Bonjour,
Voici les extraits de conf :
PE Site 1
router bgp 50903
address-family ipv4 vrf L3VPN-client
redistribute connected
redistribute static
neighbor 100.65.109.2 remote-as 65002
neighbor 100.65.109.2 update-source BDI900
neighbor 100.65.109.2 fall-over bfd
neighbor 100.65.109.2 activate
neighbor 100.65.109.2 soft-reconfiguration inbound
default-information originate
exit-address-family
==============
CPE Site 1
interface GigabitEthernet0/0/0
description WAN-TO-PE
ip address 100.65.109.2 255.255.255.254
ip nat outside
media-type rj45
negotiation auto
bfd interval 120 min_rx 120 multiplier 3
interface Vlan10
description Link1
ip address 192.168.1.250 255.255.252.0
!
interface Vlan50
description Link2
ip address 10.125.0.254 255.255.254.0
ip ospf cost 1
!
interface Vlan103
description Link3
ip address 10.11.0.250 255.255.255.0
ip nat inside
!
interface Vlan104
description link4
ip address 10.13.0.254 255.255.255.0
ip nat inside
router ospf 1
redistribute bgp 65002 metric-type 1 subnets route-map RM-BGP-to-OSPF
network 10.100.100.0 0.0.0.255 area 2
network 10.125.0.0 0.0.1.255 area 2
network 192.168.0.0 0.0.3.255 area 2
distribute-list 10 out
distance 250
!
router bgp 65002
bgp router-id 100.65.109.2
bgp log-neighbor-changes
bgp deterministic-med
no bgp default ipv4-unicast
neighbor 100.65.109.3 remote-as 50903
neighbor 100.65.109.3 update-source GigabitEthernet0/0/0
neighbor 100.65.109.3 fall-over bfd
!
!
address-family ipv4
bgp suppress-inactive
redistribute connected
redistribute ospf 1 route-map RM-OSPF-TO-BGP
neighbor 100.65.109.3 activate
neighbor 100.65.109.3 soft-reconfiguration inbound
neighbor 100.65.109.3 route-map RM-IP4-ALL in
exit-address-family
route-map RM-BGP-to-OSPF permit 10
match ip address prefix-list IP4-PL-BGP-to-OSPF
!
route-map RM-IP4-ALL permit 10
match ip address prefix-list IP4-PL-ALL
set local-preference 200
!
route-map RM-OSPF-TO-BGP permit 10
match ip address prefix-list IP4-OSPF-TO-BGP
!
ip prefix-list IP4-OSPF-TO-BGP deny 172.16.0.0/16 le 32
ip prefix-list IP4-OSPF-TO-BGP permit 10.0.16.0/24 le 32
ip prefix-list IP4-OSPF-TO-BGP permit 10.11.0.0/16 le 32
ip prefix-list IP4-OSPF-TO-BGP permit 10.13.0.0/16 le 32
ip prefix-list IP4-OSPF-TO-BGP permit 10.125.0.0/16 le 32
ip prefix-list IP4-OSPF-TO-BGP permit 100.65.109.2/31 le 32
ip prefix-list IP4-OSPF-TO-BGP permit 172.20.90.192/26 le 32
ip prefix-list IP4-OSPF-TO-BGP permit 192.168.0.0/16 le 32
!
ip prefix-list IP4-PL-ALL permit 0.0.0.0/0 le 32
!
ip prefix-list IP4-PL-BGP-to-OSPF permit 10.125.0.0/16 le 32
ip prefix-list IP4-PL-BGP-to-OSPF permit 178.23.35.176/28 le 32
ip prefix-list IP4-PL-BGP-to-OSPF permit 192.168.0.0/16 le 32
===============================
PE site 2
router bgp 50903
address-family ipv4 vrf L3VPN-25SDIS
redistribute connected
redistribute static
redistribute ospf 1 match internal external 1 external 2
neighbor 100.65.109.4 remote-as 65002
neighbor 100.65.109.4 update-source BDI1012
neighbor 100.65.109.4 fall-over bfd
neighbor 100.65.109.4 activate
neighbor 100.65.109.4 soft-reconfiguration inbound
default-information originate
exit-address-family
=================
CPE Site 2
interface GigabitEthernet0/1.101
description Admin
encapsulation dot1Q 101
ip address 192.168.35.254 255.255.255.0
ip ospf shutdown
!
!
interface GigabitEthernet0/1.102
description Operationnel
encapsulation dot1Q 102
ip address 10.125.100.254 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1.103
encapsulation dot1Q 103
ip address 10.11.100.254 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1.104
description Vlan104
encapsulation dot1Q 104
ip address 10.13.100.254 255.255.255.0
ip nat inside
router ospf 1
router-id 100.65.109.4
redistribute connected subnets
redistribute bgp 65002 metric 1000 metric-type 1 subnets route-map
RM-BGP-to-OSPF
network 10.125.100.0 0.0.0.255 area 2
network 192.168.35.0 0.0.0.255 area 2
distribute-list 10 out
distance 250
router bgp 65002
bgp router-id 100.65.109.4
bgp log-neighbor-changes
bgp deterministic-med
no bgp default ipv4-unicast
neighbor 100.65.109.5 remote-as 50903
neighbor 100.65.109.5 update-source GigabitEthernet0/0
neighbor 100.65.109.5 fall-over bfd
!
address-family ipv4
redistribute connected route-map RM-OSPF-to-BGP
redistribute static route-map RM-OSPF-to-BGP
redistribute ospf 1 route-map RM-OSPF-to-BGP
neighbor 100.65.109.5 activate
neighbor 100.65.109.5 soft-reconfiguration inbound
exit-address-family
!
ip prefix-list IP4-PL-BGP-to-OSPF permit 10.125.0.0/16 le 32
ip prefix-list IP4-PL-BGP-to-OSPF permit 178.23.35.176/28 le 32
ip prefix-list IP4-PL-BGP-to-OSPF permit 192.168.0.0/16 le 32
!
ip prefix-list IP4-PL-OSPF-to-BGP-Backup permit 10.125.0.0/16 le 32
ip prefix-list IP4-PL-OSPF-to-BGP-Backup permit 172.20.90.192/26 le 32
ip prefix-list IP4-PL-OSPF-to-BGP-Backup permit 192.168.0.0/16 le 32
!
!
ip prefix-list IP4-PL-OSPF-to-BGP-Local permit 10.11.100.0/24 le 32
ip prefix-list IP4-PL-OSPF-to-BGP-Local permit 10.13.100.0/24 le 32
ip prefix-list IP4-PL-OSPF-to-BGP-Local permit 10.125.100.0/24 le 32
ip prefix-list IP4-PL-OSPF-to-BGP-Local permit 192.168.35.0/24 le 32
route-map RM-BGP-to-OSPF permit 10
match ip address prefix-list IP4-PL-BGP-to-OSPF
!
route-map RM-OSPF-to-BGP permit 10
match ip address prefix-list IP4-PL-OSPF-to-BGP-Local
!
route-map RM-OSPF-to-BGP permit 20
match ip address prefix-list IP4-PL-OSPF-to-BGP-Backup
set metric 1000
access-list 10 deny 10.11.0.0 0.0.255.255
access-list 10 deny 10.13.0.0 0.0.255.255
access-list 10 permit any
pour les Show ip route {BGP | OSPF} j'ai mis des extraits aussi parce que sinon
ça être très long (environ 400 routes au total).
CPE site 1
show ip bgp :
Network Next Hop Metric LocPrf Weight Path
*> 192.168.174.0 100.65.109.3 200 0 50903 ?
*> 192.168.175.0 100.65.109.3 200 0 50903 ?
*> 192.168.176.0 100.65.109.3 200 0 50903 ?
*> 192.168.178.0 100.65.109.3 200 0 50903 ?
*> 192.168.179.0 100.65.109.3 200 0 50903 ?
*> 192.168.180.0 100.65.109.3 200 0 50903 ?
*> 192.168.182.0 100.65.109.3 200 0 50903 ?
*> 192.168.183.0 100.65.109.3 200 0 50903 ?
*> 192.168.184.0 100.65.109.3 200 0 50903 ?
*> 192.168.185.0 100.65.109.3 200 0 50903 ?
*> 192.168.186.0 100.65.109.3 200 0 50903 ?
*> 192.168.188.0 100.65.109.3 200 0 50903 ?
*> 192.168.189.0 100.65.109.3 200 0 50903 ?
*> 192.168.190.0 100.65.109.3 200 0 50903 ?
*> 192.168.191.0 100.65.109.3 200 0 50903 ?
*> 192.168.192.0 100.65.109.3 200 0 50903 ?
show ip route ospf
O 172.16.0.0/29 [250/2] via 192.168.0.21, 00:00:03, Vlan10
[250/2] via 10.125.1.21, 00:00:03, Vlan50
O 172.16.1.0/29 [250/2] via 192.168.0.21, 00:00:03, Vlan10
[250/2] via 10.125.1.21, 00:00:03, Vlan50
O 172.16.35.0/30 [250/2] via 192.168.0.36, 00:00:03, Vlan10
[250/2] via 10.125.1.22, 00:00:03, Vlan50
O 192.168.101.0/24 [250/4] via 192.168.0.21, 00:00:03, Vlan10
[250/4] via 10.125.1.21, 00:00:03, Vlan50
show ip route
B 192.168.174.0/24 [20/0] via 100.65.109.3, 23:24:23
B 192.168.175.0/24 [20/0] via 100.65.109.3, 1w1d
B 192.168.176.0/24 [20/0] via 100.65.109.3, 1w4d
B 192.168.178.0/24 [20/0] via 100.65.109.3, 2d03h
B 192.168.179.0/24 [20/0] via 100.65.109.3, 6d02h
B 192.168.180.0/24 [20/0] via 100.65.109.3, 1w3d
B 192.168.182.0/24 [20/0] via 100.65.109.3, 1w3d
B 192.168.183.0/24 [20/0] via 100.65.109.3, 1w3d
B 192.168.184.0/24 [20/0] via 100.65.109.3, 1w3d
B 192.168.185.0/24 [20/0] via 100.65.109.3, 1w3d
B 192.168.186.0/24 [20/0] via 100.65.109.3, 3d20h
B 192.168.188.0/24 [20/0] via 100.65.109.3, 4d19h
B 192.168.189.0/24 [20/0] via 100.65.109.3, 1w3d
B 192.168.190.0/24 [20/0] via 100.65.109.3, 1w3d
B 192.168.191.0/24 [20/0] via 100.65.109.3, 1w1d
B 192.168.192.0/24 [20/0] via 100.65.109.3, 6d05h
CPE site 2
show ip bgp
*> 192.168.174.0 100.65.109.5 0 50903 ?
*> 192.168.175.0 100.65.109.5 0 50903 ?
*> 192.168.176.0 100.65.109.5 0 50903 ?
*> 192.168.178.0 100.65.109.5 0 50903 ?
*> 192.168.179.0 100.65.109.5 0 50903 ?
*> 192.168.180.0 100.65.109.5 0 50903 ?
*> 192.168.182.0 100.65.109.5 0 50903 ?
*> 192.168.183.0 100.65.109.5 0 50903 ?
*> 192.168.184.0 100.65.109.5 0 50903 ?
Network Next Hop Metric LocPrf Weight Path
*> 192.168.185.0 100.65.109.5 0 50903 ?
*> 192.168.186.0 100.65.109.5 0 50903 ?
*> 192.168.188.0 100.65.109.5 0 50903 ?
*> 192.168.189.0 100.65.109.5 0 50903 ?
*> 192.168.190.0 100.65.109.5 0 50903 ?
*> 192.168.191.0 100.65.109.5 0 50903 ?
*> 192.168.192.0 100.65.109.5 0 50903 ?
sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 192.168.0.36 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 225 subnets, 3 masks
O 10.125.0.0/23
[250/3] via 10.125.100.253, 00:00:02, GigabitEthernet0/1.102
O 10.125.79.0/24
[250/5] via 10.125.100.253, 00:00:02, GigabitEthernet0/1.102
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
O 172.16.0.0/29
[250/4] via 10.125.100.253, 00:00:03, GigabitEthernet0/1.102
O 172.16.1.0/29
[250/4] via 10.125.100.253, 00:00:03, GigabitEthernet0/1.102
O 172.16.35.0/30
[250/2] via 10.125.100.253, 00:00:03, GigabitEthernet0/1.102
O 192.168.0.0/22
[250/3] via 10.125.100.253, 00:00:03, GigabitEthernet0/1.102
O 192.168.101.0/24
[250/6] via 10.125.100.253, 00:00:03, GigabitEthernet0/1.102
O 192.168.106.0/24
[250/5] via 10.125.100.253, 00:00:03, GigabitEthernet0/1.102
show ip route
B 192.168.174.0/24 [20/0] via 100.65.109.5, 23:24:47
B 192.168.175.0/24 [20/0] via 100.65.109.5, 1w1d
B 192.168.176.0/24 [20/0] via 100.65.109.5, 1w4d
B 192.168.178.0/24 [20/0] via 100.65.109.5, 2d03h
B 192.168.179.0/24 [20/0] via 100.65.109.5, 6d02h
B 192.168.180.0/24 [20/0] via 100.65.109.5, 1w3d
B 192.168.182.0/24 [20/0] via 100.65.109.5, 1w3d
B 192.168.183.0/24 [20/0] via 100.65.109.5, 1w3d
B 192.168.184.0/24 [20/0] via 100.65.109.5, 1w3d
B 192.168.185.0/24 [20/0] via 100.65.109.5, 1w3d
B 192.168.186.0/24 [20/0] via 100.65.109.5, 3d20h
B 192.168.188.0/24 [20/0] via 100.65.109.5, 4d19h
B 192.168.189.0/24 [20/0] via 100.65.109.5, 1w3d
B 192.168.190.0/24 [20/0] via 100.65.109.5, 1w3d
B 192.168.191.0/24 [20/0] via 100.65.109.5, 1w1d
B 192.168.192.0/24 [20/0] via 100.65.109.5, 6d05h
Mon problème c'est que parfois le CPE site va avoir un show ip route qui
ressemble plutôt à ça :
show ip route
B 192.168.174.0/24 [20/0] via 100.65.109.3, 23:24:23
B 192.168.175.0/24 [20/0] via 100.65.109.3, 1w1d
O 192.168.176.0/24 [250/4] via 192.168.0.21, 00:06:03, Vlan10
B 192.168.178.0/24 [20/0] via 100.65.109.3, 2d03h
B 192.168.179.0/24 [20/0] via 100.65.109.3, 6d02h
Merci pour le coup d’œil.
Le 16/11/2021 à 11:19, Michel Py a écrit :
Julien CANAT a écrit :
Je suppose que vous connaissez la loi de Murphy, on a subi un bug sur notre
infra
qui a rendu le nextcloud indisponible quelques temps, depuis il est réparé.
Comme les pièces jointes sont interdites sur la liste : vous trouverez un
schéma ici :
http://antiphishing.trinaps.com/2/SnVsaWVuLkNBTkFUQHRyaW5hcHMuY29tfFZSQzE3MjYxNzc%3D/claude.trinaps.com/s/qx3gY6R5ecPTWAT
(mdp: FRnOG)
Ca marche maintenant, mais trop vague pour analyser. La config (éditée) de tous
les routeurs, c'est le minimum pour qu'on se casse la tête sur ton problème.
Et show ip route {BGP | OSPF} ça aiderait aussi.
Michel.
--
Julien CANAT
TRINAPS - Ingénierie Réseau
---------------------------
Liste de diffusion du FRnOG
http://www.frnog.org/
