OSPF 综合实验
{Back to Index}
Table of Contents
- 1. 实验拓扑
- 2. RIP 基本配置
- 3. OSPF 基本配置
- 4. OSPF 高级配置
- 4.1. 虚链路
- 4.2. 配置 Totally NSSA 并修改 NSSA 默认路由 Metric 值
- 4.3. 使用 route-map 重分布指定的直连路由
- 4.4. 重分布时指定 metric-type 以及种子 Metric
- 4.5. 五类路由汇总(summary-address)/汇总但不通告(no-advertise)/手动实现等价路由/禁止自动生成黑洞路由/使用tag过滤路由
- 4.6. 修改 Loopback 接口网络类型为 p2p
- 4.7. 三类汇总(range)
- 4.8. OSPF 认证
- 4.9.
no keepalive与ip ospf database-filter - 4.10. 使用 route-map 在重分布时匹配 tag 过滤路由
- 4.11. 注入默认路由
- 4.12.
distribute-list过滤路由与LSA3汇总 - 4.13. mtu-ignore
1 实验拓扑
初始配置
----------------- R1 ---------------------- en conf t hostname R1 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.1 255.255.255.224 no sh exit int lo0 ip address 10.10.1.1 255.255.255.0 ! end ----------------- R2 ---------------------- en conf t hostname R2 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int e0/0 ip address 1.1.123.2 255.255.255.224 no sh ! int s1/0 ip address 1.1.24.2 255.255.255.248 no sh ! int lo0 ip add 10.10.2.2 255.255.255.0 ! end ----------------- R3 ---------------------- en conf t hostname R3 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.3.3 255.255.255.0 ! int e0/0 ip address 1.1.123.3 255.255.255.224 no sh int s1/0 ip address 1.1.34.3 255.255.255.248 no sh ! end ----------------- R4 ---------------------- en conf t hostname R4 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.4.4 255.255.255.0 ! int s1/0 ip address 1.1.24.4 255.255.255.248 no sh int s1/2 ip address 1.1.34.4 255.255.255.248 no sh int s1/1 ip add 1.1.45.4 255.255.255.0 encapsulation ppp no peer neighbor-route ! no /32 route in route table and there is /24 instead no sh ! end ----------------- R5 ---------------------- en conf t hostname R5 no ip do lo line con 0 exec-timeout 0 0 logging synchronous exit int lo0 ip address 10.10.5.5 255.255.255.0 ! int s1/1 ip address 1.1.45.5 255.255.255.0 encapsulation ppp no peer neighbor-route no sh ! end
2 RIP 基本配置
2.1 单播邻居
1. R1-R3 之间的以太接口运行 RIPV2 。 2. R1 R3 之间仅仅相互发送更新,不要向其他接口发送更新,所有的更新都是明细路。
=== R1 === router rip no auto version 2 passive-interface default neighbor 1.1.123.3 net 1.0.0.0 ! === R3 === router rip no auto version 2 passive-interface default neighbor 1.1.123.1 net 1.0.0.0 !
- 如果不配置
passive-interface default,则接口永远会周期性发送广播 neighbor 1.1.123.3作用是周期性发送 单播 消息
2.2 md5 认证
3. 在 R1-R3 之间做 RIP md5 认证,通过认证,使 R3 可以接收 R1 的路由,而 R1 不接收 R3 的路由。
=== R1 === key chain KEY_CHAIN key 1 key-string cisco ! ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! === R3 === key chain KEY_CHAIN key 3 key-string cisco ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN !
3 OSPF 基本配置
3.1 区域基本配置
=== R1 === router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! === R2 === router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 2 network 1.1.24.2 0.0.0.0 area 1 ! === R3 === router ospf 3 router-id 3.3.3.3 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! === R4 === router ospf 4 router-id 4.4.4.4 ! === R5 === router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0
3.2 修改网络类型
1. R1-R2 之间的网络类型要尽可能的缩短 OSPF 的收敛时间,并且不能选举 DR/BDR 。
=== R1/R2 === int e0/0 ip ospf network point-to-point !
3.3 宣告所有接口
4. 宣告 R4 的接口进入 OSPF 时要求用最少的命令行
router ospf 4 network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0 network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1 !
3.4 NBMA 单播邻居
2. R4-R5 之间的网络类型需要选举 DR/BDR,并且所有的 OSPF 包的交互都是单播
只要 一方 使用单播指定邻居即可,使用 NBMA 网络类型建立邻居非常慢。
=== R4 === int s1/1 ip ospf network non-broadcast ! router ospf 4 neighbor 1.1.45.5 ! === R5 === int s1/1 ip ospf network non-broadcast !
验证: 查看接口信息
R4#sh ip ospf interface s1/1 Serial1/1 is up, line protocol is up Internet Address 1.1.45.4/24, Area 0, Attached via Network Statement Process ID 4, Router ID 4.4.4.4, Network Type NON_BROADCAST, Cost: 64 Topology-MTID Cost Disabled Shutdown Topology Name 0 64 no no Base Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router (ID) 5.5.5.5, Interface address 1.1.45.5 Backup Designated router (ID) 4.4.4.4, Interface address 1.1.45.4 Flush timer for old DR LSA due in 00:01:29 Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5 oob-resync timeout 120 Hello due in 00:00:25 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 1/1/1, flood queue length 0 Next 0x0(0)/0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 5.5.5.5 (Designated Router) Suppress hello for 0 neighbor(s)
4 OSPF 高级配置
4.1 虚链路 1
1. 在 R2-R4 之间做配置,使 R4 学到 Area 2 的路由是从 R2 学到的
day0 配置清单
=== R1 === router rip no auto version 2 passive-interface default neighbor 1.1.123.3 net 1.0.0.0 ! key chain KEY_CHAIN key 1 key-string cisco ! ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! int e0/0 ip ospf network point-to-point === R2 === router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 2 network 1.1.24.2 0.0.0.0 area 1 ! int e0/0 ip ospf network point-to-point === R3 === router rip no auto version 2 passive-interface default neighbor 1.1.123.1 net 1.0.0.0 ! key chain KEY_CHAIN key 3 key-string cisco ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 3 router-id 3.3.3.3 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! === R4 === router ospf 4 router-id 4.4.4.4 network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0 network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1 neighbor 1.1.45.5 ! int s1/1 ip ospf network non-broadcast ! === R5 === router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 ! int s1/1 ip ospf network non-broadcast
=== R2 === router ospf 2 area 1 virtual-link 4.4.4.4 ! === R4 === router ospf 4 area 1 virtual-link 2.2.2.2 !
验证: R2 成为 ABR
R2#sh ip protocols
Routing Protocol is "application"
Sending updates every 0 seconds
Invalid after 0 seconds, hold down 0, flushed after 0
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Maximum path: 32
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 4)
Routing Protocol is "ospf 2"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 2.2.2.2
It is an area border router
Number of areas in this router is 3. 3 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
1.1.24.2 0.0.0.0 area 1
1.1.123.2 0.0.0.0 area 2
10.10.2.2 0.0.0.0 area 2
Routing Information Sources:
Gateway Distance Last Update
5.5.5.5 110 00:00:04
3.3.3.3 110 00:00:33
4.4.4.4 110 00:00:33
1.1.1.1 110 00:00:33
Distance: (default is 110)
验证: 查看 R4 路由表
R4#sh ip rou ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
O IA 1.1.123.0/27 [110/74] via 1.1.24.2, 00:02:52, Serial1/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O IA 10.10.1.1/32 [110/75] via 1.1.24.2, 00:02:52, Serial1/0
O IA 10.10.2.2/32 [110/65] via 1.1.24.2, 00:02:52, Serial1/0
O 10.10.3.3/32 [110/65] via 1.1.34.3, 00:26:38, Serial1/2
O 10.10.5.5/32 [110/65] via 1.1.45.5, 00:24:15, Serial1/1
4.2 配置 Totally NSSA 并修改 NSSA 默认路由 Metric 值
2. 配置 Area 2,使它可以接收本 Area 内引入的 INTRA 及本 Area 引入的其他 AS 传来的 External 路由, 但不可以接收其他 OSPF Area 传来的 INTER 及 EXTERNAL 路由。并且 R2 可以自动向 R1 注入一条默认路由, 并确保此默认路由的 metric 值为:20,此解决方案只能在 R2 实施。
day0 配置清单
=== R1 === router rip no auto version 2 passive-interface default neighbor 1.1.123.3 net 1.0.0.0 ! key chain KEY_CHAIN key 1 key-string cisco ! ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 ! int e0/0 ip ospf network point-to-point === R2 === router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 2 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 ! int e0/0 ip ospf network point-to-point === R3 === router rip no auto version 2 passive-interface default neighbor 1.1.123.1 net 1.0.0.0 ! key chain KEY_CHAIN key 3 key-string cisco ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 3 router-id 3.3.3.3 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! === R4 === router ospf 4 router-id 4.4.4.4 network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0 network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1 neighbor 1.1.45.5 area 1 virtual-link 2.2.2.2 ! int s1/1 ip ospf network non-broadcast ! === R5 === router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 ! int s1/1 ip ospf network non-broadcast
=== R1 === router ospf 1 area 2 nssa ! === R2 === router ospf 2 area 2 nssa no-summary !
验证:Area 2 中可以引入 LSA3
R1#sh ip ospf database summary
OSPF Router with ID (1.1.1.1) (Process ID 1)
Summary Net Link States (Area 2)
LS age: 303
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 0.0.0.0 (summary Network Number)
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0xFC31
Length: 28
Network Mask: /0
MTID: 0 Metric: 1
验证:R1 上产生一条默认路由
R1#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 1.1.123.2 to network 0.0.0.0
O*IA 0.0.0.0/0 [110/11] via 1.1.123.2, 00:00:37, Ethernet0/0
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.123.0/27 is directly connected, Ethernet0/0
L 1.1.123.1/32 is directly connected, Ethernet0/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.10.1.0/24 is directly connected, Loopback0
L 10.10.1.1/32 is directly connected, Loopback0
O 10.10.2.2/32 [110/11] via 1.1.123.2, 00:00:37, Ethernet0/0
可以看到此时 R1 上默认路由的 Metric 值为 11 ,这是因为种子 Metric 为 1 ,R1 的 e0/0 接口 Cost 为 10 :
R1#sh ip os int e0/0 | i Cost Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 10 Topology-MTID Cost Disabled Shutdown Topology Name R1#sh ip ospf database summary OSPF Router with ID (1.1.1.1) (Process ID 1) Summary Net Link States (Area 2) LS age: 790 Options: (No TOS-capability, DC, Upward) LS Type: Summary Links(Network) Link State ID: 0.0.0.0 (summary Network Number) Advertising Router: 2.2.2.2 LS Seq Number: 80000001 Checksum: 0xFC31 Length: 28 Network Mask: /0 MTID: 0 Metric: 10
在 R2 上设置 default-cost :
R2(config)#router ospf 2
R2(config-router)#area 2 ?
authentication Enable authentication
capability Enable area specific capability
default-cost Set the summary default-cost of a NSSA/stub area
filter-list Filter networks between OSPF areas
nssa Specify a NSSA area
range Summarize routes matching address/mask (border routers only)
sham-link Define a sham link and its parameters
stub Specify a stub area
virtual-link Define a virtual link and its parameters
R2(config-router)#area 2 default-cost 10
验证:default-cost 生效
R1#sh ip ospf database summary 0.0.0.0
OSPF Router with ID (1.1.1.1) (Process ID 1)
Summary Net Link States (Area 2)
LS age: 618
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 0.0.0.0 (summary Network Number)
Advertising Router: 2.2.2.2
LS Seq Number: 80000002
Checksum: 0x55CE
Length: 28
Network Mask: /0
MTID: 0 Metric: 10
验证:R1 的默认路由 Metric 值
R1#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 1.1.123.2 to network 0.0.0.0
O*IA 0.0.0.0/0 [110/20] via 1.1.123.2, 00:00:04, Ethernet0/0
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.123.0/27 is directly connected, Ethernet0/0
L 1.1.123.1/32 is directly connected, Ethernet0/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.10.1.0/24 is directly connected, Loopback0
L 10.10.1.1/32 is directly connected, Loopback0
O 10.10.2.2/32 [110/11] via 1.1.123.2, 00:14:58, Ethernet0/0
4.3 使用 route-map 重分布指定的直连路由
3. 在 R1 上增加五个 loopback: Loopback 100, IP ADD = 100.1.0.1/24 Loopback 101, IP ADD = 100.1.1.1/24 Loopback 102, IP ADD = 100.1.2.1/24 Loopback 103, IP ADD = 100.1.3.1/24 Loopback 104, IP ADD = 100.1.4.1/24 把他们通过 RIP 及 OSPF 宣告出去,但不能用 Network 命令, 即使未来再增加其他路由,这五条路由是唯一向 RIP 及 OSPF 注入的路由。要求用最小的命令行来完成此配置。
day0 配置清单
=== R1 === router rip no auto version 2 passive-interface default neighbor 1.1.123.3 net 1.0.0.0 ! key chain KEY_CHAIN key 1 key-string cisco ! ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 area 2 nssa ! int e0/0 ip ospf network point-to-point === R2 === router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 2 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 area 2 nssa no-summary area 2 default-cost 10 ! int e0/0 ip ospf network point-to-point === R3 === router rip no auto version 2 passive-interface default neighbor 1.1.123.1 net 1.0.0.0 ! key chain KEY_CHAIN key 3 key-string cisco ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 3 router-id 3.3.3.3 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 ! === R4 === router ospf 4 router-id 4.4.4.4 network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0 network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1 neighbor 1.1.45.5 area 1 virtual-link 2.2.2.2 ! int s1/1 ip ospf network non-broadcast ! === R5 === router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 ! int s1/1 ip ospf network non-broadcast
4.3.1 方法一 (match ACL)
=== R1 === int lo100 ip add 100.1.0.1 255.255.255.0 ! int lo101 ip add 100.1.1.1 255.255.255.0 ! int lo102 ip add 100.1.2.1 255.255.255.0 ! int lo103 ip add 100.1.3.1 255.255.255.0 ! int lo104 ip add 100.1.4.1 255.255.255.0 ! ip access-list standard ACL_NETWORK_100 10 permit 100.1.0.0 0.0.3.0 20 permit 100.1.4.0 ! route-map RM_NETWORK_100 permit 10 match ip address ACL_NETWORK_100 ! router ospf 1 redistribute connected subnets route-map RM_NETWORK_100 ! router rip redistribute connected route-map RM_NETWORK_100 !
ACL 推理过程
100.1.00000000.0 100.1.00000001.0 100.1.00000010.0 100.1.00000011.0 ------------------ 100.1.00000000.0 => 100.1.0.0 0 .0.00000011.0 => 0.0.3.0 100.1.00000100.0 => 100.1.4.0
4.3.2 方法二 (route-map match interface)
=== R1 === int lo100 ip add 100.1.0.1 255.255.255.0 ! int lo101 ip add 100.1.1.1 255.255.255.0 ! int lo102 ip add 100.1.2.1 255.255.255.0 ! int lo103 ip add 100.1.3.1 255.255.255.0 ! int lo104 ip add 100.1.4.1 255.255.255.0 ! route-map RM_NETWORK_100 permit 10 match interface lo100 lo101 lo102 lo103 lo104 ! router ospf 1 redistribute connected subnets route-map RM_NETWORK_100 ! router rip redistribute connected route-map RM_NETWORK_100 !
4.4 重分布时指定 metric-type 以及种子 Metric
4. 在 R3 上,把 RIP 与 OSPF 进行双向重分布,确保从 RIP 路由在 OSPF 域内传递时 metric 每跳可变。 并在 R2 上看到这些路由从 R1 学到的且它们的 metric 为:100 。
day0 配置清单
=== R1 ===
router rip
no auto
version 2
passive-interface default
neighbor 1.1.123.3
net 1.0.0.0
!
key chain KEY_CHAIN
key 1
key-string cisco
!
!
int e0/0
ip rip authentication mode md5
ip rip authentication key-chain KEY_CHAIN
!
router ospf 1
router-id 1.1.1.1
network 1.1.123.1 0.0.0.0 area 2
network 10.10.1.1 0.0.0.0 area 2
area 2 nssa
!
int e0/0
ip ospf network point-to-point
!
int lo100
ip add 100.1.0.1 255.255.255.0
!
int lo101
ip add 100.1.1.1 255.255.255.0
!
int lo102
ip add 100.1.2.1 255.255.255.0
!
int lo103
ip add 100.1.3.1 255.255.255.0
!
int lo104
ip add 100.1.4.1 255.255.255.0
!
route-map RM_NETWORK_100 permit 10
match interface lo100 lo101 lo102 lo103 lo104
!
router ospf 1
redistribute connected subnets route-map RM_NETWORK_100
!
router rip
redistribute connected route-map RM_NETWORK_100
!
=== R2 ===
router ospf 2
router-id 2.2.2.2
network 1.1.123.2 0.0.0.0 area 2
network 10.10.2.2 0.0.0.0 area 2
network 1.1.24.2 0.0.0.0 area 1
area 1 virtual-link 4.4.4.4
area 2 nssa no-summary
area 2 default-cost 10
!
int e0/0
ip ospf network point-to-point
=== R3 ===
router rip
no auto
version 2
passive-interface default
neighbor 1.1.123.1
net 1.0.0.0
!
key chain KEY_CHAIN
key 3
key-string cisco
!
int e0/0
ip rip authentication mode md5
ip rip authentication key-chain KEY_CHAIN
!
router ospf 3
router-id 3.3.3.3
network 1.1.34.3 0.0.0.0 area 1
network 10.10.3.3 0.0.0.0 area 1
!
=== R4 ===
router ospf 4
router-id 4.4.4.4
network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0
network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1
neighbor 1.1.45.5
area 1 virtual-link 2.2.2.2
!
int s1/1
ip ospf network non-broadcast
!
=== R5 ===
router ospf 5
router-id 5.5.5.5
network 10.10.5.5 0.0.0.0 area 0
network 1.1.45.5 0.0.0.0 area 0
!
int s1/1
ip ospf network non-broadcast
注意: 上一节实验完成后 R3 上其实并没有出现 RIP 路由:
本实验前 R3 的路由表
R3#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 6 subnets, 4 masks
O 1.1.24.0/29 [110/128] via 1.1.34.4, 02:22:44, Serial1/0
C 1.1.34.0/29 is directly connected, Serial1/0
L 1.1.34.3/32 is directly connected, Serial1/0
O IA 1.1.45.0/24 [110/128] via 1.1.34.4, 02:22:44, Serial1/0
C 1.1.123.0/27 is directly connected, Ethernet0/0
L 1.1.123.3/32 is directly connected, Ethernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O IA 10.10.1.1/32 [110/139] via 1.1.34.4, 01:41:51, Serial1/0
O IA 10.10.2.2/32 [110/129] via 1.1.34.4, 01:59:23, Serial1/0
C 10.10.3.0/24 is directly connected, Loopback0
L 10.10.3.3/32 is directly connected, Loopback0
O 10.10.4.4/32 [110/65] via 1.1.34.4, 02:22:44, Serial1/0
O IA 10.10.5.5/32 [110/129] via 1.1.34.4, 02:20:21, Serial1/0
100.0.0.0/24 is subnetted, 5 subnets
O E2 100.1.0.0 [110/20] via 1.1.34.4, 00:10:59, Serial1/0
O E2 100.1.1.0 [110/20] via 1.1.34.4, 00:10:59, Serial1/0
O E2 100.1.2.0 [110/20] via 1.1.34.4, 00:10:59, Serial1/0
O E2 100.1.3.0 [110/20] via 1.1.34.4, 00:10:59, Serial1/0
O E2 100.1.4.0 [110/20] via 1.1.34.4, 00:10:59, Serial1/0
=== R1 === router ospf 1 redistribute connected metric 100 subnets route-map RM_NETWORK_100 ! === R3 === router ospf 3 redistribute rip subnets metric-type 1 ! router rip redistribute ospf 3 metric 1 !
验证:R2 上的路由表
R2#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 6 subnets, 4 masks
C 1.1.24.0/29 is directly connected, Serial1/0
L 1.1.24.2/32 is directly connected, Serial1/0
O 1.1.34.0/29 [110/128] via 1.1.24.4, 02:00:13, Serial1/0
O 1.1.45.0/24 [110/128] via 1.1.24.4, 02:00:13, Serial1/0
C 1.1.123.0/27 is directly connected, Ethernet0/0
L 1.1.123.2/32 is directly connected, Ethernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O 10.10.1.1/32 [110/11] via 1.1.123.1, 02:00:03, Ethernet0/0
C 10.10.2.0/24 is directly connected, Loopback0
L 10.10.2.2/32 is directly connected, Loopback0
O 10.10.3.3/32 [110/129] via 1.1.24.4, 02:00:13, Serial1/0
O 10.10.4.4/32 [110/65] via 1.1.24.4, 02:00:13, Serial1/0
O 10.10.5.5/32 [110/129] via 1.1.24.4, 02:00:13, Serial1/0
100.0.0.0/24 is subnetted, 5 subnets
O N2 100.1.0.0 [110/100] via 1.1.123.1, 00:00:03, Ethernet0/0
O N2 100.1.1.0 [110/100] via 1.1.123.1, 00:00:03, Ethernet0/0
O N2 100.1.2.0 [110/100] via 1.1.123.1, 00:00:03, Ethernet0/0
O N2 100.1.3.0 [110/100] via 1.1.123.1, 00:00:03, Ethernet0/0
O N2 100.1.4.0 [110/100] via 1.1.123.1, 00:00:03, Ethernet0/0
4.5 五类路由汇总(summary-address)/汇总但不通告(no-advertise)/手动实现等价路由/禁止自动生成黑洞路由/使用tag过滤路由
5. 要求在 R4 上可以看到 100 网段是: 100.1.0.0/22 ,且有两条等价路由,下一跳分别是:1.1.24.2 和 1.1.34.3 。 此解决方案只能在 R2,R3 上实施,并确保 R2,R3 上看不到 100.1.0.0/22 的汇总路由。 不能用 Distance 参数,不能使用 ACL 及 Prefix-list 。
day0 配置清单
=== R1 === router rip no auto version 2 passive-interface default neighbor 1.1.123.3 net 1.0.0.0 ! key chain KEY_CHAIN key 1 key-string cisco ! ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 area 2 nssa ! int e0/0 ip ospf network point-to-point ! int lo100 ip add 100.1.0.1 255.255.255.0 ! int lo101 ip add 100.1.1.1 255.255.255.0 ! int lo102 ip add 100.1.2.1 255.255.255.0 ! int lo103 ip add 100.1.3.1 255.255.255.0 ! int lo104 ip add 100.1.4.1 255.255.255.0 ! route-map RM_NETWORK_100 permit 10 match interface lo100 lo101 lo102 lo103 lo104 ! router ospf 1 ! redistribute connected subnets route-map RM_NETWORK_100 redistribute connected metric 100 subnets route-map RM_NETWORK_100 ! router rip redistribute connected route-map RM_NETWORK_100 ! === R2 === router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 2 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 area 2 nssa no-summary area 2 default-cost 10 ! int e0/0 ip ospf network point-to-point === R3 === router rip no auto version 2 passive-interface default neighbor 1.1.123.1 net 1.0.0.0 redistribute ospf 3 metric 1 ! key chain KEY_CHAIN key 3 key-string cisco ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 3 router-id 3.3.3.3 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 redistribute rip subnets metric-type 1 ! === R4 === router ospf 4 router-id 4.4.4.4 network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0 network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1 neighbor 1.1.45.5 area 1 virtual-link 2.2.2.2 ! int s1/1 ip ospf network non-broadcast ! === R5 === router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 ! int s1/1 ip ospf network non-broadcast
注意 , summary-address 只能汇总本地产生的 LSA5 路由条目。
=== R2 === router ospf 2 summary-address 100.1.0.0 255.255.252.0 !
R2 汇总后 R3 上路由的变化
R3#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 6 subnets, 4 masks
O 1.1.24.0/29 [110/128] via 1.1.34.4, 00:37:33, Serial1/0
C 1.1.34.0/29 is directly connected, Serial1/0
L 1.1.34.3/32 is directly connected, Serial1/0
O IA 1.1.45.0/24 [110/128] via 1.1.34.4, 00:37:33, Serial1/0
C 1.1.123.0/27 is directly connected, Ethernet0/0
L 1.1.123.3/32 is directly connected, Ethernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O IA 10.10.1.1/32 [110/139] via 1.1.34.4, 00:37:33, Serial1/0
O IA 10.10.2.2/32 [110/129] via 1.1.34.4, 00:37:33, Serial1/0
C 10.10.3.0/24 is directly connected, Loopback0
L 10.10.3.3/32 is directly connected, Loopback0
O 10.10.4.4/32 [110/65] via 1.1.34.4, 00:37:33, Serial1/0
O IA 10.10.5.5/32 [110/129] via 1.1.34.4, 00:37:33, Serial1/0
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
! R2 刚汇总完,可以看到出现一条汇总路由
O E2 100.1.0.0/22 [110/100] via 1.1.34.4, 00:00:06, Serial1/0
O E2 100.1.4.0/24 [110/100] via 1.1.34.4, 00:37:28, Serial1/0
R3#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 6 subnets, 4 masks
O 1.1.24.0/29 [110/128] via 1.1.34.4, 00:37:42, Serial1/0
C 1.1.34.0/29 is directly connected, Serial1/0
L 1.1.34.3/32 is directly connected, Serial1/0
O IA 1.1.45.0/24 [110/128] via 1.1.34.4, 00:37:42, Serial1/0
C 1.1.123.0/27 is directly connected, Ethernet0/0
L 1.1.123.3/32 is directly connected, Ethernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O IA 10.10.1.1/32 [110/139] via 1.1.34.4, 00:37:42, Serial1/0
O IA 10.10.2.2/32 [110/129] via 1.1.34.4, 00:37:42, Serial1/0
C 10.10.3.0/24 is directly connected, Loopback0
L 10.10.3.3/32 is directly connected, Loopback0
O 10.10.4.4/32 [110/65] via 1.1.34.4, 00:37:42, Serial1/0
O IA 10.10.5.5/32 [110/129] via 1.1.34.4, 00:37:42, Serial1/0
100.0.0.0/24 is subnetted, 5 subnets
! 不多久,汇总路由就消失了,取而代之的是基于 RIP 的明细路由
R 100.1.0.0 [120/1] via 1.1.123.1, 00:00:02, Ethernet0/0
R 100.1.1.0 [120/1] via 1.1.123.1, 00:00:02, Ethernet0/0
R 100.1.2.0 [120/1] via 1.1.123.1, 00:00:02, Ethernet0/0
R 100.1.3.0 [120/1] via 1.1.123.1, 00:00:02, Ethernet0/0
O E2 100.1.4.0 [110/100] via 1.1.34.4, 00:37:37, Serial1/0
R3#
R3 路由变化是因为当 R2 完成汇总后,明细路由(只有一条除外)被抑制,汇总路由传递到 R3 上,此时 R3 上基于 RIP 的明细路由就浮了上来。
而 R3 又有重分布的配置,于是 RIP 路由被重分布进 OSPF ,且类型为 OE1 (metric-type=1) 。如此一来,R4 和 R2 上都会出现明细路由:
R4 路由表
R4#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
C 1.1.24.0/29 is directly connected, Serial1/0
L 1.1.24.4/32 is directly connected, Serial1/0
C 1.1.34.0/29 is directly connected, Serial1/2
L 1.1.34.4/32 is directly connected, Serial1/2
C 1.1.45.0/24 is directly connected, Serial1/1
L 1.1.45.4/32 is directly connected, Serial1/1
O IA 1.1.123.0/27 [110/74] via 1.1.24.2, 00:51:28, Serial1/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O IA 10.10.1.1/32 [110/75] via 1.1.24.2, 00:51:28, Serial1/0
O IA 10.10.2.2/32 [110/65] via 1.1.24.2, 00:51:28, Serial1/0
O 10.10.3.3/32 [110/65] via 1.1.34.3, 08:16:22, Serial1/2
C 10.10.4.0/24 is directly connected, Loopback0
L 10.10.4.4/32 is directly connected, Loopback0
O 10.10.5.5/32 [110/65] via 1.1.45.5, 08:16:22, Serial1/1
100.0.0.0/24 is subnetted, 5 subnets
O E1 100.1.0.0 [110/84] via 1.1.34.3, 00:11:35, Serial1/2
O E1 100.1.1.0 [110/84] via 1.1.34.3, 00:11:35, Serial1/2
O E1 100.1.2.0 [110/84] via 1.1.34.3, 00:11:35, Serial1/2
O E1 100.1.3.0 [110/84] via 1.1.34.3, 00:11:35, Serial1/2
O E2 100.1.4.0 [110/100] via 1.1.24.2, 00:49:11, Serial1/0
R2 路由表
R2#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 6 subnets, 4 masks
C 1.1.24.0/29 is directly connected, Serial1/0
L 1.1.24.2/32 is directly connected, Serial1/0
O 1.1.34.0/29 [110/128] via 1.1.24.4, 00:52:43, Serial1/0
O 1.1.45.0/24 [110/128] via 1.1.24.4, 00:52:23, Serial1/0
C 1.1.123.0/27 is directly connected, Ethernet0/0
L 1.1.123.2/32 is directly connected, Ethernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O 10.10.1.1/32 [110/11] via 1.1.123.1, 00:52:43, Ethernet0/0
C 10.10.2.0/24 is directly connected, Loopback0
L 10.10.2.2/32 is directly connected, Loopback0
O 10.10.3.3/32 [110/129] via 1.1.24.4, 00:52:43, Serial1/0
O 10.10.4.4/32 [110/65] via 1.1.24.4, 00:52:43, Serial1/0
O 10.10.5.5/32 [110/129] via 1.1.24.4, 00:52:23, Serial1/0
100.0.0.0/24 is subnetted, 5 subnets
O E1 100.1.0.0 [110/148] via 1.1.24.4, 00:12:29, Serial1/0
O E1 100.1.1.0 [110/148] via 1.1.24.4, 00:12:29, Serial1/0
O E1 100.1.2.0 [110/148] via 1.1.24.4, 00:12:29, Serial1/0
O E1 100.1.3.0 [110/148] via 1.1.24.4, 00:12:29, Serial1/0
O N2 100.1.4.0 [110/100] via 1.1.123.1, 00:50:05, Ethernet0/0 ! 这条明细路由没有包含在汇总路由的范围内
在 R3 上也进行汇总操作:
=== R3 === router ospf 3 summary-address 100.1.0.0 255.255.252.0 !
再看 R4 的路由表,还有一条残留的明细路由(来自 R2):
R4 残留明细路由
R4#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
C 1.1.24.0/29 is directly connected, Serial1/0
L 1.1.24.4/32 is directly connected, Serial1/0
C 1.1.34.0/29 is directly connected, Serial1/2
L 1.1.34.4/32 is directly connected, Serial1/2
C 1.1.45.0/24 is directly connected, Serial1/1
L 1.1.45.4/32 is directly connected, Serial1/1
O IA 1.1.123.0/27 [110/74] via 1.1.24.2, 00:00:03, Serial1/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O IA 10.10.1.1/32 [110/75] via 1.1.24.2, 00:00:03, Serial1/0
O IA 10.10.2.2/32 [110/65] via 1.1.24.2, 00:00:03, Serial1/0
O 10.10.3.3/32 [110/65] via 1.1.34.3, 00:00:03, Serial1/2
C 10.10.4.0/24 is directly connected, Loopback0
L 10.10.4.4/32 is directly connected, Loopback0
O 10.10.5.5/32 [110/65] via 1.1.45.5, 00:00:03, Serial1/1
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O E1 100.1.0.0/22 [110/84] via 1.1.34.3, 00:00:03, Serial1/2
O E2 100.1.4.0/24 [110/100] via 1.1.24.2, 00:00:03, Serial1/0
=== R2 ===
router ospf 2
summary-address 100.1.4.0 255.255.255.0 not-advertise
!
做完后,R4 上还能看到,但是来源变为了 R3 :(在 R3 上从 RIP 重分布进 OSPF 导致的)
R4 上这条明细路由来源发生变化
R4#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
C 1.1.24.0/29 is directly connected, Serial1/0
L 1.1.24.4/32 is directly connected, Serial1/0
C 1.1.34.0/29 is directly connected, Serial1/2
L 1.1.34.4/32 is directly connected, Serial1/2
C 1.1.45.0/24 is directly connected, Serial1/1
L 1.1.45.4/32 is directly connected, Serial1/1
O IA 1.1.123.0/27 [110/74] via 1.1.24.2, 00:04:11, Serial1/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O IA 10.10.1.1/32 [110/75] via 1.1.24.2, 00:04:11, Serial1/0
O IA 10.10.2.2/32 [110/65] via 1.1.24.2, 00:04:11, Serial1/0
O 10.10.3.3/32 [110/65] via 1.1.34.3, 00:04:11, Serial1/2
C 10.10.4.0/24 is directly connected, Loopback0
L 10.10.4.4/32 is directly connected, Loopback0
O 10.10.5.5/32 [110/65] via 1.1.45.5, 00:04:11, Serial1/1
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O E1 100.1.0.0/22 [110/84] via 1.1.34.3, 00:04:11, Serial1/2
O E1 100.1.4.0/24 [110/84] via 1.1.34.3, 00:00:01, Serial1/2
=== R3 === router ospf 3 summary-address 100.1.4.0 255.255.255.0 not-advertise !
此时 R4 上可以看到分别从 R2 和 R3 传来的汇总路由:(但两个反向传来的路由 metric-type 不一致, 不构成形成等价路由的条件)
R4#sh ip ospf database external 100.1.0.0
OSPF Router with ID (4.4.4.4) (Process ID 4)
Type-5 AS External Link States
LS age: 171
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 100.1.0.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000003
Checksum: 0x964D
Length: 36
Network Mask: /22
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 100
Forward Address: 0.0.0.0
External Route Tag: 0
LS age: 527
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 100.1.0.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000002
Checksum: 0xD3DD
Length: 36
Network Mask: /22
Metric Type: 1 (Comparable directly to link state metric)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
要让 R2 传来的汇总路由 metric-type 为 OE1 ,则必须在源头,即 R1 上修改:(为了快速看到效果,修改后可以重置 R2 上的 OSPF 邻居关系)
=== R1 === router ospf 1 redistribute connected metric 89 metric-type 1 subnets route-map RM_NETWORK_100 ! 调整 metric 是为了满足之前的需求 !
Metric type 一致
R4#sh ip ospf database external 100.1.0.0
OSPF Router with ID (4.4.4.4) (Process ID 4)
Type-5 AS External Link States
LS age: 76
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 100.1.0.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x174F
Length: 36
Network Mask: /22
Metric Type: 1 (Comparable directly to link state metric)
MTID: 0
Metric: 89
Forward Address: 0.0.0.0
External Route Tag: 0
LS age: 981
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 100.1.0.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000002
Checksum: 0xD3DD
Length: 36
Network Mask: /22
Metric Type: 1 (Comparable directly to link state metric)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
因为 R4 的 s1/0,s1/2 的接口 Cost 值都是 64 ,而 100.1.0.0/22 路由的种子 Metric 不一致,考虑在 R3 上修改种子 Metric :
=== R3 === router ospf 3 redistribute rip metric-type 1 subnets metric 89 !
此时 R4 上可以形成等价负载路由:
R4#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 7 subnets, 4 masks
C 1.1.24.0/29 is directly connected, Serial1/0
L 1.1.24.4/32 is directly connected, Serial1/0
C 1.1.34.0/29 is directly connected, Serial1/2
L 1.1.34.4/32 is directly connected, Serial1/2
C 1.1.45.0/24 is directly connected, Serial1/1
L 1.1.45.4/32 is directly connected, Serial1/1
O IA 1.1.123.0/27 [110/74] via 1.1.24.2, 00:14:24, Serial1/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O IA 10.10.1.1/32 [110/75] via 1.1.24.2, 00:14:24, Serial1/0
O IA 10.10.2.2/32 [110/65] via 1.1.24.2, 00:14:24, Serial1/0
O 10.10.3.3/32 [110/65] via 1.1.34.3, 01:14:35, Serial1/2
C 10.10.4.0/24 is directly connected, Loopback0
L 10.10.4.4/32 is directly connected, Loopback0
O 10.10.5.5/32 [110/65] via 1.1.45.5, 01:14:35, Serial1/1
100.0.0.0/22 is subnetted, 1 subnets
O E1 100.1.0.0 [110/153] via 1.1.34.3, 00:00:34, Serial1/2
[110/153] via 1.1.24.2, 00:00:34, Serial1/0
在 R2 ,R3 上删除指向 Null0 的黑洞路由:
=== R2 === router ospf 2 no discard-route external ! === R3 === router ospf 3 no discard-route external !
黑洞路由禁止掉之后,R2 和 R3 上还能看到起源为对方的汇总路由条目信息,这是因为 LSA5 的汇总路由始终都会传递,之前看不到是因为被 Null0 的路由(O路由)所遮盖。
R2 上的路由
R2#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 6 subnets, 4 masks
C 1.1.24.0/29 is directly connected, Serial1/0
L 1.1.24.2/32 is directly connected, Serial1/0
O 1.1.34.0/29 [110/128] via 1.1.24.4, 00:22:44, Serial1/0
O 1.1.45.0/24 [110/128] via 1.1.24.4, 00:22:44, Serial1/0
C 1.1.123.0/27 is directly connected, Ethernet0/0
L 1.1.123.2/32 is directly connected, Ethernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O 10.10.1.1/32 [110/11] via 1.1.123.1, 00:22:44, Ethernet0/0
C 10.10.2.0/24 is directly connected, Loopback0
L 10.10.2.2/32 is directly connected, Loopback0
O 10.10.3.3/32 [110/129] via 1.1.24.4, 00:22:44, Serial1/0
O 10.10.4.4/32 [110/65] via 1.1.24.4, 00:22:44, Serial1/0
O 10.10.5.5/32 [110/129] via 1.1.24.4, 00:22:44, Serial1/0
100.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
O E1 100.1.0.0/22 [110/217] via 1.1.24.4, 00:22:44, Serial1/0
! metric(217) = R3_Seed_Metric(89) + R4_s1/2_Cost(64) + R2_s1/0_Cost(64)
O N1 100.1.0.0/24 [110/100] via 1.1.123.1, 00:22:44, Ethernet0/0
O N1 100.1.1.0/24 [110/100] via 1.1.123.1, 00:22:44, Ethernet0/0
O N1 100.1.2.0/24 [110/100] via 1.1.123.1, 00:22:44, Ethernet0/0
O N1 100.1.3.0/24 [110/100] via 1.1.123.1, 00:22:44, Ethernet0/0
O N1 100.1.4.0/24 [110/100] via 1.1.123.1, 00:22:44, Ethernet0/0
使用 tag 将这条汇总路由过滤掉即可:
=== R2 === route-map RM_NO_SUMMARY deny 10 match tag 30 route-map RM_NO_SUMMARY permit 20 ! router ospf 2 summary-address 100.1.0.0 255.255.252.0 tag 20 ! === R3 === route-map RM_NO_SUMMARY deny 10 match tag 20 route-map RM_NO_SUMMARY permit 20 ! router ospf 3 summary-address 100.1.0.0 255.255.252.0 tag 30 !
tag 可以在 database 中看到,但不会进入路由表:
R2 database 中路由信息
R2#sh ip ospf database external 100.1.0.0
OSPF Router with ID (2.2.2.2) (Process ID 2)
Type-5 AS External Link States
LS age: 336
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 100.1.0.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x124B
Length: 36
Network Mask: /22
Metric Type: 1 (Comparable directly to link state metric)
MTID: 0
Metric: 89
Forward Address: 0.0.0.0
External Route Tag: 20
LS age: 77
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 100.1.0.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000006
Checksum: 0x9EAB
Length: 36
Network Mask: /22
Metric Type: 1 (Comparable directly to link state metric)
MTID: 0
Metric: 89
Forward Address: 0.0.0.0
External Route Tag: 30
4.6 修改 Loopback 接口网络类型为 p2p
6. 在 R2 上增加一个 loopback2,其 IP ADD=20.1.1.1/24,宣告进入 Area 20,在其他路由器都可以看到此路由为 24 位
day0 配置清单
=== R1 === router rip no auto version 2 passive-interface default neighbor 1.1.123.3 net 1.0.0.0 ! key chain KEY_CHAIN key 1 key-string cisco ! ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 area 2 nssa ! int e0/0 ip ospf network point-to-point ! int lo100 ip add 100.1.0.1 255.255.255.0 ! int lo101 ip add 100.1.1.1 255.255.255.0 ! int lo102 ip add 100.1.2.1 255.255.255.0 ! int lo103 ip add 100.1.3.1 255.255.255.0 ! int lo104 ip add 100.1.4.1 255.255.255.0 ! route-map RM_NETWORK_100 permit 10 match interface lo100 lo101 lo102 lo103 lo104 ! router ospf 1 redistribute connected metric 89 metric-type 1 subnets route-map RM_NETWORK_100 ! router rip redistribute connected route-map RM_NETWORK_100 ! === R2 === route-map RM_NO_SUMMARY deny 10 match tag 30 route-map RM_NO_SUMMARY permit 20 ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 2 network 1.1.24.2 0.0.0.0 area 1 area 1 virtual-link 4.4.4.4 area 2 nssa no-summary area 2 default-cost 10 summary-address 100.1.0.0 255.255.252.0 tag 20 summary-address 100.1.4.0 255.255.255.0 not-advertise no discard-route external ! int e0/0 ip ospf network point-to-point === R3 === router rip no auto version 2 passive-interface default neighbor 1.1.123.1 net 1.0.0.0 redistribute ospf 3 metric 1 ! key chain KEY_CHAIN key 3 key-string cisco ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! route-map RM_NO_SUMMARY deny 10 match tag 20 route-map RM_NO_SUMMARY permit 20 ! router ospf 3 router-id 3.3.3.3 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 redistribute rip subnets metric-type 1 summary-address 100.1.0.0 255.255.252.0 tag 30 summary-address 100.1.4.0 255.255.255.0 not-advertise redistribute rip metric-type 1 subnets metric 89 no discard-route external ! === R4 === router ospf 4 router-id 4.4.4.4 network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0 network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1 neighbor 1.1.45.5 area 1 virtual-link 2.2.2.2 ! int s1/1 ip ospf network non-broadcast ! === R5 === router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 ! int s1/1 ip ospf network non-broadcast
=== R2 === int lo2 ip add 20.1.1.1 255.255.255.0 ip ospf network point-to-point ! router ospf 2 network 20.1.1.1 0.0.0.0 area 20 !
4.7 三类汇总(range)
7. 在 R4 上,你可以看到 R2 的 10.10.2.2/32 的路由,希望看到它是一条 10.10.2.0/24 的路由。不可以使用 ip ospf network point-to-point 的命令行
day0 配置清单
=== R1 === router rip no auto version 2 passive-interface default neighbor 1.1.123.3 net 1.0.0.0 ! key chain KEY_CHAIN key 1 key-string cisco ! ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 area 2 nssa ! int e0/0 ip ospf network point-to-point ! int lo100 ip add 100.1.0.1 255.255.255.0 ! int lo101 ip add 100.1.1.1 255.255.255.0 ! int lo102 ip add 100.1.2.1 255.255.255.0 ! int lo103 ip add 100.1.3.1 255.255.255.0 ! int lo104 ip add 100.1.4.1 255.255.255.0 ! route-map RM_NETWORK_100 permit 10 match interface lo100 lo101 lo102 lo103 lo104 ! router ospf 1 redistribute connected metric 89 metric-type 1 subnets route-map RM_NETWORK_100 ! router rip redistribute connected route-map RM_NETWORK_100 ! === R2 === route-map RM_NO_SUMMARY deny 10 match tag 30 route-map RM_NO_SUMMARY permit 20 ! int lo2 ip add 20.1.1.1 255.255.255.0 ip ospf network point-to-point ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 2 network 1.1.24.2 0.0.0.0 area 1 network 20.1.1.1 0.0.0.0 area 20 area 1 virtual-link 4.4.4.4 area 2 nssa no-summary area 2 default-cost 10 summary-address 100.1.0.0 255.255.252.0 tag 20 summary-address 100.1.4.0 255.255.255.0 not-advertise no discard-route external ! int e0/0 ip ospf network point-to-point === R3 === router rip no auto version 2 passive-interface default neighbor 1.1.123.1 net 1.0.0.0 redistribute ospf 3 metric 1 ! key chain KEY_CHAIN key 3 key-string cisco ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! route-map RM_NO_SUMMARY deny 10 match tag 20 route-map RM_NO_SUMMARY permit 20 ! router ospf 3 router-id 3.3.3.3 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 redistribute rip subnets metric-type 1 summary-address 100.1.0.0 255.255.252.0 tag 30 summary-address 100.1.4.0 255.255.255.0 not-advertise redistribute rip metric-type 1 subnets metric 89 no discard-route external ! === R4 === router ospf 4 router-id 4.4.4.4 network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0 network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1 neighbor 1.1.45.5 area 1 virtual-link 2.2.2.2 ! int s1/1 ip ospf network non-broadcast ! === R5 === router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 ! int s1/1 ip ospf network non-broadcast
=== R2 === router ospf 2 area 2 range 10.10.2.0 255.255.255.0 !
4.8 OSPF 认证
day0 配置清单
=== R1 ===
router rip
no auto
version 2
passive-interface default
neighbor 1.1.123.3
net 1.0.0.0
!
key chain KEY_CHAIN
key 1
key-string cisco
!
!
int e0/0
ip rip authentication mode md5
ip rip authentication key-chain KEY_CHAIN
!
router ospf 1
router-id 1.1.1.1
network 1.1.123.1 0.0.0.0 area 2
network 10.10.1.1 0.0.0.0 area 2
area 2 nssa
!
int e0/0
ip ospf network point-to-point
!
int lo100
ip add 100.1.0.1 255.255.255.0
!
int lo101
ip add 100.1.1.1 255.255.255.0
!
int lo102
ip add 100.1.2.1 255.255.255.0
!
int lo103
ip add 100.1.3.1 255.255.255.0
!
int lo104
ip add 100.1.4.1 255.255.255.0
!
route-map RM_NETWORK_100 permit 10
match interface lo100 lo101 lo102 lo103 lo104
!
router ospf 1
redistribute connected metric 89 metric-type 1 subnets route-map RM_NETWORK_100
!
router rip
redistribute connected route-map RM_NETWORK_100
!
=== R2 ===
route-map RM_NO_SUMMARY deny 10
match tag 30
route-map RM_NO_SUMMARY permit 20
!
int lo2
ip add 20.1.1.1 255.255.255.0
ip ospf network point-to-point
!
router ospf 2
router-id 2.2.2.2
network 1.1.123.2 0.0.0.0 area 2
network 10.10.2.2 0.0.0.0 area 2
network 1.1.24.2 0.0.0.0 area 1
network 20.1.1.1 0.0.0.0 area 20
area 1 virtual-link 4.4.4.4
area 2 nssa no-summary
area 2 default-cost 10
summary-address 100.1.0.0 255.255.252.0 tag 20
summary-address 100.1.4.0 255.255.255.0 not-advertise
no discard-route external
area 2 range 10.10.2.0 255.255.255.0
!
int e0/0
ip ospf network point-to-point
=== R3 ===
router rip
no auto
version 2
passive-interface default
neighbor 1.1.123.1
net 1.0.0.0
redistribute ospf 3 metric 1
!
key chain KEY_CHAIN
key 3
key-string cisco
!
int e0/0
ip rip authentication mode md5
ip rip authentication key-chain KEY_CHAIN
!
route-map RM_NO_SUMMARY deny 10
match tag 20
route-map RM_NO_SUMMARY permit 20
!
router ospf 3
router-id 3.3.3.3
network 1.1.34.3 0.0.0.0 area 1
network 10.10.3.3 0.0.0.0 area 1
redistribute rip subnets metric-type 1
summary-address 100.1.0.0 255.255.252.0 tag 30
summary-address 100.1.4.0 255.255.255.0 not-advertise
redistribute rip metric-type 1 subnets metric 89
no discard-route external
!
=== R4 ===
router ospf 4
router-id 4.4.4.4
network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0
network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1
neighbor 1.1.45.5
area 1 virtual-link 2.2.2.2
!
int s1/1
ip ospf network non-broadcast
!
=== R5 ===
router ospf 5
router-id 5.5.5.5
network 10.10.5.5 0.0.0.0 area 0
network 1.1.45.5 0.0.0.0 area 0
!
int s1/1
ip ospf network non-broadcast
4.8.1 基于接口认证
=== R2 === router ospf 2 area 1 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco area 1 virtual-link 4.4.4.4 authentication message-digest ! === R4 === int s1/1 ip ospf message-digest-key 1 md5 cisco ip ospf authentication message-digest ! router ospf 4 area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco area 1 virtual-link 2.2.2.2 authentication message-digest ! === R5 === int s1/1 ip ospf message-digest-key 1 md5 cisco ip ospf authentication message-digest !
4.8.2 基于区域认证
=== R2 === router ospf 2 area 1 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco area 0 authentication message-digest ! === R4 === int s1/1 ip ospf message-digest-key 1 md5 cisco ! router ospf 4 area 0 authentication message-digest ! === R5 === int s1/1 ip ospf message-digest-key 1 md5 cisco ! router ospf 5 area 0 authentication message-digest !
4.9 no keepalive 与 ip ospf database-filter
9. 配置 R5 的以太口 F0/0,其 IP ADD=50.1.1.1/24,宣告进 OSPF Area 5,在此接口做配置,使 Area 5 的其他路由器学不到任何 OSPF 路由。 (注意此以太口没有接线,当 show interfaces f0/0,要看到它 up up 的状态)
day0 配置清单
=== R1 === router rip no auto version 2 passive-interface default neighbor 1.1.123.3 net 1.0.0.0 ! key chain KEY_CHAIN key 1 key-string cisco ! ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 area 2 nssa ! int e0/0 ip ospf network point-to-point ! int lo100 ip add 100.1.0.1 255.255.255.0 ! int lo101 ip add 100.1.1.1 255.255.255.0 ! int lo102 ip add 100.1.2.1 255.255.255.0 ! int lo103 ip add 100.1.3.1 255.255.255.0 ! int lo104 ip add 100.1.4.1 255.255.255.0 ! route-map RM_NETWORK_100 permit 10 match interface lo100 lo101 lo102 lo103 lo104 ! router ospf 1 redistribute connected metric 89 metric-type 1 subnets route-map RM_NETWORK_100 ! router rip redistribute connected route-map RM_NETWORK_100 ! === R2 === route-map RM_NO_SUMMARY deny 10 match tag 30 route-map RM_NO_SUMMARY permit 20 ! int lo2 ip add 20.1.1.1 255.255.255.0 ip ospf network point-to-point ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 2 network 1.1.24.2 0.0.0.0 area 1 network 20.1.1.1 0.0.0.0 area 20 area 1 virtual-link 4.4.4.4 area 2 nssa no-summary area 2 default-cost 10 summary-address 100.1.0.0 255.255.252.0 tag 20 summary-address 100.1.4.0 255.255.255.0 not-advertise no discard-route external area 2 range 10.10.2.0 255.255.255.0 area 1 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco area 0 authentication message-digest ! int e0/0 ip ospf network point-to-point === R3 === router rip no auto version 2 passive-interface default neighbor 1.1.123.1 net 1.0.0.0 redistribute ospf 3 metric 1 ! key chain KEY_CHAIN key 3 key-string cisco ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! route-map RM_NO_SUMMARY deny 10 match tag 20 route-map RM_NO_SUMMARY permit 20 ! router ospf 3 router-id 3.3.3.3 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 redistribute rip subnets metric-type 1 summary-address 100.1.0.0 255.255.252.0 tag 30 summary-address 100.1.4.0 255.255.255.0 not-advertise redistribute rip metric-type 1 subnets metric 89 no discard-route external ! === R4 === router ospf 4 router-id 4.4.4.4 network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0 network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1 neighbor 1.1.45.5 area 1 virtual-link 2.2.2.2 area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco area 0 authentication message-digest ! int s1/1 ip ospf network non-broadcast ip ospf message-digest-key 1 md5 cisco ! === R5 === router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 area 0 authentication message-digest ! int s1/1 ip ospf network non-broadcast ip ospf message-digest-key 1 md5 cisco
=== R5 === int e0/0 ip add 50.1.1.1 255.255.255.0 no sh no keepalive ip ospf database-filter all out !
4.10 使用 route-map 在重分布时匹配 tag 过滤路由
10. 在R5上增加一个loopback5,其IPADD=55.1.1.1/24,将此路由重分布进OSPF。在R3上,此路由不能进入 RIP 的数据库,
此解决方案不可以使用 ACL ,Prefix-list 。
day0 配置清单
=== R1 ===
router rip
no auto
version 2
passive-interface default
neighbor 1.1.123.3
net 1.0.0.0
!
key chain KEY_CHAIN
key 1
key-string cisco
!
!
int e0/0
ip rip authentication mode md5
ip rip authentication key-chain KEY_CHAIN
!
router ospf 1
router-id 1.1.1.1
network 1.1.123.1 0.0.0.0 area 2
network 10.10.1.1 0.0.0.0 area 2
area 2 nssa
!
int e0/0
ip ospf network point-to-point
!
int lo100
ip add 100.1.0.1 255.255.255.0
!
int lo101
ip add 100.1.1.1 255.255.255.0
!
int lo102
ip add 100.1.2.1 255.255.255.0
!
int lo103
ip add 100.1.3.1 255.255.255.0
!
int lo104
ip add 100.1.4.1 255.255.255.0
!
route-map RM_NETWORK_100 permit 10
match interface lo100 lo101 lo102 lo103 lo104
!
router ospf 1
redistribute connected metric 89 metric-type 1 subnets route-map RM_NETWORK_100
!
router rip
redistribute connected route-map RM_NETWORK_100
!
=== R2 ===
route-map RM_NO_SUMMARY deny 10
match tag 30
route-map RM_NO_SUMMARY permit 20
!
int lo2
ip add 20.1.1.1 255.255.255.0
ip ospf network point-to-point
!
router ospf 2
router-id 2.2.2.2
network 1.1.123.2 0.0.0.0 area 2
network 10.10.2.2 0.0.0.0 area 2
network 1.1.24.2 0.0.0.0 area 1
network 20.1.1.1 0.0.0.0 area 20
area 1 virtual-link 4.4.4.4
area 2 nssa no-summary
area 2 default-cost 10
summary-address 100.1.0.0 255.255.252.0 tag 20
summary-address 100.1.4.0 255.255.255.0 not-advertise
no discard-route external
area 2 range 10.10.2.0 255.255.255.0
area 1 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco
area 0 authentication message-digest
!
int e0/0
ip ospf network point-to-point
=== R3 ===
router rip
no auto
version 2
passive-interface default
neighbor 1.1.123.1
net 1.0.0.0
redistribute ospf 3 metric 1
!
key chain KEY_CHAIN
key 3
key-string cisco
!
int e0/0
ip rip authentication mode md5
ip rip authentication key-chain KEY_CHAIN
!
route-map RM_NO_SUMMARY deny 10
match tag 20
route-map RM_NO_SUMMARY permit 20
!
router ospf 3
router-id 3.3.3.3
network 1.1.34.3 0.0.0.0 area 1
network 10.10.3.3 0.0.0.0 area 1
redistribute rip subnets metric-type 1
summary-address 100.1.0.0 255.255.252.0 tag 30
summary-address 100.1.4.0 255.255.255.0 not-advertise
redistribute rip metric-type 1 subnets metric 89
no discard-route external
!
=== R4 ===
router ospf 4
router-id 4.4.4.4
network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0
network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1
neighbor 1.1.45.5
area 1 virtual-link 2.2.2.2
area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco
area 0 authentication message-digest
!
int s1/1
ip ospf network non-broadcast
ip ospf message-digest-key 1 md5 cisco
!
=== R5 ===
router ospf 5
router-id 5.5.5.5
network 10.10.5.5 0.0.0.0 area 0
network 1.1.45.5 0.0.0.0 area 0
area 0 authentication message-digest
!
int s1/1
ip ospf network non-broadcast
ip ospf message-digest-key 1 md5 cisco
!
int e0/0
ip add 50.1.1.1 255.255.255.0
no sh
no keepalive
ip ospf database-filter all out
!
R5 重分布直连的时候先打上 tag :
=== R5 === int lo5 ip add 55.1.1.1 255.255.255.0 ! route-map RM_LO5 permit 10 match interface lo5 ! router ospf 5 redistribute connected route-map RM_LO5 tag 5 !
R3 查看打上标记的路由
R3#sh ip route 55.1.1.0
Routing entry for 55.1.1.0/24
Known via "ospf 3", distance 110, metric 20
Tag 5, type extern 2, forward metric 128
Redistributing via rip
Advertised by rip metric 1
Last update from 1.1.34.4 on Serial1/0, 00:00:07 ago
Routing Descriptor Blocks:
* 1.1.34.4, from 5.5.5.5, 00:00:07 ago, via Serial1/0
Route metric is 20, traffic share count is 1
Route tag 5
查看 R3 RIP database
R3#sh ip rip database | i 55 55.0.0.0/8 auto-summary 55.1.1.0/24 redistributed
R3 重分布过滤:
=== R3 === route-map RM_O_R deny 10 match tag 5 route-map RM_O_R permit 20 ! router rip redistribute ospf 3 metric 1 route-map RM_O_R !
再观察 R3 的 RIP database
R3#sh ip rip da
1.0.0.0/8 auto-summary
1.1.24.0/29 redistributed
[1] via 1.1.34.4, from 4.4.4.4,
1.1.34.0/29 directly connected, Serial1/0
1.1.45.0/24 redistributed
[1] via 1.1.34.4, from 4.4.4.4,
1.1.123.0/27 directly connected, Ethernet0/0
10.0.0.0/8 auto-summary
10.10.1.1/32 redistributed
[1] via 1.1.34.4, from 2.2.2.2,
10.10.2.0/24 redistributed
[1] via 1.1.34.4, from 2.2.2.2,
10.10.3.0/24 redistributed
[1] via 0.0.0.0,
10.10.4.4/32 redistributed
[1] via 1.1.34.4, from 4.4.4.4,
10.10.5.5/32 redistributed
[1] via 1.1.34.4, from 4.4.4.4,
20.0.0.0/8 auto-summary
20.1.1.0/24 redistributed
[1] via 1.1.34.4, from 2.2.2.2,
55.0.0.0/8 is possibly down
55.1.1.0/24 is possibly down
100.0.0.0/8 auto-summary
100.1.0.0/22 redistributed
[1] via 1.1.34.4, from 2.2.2.2,
100.1.0.0/24
[1] via 1.1.123.1, 00:00:21, Ethernet0/0
100.1.1.0/24
[1] via 1.1.123.1, 00:00:21, Ethernet0/0
100.1.2.0/24
[1] via 1.1.123.1, 00:00:21, Ethernet0/0
100.1.3.0/24
[1] via 1.1.123.1, 00:00:21, Ethernet0/0
100.1.4.0/24
[1] via 1.1.123.1, 00:00:21, Ethernet0/0
4.11 注入默认路由
11. 在R5上向OSPF注入一条默认路由
day0 配置清单
=== R1 === router rip no auto version 2 passive-interface default neighbor 1.1.123.3 net 1.0.0.0 ! key chain KEY_CHAIN key 1 key-string cisco ! ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 area 2 nssa ! int e0/0 ip ospf network point-to-point ! int lo100 ip add 100.1.0.1 255.255.255.0 ! int lo101 ip add 100.1.1.1 255.255.255.0 ! int lo102 ip add 100.1.2.1 255.255.255.0 ! int lo103 ip add 100.1.3.1 255.255.255.0 ! int lo104 ip add 100.1.4.1 255.255.255.0 ! route-map RM_NETWORK_100 permit 10 match interface lo100 lo101 lo102 lo103 lo104 ! router ospf 1 redistribute connected metric 89 metric-type 1 subnets route-map RM_NETWORK_100 ! router rip redistribute connected route-map RM_NETWORK_100 ! === R2 === route-map RM_NO_SUMMARY deny 10 match tag 30 route-map RM_NO_SUMMARY permit 20 ! int lo2 ip add 20.1.1.1 255.255.255.0 ip ospf network point-to-point ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 2 network 1.1.24.2 0.0.0.0 area 1 network 20.1.1.1 0.0.0.0 area 20 area 1 virtual-link 4.4.4.4 area 2 nssa no-summary area 2 default-cost 10 summary-address 100.1.0.0 255.255.252.0 tag 20 summary-address 100.1.4.0 255.255.255.0 not-advertise no discard-route external area 2 range 10.10.2.0 255.255.255.0 area 1 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco area 0 authentication message-digest ! int e0/0 ip ospf network point-to-point === R3 === route-map RM_O_R deny 10 match tag 5 route-map RM_O_R permit 20 ! router rip no auto version 2 passive-interface default neighbor 1.1.123.1 net 1.0.0.0 ! redistribute ospf 3 metric 1 redistribute ospf 3 metric 1 route-map RM_O_R ! key chain KEY_CHAIN key 3 key-string cisco ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! route-map RM_NO_SUMMARY deny 10 match tag 20 route-map RM_NO_SUMMARY permit 20 ! router ospf 3 router-id 3.3.3.3 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 redistribute rip subnets metric-type 1 summary-address 100.1.0.0 255.255.252.0 tag 30 summary-address 100.1.4.0 255.255.255.0 not-advertise redistribute rip metric-type 1 subnets metric 89 no discard-route external ! === R4 === router ospf 4 router-id 4.4.4.4 network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0 network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1 neighbor 1.1.45.5 area 1 virtual-link 2.2.2.2 area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco area 0 authentication message-digest ! int s1/1 ip ospf network non-broadcast ip ospf message-digest-key 1 md5 cisco ! === R5 === int lo5 ip add 55.1.1.1 255.255.255.0 ! route-map RM_LO5 permit 10 match interface lo5 ! router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 area 0 authentication message-digest redistribute connected route-map RM_LO5 tag 5 ! int s1/1 ip ospf network non-broadcast ip ospf message-digest-key 1 md5 cisco ! int e0/0 ip add 50.1.1.1 255.255.255.0 no sh no keepalive ip ospf database-filter all out !
=== R5 === router ospf 5 default-information originate always !
4.12 distribute-list 过滤路由与LSA3汇总
12. R5的路由表里除直连路由以外只能看到:1.1.24.0/24这条路由
day0 配置清单
=== R1 ===
router rip
no auto
version 2
passive-interface default
neighbor 1.1.123.3
net 1.0.0.0
!
key chain KEY_CHAIN
key 1
key-string cisco
!
!
int e0/0
ip rip authentication mode md5
ip rip authentication key-chain KEY_CHAIN
!
router ospf 1
router-id 1.1.1.1
network 1.1.123.1 0.0.0.0 area 2
network 10.10.1.1 0.0.0.0 area 2
area 2 nssa
!
int e0/0
ip ospf network point-to-point
!
int lo100
ip add 100.1.0.1 255.255.255.0
!
int lo101
ip add 100.1.1.1 255.255.255.0
!
int lo102
ip add 100.1.2.1 255.255.255.0
!
int lo103
ip add 100.1.3.1 255.255.255.0
!
int lo104
ip add 100.1.4.1 255.255.255.0
!
route-map RM_NETWORK_100 permit 10
match interface lo100 lo101 lo102 lo103 lo104
!
router ospf 1
redistribute connected metric 89 metric-type 1 subnets route-map RM_NETWORK_100
!
router rip
redistribute connected route-map RM_NETWORK_100
!
=== R2 ===
route-map RM_NO_SUMMARY deny 10
match tag 30
route-map RM_NO_SUMMARY permit 20
!
int lo2
ip add 20.1.1.1 255.255.255.0
ip ospf network point-to-point
!
router ospf 2
router-id 2.2.2.2
network 1.1.123.2 0.0.0.0 area 2
network 10.10.2.2 0.0.0.0 area 2
network 1.1.24.2 0.0.0.0 area 1
network 20.1.1.1 0.0.0.0 area 20
area 1 virtual-link 4.4.4.4
area 2 nssa no-summary
area 2 default-cost 10
summary-address 100.1.0.0 255.255.252.0 tag 20
summary-address 100.1.4.0 255.255.255.0 not-advertise
no discard-route external
area 2 range 10.10.2.0 255.255.255.0
area 1 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco
area 0 authentication message-digest
!
int e0/0
ip ospf network point-to-point
=== R3 ===
route-map RM_O_R deny 10
match tag 5
route-map RM_O_R permit 20
!
router rip
no auto
version 2
passive-interface default
neighbor 1.1.123.1
net 1.0.0.0
! redistribute ospf 3 metric 1
redistribute ospf 3 metric 1 route-map RM_O_R
!
key chain KEY_CHAIN
key 3
key-string cisco
!
int e0/0
ip rip authentication mode md5
ip rip authentication key-chain KEY_CHAIN
!
route-map RM_NO_SUMMARY deny 10
match tag 20
route-map RM_NO_SUMMARY permit 20
!
router ospf 3
router-id 3.3.3.3
network 1.1.34.3 0.0.0.0 area 1
network 10.10.3.3 0.0.0.0 area 1
redistribute rip subnets metric-type 1
summary-address 100.1.0.0 255.255.252.0 tag 30
summary-address 100.1.4.0 255.255.255.0 not-advertise
redistribute rip metric-type 1 subnets metric 89
no discard-route external
!
=== R4 ===
router ospf 4
router-id 4.4.4.4
network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0
network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1
neighbor 1.1.45.5
area 1 virtual-link 2.2.2.2
area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco
area 0 authentication message-digest
!
int s1/1
ip ospf network non-broadcast
ip ospf message-digest-key 1 md5 cisco
!
=== R5 ===
int lo5
ip add 55.1.1.1 255.255.255.0
!
route-map RM_LO5 permit 10
match interface lo5
!
router ospf 5
router-id 5.5.5.5
network 10.10.5.5 0.0.0.0 area 0
network 1.1.45.5 0.0.0.0 area 0
area 0 authentication message-digest
redistribute connected route-map RM_LO5 tag 5
default-information originate always
!
int s1/1
ip ospf network non-broadcast
ip ospf message-digest-key 1 md5 cisco
!
int e0/0
ip add 50.1.1.1 255.255.255.0
no sh
no keepalive
ip ospf database-filter all out
!
=== R5 === access-list 24 permit 1.1.24.0 router ospf 5 distribute-list 24 in !
此时 R5 路由表仍显示 /29 路由,因为 1.1.24.0/29 是由 2 个 ABR 发出的 LSA3 路由,因此可以在 ABR 上进行 3 类汇总:
查看通告的 ABR
R5#sh ip ospf database summary 1.1.24.0
OSPF Router with ID (5.5.5.5) (Process ID 5)
Summary Net Link States (Area 0)
LS age: 249 (DoNotAge)
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 1.1.24.0 (summary Network Number)
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x835E
Length: 28
Network Mask: /29
MTID: 0 Metric: 64
LS age: 911
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 1.1.24.0 (summary Network Number)
Advertising Router: 4.4.4.4
LS Seq Number: 80000003
Checksum: 0x4394
Length: 28
Network Mask: /29
MTID: 0 Metric: 64
=== R2 === router ospf 2 area 1 range 1.1.24.0 255.255.255.0 ! === R4 === router ospf 4 area 1 range 1.1.24.0 255.255.255.0 !
4.13 mtu-ignore
13. 将 R5 连 R4 的接口的 MTU 值改为:1504,此时 R4-R5 之间的 OSPF 邻接关系会 Down。
用最少的配置命令行,恢复他们的邻接关系 ,不能修改 MTU。
day0 配置清单
=== R1 === router rip no auto version 2 passive-interface default neighbor 1.1.123.3 net 1.0.0.0 ! key chain KEY_CHAIN key 1 key-string cisco ! ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! router ospf 1 router-id 1.1.1.1 network 1.1.123.1 0.0.0.0 area 2 network 10.10.1.1 0.0.0.0 area 2 area 2 nssa ! int e0/0 ip ospf network point-to-point ! int lo100 ip add 100.1.0.1 255.255.255.0 ! int lo101 ip add 100.1.1.1 255.255.255.0 ! int lo102 ip add 100.1.2.1 255.255.255.0 ! int lo103 ip add 100.1.3.1 255.255.255.0 ! int lo104 ip add 100.1.4.1 255.255.255.0 ! route-map RM_NETWORK_100 permit 10 match interface lo100 lo101 lo102 lo103 lo104 ! router ospf 1 redistribute connected metric 89 metric-type 1 subnets route-map RM_NETWORK_100 ! router rip redistribute connected route-map RM_NETWORK_100 ! === R2 === route-map RM_NO_SUMMARY deny 10 match tag 30 route-map RM_NO_SUMMARY permit 20 ! int lo2 ip add 20.1.1.1 255.255.255.0 ip ospf network point-to-point ! router ospf 2 router-id 2.2.2.2 network 1.1.123.2 0.0.0.0 area 2 network 10.10.2.2 0.0.0.0 area 2 network 1.1.24.2 0.0.0.0 area 1 network 20.1.1.1 0.0.0.0 area 20 area 1 virtual-link 4.4.4.4 area 2 nssa no-summary area 2 default-cost 10 summary-address 100.1.0.0 255.255.252.0 tag 20 summary-address 100.1.4.0 255.255.255.0 not-advertise no discard-route external area 2 range 10.10.2.0 255.255.255.0 area 1 virtual-link 4.4.4.4 message-digest-key 1 md5 cisco area 0 authentication message-digest area 1 range 1.1.24.0 255.255.255.0 ! int e0/0 ip ospf network point-to-point === R3 === route-map RM_O_R deny 10 match tag 5 route-map RM_O_R permit 20 ! router rip no auto version 2 passive-interface default neighbor 1.1.123.1 net 1.0.0.0 ! redistribute ospf 3 metric 1 redistribute ospf 3 metric 1 route-map RM_O_R ! key chain KEY_CHAIN key 3 key-string cisco ! int e0/0 ip rip authentication mode md5 ip rip authentication key-chain KEY_CHAIN ! route-map RM_NO_SUMMARY deny 10 match tag 20 route-map RM_NO_SUMMARY permit 20 ! router ospf 3 router-id 3.3.3.3 network 1.1.34.3 0.0.0.0 area 1 network 10.10.3.3 0.0.0.0 area 1 redistribute rip subnets metric-type 1 summary-address 100.1.0.0 255.255.252.0 tag 30 summary-address 100.1.4.0 255.255.255.0 not-advertise redistribute rip metric-type 1 subnets metric 89 no discard-route external ! === R4 === router ospf 4 router-id 4.4.4.4 network 1.1.45.4 0.0.0.0 area 0 ! put one interface into area 0 network 0.0.0.0 0.0.0.0 area 1 ! put all other interfaces into area 1 neighbor 1.1.45.5 area 1 virtual-link 2.2.2.2 area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco area 0 authentication message-digest area 1 range 1.1.24.0 255.255.255.0 ! int s1/1 ip ospf network non-broadcast ip ospf message-digest-key 1 md5 cisco ! === R5 === int lo5 ip add 55.1.1.1 255.255.255.0 ! route-map RM_LO5 permit 10 match interface lo5 ! access-list 24 permit 1.1.24.0 router ospf 5 router-id 5.5.5.5 network 10.10.5.5 0.0.0.0 area 0 network 1.1.45.5 0.0.0.0 area 0 area 0 authentication message-digest redistribute connected route-map RM_LO5 tag 5 default-information originate always distribute-list 24 in ! int s1/1 ip ospf network non-broadcast ip ospf message-digest-key 1 md5 cisco ! int e0/0 ip add 50.1.1.1 255.255.255.0 no sh no keepalive ip ospf database-filter all out !
=== R4 === int s1/1j ip ospf mtu-ignore ! === R5 === int s1/1 ip mtu 1504 !
Footnotes:
1
day0 配置清单是进行某一单独实验前所需要的初始配置