はじめに
前回 の続きです。今回はNAT Poolを設定して、ノード増設時の動作確認をします。
thelarklife1021.hatenablog.com
現状の問題
現状ですとubuntuノード数が増えた際に毎回ルータへの設定が必要になってしまいますので修正が必要です。
# 送信元:192.168.10.8 -> 送信元:10.0.0.201 # 送信元:192.168.10.9 -> 送信元:10.0.0.202 ip nat inside source static 192.168.10.8 10.0.0.201 redundancy HSRP1 ip nat inside source static 192.168.10.9 10.0.0.202 redundancy HSRP1
Dynamic NAT設定の追加
前回からin側のノードを増やしてnameを整理しました
| Hostname | Interface | IP |
|---|---|---|
| ubuntu-1 | bond0 | 192.168.10.8/24 |
| ubuntu-2 | bond0 | 192.168.10.9/24 |
| ubuntu-3 | bond0 | 192.168.10.10/24 |
| ubuntu-4 | bond0 | 192.168.10.11/24 |
| HSRP-NAT | VIP | 192.168.10.1/24 |
| HSRP-NAT1 | giga0/0 | 192.168.10.2/24 |
| HSRP-NAT1 | giga0/1 | 10.0.0.254/24 |
| HSRP-NAT2 | giga0/0 | 192.168.10.3/24 |
| HSRP-NAT2 | giga0/1 | 10.0.0.254/24 |
| ubuntu-11 | enp0s2 | 10.0.0.8/24 |
| ubuntu-12 | enp0s2 | 10.0.0.8/24 |
DynamicNAT用プールは以下で設定します。
10.0.0.101 から順にNAT変換時に割り当てられます。
access-list 1 permit 192.168.10.0 0.0.0.255 ip nat pool POOL-1 10.0.0.101 10.0.0.150 netmask 255.255.255.0 ip nat inside source list 1 pool POOL-1
動作確認
staticの動作
staticで設定したものは優先してNAT変換で割り当てるため、プールは使いません。
root@ubuntu-1:~# ping 10.0.0.8 PING 10.0.0.8 (10.0.0.8) 56(84) bytes of data. 64 bytes from 10.0.0.8: icmp_seq=1 ttl=63 time=18.5 ms 64 bytes from 10.0.0.8: icmp_seq=2 ttl=63 time=7.70 ms root@ubuntu-11:~# tcpdump -i enp0s2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp0s2, link-type EN10MB (Ethernet), capture size 262144 bytes 15:04:27.962302 IP 10.0.0.201 > ubuntu-11: ICMP echo request, id 1505, seq 37, length 64 15:04:27.962338 IP ubuntu-11 > 10.0.0.201: ICMP echo reply, id 1505, seq 37, length 64
root@ubuntu-2:~# ping 10.0.0.8 PING 10.0.0.8 (10.0.0.8) 56(84) bytes of data. 64 bytes from 10.0.0.8: icmp_seq=1 ttl=63 time=17.7 ms 64 bytes from 10.0.0.8: icmp_seq=2 ttl=63 time=5.24 ms root@ubuntu-11:~# tcpdump -i enp0s2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp0s2, link-type EN10MB (Ethernet), capture size 262144 bytes 15:19:21.458398 IP 10.0.0.201 > ubuntu-11: ICMP echo request, id 1505, seq 929, length 64 15:19:21.458434 IP ubuntu-11 > 10.0.0.201: ICMP echo reply, id 1505, seq 929, length 64
dynamicの動作
NAT Poolから自動で割り当てられる
root@ubuntu-3:~$ ping 10.0.0.8 PING 10.0.0.8 (10.0.0.8) 56(84) bytes of data. 64 bytes from 10.0.0.8: icmp_seq=1 ttl=63 time=4.64 ms 64 bytes from 10.0.0.8: icmp_seq=2 ttl=63 time=5.92 ms root@ubuntu-4:~# ping 10.0.0.8 PING 10.0.0.8 (10.0.0.8) 56(84) bytes of data. 64 bytes from 10.0.0.8: icmp_seq=1 ttl=63 time=4.02 ms 64 bytes from 10.0.0.8: icmp_seq=2 ttl=63 time=5.77 ms root@ubuntu-11:~# tcpdump -i enp0s2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp0s2, link-type EN10MB (Ethernet), capture size 262144 bytes 15:29:03.571162 IP 10.0.0.102 > ubuntu-11: ICMP echo request, id 1265, seq 13, length 64 15:29:03.571200 IP ubuntu-11 > 10.0.0.102: ICMP echo reply, id 1265, seq 13, length 64 15:29:03.627462 IP 10.0.0.101 > ubuntu-11: ICMP echo request, id 1283, seq 9, length 64 15:29:03.627503 IP ubuntu-11 > 10.0.0.101: ICMP echo reply, id 1283, seq 9, length 64 15:29:04.574187 IP 10.0.0.102 > ubuntu-11: ICMP echo request, id 1265, seq 14, length 64 15:29:04.574252 IP ubuntu-11 > 10.0.0.102: ICMP echo reply, id 1265, seq 14, length 64 15:29:04.631414 IP 10.0.0.101 > ubuntu-11: ICMP echo request, id 1283, seq 10, length 64 15:29:04.631452 IP ubuntu-11 > 10.0.0.101: ICMP echo reply, id 1283, seq 10, length 64
VIP切り替え動作確認
root@ubuntu-11:~# ip link set dev enp0s2 down *Oct 2 23:05:26.591: %TRACK-6-STATE: 10 ip sla 1 reachability Up -> Down *Oct 2 23:05:28.628: %HSRP-5-STATECHANGE: GigabitEthernet0/0 Grp 5 state Active -> Speak
切り替えできていることを確認
hsrp-nat-2#show standby all
GigabitEthernet0/0 - Group 5
State is Active
23 state changes, last state change 00:02:16
Virtual IP address is 192.168.10.1
Active virtual MAC address is 0000.0c07.ac05
Local virtual MAC address is 0000.0c07.ac05 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.112 secs
Preemption enabled
Active router is local
Standby router is 192.168.10.2, priority 5 (expires in 7.936 sec)
Priority 100 (default 100)
Group name is "HSRP1" (cfgd)
hsrp-nat-2#NAT変換されて疎通していることが確認できる
root@ubuntu-3:~$ ping 10.0.0.8 PING 10.0.0.8 (10.0.0.8) 56(84) bytes of data. 64 bytes from 10.0.0.8: icmp_seq=1 ttl=63 time=5.41 ms 64 bytes from 10.0.0.8: icmp_seq=2 ttl=63 time=5.38 ms root@ubuntu-4:~# ping 10.0.0.8 PING 10.0.0.8 (10.0.0.8) 56(84) bytes of data. 64 bytes from 10.0.0.8: icmp_seq=1 ttl=63 time=6.11 ms 64 bytes from 10.0.0.8: icmp_seq=2 ttl=63 time=3.95 ms root@ubuntu-12:~# tcpdump -i enp0s2 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp0s2, link-type EN10MB (Ethernet), capture size 262144 bytes 15:56:27.681497 IP 10.0.0.101 > ubuntu-12: ICMP echo request, id 1171, seq 7, length 64 15:56:27.681531 IP ubuntu-12 > 10.0.0.101: ICMP echo reply, id 117 1, seq 7, length 64 15:56:28.399004 IP 10.0.0.102 > ubuntu-12: ICMP echo request, id 1272, seq 57, length 64 15:56:28.399039 IP ubuntu-12 > 10.0.0.102: ICMP echo reply, id 1272, seq 57, length 64 15:56:28.681394 IP 10.0.0.101 > ubuntu-12: ICMP echo request, id 1171, seq 8, length 64 15:56:28.681431 IP ubuntu-12 > 10.0.0.101: ICMP echo reply, id 1171, seq 8, length 64 15:56:28.955758 Loopback, skipCount 0, Reply, receipt number 0, data (40 octets)
