã·ã¥ ãã¢ãªã³ã°ããã¥ãŒãžã§ã³ VRF ãš ãã¡ã€ã¢ãŠã©ãŒã«ã®å€åŽã«å®çŸ©ãããŠãã VRF ãšã®
éã«äœæããããšã§ãã
VPN
L2L2 L2
OSPF EiGRPeBGP
2262
54
65ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 35 ãã«ã¡ãã·ã¥ã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°
èšå®äŸã¯ãã¹ãŠå³ 36 ã®ãããã¯ãŒã¯ ããããžãç¹ã« Red VPN ãåç §ããŠããŸãã
L2
L2 L2
Red VPN
S2/D2S1/D1
2262
74
66ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 36 ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã®äŸ
ãããã³ã«åºæã®å 容ã説æããåã«ã3 ã€ã®é 眮ïŒEIGRPãOSPFãããã³ eBGPïŒãã¹ãŠã«é©çšã
ããèæ ®äºé ãšããã¥ã¢ã« ãã£ã¢é 眮ãšã·ã³ã°ã« ãã£ã¢é 眮ã®éãã«ã€ããŠèª¬æããŸãã
⢠ãµããããå ãšãµããããå€ã®ãã¡ã€ã¢ãŠã©ãŒã«ã«å¯Ÿå¿ãã SVI ã¯ãåãããã€ã¹ïŒS1/D1 ãŸã
㯠S2/D2ïŒå ã§å®çŸ©ããå¿ èŠããããŸããããã«ããããããã® SVIãããŸããŸãª VRF ã«ããã
ã³ã°ããããã®èŠä»¶ãé©çšãããŸããå€éšã«ã¯ Red VRF ããããå éšã«ã¯ãã¥ãŒãžã§ã³ VRFïŒãŸ
ãã¯ã°ããŒãã« ããŒãã«ããªãã·ã§ã³ã§äœ¿çšïŒããããŸãã
⢠ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§é 眮ãããŠãããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãå šäœã§ãåãç©çã
ãã€ã¹ã® SVI éã§æ¥ç¶æ§ã確ç«ããå Žåã¯ãARP ãé©åã«æ©èœãããããã®è¿œå ã®èšå®æé ãå¿
èŠãšãªããŸãããã®åé¡ã®æ ¹æ¬çãªåå ã¯ã次ã®äŸã§ç€ºããããã«ãããã©ã«ãã§ã¯ãCatalyst 6500 ããã€ã¹ã§å®çŸ©ãããŠãããã¹ãŠã® SVI ããåã MAC ã¢ãã¬ã¹ãç¶æ¿ããããšã«ãããŸãã
S1/D1S1/D1#sh int vlan 903Vlan903 is up, line protocol is up Hardware is EtherSVI, address is 000b.4594.1c00 (bia 000b.4594.1c00) Description: Firewall_Inside_Red<snip>S1/D1#sh int vlan 1053Vlan1053 is up, line protocol is up
.3
.3
.2
.2
S1/D1 S2/D2
VLAN 903 10.136.103.0/24 VLAN 904 10.136.104.0/24
VLAN 1054 10.136.104.0/24VLAN 1053 10.136.103.0/24
HSRP VIP .4VLAN 903 904
HSRP VIP .1VLAN 1053 1054
.6 .5.6 .5
VLAN 32 10.136.32.0/24
HSRP VIP .1
10.136.200.0/30.1 .2
Red VPN
Green VPN
2262
75
67ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
Hardware is EtherSVI, address is 000b.4594.1c00 (bia 000b.4594.1c00) Description: Firewall_Outside_Red<snip>
ãã®çµæããã±ããããã¡ã€ã¢ãŠã©ãŒã«å€ã®ãµãããããããã¡ã€ã¢ãŠã©ãŒã«å ã®ãµããããã«é
ä¿¡ããªããã°ãªããªããšãïŒãŸãã¯ãã®éïŒã«ãARP ã®è§£æ±ºã«å€±æããŸããARP ãããã³ã«ã®ã
ããã°ãå¯èœã«ããããšã§ãæ¥ç¶æ§ã®æ ¹æ¬çãªåé¡ãæããã«ãªããŸãã
Dec 11 09:44:02.855 EST: IP ARP: creating incomplete entry for IP address: 10.136.103.6 interface Vlan1053Dec 11 09:44:02.855 EST: IP ARP: sent req src 10.136.103.3 000b.4594.1c00, dst 10.136.103.6 0000.0000.0000 Vlan1053Dec 11 09:44:02.855 EST: IP ARP req filtered src 10.136.103.3 000b.4594.1c00, dst 10.136.103.6 0000.0000.0000 it's our address
ãã®åé¡ã解決ããã«ã¯ã次ã®èšå®äŸã«ç€ºãããã«ãSVI å éšãšå€éšã® MAC ã¢ãã¬ã¹ãæåã§èš
å®ããããšãæšå¥šããŸãã
S1/D1interface Vlan903 description Firewall_Inside_Red mac-address 0000.0000.0903!interface Vlan1053 description Firewall_Outside_Red mac-address 0000.0000.1053
S2/D2interface Vlan903 description Firewall_Inside_Red mac-address 0000.0001.0903!interface Vlan1053 description Firewall_Outside_Red mac-address 0000.0001.1053
ç¹å®ã®èšå®ãšèšèšã®èæ ®äºé ã¯ãã«ãŒãã£ã³ã° ãã¢ãªã³ã°ã®ç¢ºç«ã§äœ¿çšããŠããã«ãŒãã£ã³ã° ããã
ã³ã«ã«ãã£ãŠç°ãªãã次ã®ã»ã¯ã·ã§ã³ã§èª¬æããŸãã
VRF ããã³ãã¥ãŒãžã§ã³ ã«ãŒã¿éã§ã® EIGRP ã®äœ¿çš
2 ãã£ã¢é 眮ã¢ãã«ã§ã® EIGRP ã»ã¯ã·ã§ã³ã§èª¬æãããã¹ãŠã®èæ ®äºé ã¯ãã·ã³ã°ã« ãã£ã¢ ã·ããªãª
ã§ãæå¹ã§ããçæãã¹ãå¯äžã®ç¹ã¯ããã¥ãŒãžã§ã³ VRF ãšå€éš VRF ã®ã«ãŒãã£ã³ã° ã€ã³ã¹ã¿ã³ã¹
ãåãããã€ã¹ã§æå¹ã«ãªã£ãŠããã次ã«ç€ºãèšå®ã«ã€ãªããïŒS1/D1 ããã€ã¹ã§æå¹ïŒããšã§ãã
S1/D1router eigrp 100!address-family ipv4 Red network 10.0.0.0 no auto-summary autonomous-system 100 eigrp router-id 10.136.203.1 exit-address-family ! address-family ipv4 vrf fusion redistribute static metric 200000 100 255 1 1500 network 10.0.0.0 distribute-list Default out Vlan903 no auto-summary
68ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
autonomous-system 100 eigrp router-id 10.136.200.1 exit-address-family
SVI å ã®ãã¡ã€ã¢ãŠã©ãŒã«ã®äžèšã®äŸã«ç€ºãããã«ãåãç©æ¥µç㪠EIGRP ã¿ã€ããŒèšå®ã¯ããã®ã±ãŒ
ã¹ã§ãæšå¥šãããŸãã
S1/D1interface Vlan903 mac-address 0000.0000.0903 ip vrf forwarding Red ip address 10.136.103.6 255.255.255.0 ip hello-interval eigrp 100 1 ip hold-time eigrp 100 3
EIGRP ãããã³ã«ãããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§å®è¡ããããã¡ã€ã¢ãŠã©ãŒã«ãéããŠäžåºŠèªåç
ã«èš±å¯ããã2 ãã£ã¢ ã¢ãã«ã®ã»ã¯ã·ã§ã³ã§èª¬æãã ethertype ACL ãã€ã³ã¿ãŒãã§ã€ã¹ã®å éšãšå€éš
ã«é©çšãããããã次ã«ç€ºãããã«ãEIGRP ã®é£æ¥æ§ããã¥ãŒãžã§ã³ VRF ãšå€éš VRF éã§ç¢ºç«ãã
ãŸãã
S1/D1S1/D1#sh ip eigrp vrf Red neighbors IP-EIGRP neighbors for process 100H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num4 10.136.103.2 Vl1053 2 15:45:20 1 200 0 4743 10.136.103.6 Vl1053 2 15:47:41 4 200 0 222 10.136.103.5 Vl1053 2 15:47:41 1 200 0 11941 10.136.0.34 Te1/1.332 14 15:47:42 214 1284 0 5980 10.136.0.38 Te1/2.432 11 15:47:42 137 822 0 41752890S1/D1#sh ip eigrp vrf fusion neighbors IP-EIGRP neighbors for process 100H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num3 10.136.200.2 Vl200 12 00:00:04 521 3126 0 12052 10.136.103.2 Vl903 2 15:48:04 2 200 0 4751 10.136.103.3 Vl903 2 15:50:26 1 200 0 410 10.136.103.5 Vl903 2 15:50:26 1 200 0 1204
S2/D2S2/D2#sh ip eigrp vrf Red neighbors IP-EIGRP neighbors for process 100H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num2 10.136.103.6 Vl1053 2 15:49:00 4 200 0 311 10.136.103.3 Vl1053 2 15:49:00 3 200 0 410 10.136.103.5 Vl1053 2 15:49:00 4 200 0 12044 10.136.0.30 Te1/2.332 12 1d10h 1 200 0 417528893 10.136.0.36 Te1/1.432 12 1d10h 1 200 0 596S2/D2#sh ip eigrp vrf fusion neighbors IP-EIGRP neighbors for process 100H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num3 10.136.200.1 Vl200 11 00:02:32 1 200 0 300 10.136.103.2 Vl903 2 15:50:32 4 200 0 4732 10.136.103.3 Vl903 2 15:52:54 170 1020 0 411 10.136.103.6 Vl903 2 15:52:54 137 822 0 31
69ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å€éš VRFãäºãã«ãã¢ãªã³ã°ãããæ¹æ³ãšãSVI 1053 ãéããŠãã¥ãŒãžã§ã³ VRF ãšãã¢ãªã³ã°ãã
ãæ¹æ³ã«æ³šç®ããŠãã ãããTen1/1 ããã³ Ten1/2 ãå®çŸ©ããŠããé 眮æžã¿ã®ã«ãŒããã ãªã³ã¯ãéã
ãŠãã³ã¢ã«é 眮ãããŠããããã€ã¹ã«ããã¢ãªã³ã°ãããŠããŸããåæã«ããã¥ãŒãžã§ã³ VRF ã¯äºã
ã«ãã¢ãªã³ã°ãããŠãããSVI 903 ãéããŠå€éš VRF ãšããã¢ãªã³ã°ãããŠããŸãããŸããSVI 200 ãéããŠçŽæ¥ãã¢ãªã³ã°ãããŠããŸãããã®ã¬ã€ã€ 3 ãã¢ãªã³ã°ã«ã¯ãç¹å®ã®é害ã·ããªãªã§åã«ãŒ
ãã£ã³ã°ãæäŸããããšãèŠæ±ãããŸãã
ïŒæ³šïŒ èšå®ããã³èšèšäžã®æšå¥šäºé ã®è©³çŽ°ã«ã€ããŠã¯ã2 ãã£ã¢é 眮ã¢ãã«ã® EIGRP ã®ã»ã¯ã·ã§ã³ãåç §ã
ãŠãã ããã
VRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã§ã® OSPF ã®äœ¿çš
EIGRP ã®å Žåãšåæ§ã«ãOSPFã§ãã»ãšãã©ã®èšå®æé 㯠2 ãã£ã¢é 眮ã®ãã®ãšåãã§ããç¹°ãè¿ã
ãŸããããã¥ãŒãžã§ã³ VRF ãš å€éš VRF ã«é¢é£ã¥ãããã OSPF ããã»ã¹ã¯ã次ã«ç€ºãããã«ãåã
ããã€ã¹å ã§æå¹ãšãªããŸãïŒãã®èšå®äŸã¯ S1/D1 ããã€ã¹ã§æå¹ãªãã®ã§ãïŒã
S1/D1router ospf 4 vrf Red router-id 10.136.103.1 log-adjacency-changes auto-cost reference-bandwidth 10000 capability vrf-lite timers throttle spf 10 100 5000 timers throttle lsa all 10 100 5000 timers lsa arrival 80 passive-interface default no passive-interface TenGigabitEthernet1/1.342 no passive-interface TenGigabitEthernet1/2.442 no passive-interface Vlan1053 network 10.136.0.0 0.0.255.255 area 136!router ospf 100 vrf fusion router-id 10.136.100.1 log-adjacency-changes auto-cost reference-bandwidth 10000 capability vrf-lite timers throttle spf 10 100 5000 timers throttle lsa all 10 100 5000 timers lsa arrival 80 passive-interface default no passive-interface Vlan903 network 10.136.0.0 0.0.255.255 area 136 default-information originate always metric 10 metric-type 1
SVI å ã®äŸã«ç€ºãããã«ãOSPF ã¿ã€ããŒãç©æ¥µçã«ãã¥ãŒã³ããããšãæšå¥šãããŸãã
interface Vlan903 mac-address 0000.0000.0903 ip vrf forwarding fusion ip address 10.136.103.6 255.255.255.0 ip ospf hello-interval 1
EIGRP ãããã³ã«ãšã¯ç°ãªããOSPF ãã±ããã¯ãEtherType ACL ã§ã¯ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§
å®è¡äžã®ãã¡ã€ã¢ãŠã©ãŒã«ãééã§ããªãããšã«æ³šæããŠãã ããã次ã«ç€ºãããã«ãOSPF ããã¡ã€
ã¢ãŠã©ãŒã«ãééã§ããããã«ããã«ã¯ãç¹å®ã® ACE ãå¿ èŠã§ãã
access-list <ACL_NAME> extended permit ospf any any
70ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
äžèšã®èšå®æé ã®çµæãšããŠã次ã«ç€ºãããã«ãOSPF ã®é£æ¥æ§ããã¥ãŒãžã§ã³ VRF ãšå€éš VRF éã§
確ç«ãããŸãã
S1/D1S1/D1 #sh ip ospf 4 neighbor Neighbor ID Pri State Dead Time Address Interface10.136.100.1 1 FULL/DROTHER 00:00:03 10.136.104.6 Vlan105410.136.100.2 1 FULL/DROTHER 00:00:03 10.136.104.5 Vlan105410.136.104.2 1 FULL/DR 00:00:03 10.136.104.2 Vlan105410.136.4.2 1 FULL/BDR 00:00:38 10.136.0.48 TenGigabitEthernet1/2.44210.136.4.1 1 FULL/BDR 00:00:38 10.136.0.44 TenGigabitEthernet1/1.342S1/D1 #sh ip ospf 100 neighbor
Neighbor ID Pri State Dead Time Address Interface10.136.100.2 1 FULL/DR 00:00:03 10.136.200.2 Vlan20010.136.100.2 1 2WAY/DROTHER 00:00:03 10.136.104.5 Vlan90410.136.104.1 1 FULL/BDR 00:00:03 10.136.104.3 Vlan90410.136.104.2 1 FULL/DR 00:00:03 10.136.104.2 Vlan904
S2/D2S2/D2 #sh ip ospf 4 neighbor Neighbor ID Pri State Dead Time Address Interface10.136.100.1 1 FULL/DROTHER 00:00:03 10.136.104.6 Vlan105410.136.100.2 1 FULL/DROTHER 00:00:03 10.136.104.5 Vlan105410.136.104.1 1 FULL/BDR 00:00:03 10.136.104.3 Vlan105410.136.4.2 1 FULL/DR 00:00:36 10.136.0.40 TenGigabitEthernet1/2.34210.136.4.1 1 FULL/DR 00:00:36 10.136.0.46 TenGigabitEthernet1/1.442 S2/D2 #sh ip ospf 100 neighbor Neighbor ID Pri State Dead Time Address Interface10.136.100.1 1 FULL/BDR 00:00:03 10.136.200.1 Vlan20010.136.100.1 1 2WAY/DROTHER 00:00:03 10.136.104.6 Vlan90410.136.104.1 1 FULL/BDR 00:00:03 10.136.104.3 Vlan90410.136.104.2 1 FULL/DR 00:00:03 10.136.104.2 Vlan904
å€éš VRFãäºãã«ãã¢ãªã³ã°ãããæ¹æ³ãšãSVI 1053 ãéããŠãã¥ãŒãžã§ã³ VRF ãšãã¢ãªã³ã°ãã
ãæ¹æ³ã«æ³šç®ããŠãã ãããäžèšã®äŸã«ãã Ten1/1 ããã³ Ten1/2 ã®ãµãã€ã³ã¿ãŒãã§ã€ã¹ãéããŠã
ã³ã¢ã«é 眮ãããŠããããã€ã¹ã«ããã¢ãªã³ã°ãããŠããŸãã
ãã¥ãŒãžã§ã³ VRF ã¯äºãã«ãã¢ãªã³ã°ãããŠãããSVI 903 ãéããŠå€éš VRF ãšããã¢ãªã³ã°ãããŠ
ããŸããSVI 200 ãéããŠãäºãã«ãã¢ãªã³ã°ãããŠããŸããç¹°ãè¿ããŸããããã®ã¬ã€ã€ 3 ãã¢ãªã³
ã°ã¯ãç¹å®ã®é害埩æ§ã·ããªãªã®ããšã§å¿ èŠãšãªããŸãã
ïŒæ³šïŒ èšå®ããã³èšèšäžã®æšå¥šäºé ã®è©³çŽ°ã«ã€ããŠã¯ã2 ãã£ã¢é 眮ã¢ãã«ã® OSPF ã®ã»ã¯ã·ã§ã³ãåç §ããŠ
ãã ããã
VRF ããã³ãã¥ãŒãžã§ã³ ã«ãŒã¿éã§ã® eBGP ã®äœ¿çš
ãã¥ãŒãžã§ã³ ã«ãŒã¿ããã¡ã€ã¢ãŠã©ãŒã«ãããã³ VRF ãã·ã³ã°ã« ããã¯ã¹ã«éçŽããããšã§ãeBGP ãå©çšããŠããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãå šäœã§ã«ãŒãã£ã³ã° ãã¢ãªã³ã°ã確ç«ãããšããèå³æ·±
ã課é¡ãããããããŸãã
eBGP ãã·ã³ã°ã« ããã¯ã¹ ã·ããªãªã§æ©èœãããã«ã¯ã次㮠2 ã€ã®å ·äœçãªæ©èœãå¿ èŠãšãªããŸãã
⢠VRF ã¢ãã¬ã¹ ãã¡ããªããšã«åå¥ã® BGP ã«ãŒã¿ ID ãæäŸããã
71ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
⢠åãããã€ã¹ã§åå¥ã® BGP ã«ãŒã¿ ããã»ã¹ãæäŸããŠãeBGP ã»ãã·ã§ã³ã確ç«ããã
ïŒæ³šïŒ ããã©ã«ãã§ã¯ãCisco IOS ã¯ãåãããã€ã¹ã§è€æ°ã® BGP ããã»ã¹ãäœæã§ããŸããã
ãœãããŠã§ã¢ ãªãªãŒã¹ 12.2(33)SXH ãæ°ãã«æèŒãã Catalyst 6500 ãã©ãããã©ãŒã ã®æ°æ©èœã§ã¯ã
äžèšã®äž¡æ¹ã®èŠä»¶ãæäŸãããŸããeBGP ã®é£æ¥æ§ããã¡ã€ã¢ãŠã©ãŒã«å šäœã§ç¢ºç«ããã®ã«å¿ èŠãªèšå®
ãã次ã«ç€ºããŸãã
S1/D1router bgp 100 timers bgp 2 10 ! address-family ipv4 vrf Red neighbor 10.136.103.5 remote-as 101 neighbor 10.136.103.5 local-as 200 no-prepend replace-as neighbor 10.136.103.5 activate neighbor 10.136.103.6 remote-as 101 neighbor 10.136.103.6 local-as 200 no-prepend replace-as neighbor 10.136.103.6 activate maximum-paths 2 no synchronization bgp router-id 10.136.200.1 exit-address-family!address-family ipv4 vrf fusion neighbor 10.136.103.2 remote-as 200 neighbor 10.136.103.2 local-as 101 no-prepend replace-as neighbor 10.136.103.2 activate neighbor 10.136.103.2 default-originate route-map default_only neighbor 10.136.103.2 route-map default_only out neighbor 10.136.103.3 remote-as 200 neighbor 10.136.103.3 local-as 101 no-prepend replace-as neighbor 10.136.103.3 activate neighbor 10.136.103.3 default-originate route-map default_only neighbor 10.136.103.3 route-map default_only out neighbor 10.136.103.5 remote-as 100 neighbor 10.136.103.5 activate maximum-paths 2 no synchronization bgp router-id 10.136.100.1 exit-address-family
S2/D2router bgp 100 timers bgp 2 10 ! address-family ipv4 vrf Red neighbor 10.136.103.5 remote-as 101 neighbor 10.136.103.5 local-as 200 no-prepend replace-as neighbor 10.136.103.5 activate neighbor 10.136.103.6 remote-as 101 neighbor 10.136.103.6 local-as 200 no-prepend replace-as neighbor 10.136.103.6 activate maximum-paths 2 no synchronization bgp router-id 10.136.200.2 exit-address-family ! address-family ipv4 vrf fusion neighbor 10.136.103.2 remote-as 200
72ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
neighbor 10.136.103.2 local-as 101 no-prepend replace-as neighbor 10.136.103.2 activate neighbor 10.136.103.2 default-originate route-map default_only neighbor 10.136.103.2 route-map default_only out neighbor 10.136.103.3 remote-as 200 neighbor 10.136.103.3 local-as 101 no-prepend replace-as neighbor 10.136.103.3 activate neighbor 10.136.103.3 default-originate route-map default_only neighbor 10.136.103.3 route-map default_only out neighbor 10.136.103.6 remote-as 100 neighbor 10.136.103.6 activate maximum-paths 2 no synchronization bgp router-id 10.136.100.2 exit-address-family
äžèšã®èšå®äŸïŒããã§ãæå¹ãª 2 ãã£ã¢ ã¢ãã«ã® eBGP ã»ã¯ã·ã§ã³ã§è¡ã£ããã®ã«è¿œå ãããã®ïŒã«
é¢ããŠã¯ãããã€ãã®éèŠãªèæ ®äºé ããããŸãã
⢠ã·ã³ã°ã« BGP ããã»ã¹ïŒã«ãŒã¿ bgp 100ïŒãèšå®ãããŠããã«ããããããããã®ç®çã¯ãã¥ãŒ
ãžã§ã³ VRF ãš Red VRF é㧠eBGP ã»ãã·ã§ã³ã確ç«ããããšã«ãããããBGP ãã€ããŒã¯ã2 ã€ã®ç°ãªã AS çªå·ïŒ101 ãš 200ïŒã䜿çšããŠèšå®ãããŠããŸãããããæ©èœãããããã«ã¯ã
BGP ããã¥ã¢ã« AS èšå®ããµããŒãããŠããå¿ èŠããããŸããããã¯ãlocal-as ã³ãã³ãã䜿çšã
ãããšã§å¯èœã«ãªããŸãããã®çµæãRed VRF ã® BGP ã€ã³ã¹ã¿ã³ã¹ãããªã¢ãŒã AS 101 ã®ã·ã¹
ãã ã䜿çšã㊠eBGP ãã€ããŒã確ç«ããããšããŸãããããŒã«ã« AS 200 ã®ãã€ããŒã·ããèŠæ±
ãåãå ¥ããŸãããã¥ãŒãžã§ã³ VRF ã® BGP ã€ã³ã¹ã¿ã³ã¹ã§ã¯ããã®éããŸãæå¹ã§ãã
ïŒæ³šïŒ BGP ã®ãã¥ã¢ã« AS èšå®ã®ãµããŒãã®è©³çŽ°ã«ã€ããŠã¯ã次㮠URL ãåç §ããŠãã ãããhttp://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gtbgpdas.html
⢠åå¥ã® BGP ã«ãŒã¿ ID ãããã¥ãŒãžã§ã³ VRF ãš Red VRF ã¢ãã¬ã¹ ãã¡ããªã§èšå®ãããŸãã
⢠eBGP ã»ãã·ã§ã³ããå³ 35 ã«ç€ºãèšèšæ¹éã«åŸã£ãŠããã¥ãŒãžã§ã³ VRF ãšå€éš VRF éã§ãã«
ã¡ãã·ã¥æ¹åŒã§ç¢ºç«ãããŸãã
⢠ãã¥ãŒãžã§ã³ VRF éã§ããã« iBGP ãã¢ãªã³ã°ã確ç«ãããŸããããã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ã
å ±æãµãŒãã¹ ãšãªã¢ãšã®çŽæ¥æ¥ç¶ãåããŠããŸããããªé害ã·ããªãªã«ãããŠãåã«ãŒãã£ã³ã°
æ©èœãæäŸããã®ã«å¿ èŠã§ãããã® iBGP ãã¢ãªã³ã°ã確ç«ããããã«æå®ããã AS çªå·ãã
ããã¯ã¹ïŒAS 100ïŒã§èšå®ããã å šäœç㪠BGP ããã»ã¹ãšåããã®ã§ããããšã«æ³šç®ããŠãã ã
ãã
次ã«ç€ºãããã«ãeBGP ãã¢ãªã³ã° ã»ãã·ã§ã³ãæ£åžžã«ç¢ºç«ãããåã«ããããã®ãã±ããããã¡ã€
ã¢ãŠã©ãŒã«ãéããŠèš±å¯ãããå¿ èŠããããŸãã
access-list <ACL_NAME> extended permit tcp any any eq bgp
äžèšã®èšå®æé ã®çµæãšããŠã次ã«ç€ºãããã«ããã¥ãŒãžã§ã³ VRF ãšå€éš VRF é㧠eBGP ã»ãã·ã§
ã³ã確ç«ãããŸãã
S1/D1S1/D1#sh ip bgp vpnv4 vrf Red summary BGP router identifier 10.136.200.1, local AS number 100<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.136.103.5 4 101 29782 29805 3441362 0 0 16:56:28 110.136.103.6 4 101 29780 29805 3441362 0 0 16:56:29 1S1/D1#sh ip bgp vpnv4 vrf fusion summaryBGP router identifier 10.136.100.1, local AS number 100<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
73ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
10.136.103.2 4 200 29906 29891 3453884 0 0 17:00:16 3910.136.103.3 4 200 29916 29891 3453884 0 0 17:00:17 3910.136.103.5 4 100 1451545 1351372 3453884 0 0 17:00:11 103
S2/D2S2/D2#sh ip bgp vpnv4 vrf Red summaryBGP router identifier 10.136.200.2, local AS number 100<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.136.103.5 4 101 40920 41092 3533870 0 0 17:16:42 110.136.103.6 4 101 40292 40505 3533870 0 0 17:09:24 1S2/D2#sh ip bgp vpnv4 vrf fusion summaryBGP router identifier 10.136.100.2, local AS number 100<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.136.103.2 4 200 105398 105151 3538990 0 0 17:18:15 3910.136.103.3 4 200 194634 194165 3538990 0 0 17:10:57 3910.136.103.6 4 100 8935809 9021284 3538990 0 0 17:10:53 104
äžèšã§èª¬æããããã«ããªã¢ãŒã AS 101 ã§ã®å Žåãšåæ§ã«ãå€éš VRF ããã¥ãŒãžã§ã³ VRF ãšãã¢ãª
ã³ã°ãããŠããŸããåæã«ãAS 200 ã§ã®å Žåãšåæ§ã«ããã¥ãŒãžã§ã³ VRF ã¯å€éš VRF ãšããã¢ãªã³
ã°ãããŠããŸãããã¥ãŒãžã§ã³ VRF éã® iBGP ãã¢ãªã³ã°ãã代ããã« AS 100ïŒãçã®ã BGP ASïŒã
䜿çšããŠå®è¡ãããŸãã
ïŒæ³šïŒ èšå®ããã³èšèšäžã®æšå¥šäºé ã®è©³çŽ°ã«ã€ããŠã¯ã2 ãã£ã¢é 眮ã¢ãã«ã® eBGP ã®ã»ã¯ã·ã§ã³ãåç §ããŠ
ãã ããã
ã«ãŒããã ã¢ãŒãã§é 眮ããããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ã
ãã¥ã¢ã« ãã£ã¢é 眮ã¢ãã«ã§èª¬æãããã®ãšåæ§ã«ããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããã«ãŒããã ã¢ãŒãã§é 眮ããå Žåã«ã¯ãå³ 37 ã«ç€ºããããã«ãeBGP ãæšå¥šãããŸãã
74ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 37 ã«ãŒããã ã¢ãŒãã§ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ããšã®ã«ãŒãã£ã³ã° ãã¢ãªã³ã°
ã·ã³ã°ã« ãã£ã¢ ã·ããªãªã§ã®å¯Ÿå¿ãããå§ãã®é 眮ã¢ãã«ãå³ 38 ã«ç€ºããŸãã
RedVPN
GreenVPN
YellowVPN
L3L3 L3
eBGP
2262
65
75ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
å³ 38 ã«ãŒããã ã¢ãŒãã§ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã®äŸ
å³ 38 ãã次ã®èæ ®äºé ãå°ãããŸãã
⢠åãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã¯ããããã¯ãŒã¯å ã§ã«ãŒããã ãããã«ãªããŸããããã¯ã
VLAN ã®å éšããã³å€éšã®ãã¡ã€ã¢ãŠã©ãŒã«ãç°ãªã 2 ã€ã® IP ãµããããã«å±ããããã«ãªãã
ãšãæå³ããŸãã
⢠HSRP ã¯ã é©ãª First Hop Redundancy Protocol ã§ã次ã®ã€ã³ã¿ãŒãã§ã€ã¹çšã«ä»®æ³ã²ãŒããŠã§
ã€æ©èœãæäŸããã®ã«å©çšãããŸãã
â å ±æãµãŒãã¹ ãµããããïŒVLAN 32ïŒïŒããã¯ããã¥ãŒãžã§ã³ ããã€ã¹ã«çŽæ¥æ¥ç¶ãããŠã
ããµããããå ã«å ±æãµãŒãã¹ãé 眮ãããŠããããšãåæã§ãã
â ãµããããå ã®ãã¡ã€ã¢ãŠã©ãŒã«ïŒRed VPN ã«ã¯ VLAN 903ãGreen VPN ã«ã¯ VLAN 904ïŒã
â ãµããããå€ã®ãã¡ã€ã¢ãŠã©ãŒã«ïŒRed VPN ã«ã¯ VLAN 1053ãGreen VPN ã«ã¯ VLAN 1054ïŒã
⢠ãã¥ãŒãžã§ã³ VRF ã¯ã«ãŒããã ãªã³ã¯ã«æ¥ç¶ããããŸãŸã§ããããã¯ãç¹å®ã®é害æ¡ä»¶ã®ããšã§
ãã©ãã£ãã¯ã®åã«ãŒãã£ã³ã°ã«äœ¿çšãããã¬ã€ã€ 3 ãã¹ãæäŸããããã®ãã®ã§ãã
.3
.3
.2
.2
S1/D1 S2/D2
VLAN 903 10.136.113.0/24 VLAN 904 10.136.114.0/24
VLAN 1054 10.136.104.0/24VLAN 1053 10.136.103.0/24
HSRP VIP .1VLAN 903 904
HSRP VIP .1VLAN 1053 1054
.3 .2.3 .2
VLAN 32 10.136.32.0/24
HSRP VIP .1
10.136.200.0/30.1 .2
Red VPN
Green VPN
.5
.5
.5
.5
.4
.4
.4
.4
2262
76
76ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
é©ãªã«ãŒãã£ã³ã° ãããã³ã«ãééã§ããããã«åãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãäžã®ããªã·ãŒã
é©åã«é 眮ãããŠããå Žåã«ã¯ïŒeBGP ã«å¿ èŠãªèšå®ã¯ããã®ããã¥ã¢ã«ã®ãããã³ã«ç¹æã®ã»ã¯ã·ã§
ã³ã§åŸã»ã©èª¬æãããŸãïŒãå³ 35 ã«ç€ºãããã«ãå VRF ãäž¡æ¹ã® ãã¥ãŒãžã§ã³ VRF ãšãã¢ãªã³ã°ã
ãŸãã
次ã®ã»ã¯ã·ã§ã³ã§ã¯ãeBGP ã®é 眮ã«é¢ããç¹å®ã®èšèšãšèšå®äžã®èæ ®äºé ã«ã€ããŠèª¬æãããããŸã§
ã«èª¬æããŠãããã¹ãŠã®é害ã·ããªãªã®ã³ã³ããŒãžã§ã³ã¹çµæãäžèŠ§ããŸãã
VRF ããã³ãã¥ãŒãžã§ã³ ã«ãŒã¿éã§ã® eBGP ã®äœ¿çš
ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã®ãã¡ã€ã¢ãŠã©ãŒã«é 眮ã§ãã§ã«èª¬æãããã·ã³ã°ã« ãã£ã¢ã® eBGP é 眮
ã®åã課é¡ããããã§ãçŸããŸããVRF ããšã®åå¥ BGP ã«ãŒã¿ã®äœ¿çšãšãBGP ã«ãããã¥ã¢ã« AS èšå®ã®ãµããŒãã«åºã¥ãåããœãªã¥ãŒã·ã§ã³ããã«ãŒããã ã¢ãŒãã§æ©èœãããã¡ã€ã¢ãŠã©ãŒã«ã§ã
å©çšã§ããŸãã察å¿ããèšå®ããäžèšã§åŒ·èª¿è¡šç€ºãããŠããŸãã
S1/D1router bgp 100 timers bgp 2 10 ! address-family ipv4 vrf Red neighbor 10.136.103.2 remote-as 101 neighbor 10.136.103.2 local-as 200 no-prepend replace-as neighbor 10.136.103.2 ebgp-multihop 2 neighbor 10.136.103.2 activate neighbor 10.136.103.3 remote-as 101 neighbor 10.136.103.3 local-as 200 no-prepend replace-as neighbor 10.136.103.3 ebgp-multihop 2 neighbor 10.136.103.3 activate maximum-paths 2 no synchronization bgp router-id 10.136.206.1 exit-address-family!address-family ipv4 vrf fusion neighbor 10.136.103.2 remote-as 100 neighbor 10.136.103.2 activate neighbor 10.136.113.2 remote-as 200 neighbor 10.136.113.2 local-as 101 no-prepend replace-as neighbor 10.136.113.2 ebgp-multihop 2 neighbor 10.136.113.2 activate neighbor 10.136.113.2 default-originate route-map default_only neighbor 10.136.113.2 route-map default_only out neighbor 10.136.113.3 remote-as 200 neighbor 10.136.113.3 local-as 101 no-prepend replace-as neighbor 10.136.113.3 ebgp-multihop 2 neighbor 10.136.113.3 activate neighbor 10.136.113.3 default-originate route-map default_only neighbor 10.136.113.3 route-map default_only out maximum-paths 2 no synchronization bgp router-id 10.136.100.1 exit-address-family
S2/D2router bgp 100 timers bgp 2 10 ! address-family ipv4 vrf Red neighbor 10.136.103.2 remote-as 101 neighbor 10.136.103.2 local-as 200 no-prepend replace-as neighbor 10.136.103.2 ebgp-multihop 2
77ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥
neighbor 10.136.103.2 activate neighbor 10.136.103.3 remote-as 101 neighbor 10.136.103.3 local-as 200 no-prepend replace-as neighbor 10.136.103.3 ebgp-multihop 2 neighbor 10.136.103.3 activate maximum-paths 2 no synchronization bgp router-id 10.136.200.2 exit-address-family ! address-family ipv4 vrf fusion neighbor 10.136.103.3 remote-as 100 neighbor 10.136.103.3 activate neighbor 10.136.113.2 remote-as 200 neighbor 10.136.113.2 local-as 101 no-prepend replace-as neighbor 10.136.113.2 ebgp-multihop 2 neighbor 10.136.113.2 activate neighbor 10.136.113.2 default-originate route-map default_only neighbor 10.136.113.2 route-map default_only out neighbor 10.136.113.3 remote-as 200 neighbor 10.136.113.3 local-as 101 no-prepend replace-as neighbor 10.136.113.3 ebgp-multihop 2 neighbor 10.136.113.3 activate neighbor 10.136.113.3 default-originate route-map default_only neighbor 10.136.113.3 route-map default_only out maximum-paths 2 no synchronization bgp router-id 10.136.100.2 exit-address-family
äžèšã®èšå®ã® çµçµæã¯ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§ã®é 眮ã®ã±ãŒã¹ãšåæ§ã«ãeBGP ãã¢ãªã³ã°
ã®ç¢ºç«ãšãªããŸãã
S1/D1S1/D1#sh ip bgp vpnv4 vrf Red summary BGP router identifier 10.136.200.1, local AS number 100<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.136.106.2 4 101 33549 1195471 3879287 0 0 03:32:54 110.136.106.3 4 101 33559 1195843 3879287 0 0 03:33:19 1S1/D1#sh ip bgp vpnv4 vrf fusion summaryBGP router identifier 10.136.100.1, local AS number 100<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.136.106.2 4 100 1632771 1520788 3886064 0 0 19:08:03 10410.136.116.2 4 200 1205825 33618 3886095 0 0 03:35:10 3910.136.116.3 4 200 1197863 33624 3886095 0 0 03:35:24 39
S2/D2S2/D2#sh ip bgp vpnv4 vrf Red summaryBGP router identifier 10.136.200.2, local AS number 100<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.136.106.2 4 101 37514 1217035 3943814 0 0 03:34:45 110.136.106.3 4 101 37227 1213227 3943814 0 0 03:35:55 1S2/D2#sh ip bgp vpnv4 vrf fusion summaryBGP router identifier 10.136.100.2, local AS number 100<snip>Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.136.106.3 4 100 4255452 4368163 3945041 0 0 19:09:09 10410.136.116.2 4 200 5509274 186755 3945069 0 0 03:35:07 3810.136.116.3 4 200 5239082 174719 3945069 0 0 03:36:06 38
78ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»
ïŒæ³šïŒ èšå®ããã³èšèšäžã®æšå¥šäºé ã®è©³çŽ°ã«ã€ããŠã¯ã2 ãã£ã¢é 眮ã¢ãã«ã® eBGP ã®ã»ã¯ã·ã§ã³ãåç §ããŠ
ãã ããã
ã·ã³ã°ã« ãã£ã¢ã®å®è£ ïŒæŠèŠãšèšèšã®æšå¥šäºé
説æããã·ã³ã°ã« ãã£ã¢é 眮ã¢ãã«ã¯ããã¹ãŠã®æ©èœïŒãã¥ãŒãžã§ã³ ã«ãŒãã£ã³ã°ããã¡ã€ã¢ãŠã©ãŒ
ã« ãµãŒãã¹ãVRF çµäºïŒãåç¬ã®ç©çããã€ã¹ã§ç¶æããå°èŠæš¡ã®é 眮ã§æšå¥šããããã®ã§ãéçšé¢
ã§ã®å®çŸæ§ãä¿ãããŠããŸãã2 ãã£ã¢ ã·ããªãªã®å Žåãšåæ§ã«ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒããŸãã¯
ã«ãŒããã ã¢ãŒãã§æ©èœããäž¡æ¹ã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãããµããŒãããããšãå¯èœã§ã次
ã§ç°¡åã«èª¬æããããã«ã2 ã€ã®ã·ããªãªã§åãã«ãŒãã£ã³ã° ãããã³ã«ã䜿çšã§ããŸãã
⢠ãã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã®ãã¡ã€ã¢ãŠã©ãŒã«ïŒEIGRPãOSPFããŸã㯠eBGP
⢠ã«ãŒããã ã¢ãŒãã®ãã¡ã€ã¢ãŠã©ãŒã«ïŒeBGP
é 眮ã®èŠ³ç¹ããã¯ããã®ã·ã³ã°ã« ããã¯ã¹å®è£ ã«åºæã® 2 ã€ã®ãã€ã³ãããããŸãã
⢠ãµããããå ãšãµããããå€ã®ãã¡ã€ã¢ãŠã©ãŒã«ã§å®çŸ©ãããŠãã VLAN ã€ã³ã¿ãŒãã§ã€ã¹ã® MAC ã¢ãã¬ã¹ã¯ãæåã§èšå®ããå¿ èŠããããŸããããã¯ãããã©ã«ãã§åã MAC ã¢ãã¬ã¹ã
å®çŸ©ãããŠãããã¹ãŠã® SVI ã«å²ãåœãŠããç¹å®ã® Catalyst ã®åäœã«å¯Ÿå¿ããããã«å¿ èŠãªãã®
ã§ãã
⢠ãµãŒãã¹ã®ã«ãŒãã£ã³ã° ãšããžãšã㊠eBGP ã䜿çšããå Žåã¯ã2 ã€ã®è¿œå æ©èœãèšå®ããŠãåã
ç©çããã€ã¹ã§å®çŸ©ãããŠãã VRF é㧠eBGP ãã¢ãªã³ã°ãæ£åžžã«ç¢ºç«ããããã€ãŸããVRF ããšã®åºæã® BGP ã«ãŒã ID ãå®çŸ©ãããBGP ã«ãããã¥ã¢ã« AS èšå®ããµããŒããããããã«ã
ãããšãå¿ é ãšãªããŸããã©ã¡ãã®æ©èœããIOS ããŒãžã§ã³ 12.2(33)SXH 以éãå®è¡ãã Catalyst 6500 ãã©ãããã©ãŒã ã§äœ¿çšã§ããŸãã
ã³ã³ããŒãžã§ã³ã¹ã®èŠ³ç¹ããã¯ãã·ã³ã°ã« ãã£ã¢é 眮ã§å®çŸãããçµæã¯ã2 ãã£ã¢ ã¢ãã«ã®ãã®ãš
åæ§ãšãªããŸããããŸããŸãªé害ã·ããªãªïŒãããã®é害ã·ããªãªã®ãµããããã ãããã·ã³ã°ã« ãã£ã¢ ã¢ãã«ã«é©çšãããŸãïŒã®ããšã§ã®çµæã®æŠèŠã«ã€ããŠã¯ãè¡š 1 ãåç §ããŠãã ããã
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»å ±æãµãŒãã¹ã«å¯ŸããŠä¿è·ãããã¢ã¯ã»ã¹ãæäŸããããã®ããµãŒãã¹ ãšããžã«é¢ããè°è«ã¯ãã·ã³
ã°ã« ãµã€ãé 眮ã察象ãšãããã®ãäžå¿ã§ããããã®å Žåã¯ãåé·ãã£ã¹ããªãã¥ãŒã·ã§ã³ ã¹ã€ãã
ãšãµãŒãã¹ ã¹ã€ãããåé·ãã¡ã€ãæ¥ç¶ãåé·ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ãªã©ãå±éããããšã§ã
ãµã€ãå ã®åé·æ§ãæäŸãããŸãã
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãäž»ã«ãµã€ãéã®åé·æ§ãæäŸããå Žåã®èšèšäžã®èæ ®äºé ã«ã€ããŠèª¬æããŸãã
ãã®ã·ããªãªã§ã¯ããµãŒãã¹ ãšããžã®ãã¡ã€ã¢ãŠã©ãŒã«ãééãããã¹ãŠã®ãã©ãã£ã㯠ã¹ããªãŒã
ã察称çãªã«ãŒãã£ã³ã° ãã¹ã«åŸãããã«ãããããªãã¡ããšã³ããã€ã³ããšã®éã§ããåãããã
ãã©ãã£ãã¯ãåããã¡ã€ã¢ãŠã©ãŒã«ãééããŠããã¡ã€ã¢ãŠã©ãŒã« ã€ã³ã¹ãã¯ã·ã§ã³ ããªã·ãŒãã
ã¹ããããã®é æ ®ãå¿ èŠãšãªãããšãæ確ã«ãªããŸãã
ããã©ã«ãã®åé·ãµã€ãèšå®
å³ 39 ã«ã倧èŠæš¡ãªãã£ã³ãã¹ ãããã¯ãŒã¯ã瀺ããŸãããã£ã³ãã¹å šäœã«æ°å€ãã®ãã«ãã£ã³ã°ãå
åšããŠããŸããããã®äŸã®ãã«ãã£ã³ã° -1 ãšãã«ãã£ã³ã° -9 ã¯ããµãŒãã¹ ãšããžæ©èœãæäŸããŠããŸ
ããããããã®å ±æãµãŒãã¹ ãµã€ãã¯ãã·ã³ã°ã« ã«ãŒã¿ãšãåã¯ã©ã€ã¢ã³ã VPN ã®ãã¡ã€ã¢ãŠã©ãŒ
ã«ã瀺ããŠããŸãããå ±æãµãŒãã¹èšèšã¯ããã®ããã¥ã¢ã«ã®åã®ã»ã¯ã·ã§ã³ã§èª¬æãããµã€ãå åé·
79ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»
æ§ã®ã¬ã€ãã³ã¹ã«åŸãå¿ èŠããããŸããããã¯ãRed VPN ãš Green VPN ãåãã«ãŒã¿ãšãã¡ã€ã¢
ãŠã©ãŒã«äžã®ä»®æ³ã€ã³ã¹ã¿ã³ã¹ãšãªããåãµã€ãã«åé·ã«ãŒã¿ãšãã¡ã€ã¢ãŠã©ãŒã«ãé 眮ã§ããããšã
æå³ããŸãã
å ±æãµãŒãã¹ VPN ã¯ãå°çšã®æ¥ç¶ãŸãã¯åããã£ã³ãã¹ ã€ã³ãã©ã¹ãã©ã¯ãã£ã§ä»®æ³åãããæ¥ç¶ã
çµç±ããŠããã«ãã£ã³ã° -1ïŒãµã€ã 1ïŒãšãã«ãã£ã³ã° -9ïŒãµã€ã 2ïŒã®éã«é 眮ã§ããŸããå¯èœãªãª
ãã·ã§ã³ãšããŠãã°ããŒãã« ããŒãã«ïŒããªãã¡ããã©ã«ã VPNïŒã䜿çšããŠãå ±æãµãŒãã¹æ¡åŒµæ©
èœãæäŸããããšãã§ããŸãã
å³ 39 åé·ãµãŒãã¹ ãšããžã®é 眮
ãã¥ãŒãžã§ã³ ã«ãŒã¿ãšãµãŒãã¹ ãšããž ã«ãŒã¿éã®å®éã®ã«ãŒãã£ã³ã°æ¹æ³ã¯ããã§ã¯èª¬æããŸãã
ãã次ã®ç¶æ³ãåççãªåææ¡ä»¶ãšããŠèããããŸãã
â¢ å ±æãµãŒãã¹ VPN ã®äž¡æ¹ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãRed VPN ãš Green VPN ã«å¯ŸããŠã«ãŒããã¢
ããã¿ã€ãºããŸãããã§ã«èª¬æããããã«ãéåžžã¯å®çŸ©ãããå€éš VRF ã«ããã©ã«ã ã«ãŒããã¢
ããã¿ã€ãºããããã«ããã¥ãŒãžã§ã³ ã«ãŒã¿ãèšå®ããŸãããããã®ããã©ã«ã ã«ãŒãã¯ãå®çŸ©
ããã VPN ã«å±ããä»ã®ãã¹ãŠã®ãã£ã³ãã¹ ããã€ã¹ã«å¯ŸããŠã¢ããã¿ã€ãºãããŸãã
⢠å€éš VRF ã¯ãã«ãŒãã£ã³ã°æ å ±ããã¥ãŒãžã§ã³ ã«ãŒã¿ã«ã¢ããã¿ã€ãºãããªã¢ãŒã ãã£ã³ãã¹ ãµããããã«å¯Ÿããæ¥ç¶ãæäŸããŸãã
å ±æãµãŒãã¹ ãµãŒãã¯ãéåžžã¯ãã¥ãŒãžã§ã³ ã«ãŒã¿ã«çŽæ¥æ¥ç¶ãããŠãããµããããäžã«é 眮ãããŸ
ãããã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ããã©ã«ã ã²ãŒããŠã§ã€ãšãªãã次ã®ç¶æ³ãåççã«äºæ³ãããŸãã
VPN
-1
-1
-9
-9
Green Red
2262
77
80ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»
⢠ãã£ã³ãã¹ ã³ã¢ã® VPN ãå®å ãšãããã©ãã£ãã¯ãéä¿¡ãããã«ãã£ã³ã° -1 ã®å ±æãµãŒãã¯ãå€
ãã®å Žåããã«ãã£ã³ã° -1 ã®ãµãŒãã¹ ãšããžã«é 眮ãããŠãããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã
çµç±ããŠããã©ãã£ãã¯ãéä¿¡ããŸãã
⢠ãã£ã³ãã¹ ã³ã¢ã® VPN ãå®å ãšãããã©ãã£ãã¯ãéä¿¡ãããã«ãã£ã³ã° -9 ã®å ±æãµãŒãã¯ãå€
ãã®å Žåããã«ãã£ã³ã° -9 ã®ãµãŒãã¹ ãšããžã«é 眮ãããŠãããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã
çµç±ããŠããã©ãã£ãã¯ãéä¿¡ããŸãã
ããããã®ãµãŒãã¹ ãšããž ã«ãŒã¿ããã®ããã©ã«ã ã«ãŒãã¯ããããã¯ãŒã¯ãéããŠäŒæããã
ãããã£ã³ãã¹ ã³ã¢ã®ãã¹ãŠã®ã«ãŒã¿ã¯ãå ±æãµãŒãã¹ VPN ãžã® å°è² è·ã®ã«ãŒããç¥ãããšã
ã§ããŸãã
⢠ãã©ãã£ãã¯ãå ±æãµãŒãã¹ VPN ã«éä¿¡ãããã£ã³ãã¹ ã³ã¢ã®ã¯ã©ã€ã¢ã³ããŸãã¯ä»ã®ã¯ã©ã€ã¢
ã³ã VPN ã¯ãã¯ã©ã€ã¢ã³ã ããŒã«ã« ã«ãŒã¿ã«èŠãããããã«ã å°è² è·ã®ããã©ã«ã ã«ãŒã ã¡ããªãã¯ã䜿çšããŠããµãŒãã¹ ãšããž ã«ãŒã¿ã«ã«ãŒããããŸãã
é察称ã«ãŒãã£ã³ã° ãã¹ã®èª²é¡
å³ 40 ã¯ãã¯ã©ã€ã¢ã³ããšå ±æãµãŒãã¹éã®ãã©ãã£ãã¯ããç°ãªããã¹ãåãå Žåã®åé¡ã瀺ããŠã
ãŸãã
å³ 40 é察称ã«ãŒãã£ã³ã°ãã¹
VPN
-1
-1
-9
-9
Green Red
1
5
4
3
2
2262
78
81ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»
ãã®äŸã¯ãã¯ã©ã€ã¢ã³ãããã®ãã©ãã£ãã¯ããã¯ã©ã€ã¢ã³ããžã®ãã©ãã£ãã¯ãšã¯ç°ãªããµãŒãã¹ ãšããžã«ã«ãŒããããå Žåã«ããã£ã³ãã¹ ã³ã¢ã®ã¯ã©ã€ã¢ã³ãããå ±æãµãŒãã¹ VPN ã®ãµãŒãã䜿çš
ã㊠TCP ã»ãã·ã§ã³ã確ç«ã§ããªãããšã瀺ããŠããŸãããããèµ·ããã±ãŒã¹ãšããŠæ°å€ãã®ã·ããª
ãªãèããããŸããããã®å ·äœäŸã® 1 ã€ããä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ã
ã¯ãããžãŒã ã«ç€ºããŸãã
1. ãã®äŸã®ã¯ã©ã€ã¢ã³ãããã®ãã©ãã£ãã¯ã¯ããã£ã³ãã¹ ã³ã¢ã®äžéšã§ããã«ãã£ã³ã° -1 ã®ãµãŒ
ãã¹ ãšããžããã®ããã©ã«ã ã«ãŒãã¯ããã«ãã£ã³ã° -9 ããã®ããã©ã«ã ã«ãŒããããäœãã¡ã
ãªãã¯ãæã£ãŠããŸããã¯ã©ã€ã¢ã³ãããã®ãã©ãã£ãã¯ã¯ããã«ãã£ã³ã° -1 ã®ãµãŒãã¹ ãšããž
ãžã®ããã©ã«ã ã«ãŒãã«åŸããŸãã
2. ãã¡ã€ã¢ãŠã©ãŒã«ã¯ãã©ãã£ãã¯ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ããTCP ãã³ãã·ã§ãŒã¯ã®äžéšãšããŠ
ã¯ã©ã€ã¢ã³ãããçºä¿¡ããã SYN ãã±ãããèªèããŸãã
3. ãã«ãã£ã³ã° -1 ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãå ±æãµãŒãã¹ VPN ãããã«ãã£ã³ã° -9 ã®å®å ãµãŒã
ãžã®ãã©ãã£ãã¯ã®ã«ãŒãã£ã³ã°ãè¡ããŸãã
4. ãã«ãã£ã³ã° -9 ã®ãµãŒãã¯ããã«ãã£ã³ã° -9 ã®ããŒã«ã« ãµãŒãã¹ ãšããžãçµç±ããã¯ã©ã€ã¢ã³ã VPN ãžã®ãã©ãã£ãã¯ã®ã«ãŒãã£ã³ã°ãè¡ããŸãã
5. ãã«ãã£ã³ã° -9 ã®ãã¡ã€ã¢ãŠã©ãŒã«ã¯ã¯ã©ã€ã¢ã³ãããã® TCP SYN ãèªèããããµãŒãããçºä¿¡
ããã SYN-ACK ã¡ãã»ãŒãžãç Žæ£ããŠãæ¥ç¶ã確ç«ãããªãããã«ããŸãã
察称ã«ãŒãã£ã³ã° ãã¹ã®ç¢ºä¿
å³ 41 ã«ãã¯ã©ã€ã¢ã³ããšå ±æãµãŒãã¹ ãšãªã¢ã®éã®é察称ã«ãŒãã£ã³ã°ãé²ãããã®ãœãªã¥ãŒã·ã§ã³
ã瀺ããŸãããã®èšèšã®ç®çã¯ããã£ã³ãã¹ ã³ã¢ã®ã¯ã©ã€ã¢ã³ããšå ±æãµãŒãã¹ VPN éã®ãã¹ãŠã®ã
ã±ããããåžžã«åãç©çãµãŒãã¹ ãšããž ãµã€ããçµç±ããŠã«ãŒãã£ã³ã°ãããããã«ããããšã§ãã
ããã«ããããã¡ã€ã¢ãŠã©ãŒã« ã€ã³ã¹ãã¯ã·ã§ã³ãåæ¹åãã©ãã£ãã¯ã確èªããŸãã
ãã®èšèšã§ã¯ããã©ãã£ãã¯ã®ããŒã ãã©ã³ã·ã³ã°ãè¡ããã1 ã€ã®ãµãŒãã¹ ãšããž ãµã€ããååã®
ã«ãŒãã£ã³ã°ãè¡ããä»ã®ãµã€ããæ®ãã®ååã®ã«ãŒãã£ã³ã°ãè¡ããŸãã代æ¿æ¹æ³ãšããŠããã¹ãŠã® VPN ã 1 ã€ã®ãµã€ãã«ã«ãŒãã£ã³ã°ããŠãä»ã®ãµã€ããããã¯ã¢ãããšããŠäœ¿çšããæ¹æ³ããããŸãã
ã©ã¡ãã®ã¢ãããŒããæå¹ã§ããããã®ããã¥ã¡ã³ãã§ã¯ãããŒã ãã©ã³ã¹èšèšã«éç¹ã眮ããŸãã
å³ 41 ã§ã¯ãã«ãŒãã£ã³ã° ãããã³ã«ã次ã®ããã«ãã¥ãŒãã³ã°ãããŠããŸãã
â¢ å ±æãµãŒãã¹ VPN ã¯ããã«ãã£ã³ã° -1 ãçµç±ãã Green VPN ãžã®ãã¹ãã®ã«ãŒããšããã«ãã£
ã³ã° -2 ãçµç±ãã Red VPN ãžã®ãã¹ãã®ã«ãŒããåžžã«æ¢ã£ãŠããŸãã
⢠ãã£ã³ãã¹ ã³ã¢ã¯ããã«ãã£ã³ã° -1 ã®ãµãŒãã¹ ãšããžãçµç±ãã Green VPN ãžã®ããã©ã«ã ã«ãŒããšããã«ãã£ã³ã° -2 ã®ãµãŒãã¹ ãšããžãçµç±ããããã©ã«ã ã«ãŒããåžžã«æ¢ã£ãŠããŸãã
82ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»
å³ 41 察称ã«ãŒãã£ã³ã° ãã¹ã®ç¢ºä¿
ãã©ãã£ã㯠ãããŒã«å¯Ÿãããã®ãã¥ãŒãã³ã°ã®çµæã¯ã次ã®ããã«ãªããŸãã
⢠Green ã¯ã©ã€ã¢ã³ãããã©ãã£ãã¯ããã«ãã£ã³ã° -9 ã®ãµãŒãã«éä¿¡ããŸãããã®ãã©ãã£ãã¯
ã®ããã©ã«ã ã«ãŒããããã©ãã£ãã¯ããã«ãã£ã³ã° -1 ã®ãµãŒãã¹ ãšããžãžãšèªå°ããŸãããã
ããããã©ãã£ãã¯ãå ±æãµãŒãã¹ VPN ãžããããŠå ±æãµãŒãã¹ VPN å ãããã«ãã£ã³ã° -9 ã®ãµãŒããžãšã«ãŒããããŸããå ±æãµãŒãã¹ VPN ã®ã«ãŒã¿ã¯ããã«ãã£ã³ã° -1 ãçµç±ãã Green VPN ãžã® å°è² è·ã®ã«ãŒããæã£ãŠãããã¯ã©ã€ã¢ã³ããžã®ãã¹ãŠã®ãã©ãã£ãã¯ãåããã¹ã
çµç±ããŸãã
⢠ãã¡ã€ã¢ãŠã©ãŒã«ã¯ãåæ¹åãã©ãã£ãã¯ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ãããã« TCP ãã³ãã·ã§ãŒã¯
ãšãã¯ã©ã€ã¢ã³ããšãµãŒãéã§ãã¹ãŠã®ãã±ãããèš±å¯ãããã®ã確èªã§ããŸãã
察称ã«ãŒãã£ã³ã° ãã§ãŒã«ãªãŒããŒ
ãµã€ãå åé·æ§ãé 眮ããããšã§ããµã€ãå ã®ãªã³ã¯ãŸãã¯ããã€ã¹ã®é害ããã®åŸ©æ§ãå¯èœãšãªããŸ
ãããã®ã»ã¯ã·ã§ã³ã§ã¯ããµã€ãå šäœã®é害ã®éã«é害å埩ã®æ©èœãæäŸãããµã€ãå åé·æ§ã«ã€ããŠ
説æããŸãã
ãã®äŸã§ã¯ãå³ 42 ã«ããããã«ãã«ãŒãã£ã³ã° ãããã³ã«ãããã«ãã£ã³ã° -1 ã®ãµãŒãã¹ ãšããžã§
é害ãçºçããå Žåã«ãããã¯ãŒã¯ãçãæ®ãããã«ããæ¹æ³ã確èªã§ããŸãã
VPN
-1
-1
Green
Red
-9
-9
Red
Green
2262
79
83ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»
å³ 42 ãµãŒãã¹ ãšããž ãµã€ãé害
⢠ã¯ã©ã€ã¢ã³ãã¯ããã«ãã£ã³ã° -1 ãšã®éã®ãã¥ãŒãã³ã°ãããã«ãŒãã£ã³ã° ãã¹ã«åŸãããã«
ãã£ã³ã° -9 ã®ã«ãŒã¿ãžã®ã«ãŒãã確ä¿ããŸãããã«ãã£ã³ã° -1 ãžã®ãããã¯ãŒã¯æ¥ç¶ã¯å€±ãããŠ
ããŸãã
⢠ã«ãŒãã£ã³ã° ãããã³ã«ã¯ããã«ãã£ã³ã° -9 ã®å ±æãµãŒãã¹ã§ååæããŸãã
â ãã«ãã£ã³ã° -1 ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ããGreen VPN ãžã®ã«ãŒãã®ã¢ããã¿ã€ãºãåæ¢ã
ãŠã代ããã«ãã«ãã£ã³ã° -9 ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ããã®ã«ãŒãã䜿çšãããŸãã
â ãã«ãã£ã³ã° -1 ã®ãµãŒãã¹ ãšããžã«ãŒã¿ããããã©ã«ã ã«ãŒãã®ã¢ããã¿ã€ãºãåæ¢ããŠã
代ããã«ãã«ãã£ã³ã° -9 ã®ãµãŒãã¹ ãšããž ã«ãŒã¿ã«ãã£ãŠã¢ããã¿ã€ãºãããããã©ã«ã ã«ãŒãã䜿çšãããŸãã
⢠ã¯ã©ã€ã¢ã³ããšã®éã®ã«ãŒãã¯ãã«ãã£ã³ã° -9 ã®ãµãŒãã¹ ãšããžãçµç±ããããã«ãªãããã¡ã€
ã¢ãŠã©ãŒã«ããã©ãã£ãã¯ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ããèš±å¯ã§ããããã«ãªããŸãã
察称ã«ãŒãã£ã³ã° ã¯ã©ã€ã¢ã³ãã®ãã©ãã£ã㯠ãããŒ
å³ 43 ã¯ã察称ãã©ãã£ã㯠ãã¹ã確ä¿ãããããã¥ãŒãã³ã°ãããã«ãŒãã£ã³ã°æ©èœãæã€ãåé·
ãããã¯ãŒã¯ã®åœ¢æãå¯èœãªãã©ãã£ã㯠ãã¿ãŒã³ã瀺ããŸãããã®äŸã§ã¯ãGreen VPN ãš Red VPN ããããŸãã
VPN
-1
-1
Green
Red
-9
-9
Red
Green
1
3
2
2262
80
84ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»
å³ 43 察称ãã©ãã£ã㯠ãããŒ
⢠åã VPN ã®äžéšã§ãããã£ã³ãã¹ ã³ã¢ã®ã¯ã©ã€ã¢ã³ãéã®ãã©ãã£ãã¯ã¯ãVPN å ã«ãŒãã£ã³
ã°ã®å€æŽã®åœ±é¿ãåããŸããã
⢠ç°ãªã VPN ã®ã¯ã©ã€ã¢ã³ãéã®ãã©ãã£ãã¯ã¯ãGreen VPN ãšã®éã®ãã¹ãŠã®ãã©ãã£ãã¯ããµ
ã€ã -1 ãçµç±ããRed VPN ãšã®éã®ãã¹ãŠã®ãã©ãã£ãã¯ããµã€ã -2 ãçµç±ãããããã¥ãŒãã³
ã°ãããŠããŸãã
å³ 43 ã§ã¯ããµã€ã -1 ã® Green ãã¡ã€ã¢ãŠã©ãŒã«ã Green VPN ãšã®éã®ãã¹ãŠã®ãã©ãã£ãã¯ã®ã€ã³
ã¹ãã¯ã·ã§ã³ãè¡ãããµã€ã -2 ã® Red ãã¡ã€ã¢ãŠã©ãŒã«ã Green VPN ãšã®éã®ãã¹ãŠã®ãã©ãã£ãã¯
ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ããŸãã
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšå® ããã¥ã¡ã³ãã®ãã®ã»ã¯ã·ã§ã³ã§ã¯ãã«ãŒãã£ã³ã° ãããã³ã«ã®ãã¥ãŒãã³ã°ã®èšå®ã¬ã€ããšããŠã
æå®ãããã£ã³ãã¹ ã³ã¢ VPN ãšã®éã®ãã©ãã£ãã¯ããåžžã«åããµãŒãã¹ ãšããž ãµã€ãã䜿çšãã
ïŒå¯Ÿç§°ã«ãŒãã£ã³ã° ãã¹ã確ä¿ããïŒæ¹æ³ã説æããŸãã
䜿çšããäž»ãªç¹å®ã®èšå®ã¯ã次㮠2 ã€ã®èŠçŽ ã«ãã£ãŠç°ãªããŸãã
⢠éçšäžã®ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ã ã¢ãŒãïŒãã¡ã€ã¢ãŠã©ãŒã«ããã©ã³ã¹ãã¢ã¬ã³ãïŒãŸã
ã¯ã¬ã€ã€ 2 ããªããžã³ã°ïŒã¢ãŒããŸãã¯ã«ãŒããã ïŒã¬ã€ã€ 3ïŒã¢ãŒãã§é 眮å¯èœã
VPN
-1
-1
Green
Red
-9
-9
Red
Green
1
2262
81
85ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»
⢠å VRF ãšãã¥ãŒãžã§ã³ ã«ãŒã¿éã§ã«ãŒãã亀æããã®ã«äœ¿çšããã«ãŒãã£ã³ã° ãããã³ã«ïŒéçš
äžã®ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãŒãã«ãã£ãŠç°ãªãããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã®ãã¡ã€ã¢ãŠã©ãŒã«ã§
ã¯ãã¹ãŠã®ãªãã·ã§ã³ïŒEIGRPãOSPFãããã³ eBGPïŒã§äœ¿çšã§ããŸãããã«ãŒããã ã¢ãŒãã®
ãã¡ã€ã¢ãŠã©ãŒã«ã§ã¯ãeBGP ãäžè¬çã«æšå¥šã§ããã¢ãããŒããšãªããŸãã
奜ãŸããåäœãå®çŸããå®è£ ã®ããã®é«åºŠãªèšèšååãå³ 43 ã«ç€ºããŸããäžèšã®äŸã§ã¯ããã«ãã£ã³
ã° -1 ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã§æ¬¡ã®ããšãå¿ èŠãšãªããŸãã
⢠Red ãµããããã®å ±æ VPN ã«é«åºŠãªã¡ããªãã¯ãæ¿å ¥ããã
⢠é«åºŠãªã¡ããªãã¯ãæ¿å ¥ããã«ãŒãã Red ãã£ã¹ããªãã¥ãŒã·ã§ã³ VRFïŒéåžžã¯ããã©ã«ã ã«ãŒ
ãã ãããã¥ãŒãžã§ã³ ã«ãŒã¿ãããã£ã¹ããªãã¥ãŒã·ã§ã³ VRF ã«éä¿¡ãããïŒã«ã¢ããã¿ã€ãºã
ãã
ãã«ãã£ã³ã° -9 ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãGreen VRF ã§åãæäœãå®è¡ããŸãã
次ã®ã·ããªãªã§ãEIGRP ããã¥ãŒãžã§ã³ ã«ãŒã¿ãšãã£ã¹ããªãã¥ãŒã·ã§ã³ VRF éã®ã«ãŒãã£ã³ã° ãããã³ã«ãšããŠå©çšãããç¹å®ã®é 眮ã§æå¹ãªã«ãŒãã£ã³ã° ãã¥ãŒãã³ã°ã®äŸã瀺ããŸãããã®å ·äœ
äŸã§ã¯ã次㮠2 ã€ã®åæãå¿ èŠã§ãã
⢠ãã¡ã€ã¢ãŠã©ãŒã«ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã§å±éãããŠããã
⢠EIGRP ããå ±æ VPN å ãŸãã¯åç¹å® VPN ã®ãã£ã³ãã¹å šäœã§äœ¿çšãããã«ãŒãã£ã³ã° ãããã³
ã«ã§ããïŒããªãã¡ãVRF-Lite End-to-End èšèšïŒã
EIGRPïŒã«ãŒã ãã¥ãŒãã³ã°ã§ã®ãªãã»ãããªã¹ãã®äœ¿çš
ãã¡ã€ã¢ãŠã©ãŒã«ããã©ã³ã¹ãã¢ã¬ã³ã ã¢ãŒãã®å Žåã¯ããµãŒãã¹ ãšããž ã«ãŒã¿ãšãã¥ãŒãžã§ã³ ã«ãŒ
ã¿éã®ãã©ãã£ãã¯ãããªããžããŸããããã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ãšãµãŒãã¹ ãšããž ã«ãŒã¿ã®ã«ãŒ
ãã£ã³ã° ãããã³ã«ããé£æ¥é¢ä¿ã確ç«ããã«ãŒãã£ã³ã°ã®æŽæ°å 容ã亀æã§ããããšãæå³ããŸãã
EIGRP ãããã¥ãŒãžã§ã³ ã«ãŒã¿ãš VRF éã®ã«ãŒãã®äº€æãããã³ã«ãšããŠäœ¿çšããã·ããªãªãå³ 44 ã«ç€ºããŸãã
86ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»
å³ 44 EIGRP ãªãã»ãããªã¹ãã®äœ¿çš
次ã®ã»ã¯ã·ã§ã³ã§ã¯ããã¥ãŒãžã§ã³ ã«ãŒãã£ã³ã° ã€ã³ã¹ã¿ã³ã¹äžã®ã«ãŒã¿ ã€ã³ã¿ãŒãã§ã€ã¹ã® 1 ã€ã§
ãªãã»ãããèšå®ããŸãããã¹ãŠã®ã€ã³ã¿ãŒãã§ã€ã¹ã«ãªãã»ãããè¿œå ããŠããã¥ãŒãžã§ã³ ã«ãŒ
ãã£ã³ã° ã€ã³ã¿ãŒãã§ã€ã¹ã§ã®åªå VPN ãæžããå¿ èŠããããŸãããã«ãã£ã³ã° -1 ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãäŸãšããŠèãããšããªãã»ãããªã¹ãããµããããå ã® Red ãã¡ã€ã¢ãŠã©ãŒã«ã«å¯Ÿå¿ãã SVI ãšãå ±æ VPN ã«æ¥ç¶ãããŠããã€ã³ã¿ãŒãã§ã€ã¹ã«é©çšããããšãæå³ããŸãã
1. ãªãã»ãããªã¹ããèšå®ããåã®ãããã¯ãŒã¯èšå®ã¯ã次ã®ããã«ãªããŸãã
次ã®åºåã¯ããããã¯ãŒã¯ ã³ã¢ã®ã«ãŒã¿ããã®ã«ãŒãã£ã³ã° ããŒãã«ã®äžéšã瀺ããŸããããã
ããRed VPN ãš Green VPN ã«ããããã 2 ã€ã®çè² è·ã®ããã©ã«ã ã«ãŒããååšããããšãã
ãããŸãããããã®ããã©ã«ã ã«ãŒãã¯ãããããç°ãªããµã€ãã®ãµãŒãã¹ ãšããž ã«ãŒã¿ãæã
ãŠããŸãã
c1#sh ip route vrf RedRouting Table: Red<...>D*EX 0.0.0.0/0 [170/3072] via 10.1.0.7, 00:00:37, GigabitEthernet1/4.53 [170/3072] via 10.1.0.5, 00:00:37, GigabitEthernet1/3.63c1#sh ip route vrf GreenRouting Table: Green<...>D*EX 0.0.0.0/0 [170/3072] via 10.2.0.7, 00:00:37, GigabitEthernet1/4.54 [170/3072] via 10.2.0.5, 00:00:37, GigabitEthernet1/3.64
2. ãªãã»ãããªã¹ããèšå®ããŸãã
VPN
-1
-1
Green
Red
-9
-9
Red
Green
VPN
Red
VRF
Red
VPN
Green
VRF
Green
2262
82
87ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»
å€æŽãè¡ãæ¹æ³ã瀺ããŸããoffset-list ã³ãã³ããããªãã»ãããé©çšãããã€ã³ã¿ãŒãã§ã€ã¹ã®
ã¢ã¯ã»ã¹ ãªã¹ãã«äžèŽãããããã¯ãŒã¯ã®ã¡ããªãã¯ã«ã1000 ã®æ£ã®ãªãã»ããããè¿œå ããŸ
ããç°ãªããªãã»ãããªã¹ãã以å説æãã 2 ã€ã®ã€ã³ã¿ãŒãã§ã€ã¹ã«é©çšããæ¹æ³ã«æ³šæããŠã
ã ããããã®å Žåãããã©ã«ã ã«ãŒãã¯éåžžãã£ã¹ããªãã¥ãŒã·ã§ã³ VRF ã«ã¢ããã¿ã€ãºããã
ããã§ã¯ãæå®ã®å VPN ã§äœ¿çšå¯èœãªã¢ãã¬ã¹ç©ºéå šäœãå ±æ VPN ã«æ¿å ¥ããå¿ èŠããããŸãã
ãã«ãã£ã³ã° -1 ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿
ip access-list standard Defaultpermit 0.0.0.0!ip access-list standard routes_into_shared_VPNpermit 10.1.0.0 0.0.255.255!router eigrp 100!address-family ipv4 vrf fusion offset-list Default out 1000 VLAN23 offset-list routes_into_shared_VPN out 1000 vlan23
ãã«ãã£ã³ã° -9 ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿
ip access-list standard Defaultpermit 0.0.0.0!ip access-list standard routes_into_shared_VPNpermit 10.2.0.0 0.0.255.255!router eigrp 100!address-family ipv4 vrf fusion offset-list Default out 1000 VLAN24 offset-list routes_into_shared_VPN out 1000 vlan24
ïŒæ³šïŒ äžèšã®äŸã® VLAN 23 ã¯ããµããããå ïŒãã«ãã£ã³ã° -1ïŒã® Red ãã¡ã€ã¢ãŠã©ãŒã«ã«é¢é£ã¥
ããããŠãã SVI ã§ãããã®å ŽåãVLAN 24 ã¯ãµããããå ïŒãã«ãã£ã³ã° -9ïŒã® Green ãã¡ã€ã¢ãŠã©ãŒã«ã«é¢é£ã¥ããããŠãã SVI ãšãªããŸãã10.1.0.0/16 ã¯ãRed VPN ã®ãã£ã³
ãã¹ã§å®çŸ©ãããŠãããã¹ãŠã®ã«ãŒãã®æŠèŠã§ãããã®å Žåã10.2.0.0/16 ã¯ãGreen VPN ã®ãã£ã³ãã¹ã§å®çŸ©ãããŠãããã¹ãŠã®ã«ãŒãã®æŠèŠãšãªããŸãã
3. ãªãã»ãããªã¹ãèšå®ã®çµæã¯ã次ã®ããã«ãªããŸãã
ããã¯ãå€æŽãè¡ãããåŸã®ãããã¯ãŒã¯ ã³ã¢ã®ã«ãŒã¿ããã®ã«ãŒãã£ã³ã° ããŒãã«ã®äžéšã§ãã
ããã§ãã«ãŒãã£ã³ã° ããŒãã«ã«ãè¿œå ã®ãªãã»ãããé©çšãããã«ãŒãã衚瀺ãããŸãã
c1#sh ip route vrf RedRouting Table: Red<...>D*EX 0.0.0.0/0* [170/3072] via 10.1.0.5, 00:03:51, GigabitEthernet1/3.63c1#sh ip route vrf GreenRouting Table: Green<...>D*EX 0.0.0.0/0* [170/3072] via 10.2.0.7, 00:03:51, GigabitEthernet1/4.54
äžèšã§èª¬æããããã«ã2 ã€ã®ç°ãªã VPN ã®ããã©ã«ã ã«ãŒããããã«ãã£ã³ã° -1ïŒGreen VPNïŒãšãã«ãã£ã³ã° -9ïŒRed VPNïŒã®ã2 ã€ã®ç°ãªãæ¹åãæããŠããŸãããŸããå ±æ VPN ã¯åããã£ã³ãã¹ ã³ã¢ãçµç±ããŠæ¡åŒµãããããšãåæã§ãè¿ããããã©ãã£ãã¯ïŒç¹å®ã® VPN ãµããããåãïŒãèªå°ãããæ¹æ³ãããããŸãã
c1#sh ip route vrf fusion Routing Table: Red
88ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
<...>D*EX 10.1.0.0/16* [170/3072] via 12.1.0.5, 00:03:51, GigabitEthernet1/3.65D*EX 10.2.0.0/16* [170/3072] via 12.1.0.7, 00:03:51, GigabitEthernet1/4.55
Red VPNïŒ10.1.0.0/16 ã¢ãã¬ã¹ç©ºéïŒã«å±ãããã£ã³ãã¹ ãµããããã«åãããã©ãã£ãã¯ã¯ã
ãã«ãã£ã³ã° -9 ã«èªå°ãããŸãããã®å ŽåãGreen ïŒ10.2.0.0/16 ã¢ãã¬ã¹ç©ºéïŒãå®å ãšããã
ã©ãã£ãã¯ã¯ããã«ãã£ã³ã° -1 ã«èªå°ãããŸãããããã£ãŠããã©ãã£ãã¯ã®å šäœçãªåäœã¯ã
å³ 43 ã«ç€ºãããã«ãªããŸãã
ä»®æ³ãããã¯ãŒã¯ ãµã€ãã®åé·æ§ã®æŠèŠ
ããŒãã£ã©ã€ãŒãŒã·ã§ã³ã¯ããã¹ãŠã®éåžžã®åé·ç°å¢ã§å±éã§ããŸãããã®ããã¥ã¡ã³ãã® åã«ãå
é·ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãžã¥ãŒã«ãåé·ã¹ã€ããããã¡ã€ãæ¥ç¶ã䜿çšããŠããµãŒãã¹ ãšããžå±éã«ãµ
ã€ãå åé·æ§ãæäŸããæ¹æ³ã«ã€ããŠèª¬æããŸããã
åé·ãµãŒãã¹ ãšããž ãµã€ãïŒããªãã¡ãµã€ãå åé·æ§ïŒã䜿çšããæ©èœãå©çšã§ããŸããããã¹ãŠã®
ãã©ãã£ã㯠ã¹ããªãŒã ã察称ãã©ãã£ã㯠ãã¹ã«åŸãããã«æ³šæããå¿ èŠããããŸããããªãã¡ã
ãšã³ããã€ã³ããšã®éã®ãã©ãã£ãã¯ãåããµãŒãã¹ ãšããž ãµã€ãã®ãã¡ã€ã¢ãŠã©ãŒã«ãééããŠã
ãã¡ã€ã¢ãŠã©ãŒã« ã€ã³ã¹ãã¯ã·ã§ã³ ããªã·ãŒã«ãã¹ããå¿ èŠããããŸãã
ãµãŒãã¹ ãšããž ã«ãŒã¿ãšãã¥ãŒãžã§ã³ ã«ãŒã¿ã§äœ¿çšãããã«ãŒãã£ã³ã° ãããã³ã«ããã¥ãŒãã³ã°ã
ãŠããã£ã³ãã¹ ã³ã¢ã®æå®ãã VPN ãšã®éã®ãã©ãã£ãã¯ããåžžã«åããµãŒãã¹ ãšããž ãµã€ãã䜿
çšããããã«ããå¿ èŠããããŸãã
éžæããèšèšã¯ããµãŒãã¹ ãšããž ã«ãŒã¿éã®ãã¡ã€ã¢ãŠã©ãŒã«ã®èšå®æ¹æ³ãšããã¥ãŒãžã§ã³ ã«ãŒã¿ãš
ãã£ã¹ããªãã¥ãŒã·ã§ã³ VRF éã®ã«ãŒãã亀æããããã«éžæããã«ãŒãã£ã³ã° ãããã³ã«ã«ãã£ãŠ
ç°ãªããŸããéçšã®ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãŒããšå¯Ÿå¿ããæšå¥šã«ãŒãã£ã³ã° ãããã³ã«ã¯ã次ã®ãšãã
ã§ãã
⢠ãã©ã³ã¹ãã¢ã¬ã³ã ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãŒãïŒEIGRPãOSPFãeBGP
⢠ã«ãŒããã ãã¡ã€ã¢ãŠã©ãŒã« ã¢ãŒãïŒeBGP
EIGRP å±éã®ç¹å®ã®ã±ãŒã¹ã§ã¯ããªãã»ãããªã¹ãã䜿çšããŠãç¹å®ã® VPN ãšå ±æãµãŒãã¹ ãšãªã¢
ïŒãŸãã¯ç°ãªã VPNïŒãšã®éã®ãã©ãã£ãã¯ã®ã«ãŒãã£ã³ã°ã«åœ±é¿ãäžããåçŽãªæ¹æ³ãèŠãŠããŸã
ãã
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
ããžãã¹ã®åéã§ã¯ããããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ã䜿çšããŠãçµç¹ã®ããŸããŸãªãšãªã¢ã
äºãã«åé¡ããŸãããã®ã»ã¯ã·ã§ã³ã§ã¯ããããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ãå±éãããåŸã§ãã
çµç¹ã®ãã¹ãŠã®ãšãªã¢ããã£ã³ãã¹ ãããã¯ãŒã¯å šäœã§éä¿¡ãšã³ã©ãã¬ãŒã·ã§ã³ãè¡ãç¶æ ãç¶æã
ãããã®ã¬ã€ãã³ã¹ãæäŸããŸãã
ãã®ããã¥ã¡ã³ãã®çŸè¡ããŒãžã§ã³ã®åã®æ®µéã§ã¯ãçµ±åãããéä¿¡ã¢ããªã±ãŒã·ã§ã³ãä»®æ³ããã
ã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã§ãã¹ããããŠããããã°ããŒãã« ããŒãã«ã§çµ±åãããéä¿¡ã¢ããª
ã±ãŒã·ã§ã³ãå±éããããšãæšå¥šãããŠããŸããããã®ããã¥ã¡ã³ãã®çŸè¡ããŒãžã§ã³ã§ã¯ãUC ãã°
ããŒãã« ããŒãã«å€ã§åäœã§ããããã«ãªããé³å£°ããããªãã³ã©ãã¬ãŒã·ã§ã³ãªã©ã®çµ±åãããé
ä¿¡ããçµç¹ã®ããŸããŸãªä»®æ³ã»ã°ã¡ã³ãïŒãŸã㯠VPNïŒéãšä»®æ³ã»ã°ã¡ã³ãå ã§çºçããã¢ãŒããã¯
ãã£ãæäŸãããŠããŸãã
89ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
ïŒæ³šïŒ ãã®ããã¥ã¡ã³ãã®çŸè¡ããŒãžã§ã³ã®çµ±åãããéä¿¡ã»ã¯ã·ã§ã³ã§ã¯ããã£ã³ãã¹å±éãäžå¿ã«æ±ããŸ
ãããã©ã³ãå±éã¯ãWAN ãªã³ã¯ãããµãŒãã¹ ãšããžãžã®å¥œãŸãããªãVPN VoIP éãã©ãã£ãã¯ãš
ãªããããããå°é£ãªèª²é¡ãšãªããŸããå°æ¥ã®ããŒãžã§ã³ã§ã¯ããã©ã³ãå±éã«ãã課é¡ãæ±ãäºå®ã§
ãã
ä»®æ³åãããçµ±åãããéä¿¡ãã©ãã£ã㯠ãããŒã®æŠèŠ
ãã®ã»ã¯ã·ã§ã³ã®ç®çã¯ãä»®æ³ãã£ã³ãã¹ ãããã¯ãŒã¯ã«å®å šã«çµ±åããããçµ±åãããéä¿¡ã®ãšã³
ããã€ã³ããå®çŸãããããã¯ãŒã¯èšèšãæäŸããããšã§ããéå»ã®ã¬ã€ãã³ã¹ã§ã¯ãçµ±åãããéä¿¡
ã®ãšã³ããã€ã³ããšã€ã³ãã©ã¹ãã©ã¯ãã£ããã¹ãŠã°ããŒãã« ããŒãã«ã«çœ®ããŠããŸããããã®ç« ã§
ã¯ãçµ±åãããéä¿¡ã®ãšã³ããã€ã³ããè€æ°ã® VPN ã«çœ®ããŠãäºãã«ã»ãã¥ã¢ãªéä¿¡ãè¡ãããšãå¯
èœãªãããã¯ãŒã¯èšèšã®æ¹æ³ã説æããŸãã
ãã®èšèšã§ã¯ãCisco Unified Communications Manager ã®ãããªçµ±åãããéä¿¡ã®ãµãŒãããå®çŸ©ã
ããŠãããã¹ãŠã® VPN ã®äžå€®ãªãœãŒã¹ãšããŠå±éãããŸãããä¿è·ãããå ±æãµãŒãã¹ã®å°å ¥ãã§ã
ã§ã«èª¬æããããã«ããã¡ã€ã¢ãŠã©ãŒã«ãå VPN ã®ããã³ããšã³ãã§äœ¿çšããŠãå³æ Œãªã»ãã¥ãªã㣠ããªã·ãŒã«ããå ±æãšãªã¢ãžã®ã¢ã¯ã»ã¹å¶åŸ¡ãè¡ãããšãå¯èœã§ãããã®ã»ã¯ã·ã§ã³ã®å³ã§ã¯ãåå¥ã®
ãã¡ã€ã¢ãŠã©ãŒã«ã瀺ãããŠããŸããããããã¯åäžã®ç©çãã¡ã€ã¢ãŠã©ãŒã«å ã®ä»®æ³ã€ã³ã¹ã¿ã³ã¹
ïŒã³ã³ããã¹ãïŒãšããŠå±éã§ããŸãã
次ã«èª¬æããã®ã¯ããã®ä¿è·ããããµãŒãã¹ ãšããž ã¢ãã«ã䜿çšããŠãçµ±åãããéä¿¡ã®ã¢ããªã±ãŒ
ã·ã§ã³ãä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«çµ±åããå Žåã®åæèšèšã®åææ¡ä»¶ã§ãã
⢠ãã¡ã€ã¢ãŠã©ãŒã«å€éšã®ã€ã³ã¿ãŒãã§ã€ã¹ã¯ãç¹å®ã®ãã£ã«ã¿ã䜿çšããŠèšå®ãããIP ãã¬ãã©
ã㌠ãšã³ããã€ã³ã VPN ããã®çµ±åãããéä¿¡ããå ±æãµãŒãã¹ã®ãµãŒãã«å°éã§ããããã«ã
ãŸãã
⢠ãã¡ã€ã¢ãŠã©ãŒã«å éšã®ã€ã³ã¿ãŒãã§ã€ã¹ã¯ãå ±æãµãŒãã¹ VPN ããã®ãã¹ãŠã®ãã©ãã£ãã¯ã IP ãã¬ãã©ã㌠ãšã³ããã€ã³ã VPN ã«å°éã§ããããã«ããŸãã
⢠ãã¡ã€ã¢ãŠã©ãŒã« ã€ã³ã¿ãŒãã§ã€ã¹ ãã£ã«ã¿ã«ãã£ãŠèš±å¯ããããã©ãã£ãã¯ã¯ããããã³ã« ã¢ãããªãŒæ€åºãã¢ããªã±ãŒã·ã§ã³ ã¹ããŒãããã³ãããã³ã« ã¹ããŒã ãã©ããã³ã°ãªã©ã®ãã¡ã€
ã¢ãŠã©ãŒã« ãã¯ãããžãŒã䜿çšããŠãã€ã³ã¹ãã¯ã·ã§ã³ãè¡ãããŸãã
ãã®ã»ã¯ã·ã§ã³ã§ææ¡ããèšèšã®åºç€ãšãªãäž»èŠãªæè¡çæ©èœã¯ããã©ãã£ãã¯ã®ã€ã³ã¹ãã¯ã·ã§ã³ã
è¡ãCisco ãã¡ã€ã¢ãŠã©ãŒã«ã§ããããã«ããããã¡ã€ã¢ãŠã©ãŒã«ãã³ãŒã« ã·ã°ããªã³ã° ãããã³ã«
ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ãããã¡ã€ã¢ãŠã©ãŒã« ãã³ããŒã«ãåçã«éããŠã2 ã€ã®ç°ãªã VPN éã®ã
ã©ãã£ãã¯ãèš±å¯ããããšãå¯èœã«ãªããŸãããã¡ã€ã¢ãŠã©ãŒã«ã¯ãã³ãŒã«ãçµäºãããšããã³ããŒã«
ãåçã«éããŸãããã®æ©èœã¯ããã¡ã€ã¢ãŠã©ãŒã«èšå®ãç°¡çŽ åããŠãVPN å é³å£°ã¹ããªãŒã ãèš±å¯
ããã®ã«å¿ èŠãªéçããŒã«ã®æ°ãæžãããããéèŠãªãã®ãšãªããŸãã
ææ¡ãœãªã¥ãŒã·ã§ã³ã®æ§æ ŒãèãããšïŒãã¡ã€ã¢ãŠã©ãŒã« ã€ã³ã¹ãã¯ã·ã§ã³ã«åºã¥ããŠïŒãåé·ãµãŒã
ã¹ ãšããžå±éã§é察称ã«ãŒãã£ã³ã°ãåé¿ããããã«å¿ èŠã ã£ããããŸã§ã®èæ ®äºé ã¯ãããã§ãå ·
äœçã«é¢é£ããŠããŸããããã¯ãç¹å®ã® VPN ã«å±ãããšã³ããã€ã³ãã®ã·ã°ããªã³ã°ãšã¡ãã£ã¢ ãã©
ãã£ãã¯ããåžžã«åããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãïŒåããµãŒãã¹ ãšããžç©çãã±ãŒã·ã§ã³ã«ååš
ããïŒãééããããã«ããããã«ãææ¡ãœãªã¥ãŒã·ã§ã³ã§éèŠãšãªããã€ã³ãã§ãããã®åäœãå®çŸ
ããæ¹æ³ã®è©³çŽ°ã«ã€ããŠã¯ããä»®æ³ãããã¯ãŒã¯ã«ããããµã€ãåé·æ§ã®èšç»ããåç §ããŠãã ããã
ãã§ã«èª¬æããããã«ããã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ããµãŒãã¹ ãšããžèšèšã§ãå ±æãµãŒãã¹ VPN ãšä»ã® VPN éã® IP ã«ãŒãæ¥ç¶ããŸã㯠VPN éã®ã«ãŒã ãã©ãã£ãã¯æ¥ç¶ãæäŸããã®ã«äœ¿çšãããŸããé³
声統åãœãªã¥ãŒã·ã§ã³ã®ç¹å®ã®ã³ã³ããã¹ãã§ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ã¯æ¬¡ã®åäœãå®è¡ããŸãã
⢠ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãIP ãã¬ãã©ã㌠ãšã³ããã€ã³ã VPN ããã®ãã¹ãŠã®ã«ãŒãããå ±æ
ãµãŒãã¹ VPN ã«åé ä¿¡ããŸãã
90ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
⢠ãã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãåäžã®ããã©ã«ã ã«ãŒãã IP ãã¬ãã©ã㌠ãšã³ããã€ã³ã VPN ã«ã¢ã
ãã¿ã€ãºããŸãããããã® VPN ã¯ãèªèº«ã® VPN å ã®ãµããããã®ã«ãŒãã ããæã£ãŠãããã
ãã©ã«ã ã«ãŒããããã¥ãŒãžã§ã³ ã«ãŒã¿ãžã®ã«ãŒãã䜿çšããŠãå ±æãµãŒãã¹ VPN ãŸãã¯ä»ã® VPN ã® IP ãšã³ããã€ã³ãã«å°éããŸãã
å³ 45 é³å£°çµ±åã®ãã¡ã€ã¢ãŠã©ãŒã« ã€ã³ã¹ãã¯ã·ã§ã³
å³ 45 ã¯ãé³å£° VPN ã® IP é»è©±ãšãããŒã¿ VPN ã® PC ããŒã¹ã®ãœãããã©ã³ãšã®éã®é³å£°ã³ãŒã«ã®ãã
ã©ãã£ã㯠ãããŒãšã€ã³ã¹ãã¯ã·ã§ã³ ãã€ã³ãã瀺ããŸãã
1. Red IP é»è©±ã Green IP é»è©±ã®çªå·ããã€ã¢ã«ãããšãã·ã°ããªã³ã° ã¡ãã»ãŒãžã Red IP é»è©±ãš CUCM ãšã®éã§äº€æãããŸããCUCM ã¯æ¬¡ã«ãIP ã¢ãã¬ã¹ãšãé»è©±é㧠RTP é³å£°ã¡ãã£ã¢ãé
ä¿¡ããã®ã«äœ¿çšããããŒãã䜿çšããŠãRed ãš Green ã®é»è©±ã«ã·ã°ãã«ãéããŸãã
2. Red ããã³ Green Cisco ãã¡ã€ã¢ãŠã©ãŒã« ã¯ãã·ã°ããªã³ã°ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ããé³å£° RTP ã¡ãã£ã¢ ã¹ããªãŒã ã§äœ¿çšãã IP ã¢ãã¢ã¬ã¹ãš UDP ããŒããèªèããŸãããã¡ã€ã¢ãŠã©ãŒ
ã«ã¯ããã³ããŒã«ãéããŠãã³ãŒã«ã®éã2 ã€ã®ãšã³ããã€ã³ããšã®éã®éä¿¡ãèš±å¯ããŸããã³ãŒ
ã«ãçµäºãããšããã³ããŒã«ã¯åçã«éããããŸãã
3. 2 ã€ã®ãšã³ããã€ã³ãéã®åæ¹å RTP ã¡ãã£ã¢ã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ãéããŠç¢ºç«ãããŸãã
Cisco UnifiedCommunications Manager
M
CiscoIP
IP
IP Communicator
23
1
2
1
2262
83
91ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
ãã¹ã¯ãããã®çµ±åãããéä¿¡ã¯ã©ã€ã¢ã³ãã®ããŒãã£ã©ã€ãŒãŒã·ã§ã³
ãã®ã»ã¯ã·ã§ã³ã§ã¯ããã©ãã£ã㯠ãããŒãšãã¡ã€ã¢ãŠã©ãŒã« ãã£ã«ã¿ã®èŠä»¶ãããã®ããã¥ã¡ã³ã
ã§ãã¹ãããå UC ã¢ããªã±ãŒã·ã§ã³ã«ã€ããŠæ€èšŒããŸãããã®ã»ã¯ã·ã§ã³ã§éç¹çã«æ±ãã®ã¯ããœã
ããã©ã³ã IP ãã㪠ãšã³ããã€ã³ããªã©ã®çµ±åãããéä¿¡ã¢ããªã±ãŒã·ã§ã³ã§ãããããã¯ããŒã¿ VPN ã«å±éãããé³å£° VPN ã«å±éãããŠãã IP é»è©±ãšé話ããã®ã«å¿ èŠãšãªããŸãã次㮠UC ã¢ã
ãªã±ãŒã·ã§ã³ãšãšã³ããã€ã³ãããã¹ããããããã¥ã¡ã³ãã«ãŸãšããããŸããã
⢠Cisco IP Phone 㚠Cisco IP Communicator ⢠Cisco Unified Video Advantage
⢠Cisco Unified Personal Communicator
⢠Cisco Unity
⢠Cisco PSTN ã²ãŒããŠã§ã€
ãããã®ã¢ããªã±ãŒã·ã§ã³ã®ããããã«ã€ããŠãã³ãŒã«ãå®äºããã®ã«å¿ èŠãªã·ã°ããªã³ã°ãš IP ããŒ
ã¿ ãããŒã®æ€èšŒãè¡ããŸããããµãŒãã¹ ãšããž ãã¡ã€ã¢ãŠã©ãŒã«ã§ã·ã°ããªã³ã°ãèš±å¯ããã®ã«å¿ èŠ
ãªãã£ã«ã¿ãå€æãããã¡ã€ã¢ãŠã©ãŒã« ã€ã³ã¹ãã¯ã·ã§ã³ã§ã·ã°ããªã³ã°ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ãã
ãã¡ã€ã¢ãŠã©ãŒã« ãã³ããŒã«ãåçã«éãããéãããããŠããšã³ããã€ã³ãéã§é³å£°ãŸãã¯ãã㪠ã¡ãã£ã¢ãèš±å¯ããæ¹æ³ã確èªããŸããã
Cisco Unified IP Phone 7900 ã·ãªãŒãºé»è©±ãš Cisco IP Communicatorãã®ã»ã¯ã·ã§ã³ã§ã¯ãCisco Unified IP Phone 7900 ã·ãªãŒãºãš Cisco IP Communicator ãœãããã©ã³ã®
ãã¹ãã«ã€ããŠèª¬æããŸããCisco IP Communicator ã¯ãCisco Unified IP Phone 7900 ã·ãªãŒãºé»è©±ã
䜿çšãã IP ãããã³ã«ããšãã¥ã¬ãŒãããŸããã³ãŒã« ã·ã°ããªã³ã°ãšã³ãŒã« ã»ããã¢ãã ããŒã¿ ãããŒã¯ãCisco IP Communicator ãšCisco Unified IP Phone 7900 ã·ãªãŒãºé»è©±ã§åãã§ããããããŸãš
ããŠèª¬æããŸãã
ããŒã¿ ãããŒã次㮠3 ã€ã®éšåã«åããŠèª¬æããŸãã
⢠IP Communicator ãŸã㯠7900 é»è©±ã CUCM ã«ç»é²ããã®ã«å¿ èŠãªã·ã°ããªã³ã°
⢠åã VPN ã® IP Communicator ãŸã㯠7900 é»è©±éã®ããŒã¿ ãããŒ
⢠ç°ãªã VPNs ã® IP Communicator ãŸã㯠7900 é»è©±éã®ããŒã¿ ãããŒ
ãšã³ããã€ã³ãã®åæåãš CUCM ç»é²
å³ 46 ã«ãCisco IP Communicator ãŸã㯠Cisco Unified IP Phone 7900 ã·ãªãŒãºé»è©±ã§ãèµ·åãš CUCM ãžã®ç»é²ã«å¿ èŠãšãªãã·ã°ããªã³ã°ã瀺ããŸãã
92ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
å³ 46 é³å£°ãšã³ããã€ã³ãã®èµ·åããã»ã¹
å³ 46 ã§ã¯ãRed VRF ã« 7960 ãã¹ã¯ ãã©ã³ããGreen VRF ã« IP Communicator ããããŸããå³ 46 ã§ã¯ãé»è©±ã åã«èµ·åããããšãã®ãããã³ã« ãããŒã匷調ããŠç€ºãããŠããŸããèµ·åããã»ã¹ã¯ã
äž¡æ¹ã®é»è©±ã§åãã§ãã
1. é»è©±ã¯ãéåžž DHCP ãçµç±ããŠæå¹ãª IP ã¢ãã¬ã¹ãåä¿¡ããŸããDHCP ãµãŒããè¿ãæ å ±ã®äžéš
ã«ãªãã·ã§ã³ 150 ãããããã㯠TFTP ãµãŒãã® IP ã¢ãã¬ã¹ã§ãããã®æ å ±ã«ãããé»è©±ã¯æå®
ãã TFTP ãµãŒãããèªèº«ã®èšå®ãããŠã³ããŒãã§ããŸãã
ïŒæ³šïŒ èšå®ã® CUCM åã IP ã¢ãã¬ã¹ä»¥å€ã®å Žåãé»è©±ã¯ DNS ã䜿çšã㊠CUCM åã IP ã¢ãã¬ã¹
ã«è§£æ±ºããŸããããã¯ãããã«ã¯ UDP ããŒã 53 ãžã® DNS ãã©ãã£ãã¯ãèš±å¯ããè¿œå ã®
ãã£ã«ã¿ãå¿ èŠã«ãªããŸãã
2. é»è©±ã CUCM ã«ç»é²ãããŸããããã®äŸã§ã¯ãSkinnyïŒSCCPïŒãããã³ã«ã䜿çšããŸããSIP ã代ããã«äœ¿çšãããå Žåã¯ãäžèšã®ã¢ã¯ã»ã¹ ãã£ã«ã¿ã TCP ããŒã 2000 ã®ä»£ããã«ãTCP ããŒãããã³ UDP ããŒã 5060 ãèš±å¯ããå¿ èŠããããŸãã
ãã¡ã€ã¢ãŠã©ãŒã«ã§ãããã®æäœã«å¿ èŠãšãªããã£ã«ã¿ãã次ã®èšå®äŸã«ç€ºããŸãããããã®ãã£
ã«ã¿ã¯ãå³ 46 ã®å€ã«ããŒã¯ãããŠããã€ã³ã¿ãŒãã§ã€ã¹ã«é©çšãããŸãã
!Define names used in IP access lists name 10.13.100.70 CUPS description CUPS Server name 10.13.100.5 DNS_DHCP_AD_Main name 10.13.100.20 CUCM_pub description CUCM publisher name 10.14.100.20 CUCM_sub description CUCM subscriber ! ! Permit DHCP and DNS access-list outside-vrf4-ACL extended permit udp any host DNS_DHCP_AD_Main eq bootps
Cisco UnifiedCommunications
Manager
TFTP DNSDHCP ADM
VRF1 VRF2
CiscoIP
IP Communicator
IP
2 1 2 1
2262
84
93ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
access-list outside-vrf4-ACL extended permit udp any host DNS_DHCP_AD_Main eq domain ! ! Permit normal phone bootup - TFTP (UDP/69) and skinny signaling (TCP/2000) access-list outside-vrf1-ACL extended permit udp any host CUCM_pub eq tftp access-list outside-vrf1-ACL extended permit tcp any host CUCM_pub eq 2000
åã VPN ã® IP ãã¬ãã©ã㌠ãšã³ããã€ã³ãéã®ã³ãŒã« ãããŒ
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãåã VPN å ã«å±éãããŠãã IP ãã¬ãã©ã㌠ãšã³ããã€ã³ãéã§ãã³ãŒã«ã
確ç«ããã®ã«å¿ èŠãªæé ãæ€èšŒããŸãã
å³ 47 VPN å ã®é³å£°ã¹ããªãŒã
å³ 47 ã¯ãåã VPN å ã® IP ãã¬ãã©ã㌠ãšã³ããã€ã³ãéã®ã³ãŒã«ã®ã³ãŒã« ãããŒã瀺ããŠããŸãã
ãã®äŸã§ã¯ã次ã®ãšã³ããã€ã³ãã瀺ãããŠããŸãã
⢠åã VPN ïŒRedïŒã® 2 ã€ã® Cisco Unified IP Phone 7900 ã·ãªãŒãºé»è©±
⢠åã VPN ïŒGreenïŒã® 2 ã€ã® Cisco IP Communicator
ã¹ããããã€ã¹ãããã®æé ã¯æ¬¡ã®ããã«ãªããŸãã
1. 1 ã€ã® IP ãã¬ãã©ã㌠ãšã³ããã€ã³ããä»ã®ãšã³ããã€ã³ããã³ãŒã«ãããšãã³ãŒã«é»è©±ãš CUCM ãšã®éã§ã³ãŒã« ã·ã°ããªã³ã°æ å ±ã亀æãããŸããCisco SCCP ã·ã°ããªã³ã°ã®ã±ãŒã¹ã§
ã¯ã次ã®ã¡ãã»ãŒãžãéä¿¡ãããŸãã
â çºä¿¡åŽã®é»è©±ã¯ããã€ã¢ã«ããçªå·ã CUCM ã«éä¿¡ããŸãã
â CUCM ã¯ãäž¡æ¹ã®é»è©±ã«å¯ŸããŠãåŒã³åºããè¡ããçºä¿¡åŽãšçä¿¡åŽã®æ å ±ã衚瀺ããã·ã°ã
ã«ãéä¿¡ããŸãã
CiscoIP
IPIP
Cisco UnifiedCommunications
Manager
TFTP DNSDHCP ADM
VRF1 VRF2
IP CommunicatorSoftphone
2 2
1
33
2262
85
94ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
â çä¿¡åŽã®é»è©±ãå¿çãããšãCUCM ã¯äž¡æ¹ã®é»è©±ã« StationOpenReceiveChannel ãéä¿¡ããŸ
ããããã¯ãRTP ã¡ãã£ã¢ ã¹ããªãŒã ã«é¢ããæ å ±ãæäŸããé»è©±ã«å¯Ÿã㊠UDP ããŒããé
ããŠä»ã®é»è©±ããã® RTP ã¡ãã£ã¢ ã¹ããªãŒã ãåä¿¡ããããèŠæ±ãããã®ã§ãã
â ããããã®é»è©±ããIP é»è©±ã RTP ãã±ããããªã¹ãã³ã°ãã IP ã¢ãã¬ã¹ãšããŒãçªå·ãæäŸ
ãã StationOpenReceiveChannelAck ã«å¿çããŸãã
â CUCM ã ããããã®é»è©±ããã® StationOpenReceiveChannelAck ãåä¿¡ãããšãCUCM 㯠StationStartMediaTransmission ãå¥ã®é»è©±ã«éä¿¡ããŠãStationOpenReceiveChannelAck ã§å
ä¿¡ãã IP ã¢ãã¬ã¹ãšããŒãã«å¯ŸããŠãé³å£° RTP ã¡ãã£ã¢ã®ã¹ããªãŒãã³ã°ãéå§ããããé
ç¥ããŸãã
2. ãã¡ã€ã¢ãŠã©ãŒã« ãã£ã«ã¿ã¯ãã³ãŒã« ã·ã°ããªã³ã° ãããã³ã«ãèš±å¯ãããã¡ã€ã¢ãŠã©ãŒã«ã¯ã€
ã³ã¹ãã¯ã·ã§ã³ãå®è¡ããŠããããã³ã« ã¢ãããªãŒæ€åºãšã¢ããªã±ãŒã·ã§ã³ããã³ãããã³ã« ã¹ããŒã远跡ãè¡ããŸããã³ãŒã«ã¯åã VPN ã«å±ãããšã³ããã€ã³ãéã§ç¢ºç«ããããã®ã§ããã
ããã¡ãã£ã¢ ãã©ãã£ãã¯ã¯ãã¡ã€ã¢ãŠã©ãŒã«ãééããå¿ èŠããªãããã¡ã€ã¢ãŠã©ãŒã« ã€ã³
ã¿ãŒãã§ã€ã¹ã®å€åŽãšå åŽã®éã§ãã³ããŒã«ã¯éãããŸããã
3. 2 ã€ã® IP ãã¬ãã©ã㌠ãšã³ããã€ã³ãããèªèº«ã® VPN å ã§ã«ãŒãã£ã³ã°ã䜿çšããŠãã¢ããŒãã¢
é³å£° RTP ã¡ãã£ã¢ãäºãã«éä¿¡ããŸãã
ç°ãªã VPN ã® IP ãã¬ãã©ã㌠ãšã³ããã€ã³ãéã®ã³ãŒã« ãããŒ
å³ 48 ã¯ãIP Communicator ã Green ããŒã¿ VPN ã«ããããã¹ã¯ IP é»è©±ã Red é³å£° VPN ã«ããå Žå
ã®äžè¬çãªã·ããªãªã瀺ããŠããŸãã
å³ 48 VPN éé³å£°ã¹ããªãŒã
Cisco UnifiedCommunications
Manager
TFTP DNSDHCP ADM
VRF1 VRF2
CiscoIP
IP Communicator
IP
2 2
2
1
2262
86
95ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
é³å£°ããŒã¿ RTP ããç°ãªã VPN ã«ãã 2 ã€ã®é»è©±ã®éã§æµããããã«ããã«ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã
ééããŠããã¥ãŒãžã§ã³ ã«ãŒã¿ã«ããã«ãŒãã£ã³ã°ãããå¿ èŠããããŸãã次ã®ã€ãã³ã ã·ãŒã±ã³ã¹
ãå¿ èŠãšãªããŸãã
1. 1 ã€ã® IP ãã¬ãã©ã㌠ãšã³ããã€ã³ããä»ã®ãšã³ããã€ã³ããã³ãŒã«ãããšãã³ãŒã«é»è©±ãš CUCM ãšã®éã§ã³ãŒã« ã·ã°ããªã³ã°æ å ±ã亀æãããŸããã³ãŒã« ã·ã°ããªã³ã°ã¯ã2 ã€ã®é»è©±
ã³ãŒã«ãåã VPN ã§è¡ãããå Žåã®äŸã§èª¬æãããã®ãšåãã§ãã
â çºä¿¡åŽã®é»è©±ã¯ããã€ã¢ã«ããçªå·ã CUCM ã«éä¿¡ããŸãã
â CUCM ã¯ãäž¡æ¹ã®é»è©±ã«å¯ŸããŠãåŒã³åºããè¡ããçºä¿¡åŽãšçä¿¡åŽã®æ å ±ã衚瀺ããã·ã°ã
ã«ãéä¿¡ããŸãã
â çä¿¡åŽã®é»è©±ãå¿çãããšãCUCM ã¯äž¡æ¹ã®é»è©±ã« StationOpenReceiveChannel ãéä¿¡ããŸ
ããããã¯ãRTP ã¡ãã£ã¢ ã¹ããªãŒã ã«é¢ããæ å ±ãæäŸããé»è©±ã«å¯Ÿã㊠UDP ããŒããé
ããŠä»ã®é»è©±ããã® RTP ã¡ãã£ã¢ ã¹ããªãŒã ãåä¿¡ããããèŠæ±ãããã®ã§ãã
â ããããã®é»è©±ããIP é»è©±ã RTP ãã±ããããªã¹ãã³ã°ãã IP ã¢ãã¬ã¹ãšããŒãçªå·ãæäŸ
ãã StationOpenReceiveChannelAck ã«å¿çããŸãã
â CUCM ã ããããã®é»è©±ããã® StationOpenReceiveChannelAck ãåä¿¡ãããšãCUCM 㯠StationStartMediaTransmission ãå¥ã®é»è©±ã«éä¿¡ããŠãStationOpenReceiveChannelAck ã§å
ä¿¡ãã IP ã¢ãã¬ã¹ãšããŒãã«å¯ŸããŠãé³å£° RTP ã¡ãã£ã¢ã®ã¹ããªãŒãã³ã°ãéå§ããããé
ç¥ããŸãã
2. ãã¡ã€ã¢ãŠã©ãŒã« ãã£ã«ã¿ã¯ãã³ãŒã« ã·ã°ããªã³ã° ãããã³ã«ãèš±å¯ãããã¡ã€ã¢ãŠã©ãŒã«ã¯ã€
ã³ã¹ãã¯ã·ã§ã³ãå®è¡ããŠããããã³ã« ã¢ãããªãŒæ€åºãšã¢ããªã±ãŒã·ã§ã³ããã³ãããã³ã« ã¹ããŒã远跡ãè¡ããŸãã
â ããããã®ãã¡ã€ã¢ãŠã©ãŒã«ã¯ãé»è©± VPN ãšå ±æãµãŒãã¹ VPN ã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ãšã®
éã§ãã¡ã€ã¢ãŠã©ãŒã«ãééããã³ãŒã« ã¡ãã£ã¢ã®ãããŒã確èªããŸãã
â ãã¡ã€ã¢ãŠã©ãŒã«ã¯ããã³ããŒã«ãéããŠãé»è©±ãã CUCM ã«éä¿¡ããã StationOpenReceiveChannelAck ãš CUCM ããé»è©±ã«éä¿¡ããã StationStartMediaTransmission ã«ãã IP ã¢ãã¬ã¹ãš UDP ããŒãã®éã§ããåãããããã©
ãã£ãã¯ãèš±å¯ããŸãã
3. 2 ã€ã® IP ãã¬ãã©ã㌠ãšã³ããã€ã³ãããããã©ã«ã ã«ãŒã䜿çšããŸããããã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ã«ãã£ãŠã¢ããã¿ã€ãºãããå VPN ã«æ¿å ¥ãããŠããã¡ã€ã¢ãŠã©ãŒã« ãã³ããŒã«ãéããŠ
ãã©ãã£ãã¯ããã¥ãŒãžã§ã³ ã«ãŒã¿ã«éä¿¡ããŸãããã¥ãŒãžã§ã³ ã«ãŒã¿ã¯ãä»ã®ãã¡ã€ã¢ãŠã©ãŒ
ã«ãéããŠããã©ãã£ãã¯ãä»ã® VPN ã® IP ãã¬ãã©ã㌠ãšã³ããã€ã³ãã«è»¢éããŸãã
ãã®ã·ããªãªã§éèŠãªãã€ã³ãã¯ãåãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã®å éšãšå€éšã®ã€ã³ã¿ãŒãã§ã€
ã¹éã§RTP ã¡ãã£ã¢ ããŒã¿ ãã©ãã£ãã¯ã®ãã©ããŒãèš±å¯ããããã«ããã¡ã€ã¢ãŠã©ãŒã« ããŒã«ãèš
å®ããå¿ èŠããªãããšã§ããããã¯ãã³ãŒã«ãã»ããã¢ãããã SIP ã·ã°ããªã³ã°ãŸã㯠SCCP ã·ã°
ããªã³ã°ã«å¯ŸããŠãã¡ã€ã¢ãŠã©ãŒã«ã«ããã€ã³ã¹ãã¯ã·ã§ã³ãè¡ãããRTP ã¡ãã£ã¢ ããŒã¿ ãã©
ãã£ãã¯ã®ããã®çµè·¯ãåçã«éãããšãã§ããããã§ãããã®ãã©ãã£ãã¯ã§äœ¿çšãããã¡ã€ã¢
ãŠã©ãŒã« ãã³ããŒã«ã¯ãã³ãŒã«ãçµäºãããšåçã«éããããŸãã
SIP ãš Skinny ã€ã³ã¹ãã¯ã·ã§ã³ã¯ãCisco Firewall Service Module ãš ASA ã§ã¯ãããã©ã«ãã§æå¹ãš
ãªã£ãŠããŸãã次ã®èšå®äŸã¯ãSIP ãããã³ SCCP ã€ã³ã¹ãã¯ã·ã§ã³ãæ åœããåœä»€æã§ãã
policy-map global_policyclass inspection_defaultinspect dns preset_dns_mapinspect ftpinspect h323 h225inspect h323 rasinspect netbiosinspect rshinspect rtspinspect skinny
96ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
inspect esmtpinspect sqlnetinspect sunrpcinspect tftpinspect sipinspect xdmcpinspect icmp!service-policy global_policy global
æŠèŠïŒCisco Unified IP Phone 7900 ã·ãªãŒãºé»è©±ãš Cisco IP Communicator
Cisco Unified IP Phone 7900 ã·ãªãŒãºé»è©± ãš Cisco IP Communicator ãšã®éã®ã³ãŒã«ã§ã¯ããã£ã«ã¿
ã䜿çšããŠãã¡ã€ã¢ãŠã©ãŒã«ãèšå®ããŠãã³ãŒã« ã·ã°ããªã³ã° ãããã³ã«ãèš±å¯ããé³å£°ãšã³ããã€
ã³ãã CUCM ã«æ£åžžã«ç»é²ãããããã«ããå¿ èŠããããŸãããã®æç¹ã§ã次㮠2 ã€ã®ã·ããªãªãè
ããããŸãã
⢠é³å£°ã³ãŒã«ã åã VPN ã® 2 ã€ã® IP ãã¬ãã©ã㌠ãšã³ããã€ã³ãéã®ãã®ã§ããå Žåãã³ãŒã« ã«ãŒãã£ã³ã°ã¯ VPN å ã«ãšã©ãŸããã¡ãã£ã¢ ã¹ããªãŒã ã¯ãã¡ã€ã¢ãŠã©ãŒã«ãééããå¿ èŠãã
ããŸããã
⢠ã³ãŒã«ãç°ãªã VPN ã® IP ãã¬ãã©ã㌠ãšã³ããã€ã³ãéã®ãã®ã§ããå ŽåãCisco ãã¡ã€ã¢
ãŠã©ãŒã«ã®ããã©ã«ãã®åäœã§ã¯ãã³ãŒã« ã·ã°ããªã³ã°ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ãããã©ãã£ã
ã¯ã VPN éã®ãã¥ãŒãžã§ã³ ã«ãŒã¿ã«ãã£ãŠã«ãŒãã£ã³ã°ãããããããã³ããŒã«ãåçã«éããŠ
åãã¡ã€ã¢ãŠã©ãŒã«ãééãããã©ãã£ãã¯ãèš±å¯ããŸãã
Cisco Unified Video AdvantageCisco VT Advantage ã¯ãCisco IP Phone 7940ã7960ãããã³ 7970ïŒããã³ä»¥éïŒã¢ãã«ã«ããã㪠ãã¬ãã©ããŒæ©èœãæäŸããŸããCisco VT Advantage ãœãããŠã§ã¢ã Cisco VT CameraïŒUSB ã«ã¡
ã©ïŒãšå ±ã«äœ¿çšãããšãCisco IP é»è©±ã«æ¥ç¶ããã PC ã§ããã¿ã³ãããŠã¹ã®ã¯ãªãã¯æäœãªãã§ãé»
話ã³ãŒã«ã«ãããªãè¿œå ã§ããŸããCisco Call Manager ã«ç»é²ããããšãCisco VT Advantage ã«å¯Ÿå¿
ãã Cisco IP é»è©±ã«ãIP ãããªé»è©±ãšããŠã®å®å šãªæ©èœãåãããŸãããã㪠ã³ãŒã«ã§ã¯ãã³ãŒã«è»¢
éã転éãä¿çãæ¶é³ãªã©ã®è£è¶³æ©èœãå©çšå¯èœã§ããã¹ãŠ Cisco IP é»è©±ããèµ·åã§ããŸãã
Cisco VT Advantage ã§ã¯ãäŒè°å®€ã§äœ¿çšããæ±çšã®ãããªäŒè°ãœãªã¥ãŒã·ã§ã³ã§ã¯ãªãããã¹ã¯ãã
ãéã® IP ãã㪠ãã¬ãã©ããŒç°å¢ãæ³å®ããŠããŸãããŠãŒã¶ã¯ãCisco Unified Video Advantage ãã
㪠ã³ãŒã«ããCisco Unified IP Phone ãŸã㯠Cisco IP Communicator ã®ããããã«èšå®ã§ããŸãã
éåžžã®äœ¿çšã§ã¯ãVideo Advantage 㯠PC ã®ã·ã¹ãã ãã¬ã€ã« å°åãããŠå®è¡ãããŸããå¥ã® Video Advantage ãŠãŒã¶ããã³ãŒã«ããããšãé³å£°ã³ãŒã«ãæ¥ç¶ãããæç¹ã§ãããªãèªåçã«è¡šç€ºãããŸ
ããCUVA ã³ãŒã«ã®ç¢ºç«ãå¯èœã«ããã€ãã³ã ã·ãŒã±ã³ã¹ã次ã«äžèŠ§ããŸãã
⢠CUVA åæå
⢠CUVA ã³ãŒã« ã·ã°ããªã³ã°
⢠CUVA ã³ãŒã« ã¡ãã£ã¢ ãããŒïŒVPN å
⢠CUVA ã³ãŒã« ã¡ãã£ã¢ ãããŒïŒVPN é
CUVA ã®åæå
å³ 49 ã¯ãVideo Advantage ãåæãããŠæäœå¯èœã«ãªãããã«å¿ èŠãªãããã³ã«ã®ãããŒã瀺ããŠã
ãŸãããã®å Žåã¯ãCisco IP é»è©±ããã§ã«åæåãããŠãããCUCM ã«ç»é²ãããŠãããšä»®å®ããŠã
ãŸããCUCM ã§ã¯ããã®é»è©±ããããªå¯Ÿå¿ã§ããããšã瀺ããã§ãã¯ããã¯ã¹ãèšå®ãããŠããŸãã
97ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
å³ 49 CUVA ã¯ã©ã€ã¢ã³ãã®åæå
ïŒæ³šïŒ Cisco Unified Video Advantage ã¯ãCisco Unified IP Phone ãŸã㯠Cisco IP Communicator ãšå ±ã«äœ¿çš
ã§ããŸãã
CUVA Desk Phone ã®äœ¿çšæ¹æ³
å³ 49 ã§ã¯ãCisco Unified Video Advantage 㯠7960 ã«çŽæ¥æ¥ç¶ãããŠããŸããVideo Advantage ã Green ããŒã¿ VRF ã«ãDesk Phone ã Red é³å£° VRF ã«ãããŸãã
⢠Video Advantage ã¯ãPC ã§èšå®ãè¡ãå¿ èŠããããŸããããããã£ãŠãé³å£°ã³ãŒã«ã§äœ¿çšããé»
話㮠IP ã¢ãã¬ã¹ãååŸããå¿ èŠããããŸããããã¯ãçŽæ¥æ¥ç¶ãããŠãã Desk Phone ã«ãã£ãŠé
ä¿¡ããããªã³ã¯å±€ CDP ã¢ããã¿ã€ãºã¡ã³ãããªã¹ãã³ã°ããããšã§ååŸãããŸããCDP ã¯ã¬ã€ã€ 2 ãããã³ã«ã§ãããããŒãã£ã©ã€ãŒãŒã·ã§ã³ã«ããã¬ã€ã€ 2 ã®ã»ã°ã¡ã³ããŒã·ã§ã³ã§ã¯ãªãã¬ã€
〠3 ã®ã»ã°ã¡ã³ããŒã·ã§ã³ãæäŸãããããããšã³ããã€ã³ããç°ãªãä»®æ³ VPN ã«ããå Žåã§ãã
ãšã³ããã€ã³ãéã§çŽæ¥ CDP ã®éä¿¡ãå¯èœã§ãã
⢠Video Advantage ã IP é»è©±ã«çŽæ¥ä»å ãããŠãã IP ã¢ãã¬ã¹ãååŸãããšãCisco Audio Session TunnelïŒCASTïŒãããã³ã«ã䜿çšããŠãé»è©±ãšã® TCP ã»ãã·ã§ã³ã確ç«ããŸããVideo Advantage ãš Desk Phone ãç°ãªã VPN ã«ãããããCAST ã»ãã·ã§ã³ã¯ãã¡ã€ã¢ãŠã©ãŒã«ãé
éããŠããã¥ãŒãžã§ã³ ã«ãŒã¿ã«ãã£ãŠã«ãŒãã£ã³ã°ãããå¿ èŠããããŸãã
ïŒæ³šïŒ CUVA ãå®è¡ãã PC ã¯ããã¹ã¯ãã©ã³ ã¢ãŒãã§äœ¿çšãã IP é»è©±ã«çŽæ¥æ¥ç¶ããŠãç»é²ã«å¿
èŠãªãªã³ã¯å±€ CDP ãã¬ãŒã ãåä¿¡ã§ããããã«ããŠããå¿ èŠããããŸãã
Cisco UnifiedCommunications
Manager
TFTP DNSDHCP ADM
CiscoIP
CDP CiscoUnified Video
Advantage
1
2
VRF1 VRF2
IP
2262
87
98ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
⢠CAST ãããã³ã«ã 2 ã€ã® VPN éã§ééãããããã®ããŒã 4224 ãèš±å¯ããããã«ãGreen ããŒã¿ VPN ã®ããã³ããšã³ããšãªããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã®å€éšã€ã³ã¿ãŒãã§ã€ã¹ã«ã
ãã£ã«ã¿ãå¿ èŠãšãªããŸããCAST é信㯠CUVA ã¯ã©ã€ã¢ã³ãã«ãã£ãŠéå§ããããããCUVA VPN ã®ãã¡ã€ã¢ãŠã©ãŒã«ã®å€éšã€ã³ã¿ãŒãã§ã€ã¹ã«ã ãããã£ã«ã¿ãé©çšããå¿ èŠããããŸãã
CAST ãããã³ã«ã IP é»è©± VPN ã«ã«ãŒãã£ã³ã°ããããšãé垞㯠permit-all ãã£ã«ã¿ã«ãããå
éšããã®ãã©ãã£ãã¯ãééãããŸããããã«ãããè¿ä¿¡ãã©ãã£ãã¯ãåçã«èš±å¯ããæ¥ç¶ã確
ç«ãããŸããCUVA VPN ã®å€éšã€ã³ã¿ãŒãã§ã€ã¹ã§ CAST ãèš±å¯ããã®ã«äœ¿çšãããã£ã«ã¿ãã
次ã®èšå®äŸã«ç€ºããŸãã
access-list outside-vrf2-ACL remark Permit CUVA (Video Advantage) CAST protocol (TCP Port 4224) access-list outside-vrf2-ACL extended permit tcp any any eq 4224
CUVA ãœãããã©ã³ã®äœ¿çšæ¹æ³
ç©çç㪠Cisco Unified IP Phone 7900 ã·ãªãŒãºé»è©±ã®ä»£ããã«ãCUVAã Cisco IP Communicator ãšå ±ã«äœ¿çšã§ããŸãããã®å Žåã¯ãCUVA ãš IP Communicator ãåã PC äžã®ãœãããŠã§ã¢ ã¢ããªã±ãŒ
ã·ã§ã³ãšããŠå®è¡ããŸãããã®ãããCUVA ãš IP Ccommunicator éã®éä¿¡ã¯å éšéä¿¡ãšãªãããã®ã
ã©ãã£ã㯠ãããŒã¯å³ 49 ã«ç€ºãããã«ããããã¯ãŒã¯äžã§ã¯çºçããŸããã
CUVA ã³ãŒã« ã·ã°ããªã³ã°
å³ 50 ã¯ãã³ãŒã«ã®ã»ããã¢ããã«äœ¿çšããVideo Advantage ã®ã·ã°ããªã³ã°ã瀺ããŠããŸãã
å³ 50 CUVA ã·ã°ããªã³ã°
CiscoIP
IPIP
Cisco UnifiedCommunications
Manager
TFTP DNSDHCP ADM
VRF1 VRF2
2
1
Cisco Unified VideoAdvantage
2262
88
99ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
å³ 50 ã§ã¯ãRed é³å£° VRF ã« 2 ã€ã® Cisco IP é»è©±ããããGren ããŒã¿ VRF ã«ãã 2 å°ã® PC ã«çŽæ¥
æ¥ç¶ãããŠããŸããå³ 50 ã¯ãCisco IP é»è©±ã® 1 ã€ãä»æ¹ãåŒã³åºããå Žåã«èµ·ãããããŒã瀺ããŠã
ãŸãã
ããããããããããã«ãå³ 50 ã§ã¯ 2 ã€ã®é»è©±éã§é³å£°ã³ãŒã«ã確ç«ããã³ãŒã« ã·ã°ããªã³ã°ã瀺ã
ããŠããŸãããã³ãŒã«ã®é³å£°éšåãšãªãã³ãŒã« ã·ã°ããªã³ã°ã¯ããCisco Unified IP Phone 7900 ã·ãªãŒ
ãºé»è©±ãš Cisco IP Communicatorã ã§ç€ºãããŠãããã®ãšåãã§ãã
Cisco Unified IP Phone ã¯ãCUCM ãš CUVA éã®ã·ã°ããªã³ã° ãããã·ãšããŠæ©èœããŸãããã㪠ã·ã°ããªã³ã°ã¯ãSIP ãŸã㯠SCCP ãçµç±ããŠéä¿¡ãããŸããããã¯ãCAST ãããã³ã«ã䜿çšããŠãã·
ã°ããªã³ã°ã CUVA ã¯ã©ã€ã¢ã³ãã«ãªã¬ãŒããŸããäž¡æ¹ã® IP é»è©±ããCUCM ã§ãããªæ©èœãæå¹ã«
ããŠèšå®ããå¿ èŠããããŸããé»è©±ãš CUCM éã®ãã㪠ã·ã°ããªã³ã°ã¯ãSIP ãŸã㯠SCCPãçµç±ã
ãŠéä¿¡ãããŸããåé»è©±ã¯ãã㪠ã·ã°ããªã³ã° ãããã·ãšããŠæ©èœãããããCAST ãããã³ã«ã䜿
çšããŠãé»è©±ãš CUVA PC éã®ãã㪠ã·ã°ããªã³ã°ã®ãªã¬ãŒãè¡ããŸãã
é»è©±ãš PC ãç°ãªã VPN ã«ãããããCAST ã¡ãã»ãŒãž ãããã³ã«ã¯ããã¡ã€ã¢ãŠã©ãŒã«ãééã㊠VPN éã§ãã¥ãŒãžã§ã³ ã«ãŒã¿ã«ãã£ãŠã«ãŒãã£ã³ã°ãããå¿ èŠããããŸãã
ãã㪠ã·ã°ããªã³ã°ã¯é³å£°ã·ã°ããªã³ã°ãšåæ§ã§ãã³ãŒã«ã®ç¢ºç«ã¯æ¬¡ã®ããã«è¡ãããŸãã
⢠SIP ãŸã㯠SCCP ã䜿çšããŠãOpenMultiMediaReceiveChannelMessage ããCUCM ããé»è©±ã«
éä¿¡ãããŸããé»è©±ã¯ãCAST ãããã³ã«ã䜿çšããŠããã®ã¡ãã»ãŒãžã® CUVA ãšã³ããã€ã³ã
ã«å¯Ÿãããããã·ãšããŠæ©èœããŸãã
⢠CUVA ãšã³ããã€ã³ãã¯ãCAST ãããã³ã«ã䜿çšããŠã
OpenMultiMediaReceiveChannelAckMessage ãé»è©±ã«éä¿¡ããŸããé»è©±ã¯ãSIP ãŸã㯠SCCP ãããã³ã«ã䜿çšããŠããã®ã¡ãã»ãŒãžã® CUCM ã«å¯Ÿãããããã·ãšããŠæ©èœããŸãã
OpenMultiMediaReceiveChannelAckMessage ã«ã¯ãCUVA ãšã³ããã€ã³ããéããŠãã㪠ã¡ãã£ã¢ãã㢠CUVA ãšã³ããã€ã³ãããåãåãããã® IP ã¢ãã¬ã¹ãš UDP ããŒããå«ãŸããŠã
ãŸãã
⢠CUCM ã OpenMultiMediaReceiveChannelAckMessage ã 1 ã€ã®ãšã³ããã€ã³ãããåãåããšã
StartMultiMediaTransmissionMessage ãå¥ã®ãšã³ããã€ã³ãã«éä¿¡ããŠãRTP ãã㪠ã¹ããªãŒã
ã®æå®ãã IP ã¢ãã¬ã¹ãš UDP ããŒãïŒCUVA ãã㪠ã¡ãã£ã¢ã§ã¯ããŒã 5445 ãåžžã«äœ¿çšãã
ãïŒãžã®éä¿¡ãéå§ããããæ瀺ããŸãããã®ã¡ãã»ãŒãžã¯ãSIP ãŸã㯠Skinny ãéã㊠CUCM ããé»è©±ã«éä¿¡ãããCAST ãããã³ã«ã䜿çšã㊠CUVA ãšã³ããã€ã³ãã«ãªã¬ãŒãããŸãã
CUVA åæåã®ããã® CAST ãèš±å¯ããã®ã«äœ¿çšãã CUVA VPN ã®å€éšã€ã³ã¿ãŒãã§ã€ã¹ã«ããå
ããã¡ã€ã¢ãŠã©ãŒã« ã¢ã¯ã»ã¹ãªã¹ãã䜿çšããŠãã³ãŒãªã³ã° ã·ã°ããªã³ã°ã® CAST ãèš±å¯ããŸãã
CUVA ã³ãŒã« ã¡ãã£ã¢ ãããŒïŒVPN å
å³ 51 ã¯ãCUVA ã³ãŒã«ã«å«ãŸãã IP é»è©±ãš CUVA ãšã³ããã€ã³ãéã® RTP é³å£°ããã³ãã㪠ã¡ãã£ã¢ ãããŒã§ãäž¡æ¹ã®ãšã³ãã£ãã£ãåã VAN å ã«å±éãããŠãããšããç¹æ®ãªã±ãŒã¹ã瀺ããŠã
ãŸãã
100ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
å³ 51 VPN éã® CUVA ã³ãŒã«
⢠2 ã€ã®é»è©±ãåã VPN å ã«ãããããé»è©±éã® RTP é³å£°ãã±ããã Red VPN å ã§ã«ãŒãã£ã³ã°
ãããŸãïŒãã¡ã€ã¢ãŠã©ãŒã«ã«ããã€ã³ã¹ãã¯ã·ã§ã³ãŸãã¯ãã¥ãŒãžã§ã³ ã«ãŒã¿ã«ããã«ãŒãã£
ã³ã°ã¯äžèŠïŒã
⢠åæ§ã«ããã®äŸã§ã¯ 2 ã€ã® PC ãåãããŒã¿ VPN å ã«ãããPC éã® RTP ãã㪠ãã±ããã Green VPN å ã§ã«ãŒãã£ã³ã°ãããŸãã
CUVA ã³ãŒã« ã¡ãã£ã¢ ãããŒïŒVPN é
å³ 52 ã¯ããããã«è€é㪠CUVA å±éã®ã³ãŒã« ã¡ãã£ã¢ ãããŒã瀺ããŠããŸãããã®äŸã§ã¯ãå šç€ŸèŠ
æš¡ã®é³å£° VPN ã 1 ã€ãããŸãããããŒã¿ VPN ã¯è€æ°ååšããŸãã
CiscoIP
IPIP
Cisco UnifiedCommunications
Manager
TFTP DNSDHCP ADM
VRF1 VRF2
Cisco Unified VideoAdvantage
1RTP
2UDP
2262
89
101ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
å³ 52 VPN éã® CUVA ã³ãŒã«
⢠Red é³å£° VPN å ã§ãé³å£° RTP ãã±ãã ãããŒã¯ãåã®äŸãšåãããã«çŽæ¥æµããŸãã
⢠ã³ãŒã«ã確ç«ãã Cisco IP é»è©±ã«é¢é£ã¥ãããããã㪠ãšã³ããã€ã³ãã¯ãç°ãªãããŒã¿ VPN ã«ãããŸãããã®ã±ãŒã¹ã§ã® RTP ãã㪠ã¡ãã£ã¢ã¯ããã¡ã€ã¢ãŠã©ãŒã«ãééããŠããã¥ãŒãžã§ã³ ã«ãŒã¿ã«ãã£ãŠã«ãŒãã£ã³ã°ãããå¿ èŠããããŸãããã®ãããå¥ã®ãã£ã«ã¿ããã¡ã€ã¢ãŠã©ãŒã« ã³ã³ããã¹ãã®å€éšã€ã³ã¿ãŒãã§ã€ã¹ã«è¿œå ããŠãäž¡æ¹ã®ããŒã¿ VPN ãä¿è·ããŠãVideo Advantage ã® RTP ããŒã¿ã䜿çšãã UDP ããŒããèš±å¯ããå¿ èŠããããŸããVideo Advantage ã¯ããã®ã¡ãã£ã¢ ãã©ãã£ãã¯ã®éä¿¡å ãšå®å ã« 1 ã€ã®ããŒãã ãã䜿çšããããšããããã¡ã€
ã¢ãŠã©ãŒã«ã§éãå¿ èŠãããã®ã¯ãUDP ããŒã 5445 ã ããšãªããŸãã
Cisco ãã¡ã€ã¢ãŠã©ãŒã«ã¯çŸåš CAST ãããã³ã«ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ã£ãŠããªããããCUVA ãéå§ãããã㪠ã¡ãã£ã¢ã«ãå¿ èŠãªãã£ã«ã¿ãæåã§èšå®ããå¿ èŠããããŸããå CUVA ãšã³ããã€
ã³ããæ¹åæ§ã®ãªã RTP ãã㪠ã¡ãã£ã¢ ã¹ããªãŒã ãä»ã®ãšã³ããã€ã³ãã«å¯ŸããŠç¢ºç«ãããããäž¡
æ¹ã® CUVA ã¯ã©ã€ã¢ã³ã VPN ãã¡ã€ã¢ãŠã©ãŒã«ã®å€éšã€ã³ã¿ãŒãã§ã€ã¹ã«ãã£ã«ã¿ãé©çšããå¿ èŠã
ãããŸããVPN é㧠CUVA ãã㪠RTP ããŒã¿ãèš±å¯ããã®ã«å¿ èŠãªãã¡ã€ã¢ãŠã©ãŒã« ACL ã«ã¯ã次
ã®ãã®ããããŸãã
! Permit CUVA video data between VPNs access-list outside-vrf3-ACL extended permit udp any any eq 5445
CUVA ã®æŠèŠ
ãããªå¯Ÿå¿ãšããŠèšå®ãããCUVA ãè¿œå ãããã¯ãŒã¯ã¹ããŒã·ã§ã³ãæ〠2 ã€ã®é»è©±éã«ã³ãŒã«ã
éä¿¡ããããšãé»è©±ã¯é³å£°ãšã³ããã€ã³ããšããŠã®åœ¹å²ãæãããŸãããã®å Žåã¯ãããŒã¿ ããã€ã¹
ããã㪠ãšã³ããã€ã³ããè¡šããŸãã
Cisco UnifiedCommunications
Manager
TFTP DNSDHCP ADM
VRF1 VRF2 VRF3
CiscoIP
1 2
IPIP
CUVA CUVA
UDPRTP
2262
90
102ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
ãã¹ãŠã® CUCM ã·ã°ããªã³ã°ããé»è©±ãšã®éã§ããåããããŸããé»è©±ã¯ãCAST ãããã³ã«ãéã
ãŠãã¯ãŒã¯ã¹ããŒã·ã§ã³ãšã®éã®ãã㪠ã·ã°ããªã³ã°ã®ãããã·ãšããŠæ©èœããŸããCisco ãã¡ã€ã¢
ãŠã©ãŒã«ã¯çŸåš CAST ãããã³ã«ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ã£ãŠããªããããCUVA ãéå§ãããã㪠ã¡ãã£ã¢ã«ãå¿ èŠãªãã£ã«ã¿ãæåã§èšå®ããå¿ èŠããããŸãã
é³å£°ã¡ãã£ã¢ã¯é³å£°ãšã³ããã€ã³ãéãçŽæ¥æµãããã㪠ã¡ãã£ã¢ã¯ãã㪠ãšã³ããã€ã³ãéãçŽæ¥
æµããŸãã
Cisco Unified Personal CommunicatorCisco Unified Personal Communicator ã¯ãé »ç¹ã«äœ¿çšãããéä¿¡ã¢ããªã±ãŒã·ã§ã³ãšãµãŒãã¹ãã1 ã€ã®çµ±åãããã¯ã©ã€ã¢ã³ãã«ééçã«çµ±åããŸããããã䜿çšãããšãPC ãŸã㯠Mac ã®äœ¿ããããã€
ã³ã¿ãŒãã§ã€ã¹ããã匷åãªéä¿¡ããŒã«ã§ãããœãããã©ã³ãPresenceãInstant Messagingãããžã¥ã¢
ã« ãã€ã¹ ã¡ãŒã«ãã¯ãªã㯠ã㌠ã³ãŒã«ãåŸæ¥å¡ãã£ã¬ã¯ããªãéä¿¡å±¥æŽããããªãWeb äŒè°ãªã©ã«ã
ãã°ããç°¡åã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã
IP ãã¬ãã©ããŒã§äœ¿çšãããšãCUPC ã¯æ¬¡ã® 2 ã€ã®ã¢ãŒãã«ããããã§åäœããŸãã
⢠ãœãããã©ã³ ã¢ãŒã
ãœãããã©ã³ ã¢ãŒãã§ã¯ãCUPC 㯠IP ãã¬ãã©ã㌠ãšã³ããã€ã³ããšãªããŸããSIP ã·ã°ããªã³
ã°ã䜿çšã㊠CUCP ãšã®éä¿¡ãè¡ããä»ã®é³å£°ãšã³ããã€ã³ããšã®é㧠RTP é³å£°ã¡ãã£ã¢ ã¹ã
ãªãŒã ã確ç«ããŸãã
⢠ãã¹ã¯ãã©ã³ ã¢ãŒã
ãã¹ã¯ãã©ã³ ã¢ãŒãã§ã¯ãCUPC ã¯ãã¹ã¯ããã Cisco Unified IP Phone ãå¶åŸ¡ããŠãã³ãŒã«ã®äœ
æãåä¿¡ããŸãã¯çµ±åãè¡ãã®ã«äœ¿çšãããŸãã
次ã«ãCUVA ã³ãŒã«ç¢ºç«ã®æ¬¡ã®ã¹ããŒãžãèŠãŠãããŸãã
⢠CUPC ã®åæå
⢠CUPC ã·ã°ããªã³ã°ãšã³ãŒã« ãããŒïŒãã¹ã¯ãã©ã³ ã¢ãŒã
⢠CUPC ã·ã°ããªã³ã°ãšã³ãŒã« ãããŒïŒãœãããã©ã³ ã¢ãŒã
⢠CUPC ã·ã°ããªã³ã°ãšã³ãŒã« ãããŒïŒãœãããã©ã³ ãã㪠ã³ãŒã«
⢠CUPC ã·ã°ããªã³ã°ãšã³ãŒã« ãããŒïŒãœãããã©ã³ ãã㪠ã³ãŒã«ãVPN é
⢠CUPC ã·ã°ããªã³ã°ãšã³ãŒã« ãããŒïŒInstant Messaging
CUPC ã®åæå
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãCUPC ãã¯ãŒã¯ã¹ããŒã·ã§ã³äžã§èµ·åããããšãã«çºçããããŒã¿ ãããŒã«ã€
ããŠèŠãŠãããŸãã
103ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
å³ 53 CUPC åæåããã»ã¹
å³ 53 ã¯ãCUPC ãå®å šã«èµ·åããã®ã«å¿ èŠãªæé ãéç¹çã«ç€ºããŠããŸãã
1. CUPC ã¯ãHTTPS ã䜿çšã㊠CUPS ãµãŒãã«å®å šãªæ¹æ³ã§ãã°ãèšé²ããŸããCUPC ã¯ã
Presence Server ãã TFTP ãµãŒãã® IP ã¢ãã¬ã¹ãååŸããŸãã
2. 次ã«ãCUPC 㯠ä»ã®é»è©±ãšåæ§ã«ãèšå®ãã¡ã€ã«ã TFTP ã§ããŠã³ããŒãããŸãã
3. Cisco Unified Personal Communicator ã¯ãäŒæ¥ã® Lightweight Directory Access ProtocolïŒLDAPïŒããŒãžã§ã³ 3 ãã£ã¬ã¯ããªã«ã¢ã¯ã»ã¹ããŠãé£çµ¡å ãªã¹ãã®åé£çµ¡å ã§ãã£ã¬ã¯ããªæ€çŽ¢ãè¡ã£
ãŠãè¿œå ã®é£çµ¡å æ å ±ïŒåãå§ãé»è©±çªå·ãªã©ïŒãæäŸããŸãã
4. CUPC 㯠SIP ãããã³ã«ã䜿çšããŠãCUCM ãµãŒããš CUPS ãµãŒãã«ãã¬ãŒã³ã¹æ å ±ãç»é²ããŸ
ããCUPC 㯠SIP ã·ã°ããªã³ã° ãããã³ã«ã䜿çšããŸããSkinnyïŒSCCPïŒã¯äœ¿çšã§ããŸããã
5. CUPCã¯ã©ã€ã¢ã³ãããã¹ã¯ãã©ã³ ã¢ãŒãã§äœ¿çšãããå Žåã¯ãCUCM ãšã®é㧠CTI æ¥ç¶ã確ç«
ãããŸããCTI ãããã³ã«ã䜿çšãããšãCUPC ã¯ãã¹ã¯ããã Cisco Unified IP Phone ãå¶åŸ¡ã
ãŠãã³ãŒã«ã®äœæãåä¿¡ãçµ±åãè¡ãããšãã§ããŸããå¶åŸ¡ããé»è©±ãçŽæ¥è¿œå ããå¿ èŠããããŸ
ããããCUCM èšå®ã§ CUPC ãŠãŒã¶ã«é¢é£ã¥ããå¿ èŠã¯ãããŸããã
ïŒæ³šïŒ Cisco Unified Presence ã¯ãSession Initiation Protocol ïŒSIPïŒãã¬ãŒã³ã¹ ãšã³ãžã³ãš SIP ãããã· ãµãŒãæ©èœã Cisco Unified Personal Communicator ã«æäŸããŸãããã¬ãŒã³ã¹ ãšã³ãžã³ã¯ãSIP Instant Messaging ãš Presence Leveraging ExtensionsïŒSIMPLEïŒã䜿çšããŠãCisco Unified Personal Communicator ã«ãŠãŒã¶ãšããã€ã¹ã®ã¹ããŒã¿ã¹æ å ±ïŒããšãã°ã䜿çšå¯èœãå€åºãäŒæ©äžãªã©ïŒãæ
äŸããŸãã
ãã¬ãŒã³ã¹ ãšã³ãžã³ã¯ãåãŠãŒã¶ã®åªå éä¿¡æ¹æ³ïŒInstant MessageãE ã¡ãŒã«ãé³å£°ããããªïŒãš é£çµ¡å ãªã¹ããæ ŒçŽããŸããCisco Unified Presence ã¯ãCisco Unified Personal Communicator ã®ãã°ã€
Cisco UnifiedCommunications
ManagerCiscoUnified
PresenceTFTP DNSDHCP AD
VRF1
1
23M
4
5
PersonalCommunicator
VRF2
2262
91
104ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
ã³èªèšŒãè¡ããHTTP ãš HTTPS 㧠Simple Object Access Protocol ïŒSOAPïŒã䜿çšããŠãCisco Unified Personal Communicator ã«èšå®æ å ±ãæäŸããŸãããããã· ãµãŒãã¯ãã¯ã©ã€ã¢ã³ãã«ç»é²ãš
ã«ãŒãã£ã³ã°ã®ãµããŒããæäŸããŸãããããã¯ãã¹ãŠ SIP ããŒã¹ãšãªããŸããCisco Unified Personal Communicator ã¯ããã®ãããã· ãµãŒããšã®é㧠SIP ã¡ãã»ãŒãžã®éåä¿¡ãè¡ããŸãããã
ãã® SIP ã¡ãã»ãŒãžã¯ããã¬ãŒã³ã¹æ å ±ãšããŒã¿ããŒã¹å€æŽéç¥ã®ããã®ãã®ã§ããCisco Unified Personal Communicator ã¯ãInstant Messaging ã䜿çšã㊠SIP ã¡ãã»ãŒãžãïŒãããã·çµç±ã§ïŒä»ã® Cisco Unified Personal Communicator ã¯ã©ã€ã¢ã³ãã«éä¿¡ããŸãã
次ã®èšå®äŸã¯ãCUPC ã®åæåãå¯èœã«ããããã«ãCUPC VPN ã®ããã³ããšã³ããšãªããã¡ã€ã¢
ãŠã©ãŒã« ã³ã³ããã¹ãã®å€éšã€ã³ã¿ãŒãã§ã€ã¹ã«è¿œå ããå¿ èŠã®ããããã¹ãŠã®ãã£ã«ã¿ã瀺ããŠã
ãŸãã
name 10.13.100.70 CUPS description CUPS Servername 10.13.100.5 DNS_DHCP_AD_Mainname 10.13.100.20 CUCM_pub description CUCM publishername 10.14.100.20 CUCM_sub description CUCM subscriber!object-group protocol TCPUDPprotocol-object udpprotocol-object tcp!! 1. Permit HTTPS for CUPC login to CUPS (TCP port 443)access-list outside-vrf1-ACL extended permit tcp any host CUPS eq https! 2. Permit IP phone TFTP configuration download (UDP port 69)access-list outside-vrf1-ACL extended permit udp any host CUCM_pub eq tftp! 3. Permit LDAP communication between CUPC and LDAP DB (TCP port 389)access-list outside-vrf1-ACL extended permit tcp any host DNS_DHCP_AD eq ldap! 4. Permit SIP signaling between CUPC and CUCM & CUPS (TCP/UDP port 5060)access-list outside-vrf1-ACL extended permit object-group TCPUDP any host CUCM_pub eq sipaccess-list outside-vrf1-ACL extended permit object-group TCPUDP any host CUPS eq sip! 5. Permit CTI communication between CUPC in deskphone mode and CCM (TCP port 2748)access-list outside-vrf1-ACL extended permit tcp any host CUCM_pub eq ctiqbe
CUPC ã·ã°ããªã³ã°ãšã³ãŒã« ãããŒïŒãã¹ã¯ãã©ã³ ã¢ãŒã
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãCUPC ã䜿çšããŠããã¹ã¯ããã Cisco Unified IP Phone ãå¶åŸ¡ããŠã³ãŒã«ãå®
è¡ãããšãã«çºçãããããŒã«ã€ããŠèª¬æããŸãã
105ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
å³ 54 ãã¹ã¯ãã©ã³ ã¢ãŒãã® CUPC
å³ 54 ã¯ãCUPC ã䜿çšããŠãã¹ã¯ãã©ã³ãå¶åŸ¡ãããšãã®ãã·ã°ããªã³ã°ãšã³ãŒã« ãããŒã瀺ããŠã
ãŸãããã®äœ¿çšäŸã§ã¯ãCUPC Outlook ããŒã«ããŒãæäŸããã¯ãªã㯠ã㌠ãã€ã¢ã«æ©èœã䜿çšããŠ
ããŸããOutlook ã¯ãªã㯠ã㌠ãã€ã¢ã«ã CUPC ã¯ãŒã¯ã¹ããŒã·ã§ã³ã§äœ¿çšãããšãCTI ã·ã°ããªã³
ã°ã CUCM ã«éä¿¡ãããããŒã«ã« ãã¹ã¯ãã©ã³ãšãªã¢ãŒãã®é»è©±ã§åŒã³åºãé³ãåæã«é³ŽããŸãããª
ã¢ãŒãã®é»è©±ãå¿çãããšããã¹ã¯ãã©ã³ãã³ãŒã«ã«äœ¿çšãããŠãCUPC ã¯äœ¿ãããªããªããŸãã
1. ãã®åŠçãå®è¡ããããã«ãCUPC ã Computer Telephony Integration ïŒCTIïŒãéã㊠CUCM ã«ã·ã°ãã«ãéä¿¡ããŸãã
2. 次ã«ãCUCM ã Skinny ïŒãŸã㯠SIPïŒãéããŠãåä¿¡åŽã® Cisco IP Phone ã«ã·ã°ãã«ãéä¿¡ããŸ
ãã
3. æ¥ç¶ããããšããã®äŸã«ç€ºãããã«ãåãé³å£° VRF ã®äžéšãšããŠå±éãããŠããå Žåã«ã2 ã€ã® IP é»è©±éã§ã³ãŒã« ã¡ãã£ã¢ã®ãããŒãçºçããŸãã
ããã§ãCUPC ã«é¢ããŠãCUPC ãå¶åŸ¡ãã CUPC ãšãã¹ã¯ãã©ã³ã®é¢ä¿ã¯ CUCM ã§èšå®ãããäž¡
è éã«ç©ççãªã€ãŒãµãããæ¥ç¶ãäžèŠã§ããç¹ã«ã泚æãå¿ èŠã§ãããã®è«ççãªé¢ä¿ã¯ãå³ 54 ã®ãããã®ä»ããè¡ã§ç€ºãããŠããŸãã
CTI ãã㌠ã·ã°ããªã³ã°ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã«éãããåæåã»ã¯ã·ã§ã³ã® 5 çªã®ãã£ã«ã¿ã§ãã£
ã«ã¿ãªã³ã°ãããŸããããã«ããã¹ã¯ãã©ã³ã®å¶åŸ¡ã«äœ¿çšããã SCCP ãŸã㯠SIP ã·ã°ããªã³ã°ã«å¯Ÿ
ããŠããã¡ã€ã¢ãŠã©ãŒã«ã«ããã€ã³ã¹ãã¯ã·ã§ã³ãè¡ãããŸããããã®äŸã§ã¯ 2 ã€ã®ãã¹ã¯ãã©ã³ãå
ã VPN ã«ããããã® RTP é³å£°ã¡ãã£ã¢ ãã©ãã£ãã¯ã¯ãã¡ã€ã¢ãŠã©ãŒã«ãééããå¿ èŠã¯ãããŸã
ãã
CiscoIP
IP
Cisco UnifiedCommunications
Manager
TFTP DNSDHCP ADM
VRF1 VRF2
1
PersonalCommunicator
3
IP
2
2262
92
106ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
CUPC ã·ã°ããªã³ã°ãšã³ãŒã« ãããŒïŒãœãããã©ã³ ã¢ãŒã
ãœãããã©ã³ ã¢ãŒãã§ã¯ãCUPC 㯠IP ãã¬ãã©ã㌠ãšã³ããã€ã³ããšãªããŸããSIP ã·ã°ããªã³ã°ã
䜿çšã㊠CUCP ãšã®éä¿¡ãè¡ããä»ã®é³å£°ãšã³ããã€ã³ããšã®é㧠RTP é³å£°ã¡ãã£ã¢ ã¹ããªãŒã ã確
ç«ããŸãã
å³ 55 ãœãããã©ã³ ã¢ãŒãã® CUPC
å³ 55 ã§ã¯ãCUPC ãã¹ã¿ã³ãã¢ãã³ ãœãããã©ã³ ã¢ãŒãã§äœ¿çšãããŠããŸãã
1. CUPC ã¯ãSIP ã䜿çšã㊠CUCM ã«ã·ã°ãã«ãéä¿¡ããŸããCUPC ã¯ã·ã°ããªã³ã°ã§ SIP ã ãã
䜿çšããSkinny ã¯çŸåšãµããŒãã®å¯Ÿè±¡å€ã§ãã
2. CUCM 㯠CUPC ãšåŒã³åºããè¡ã£ãŠãããã¹ã¯ãã©ã³ã«ã·ã°ãã«ãéä¿¡ããŸããCUCM ã¯ã
CUPC ã«å¯ŸããŠã¯ SIP ã䜿çšãããã¹ã¯ãã©ã³ã«å¯ŸããŠã¯ SIP ãŸã㯠Skinny ã䜿çšããŸãã
3. åŸã«ãRTP ã¡ãã£ã¢ ã¹ããªãŒã ã¯ã2 ã€ã®é³å£°ãšã³ãã£ãã£éãæµããŸãã
ã³ãŒã«ã¯ Red é³å£° VPN ã®ãã¹ã¯ãã©ã³ãšãGreen ããŒã¿ VPN ã®CUPC éã®ãã®ã§ãããããã¡ãã£
㢠ãããŒã¯ãã¡ã€ã¢ãŠã©ãŒã«ãšãã¥ãŒãžã§ã³ ã«ãŒã¿ãçµç±ããå¿ èŠããããŸãã
ãã®ã±ãŒã¹ã§ã¯ãåæåã»ã¯ã·ã§ã³ã§å®çŸ©ãããŠãããã£ã«ã¿ã«ãã£ãŠãSIP ãš Skinny ãããŒããã¡
ã€ã¢ãŠã©ãŒã«ãééããŸããããã«ãSIP ãš SCCP ã·ã°ããªã³ã°ã«å¯ŸããŠã€ã³ã¹ãã¯ã·ã§ã³ãè¡ããã
RTP ããŒã¿ ãããŒã¯ã³ãŒã«ãç¶ç¶ããéãåçã«èš±å¯ãããŸãã
CUPC ã·ã°ããªã³ã°ãšã³ãŒã«ãããŒïŒVPN éã®ãœãããã©ã³ ãã㪠ã³ãŒã«
CUPC ã Webcam ãåããã¯ãŒã¯ã¹ããŒã·ã§ã³ã§äœ¿çšããå Žåã¯ããããªé»è©±ãšããŠäœ¿çšã§ããŸãã
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãåã VPN ã® CUPC ã¯ãŒã¯ã¹ããŒã·ã§ã³éã§ãã㪠ã³ãŒã«ãè¡ããããšãã«çº
çãããããŒãæ€èšŒããŸãã
CiscoIP
Cisco UnifiedCommunications
Manager
TFTP DNSDHCP AD
VRF1 VRF2
12a
3
PersonalCommunicator
IP
M2b
2262
93
107ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
å³ 56 VPN å ã®ãœãããã©ã³ ã¢ãŒãã® CUPC ã䜿çšãããã㪠ã³ãŒã«
å³ 56 ã¯ãåã Green VRF å ã® 2 ã€ã® CUPC ã¯ã©ã€ã¢ã³ãéã®ãœãããã©ã³ ã³ãŒã«ã瀺ããŠããŸãã
1. 1 ã€ã® CUPC ã¯ã©ã€ã¢ã³ããå¥ã®ã¯ã©ã€ã¢ã³ããåŒã³åºããŸããåŒã³åºããèŠæ±ãã SIP ã·ã°ããª
ã³ã°ã CUPC ã«éãããŸãã
2. CUCM ãš 2 ã€ã® CUPC ãšã³ããã€ã³ãéã® SIP ã·ã°ããªã³ã° ãããŒããé³å£°ã³ãŒã«ã®ã»ããã¢ã
ããè¡ããŸãã
3. äž¡æ¹ã® CUPC ãåã Green ããŒã¿ VPN å ã«ããããã2 ã€ã® CUPC éã® RTP é³å£°ã¯ãVPN å ã§ã«ãŒãã£ã³ã°ãããŸãã
4. CUCM ã¯ãã³ãŒã«ã 2 ã€ã®ãããªå¯Ÿå¿ã¯ã©ã€ã¢ã³ãéã®ãã®ã§ããããšãèªèããCUPC ã¯ã©ã€
ã¢ã³ãã«ãäºãã«ãããªéä¿¡ãéå§ããããæ瀺ããŸãããããªãèµ·åãããVPN å ã§ã«ãŒãã£
ã³ã°ãããŸãã
é³å£°ãšãã㪠RTP ã¹ããªãŒã ãåã VPN å ã§ã«ãŒãã£ã³ã°ããããããããŒã¿ ã¹ããªãŒã ã¯ãµãŒã
ã¹ ãšããžãééããããã©ãã£ãã¯ã®ã€ã³ã¹ãã¯ã·ã§ã³ã¯è¡ããããè¿œå ã®ãã£ã«ã¿ãäžèŠã§ãã
CUPC ã·ã°ããªã³ã°ãšã³ãŒã«ãããŒïŒVPN éã®ãœãããã©ã³ ãã㪠ã³ãŒã«
ãã®ã»ã¯ã·ã§ã³ã¯ãCUPC ãšã³ããã€ã³ãã 2 ã€ã®ç°ãªã VPN ã«ããããšä»¥å€ã¯ãåã®ã»ã¯ã·ã§ã³ãš
åæ§ã§ãã
CiscoIP
Cisco UnifiedCommunications
Manager
TFTP DNSDHCP AD
VRF1 VRF2
1
3
PersonalCommunicator
IP
M2
4
2262
94
108ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
å³ 57 VPN éã®ãœãããã©ã³ ã¢ãŒãã® CUPC ã䜿çšãããã㪠ã³ãŒã«
å³ 57 ã¯ãç°ãªã VPN ã«å±éããã 2 ã€ã® CUPC ã¯ã©ã€ã¢ã³ãã瀺ããŠããŸãã
1. 1 ã€ã® CUPC ã¯ã©ã€ã¢ã³ããå¥ã®ã¯ã©ã€ã¢ã³ããåŒã³åºããŸããåŒã³åºããèŠæ±ãã SIP ã·ã°ããª
ã³ã°ã CUPC ã«éãããŸãã
2. CUCM ãš 2 ã€ã® CUPC ãšã³ããã€ã³ãéã® SIP ã·ã°ããªã³ã° ãããŒããé³å£°ã³ãŒã«ã®ã»ããã¢ã
ããè¡ããŸãã
3. å VPN ã®ãã¡ã€ã¢ãŠã©ãŒã«ã SIP ã·ã°ããªã³ã°ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ãããã³ããŒã«ãåçã«
éããŠãé³å£° RTP ã¡ãã£ã¢ ã¹ããªãŒã ãééãããã®ã«äœ¿çšãã UDP ããŒããèš±å¯ããŸãã
4. äž¡æ¹ã®ãšã³ããã€ã³ãããCUCM ã§ãããªå¯Ÿå¿ãšããŠèšå®ãããŠããŸããCUCM 㯠SIP ã·ã°ããª
ã³ã°ã CUPC ã¯ã©ã€ã¢ã³ãã«éä¿¡ããŠãäºãã«ãããªãéå§ããããæ瀺ããŸããå VPN ã®ãã¡
ã€ã¢ãŠã©ãŒã«ã SIP ã·ã°ããªã³ã°ã®ã€ã³ã¹ãã¯ã·ã§ã³ãè¡ãããã³ããŒã«ãåçã«éããŠããã㪠RTP ã¡ãã£ã¢ ã¹ããªãŒã ãééãããã®ã«äœ¿çšãã UDP ããŒããèš±å¯ããŸãã
CUPC ã·ã°ããªã³ã°ãšã³ãŒã« ãããŒïŒInstant Messaging
Instant Messaging ã®ãµããŒãã«ãããCUPC ãŠãŒã¶ã¯ä»ã® Cisco Unified Personal Communicator ãŠãŒ
ã¶ãšãªã¢ã« ã¿ã€ã ã§ãã£ããã§ããããã«ãªããæéã®ç¯çŽã«ãªããäžåšã«ããè¡ãéããå°ãªããª
ããŸãã
Cisco UnifiedCommunications
Manager
TFTP DNSDHCP AD
VRF1 VRF2
1
M
2
3
4
PersonalCommunicator
PersonalCommunicator
2262
95
109ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
å³ 58 Instant Messaging ãš CUPC
Cisco Unified Personal Communicator ã¯ãSIMPLE ãããã³ã«ã䜿çšããŠãInstant Message ãä»ã® CUPC ãŠãŒã¶ã«éä¿¡ããŸããããã¯ãCisco Unified Presence ãµãŒãããµããŒãããŠãCUPC ã¯ã©ã€ã¢
ã³ãéã§ã¡ãã»ãŒãžã®ãªã¬ãŒãè¡ããã®ã§ãã
1. Green VRF ã«ãã CUPC ã SIP/SIMPLE Instant Message ã Cisco Unified Presence ãµãŒãã® SIP ãããã·æ©èœã«éä¿¡ããŸãã
2. 次ã«ãCUPS ãµãŒã㯠Instant Message ã Red VRF ã«ãã 2 ã€ã® CUPC ã«ãªã¬ãŒããŸãã
CUPC ã¯ã©ã€ã¢ã³ãéã® Instant Message ã«ã¯ãSIP ãããã³ã«ã䜿çšãããŸããSIP Instant Message ã¯ãCUPC ã®åæåã§å®çŸ©ããã SIP ãã£ã«ã¿ã«ãããããã©ã«ãã§èš±å¯ãããã€ã³ã¹ãã¯ã·ã§ã³ã
è¡ãããŸãã
CUPC ã®æŠèŠ
Cisco Unified Personal Communicator ã¯ãé »ç¹ã«äœ¿çšãããéä¿¡ã¢ããªã±ãŒã·ã§ã³ãšãµãŒãã¹ãã1 ã€ã®çµ±åãããã¯ã©ã€ã¢ã³ãã«ééçã«çµ±åããŸãã匷åãªéä¿¡ããŒã«ã§ãããœãããã©ã³ãPresenceãInstant Messagingãããžã¥ã¢ã« ãã€ã¹ ã¡ãŒã«ãã¯ãªã㯠ã㌠ã³ãŒã«ãåŸæ¥å¡ãã£ã¬ã¯ããªãéä¿¡å±¥
æŽããããªãWeb äŒè°ãªã©ã«ããã°ããç°¡åã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãCUPC ã¡ãã»ãŒãžã®ãããŒãšã次ã®çµ±èšçã«å®çŸ©ããããã£ã«ã¿ã CUPC ã¯ã©
ã€ã¢ã³ãã®æ£åžžãªåäœãèš±å¯ããããšã«çŠç¹ãåœãŠãŸãã
⢠CUPC VPN ããå ±æãµãŒãã¹ VPN ã®ç¹å®ã®å®å ãµãŒãã«å¯Ÿãã HTTPSãTFTPãSIPãLDAPãããã³ CTI ãã©ãã£ãã¯ãèš±å¯ããŸãã
Cisco UnifiedCommunications
ManagerCiscoUnified
PresenceTFTP DNSDHCP AD
VRF1 VRF2
1
M
2
PersonalCommunicator
PersonalCommunicator
2262
96
110ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
⢠SIP ã·ã°ããªã³ã°ã®ãã¡ã€ã¢ãŠã©ãŒã« ã€ã³ã¹ãã¯ã·ã§ã³ã¯ãããŸããŸãª VPN ã®é³å£°ãšã³ããã€ã³
ãå ãšé³å£°ãšã³ããã€ã³ãéã§ã®éä¿¡ããã¹ããããŠããã¢ããªã±ãŒã·ã§ã³ãèš±å¯ããã®ã«ååãª
ãã®ã§ãã
ïŒæ³šïŒ CUPC ããŒãžã§ã³ 1.2 ã¯ããã®ããã¥ã¡ã³ãã§ãã¹ããããŠãã次㮠2 ã€ã®æ©èœããµããŒãããŠããŸ
ãã
- Web äŒè°ïŒä»è ãšã®ãã¬ãŒã³ããŒã·ã§ã³ã®ãããªå ±æã³ã³ãã³ããå ±æããéç¥ãåºãããç¬éã«ã
Web äŒè°ã»ãã·ã§ã³ãèµ·åããŸã
- é³å£°ã¡ãã»ãŒãžïŒCisco Unity ãŸã㯠Cisco Unity Connection ãã€ã¹ ã¡ãŒã« ã¡ãã»ãŒãžã«ã¢ããªã±ãŒ
ã·ã§ã³ããã¢ã¯ã»ã¹ããã¡ãã»ãŒãžã®è¡šç€ºãåçã䞊ã¹æ¿ããããã³åé€ãè¡ããŸãããããã®æ©èœ
ã¯ãTCP 143ïŒWeb äŒè°ïŒããã³ TCP 80ïŒãã€ã¹ ã¡ãã»ãŒãžïŒãæå¹ã«ãªã£ãŠããå Žåã®è¿œå ãã£ã«
ã¿ã§å¿ èŠãª TCP ããŒãã䜿çšããŸãã
ãŸãããã¹ããå®äºããŠä»¥éã« CUPC ããŒãžã§ã³ 7.0 ããªãªãŒã¹ãããŠããŸããCUPC 7.0 ã¯ãã»ãã¥
ã¢ãªãã€ã¹ ã¡ãŒã« ã¡ãã»ãŒãžã®åŸ©å·ãšCUPC ã«ããåçãå¯èœã§ããããã«ã¯ãCUPC ãè¿œå ãã£ã«
ã¿ã§å¿ èŠãšãªã次ã®ããŒããšéä¿¡ã§ããå¿ èŠããããŸãã
- 7993ïŒç¹å¥ãª IMAP ããŒã ïŒCisco Unity ConnectionïŒ - 993ïŒSSL ïŒIMAP ã®äº€æïŒ
- 443ïŒHTTPS ïŒCisco UnityïŒ
Unity ãã€ã¹ã¡ãŒã«
Unity ãã€ã¹ã¡ãŒã«ã«ã¢ã¯ã»ã¹ããããšã¯ãUnity ãµãŒãã«é³å£°ã³ãŒã«ãéä¿¡ããããã®äž»èŠãªãã€ã³
ãã§ããUnity ãµãŒãã¯ãCUCM ãšã®å ±æãµãŒãã¹ VPN ã«ãããŸããUnity ã CUCM ãšå ±ã«é 眮ã
ãããšã§ãäžè²«æ§ã®ããã³ãŒã«å¶åŸ¡ãšããã¹ãŠã®é³å£°ã¯ã©ã€ã¢ã³ãã«å¯Ÿããã¡ãã»ãŒãžã³ã° ã¢ã¯ã»ã¹
ãå¯èœã«ãªããŸãã
111ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
å³ 59 Unity ãã€ã¹ã¡ãŒã«ã®çµ±å
1. IP é»è©±ã¯ãã³ãŒã«ããœãããã©ã³ã«çºä¿¡ããŸãããšã³ããã€ã³ããš CUCM éã® SIP ãŸã㯠Skinny ã³ãŒã« ã·ã°ããªã³ã°ã«ãããé»è©±ã§åŒã³åºãé³ã鳎ããŸãã
2. çä¿¡åŽã®é»è©±ãå¿çããªãå ŽåãCUCM ã¯ãã®ã³ãŒã«ã Unity Voicemail ã«ãªãã€ã¬ã¯ããããã
èšå®ãããŠããŸããCUCM 㯠Unity ã«å¯ŸããŠã¯ SCCP ã·ã°ããªã³ã°ããUnity Express ã«å¯ŸããŠã¯ CTI ã䜿çšããŠã·ã°ããªã³ã°ãè¡ããŸããCUCM ãš Unity ã¯åã VPN ã«ååšããããããã®ã·ã°
ããªã³ã°ã¯èšå®äžèŠã§ãããããµãŒãã¹ ãšããžã®ãã¡ã€ã¢ãŠã©ãŒã«ã«ããã€ã³ã¹ãã¯ã·ã§ã³ãå
ããŸãã
3. CUCM ã¯ãã³ãŒãªã³ã° ãšã³ããã€ã³ããš Unity éã§æšæºã® SCCP ãŸã㯠SIP ã·ã°ããªã³ã°ã䜿çš
ããŠãRTP é³å£°ã¡ãã£ã¢ ã³ãŒã«ã確ç«ããŸãã
4. ã³ãŒã«ãé²è¡ããŸããUnity ã¯ããã³ãããè¡ããã¡ãã»ãŒãžã®åçã¯ããµãŒãããé³å£°ãšã³ãã
ã€ã³ãã« RTP é³å£°ã¡ãã£ã¢ ãã±ãããšããŠéãããŸããUnity ãã€ã¹ ããã³ããã«å¯Ÿãããšã³ã
ãŠãŒã¶ã®ããŒãããã®å¿çããdual-tone multi-frequencyïŒDTMFïŒã¿ããããŒã³ãšã㊠Unity ã«éãããŸããçºä¿¡åŽã®é»è©±ãš Unity ãšã®éã® DTMF ã¿ããããŒã³ã¯ãé垞㯠SCCP ãŸã㯠SIP ã³ãŒã« ã·ã°ããªã³ã°ãéããŠã¢ãŠããªããã³ã㧠CUCM ã«ãªã¬ãŒãããŸãããåå¥ã® RTP ãã€
ããŒã ã¿ã€ãã䜿çšããŠãRTP é³å£°ããŒã¿ ã¹ããªãŒã å ã§å®è¡ãããªãã·ã§ã³ããããŸãã
IP é»è©±ã® Unity ãã€ã¹ã¡ãŒã«ãžã®ã¢ã¯ã»ã¹ãèš±å¯ããã®ã«ããã¡ã€ã¢ãŠã©ãŒã«ã®ããŒã«ãèšå®ããå¿
èŠã¯ãããŸãããããã¯ãã³ãŒã«ãã»ããã¢ãããã SIP ãŸã㯠Skinny ã·ã°ããªã³ã°ããã¡ã€ã¢
ãŠã©ãŒã«ã«ããã€ã³ã¹ãã¯ã·ã§ã³ãåããããã§ããã®ã³ãŒã«ã䜿çšããç¹å®ã® IP ã¢ãã¬ã¹ãš UDP ããŒãã«ã€ããŠããã¡ã€ã¢ãŠã©ãŒã«ã¯åçã«éããŸãããã®ãã©ãã£ãã¯ã§äœ¿çšãããã¡ã€ã¢ãŠã©ãŒã« ãã³ããŒã«ã¯ãã³ãŒã«ãçµäºãããšåçã«éããããŸãã
Cisco UnifiedCommunications
Manager
UnityM
VRF1 VRF2
CiscoIP
IP Communicator
IP
2
3
1 1
2
2262
97
112ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
PSTN ã²ãŒããŠã§ã€ ã¢ã¯ã»ã¹
PSTN ã²ãŒããŠã§ã€ã¯ãå ¬è¡é»è©±ãããã¯ãŒã¯ãžã®ã³ãŒã«ã®çºä¿¡ãŸãã¯çä¿¡ãè¿œå ã«äœ¿çšãããŸãã
PSTN ã²ãŒããŠã§ã€ã¯ãã³ãŒã« ã·ã°ããªã³ã°ãšãIP ãããã¯ãŒã¯ãš PSTN ã§äœ¿çšããã転éãããã³
ã«ã®å€æãè¡ããŸããMGCP ãš H323 ã¯ãCUCM ãš PSTN ã²ãŒããŠã§ã€éã®ã·ã°ããªã³ã°ã§äœ¿çšãã
ã ãäžè¬çãªå¶åŸ¡ãããã³ã«ã§ããMGCP ãš H323 ã¯ãã®ããã¥ã¡ã³ãã§ãã¹ããããŠããŸãã
ïŒæ³šïŒ ãã®ãããã¯ãŒã¯èšèšã§ã¯ãVRF 察å¿ã® PSTN ã²ãŒããŠã§ã€ã¯äœ¿çšããŸããã代ããã«ãPSTN ã²ãŒ
ããŠã§ã€ãšãç©çç㪠Cisco IP é»è©±ãšããŠåã VLAN/VRF ã«å±ããã€ãŒãµããã ã€ã³ã¿ãŒãã§ã€ã¹
ãæ¥ç¶ããŸããç©çç㪠IP é»è©±ã PSTN ã²ãŒããŠã§ã€ãšåã VRF ã«ååšãããããPSTN ã²ãŒããŠã§
ã€ãšã®é㧠RTP é³å£°ãã±ãããçŽæ¥ããåãã§ããŸããä»ã® VPN ã«ããé³å£°ãšã³ããã€ã³ãã¯ããµãŒ
ãã¹ãšããžãééã㊠PSTN ã²ãŒããŠã§ã€ãšéä¿¡ãè¡ãå¿ èŠããããŸãã
ãã®ã»ã¯ã·ã§ã³ã§ã¯ã次ã®äœ¿çšã±ãŒã¹ã«ã€ããŠèª¬æããŸãã
⢠PSTN ã²ãŒããŠã§ã€ãšããŠåã VPN ã«ååšããç©çç㪠IP é»è©±ããã® PSTN ã²ãŒããŠã§ã€ ã¢ã¯
ã»ã¹
⢠ç°ãªã VPN ã«ååšãããœãããã©ã³ãã PSTN ã²ãŒããŠã§ã€ãžã® PSTN ã²ãŒããŠã§ã€ ã¢ã¯ã»ã¹
PSTN ã²ãŒããŠã§ã€ ã¢ã¯ã»ã¹ïŒVPN å
å³ 60 PSTN ã²ãŒããŠã§ã€ ã¢ã¯ã»ã¹ïŒVPN å ïŒ
1. Red é»è©±ããPSTN äžã®å€éšé»è©±ã®çªå·ããã€ã¢ã«ããŸããCUCM ãžã® Skinny ãŸã㯠SIP ã·ã°ã
ãªã³ã°ã䜿çšããŠãã³ãŒã«ã®ã»ããã¢ãããè¡ããŸãã
Cisco UnifiedCommunications
Manager
UnityM
VRF1 VRF2
CiscoIP
PSTNGW
IP Communicator
IP
2
3
1
PSTN 4
2262
98
113ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ä»®æ³ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ã«ãããé³å£°ãã¯ãããžãŒ
2. ã³ãŒã« ãããŒãžã£ ãã€ã¢ã« ãã©ã³ã«ããããã€ã¢ã«ãããçªå·ã PSTN ã²ãŒããŠã§ã€ãééå¯èœ
ã§ããããå€æãããPSTN ã²ãŒããŠã§ã€ãžã® MGCP ãŸã㯠H323 ã·ã°ããªã³ã°ã䜿çšããŠãRed é»è©±ãšå€éšé»è©±ãšã®éã®ã³ãŒã«ã®ã»ããã¢ãããè¡ãããŸããå€éšé»è©±ãžã®ã³ãŒã«ã®ã»ããã¢ãã
ãè¡ããããšãã«ãPSTN ã²ãŒããŠã§ã€ã¯ã·ã°ããªã³ã° ãããã·ãšããŠæ©èœããŸãã
3. Red é»è©±ãš PSTN ã²ãŒããŠã§ã€ã¯ãCUCM ã«ãã£ãŠã·ã°ããªã³ã°ãè¡ãããã³ãŒã« ã»ããã¢ãã
æ å ±ã䜿çšããŠãäºãã®ã³ãŒã«ã®ã»ããã¢ãããè¡ããŸããIP é»è©±ãš PSTN ã²ãŒããŠã§ã€ãåã VPN ã«ååšããããããã¡ã€ã¢ãŠã©ãŒã«ãééããå¿ èŠã¯ãããŸããã
4. PSTN ã²ãŒããŠã§ã€ã¯ãIP ãããã¯ãŒã¯ãš PSTN ãããã¯ãŒã¯éã®ã³ãŒã«ã®ãªã¬ãŒã§ããããã·
ãšããŠæ©èœããŸãã
é³å£°ããã³ããã«å¿çãããšã³ããŠãŒã¶ã®ããŒãããããDTMF ã¿ããããŒã³ãšã㊠Unity ã«éä¿¡ã
ããŸããããã©ã«ãã§ã¯ãã²ãŒããŠã§ã€ã¯ãããã®ããŒã³ãé³å£° RTP ã¹ããªãŒã å ã§éä¿¡ããŸããé³
声ãå§çž®ãããªããŸãŸéä¿¡ãããå Žåã¯ããããã®ããŒã³ãå ã®ç¶æ ã§çä¿¡ããŸããããããG.729 ã³ãŒããã¯ãªã©ã䜿çšããŠé³å£°ãå§çž®ãããå Žåã¯ãããŒã³ãæªãã ãããã®äžéšã倱ãããå Žåãã
ããŸããDTMF ãªã¬ãŒã¯ããããã®ããŒã³ãæ®ãã®é³å£°ããåé¢ããŠå¥ã®æ¹æ³ã§éä¿¡ããããšã§ãã
ã®åé¡ã«å¯ŸåŠããŠããŸããDTMF ããŒã³ã¯ãåå¥ã® RTP ãã€ããŒã ã¿ã€ãã䜿çšããŠãRTP é³å£°ããŒ
ã¿ ã¹ããªãŒã å ã§ã€ã³ãã³ãã§éä¿¡ãããããŸãã¯MGCP ãŸã㯠H323 ã·ã°ããªã³ã°å ã§éä¿¡ã§ããŸ
ããDTMF ãªã¬ãŒã®è©³çŽ°ã«ã€ããŠã¯ãIOS ã²ãŒããŠã§ã€ã®ããã¥ã¡ã³ããåç §ããŠãã ããã
PSTN ã²ãŒããŠã§ã€ ã¢ã¯ã»ã¹ïŒVPN é
å³ 61 PSTN ã²ãŒããŠã§ã€ ã¢ã¯ã»ã¹ïŒVPN éïŒ
Cisco UnifiedCommunications
Manager
UnityM
VRF1 VRF2
CiscoIP
PSTNGW
IP Communicator
IP
2
3 1
PSTN 4
2262
99
114ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
ãµãŒãã¹ ãšããžïŒãŸãšã
VPN éã®ã±ãŒã¹ã¯ãå ã«èª¬æãã VPN å ã®ã±ãŒã¹ãšãã䌌ãŠããŸããå¯äžã®éãã¯ãPSTN ã²ãŒã
ãŠã§ã€ãš IP é»è©±éã® RTP é³å£°ã¡ãã£ã¢ãããµãŒãã¹ ãšããžã®ãã¡ã€ã¢ãŠã©ãŒã«ãééããªããã°ãªã
ãªãããšã§ããCUCM ãšã²ãŒããŠã§ã€ãš IP é»è©±ãšã®éã®ã·ã°ããªã³ã°ã®ã€ã³ã¹ãã¯ã·ã§ã³ã«ããã
RTP ã¡ãã£ã¢ ã¹ããªãŒã ã䜿çšãã IP ã¢ãã¬ã¹ãš UDP ããŒãã«å¯ŸããŠããã¡ã€ã¢ãŠã©ãŒã«ããã³
ããŒã«ãéããŸãã
PSTN ã²ãŒããŠã§ã€ã§å¿ èŠãªãã£ã«ã¿
IP ãããã¯ãŒã¯ããã®ã³ãŒã«ã§ã¯ããããã®ãã£ã«ã¿ãå¿ èŠãšãªããŸãããã±ããã¯ããã¡ã€ã¢
ãŠã©ãŒã«ã®å éšã€ã³ã¿ãŒãã§ã€ã¹ã§ã¯ãã£ã«ã¿ãªã³ã°ãããªããããMGCP ãŸã㯠H323 ãã£ã«ã¿ãª
ã³ã°ã CUCM ãã PSTN ã²ãŒããŠã§ã€ã®ãã¡ã€ã¢ãŠã©ãŒã«ãéããŸããéä¿¡ã»ãã·ã§ã³ã§ã®è¿ä¿¡ãã©
ãã£ãã¯ã¯ããã¡ã€ã¢ãŠã©ãŒã«ã«ãã£ãŠèªåçã«èš±å¯ãããŸãã
PSTN ããã®ã³ãŒã«ã§ã¯ãPSTN ã²ãŒããŠã§ã€ãå±ãã VPN ã®å€éšã€ã³ã¿ãŒãã§ã€ã¹ã«ãMGCP ãŸã
㯠H323 ã·ã°ããªã³ã°ã®ãã£ã«ã¿ãæ瀺çã«è¿œå ããå¿ èŠããããŸãã次ã®èšå®äŸã§ãå¿ èŠãªãã£ã«ã¿
ã匷調衚瀺ãããŠããŸãã
⢠MGCP ã²ãŒããŠã§ã€
! MGCP inspection is not enabled by default and needs to be turned onpolicy-map global_policy class inspection_default inspect mgcp!name 10.13.100.20 CUCM_pub description CUCM publisher ! access-list outside-vrf2-ACL remark MGCP access-list outside-vrf2-ACL extended permit tcp any host CUCM_pub eq 2428 access-list outside-vrf2-ACL extended permit udp any host CUCM_pub eq 2427
⢠H323 ã²ãŒããŠã§ã€
name 10.13.100.20 CUCM_pub description CUCM publisher ! access-list outside-vrf2-ACL remark H323 access-list outside-vrf2-ACL extended permit tcp any host CUCM_pub eq h323
PSTN ã®æŠèŠ
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãä»®æ³ãããã¯ãŒã¯ã«ããã MGCP ã²ãŒããŠã§ã€ãš H323 ã²ãŒããŠã§ã€ã®äœ¿çšæ¹
æ³ã«ã€ããŠèª¬æããŸãããã®èšèšã§ã¯ãã²ãŒããŠã§ã€ã IP ãã¬ãã©ã㌠ãšã³ããã€ã³ãã«ç¹åãããŠ
ããããããã£ãŠã²ãŒããŠã§ã€ã IP ãã¬ãã©ã㌠VPN ã«é 眮ããŠããŸããããã«ã¯ãç©ç IP é»è©±ã
ãã® PSTN ãã©ãã£ãã¯ãããµãŒãã¹ ãšããžãšãã¥ãŒãžã§ã³ ã«ãŒã¿ãçµç±ããŠã«ãŒãã£ã³ã°ããå¿ èŠ
ããªããšããå¹æããããŸãã
SIP PSTN ã²ãŒããŠã§ã€ã¯ãã¹ããããŠããŸããããSIP PSTN ã²ãŒããŠã§ã€ã«æ¥ç¶ãããŠãã VPN ã®å€éšãã¡ã€ã¢ãŠã©ãŒã« ã€ã³ã¿ãŒãã§ã€ã¹ã§ SIP ã·ã°ããªã³ã°ãèš±å¯ãããŠããéãããã®ã²ãŒããŠã§
ã€ã¯æ©èœããã¯ãã§ãã
PSTN ã²ãŒããŠã§ã€ããã®ã³ãŒã«ãåä¿¡ããã®ã«å¿ èŠãªãã£ã«ã¿ãæäŸãããŠããŸãã
ãµãŒãã¹ ãšããžïŒãŸãšããããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒã·ã§ã³ã®ããã»ã¹å šäœã«ããããµãŒãã¹ ãšããžãå ããéšåã§ã¯ãã
ãªã·ãŒå®æœããã³ãã©ãã£ãã¯æäœã®å€§éšåãè¡ãããŸãããã®ããã¥ã¡ã³ãã®ç®çã¯ããã®ç®çãé
æããããã«å±éãããããŸããŸãªæ¹æ³è«ã«é¢ããèšèšäžã®ã¬ã€ãã³ã¹ãæäŸããããšã§ãã
115ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
Cisco Validated Design
ããã¥ã¡ã³ãã® åã®ã»ã¯ã·ã§ã³ã§ã次㮠2 ã€ã®ã·ããªãªãåºå¥ããŠãå ±æãµãŒãã¹ã®ã³ã³ã»ãããå®
矩ããŸããã
⢠ããŸããŸãª VRF ã«ãŒãã£ã³ã° ããŒãã«éã§ã«ãŒãæŒåºãè¡ãããšã§å®çŸããããä¿è·ãããŠããª
ããµãŒãã¹ ã¢ã¯ã»ã¹
⢠æšå¥šã¢ãããŒããè¡šãä¿è·ããããµãŒãã¹ ã¢ã¯ã»ã¹ã§ãéåžžã¯å®çŸ©ãããããã³ããšã³ããšããŠ
ã®ä»®æ³ãããã¯ãŒã¯ãšã»ãã¥ãªã㣠ãµãŒãã¹ïŒãã¡ã€ã¢ãŠã©ãŒã«ãŸãã¯ãã¡ã€ã¢ãŠã©ãŒã« ã³ã³ã
ãã¹ãïŒã«ãã£ãŠå±éããã
ä¿è·ããããµãŒãã¹ ã¢ã¯ã»ã¹ã®ç¹å®ã®ã·ããªãªã«ã€ããŠã¯ã2 ã€ã®é 眮ã¢ãã«ïŒã·ã³ã°ã« ãã£ã¢ãš
ãã¥ã¢ã« ãã£ã¢ïŒã玹ä»ãããã®å®è£ ã«å¿ èŠãªèšèšååãšèšå®æé ã«ã€ããŠè©³çŽ°ã«èª¬æããããŸããŸ
ãªé害ã·ããªãªã®ããšã§ã®ã³ã³ããŒãžã§ã³ã¹åæã«ã€ããŠã詳ãã説æããŸããã
åŸã«ããµãŒãã¹ ãšããžå±éã®ç¹æ®ãªã¢ããªã±ãŒã·ã§ã³ãšããŠãé³å£°ã¢ããªã±ãŒã·ã§ã³ã®ä»®æ³ããã
ã¯ãŒã¯ç°å¢ãžã®çµ±åã®åé¡ã«ã€ããŠãå¯èœãªæè¡çãœãªã¥ãŒã·ã§ã³ã«ã€ããŠèª¬æããŸããããã®ãœ
ãªã¥ãŒã·ã§ã³ã®ç¯å²ã¯ãçŸåšãã£ã³ãã¹å±éã«éå®ãããŠããããããã¯ãŒã¯å ã®å ±æãµãŒãã¹ã®æŠå¿µ
ãå©çšããŠãUC ãµãŒãã¹ïŒCisco Call ManagerãTFTP ãµãŒããªã©ïŒãé 眮ããŸããä»®æ³ãããã¯ãŒ
ã¯ãå¥ã ã«åãããŠããç¶æ³ã§é 眮ãããŠãããããã¯ãŒã¯ ãšã³ãã£ãã£ïŒIP é»è©±ãPC ãªã©ïŒã¯ãã
ããã®ãµãŒãã¹ã«ã¢ã¯ã»ã¹ããå¿ èŠããããŸãã
Cisco Validated DesignCisco Validated DesignïŒã·ã¹ã³æ€èšŒæžã¿ãã¶ã€ã³ïŒããã°ã©ã ã¯ãããé«éã§ä¿¡é Œæ§ã®é«ããäºæž¬å¯
èœãªé¡§å®¢å±éãå¯èœã«ããããã«èšèšããããã¹ããããææžåãããã·ã¹ãã ãšãœãªã¥ãŒã·ã§ã³ã§
ãã詳现ã«ã€ããŠã¯ã次㮠URL ãåç §ããŠãã ãããwww.cisco.com/go/validateddesigns
ãã®ããã¥ã¢ã«ã«èšèŒãããŠãããã¶ã€ã³ãä»æ§ãè¡šçŸãæ å ±ãããã³æšå¥šäºé ïŒç·ç§°ããŠããã¶ã€
ã³ãïŒã¯ãé害ãå«ããŠæ¬ããã¥ã¢ã«äœææç¹ã®ãã®ã§ããã·ã¹ã³ã·ã¹ãã ãºããã³ãã®ãµãã©ã€ã€ã¯ã
ååæ§ã®ä¿èšŒãç¹å®ç®çãžã®æºæ ã®ä¿èšŒãããã³æš©å©ã䟵害ããªãããšã«é¢ããä¿èšŒããããã¯ååŒé
çšã䜿çšãååŒæ £è¡ã«ãã£ãŠçºçããä¿èšŒãã¯ãããšãããäžåã®ä¿èšŒã®è²¬ä»»ãè² ããªããã®ãšããŸ
ãããããªãå Žåã«ãããŠããã·ã¹ã³ã·ã¹ãã ãºããã³ãã®ãµãã©ã€ã€ã¯ããã®ãã¶ã€ã³ã®äœ¿çšãŸãã¯
䜿çšã§ããªãããšã«ãã£ãŠçºçããå©çã®æ倱ãããŒã¿ã®æå·ãã¯ãããšãããéæ¥çã掟ççãå¶çº
çããããã¯ç¹æ®ãªæ害ã«ã€ããŠãããããå¯èœæ§ãã·ã¹ã³ã·ã¹ãã ãºãŸãã¯ãã®ãµãã©ã€ã€ã«ç¥ãã
ããŠããŠãããããã«å¯Ÿãã責任ãäžåè² ããªããã®ãšããŸãã
ãã¶ã€ã³ã¯äºåãªãã«å€æŽãããããšããããŸãããã®ããã¥ã¢ã«ã«èšèŒãããŠãããã¶ã€ã³ã®äœ¿çš
ã¯ããã¹ãŠãŠãŒã¶åŽã®è²¬ä»»ã«ãªããŸãããããã®ãã¶ã€ã³ã¯ãã·ã¹ã³ã·ã¹ãã ãºããã®ãµãã©ã€ã€ã
ããŒãããŒã®æè¡çãªå©èšãä»ã®å°éçãªå©èšã«çžåœãããã®ã§ã¯ãããŸããããŠãŒã¶ã¯ããã¶ã€ã³ã
å®è£ ããåã«æè¡ã¢ããã€ã¶ãŒã«çžè«ããŠãã ãããã·ã¹ã³ã«ãããã¹ãã®å¯Ÿè±¡å€ãšãªã£ãèŠå ã«ãã£
ãŠãçµæãç°ãªãããšããããŸãã
CCDE, CCENT, Cisco Eos, Cisco Lumin, Cisco Nexus, Cisco StadiumVision, Cisco TelePresence, the Cisco logo, DCE, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn and Cisco Store are service marks; and Access Registrar, Aironet, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerPanels, ProConnect, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
116ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
Cisco Validated Design
All other trademarks mentioned in this document or Website are the property of their respective owners.The use of the word partner does not imply a partnership relationship between Cisco and any other company.(0807R) © 2007 Cisco Systems, Inc. All rights reserved.
Copyright © 2009, ã·ã¹ã³ã·ã¹ãã ãºååäŒç€Ÿ . All rights reserved.
ãåãåããã¯ãè³Œå ¥ãããå代çåºãžãé£çµ¡ãã ããã
117ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J
Cisco Validated Design
118ãããã¯ãŒã¯ ããŒãã£ã©ã€ãŒãŒãžã§ã³ - ãµãŒãã¹ ãšããž ãã¶ã€ã³ ã¬ã€ã
OL-13637-01-J