双点双向引入带来的次优路劲和环路问题:
实验拓扑:
拓扑描述:
- R1,R2之间运行静态,R2,R3,R4运行OSPF,R3,R4,R5运行RIP
实验需求:
- 在R2上利用前缀列表精确匹配环回口路由并引入至RIP
- 将R2上利用filter-policy将环回口引入至OSPF时,只允许OSPF域内学到双数路由
- 在R3,R4上进行双向路由重分发
- 在R3,R4上对10.0.X.0/24进行自动汇总,请请避免环路
实验步骤:
配置IP地址,ping直连检验连通性(略)
配置OSPF(取R2配置)
1
2
3
4
5[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.0.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.0.24.2 0.0.0.0查看R2的ospf邻居表:
1
2
3
4
5
6
7
8
9
10
11
12[R2]dis ospf peer brief
OSPF Process 1 with Router ID 2.2.2.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/1 10.0.23.3 Full
0.0.0.0 GigabitEthernet0/0/2 4.4.4.4 Full
----------------------------------------------------------------------------
[R2]
#状态为full,邻接关系建立成功配置RIP(取R5配置):
1
2
3
4[R5]rip 1
[R5-rip-1]undo summary
[R5-rip-1]version 2
[R5-rip-1]network 10.0.0.0查看R5的RIP邻居表
1
2
3
4
5
6
7
8
9
10
11[R5]dis rip 1 neighbor
---------------------------------------------------------------------
IP Address Interface Type Last-Heard-Time
---------------------------------------------------------------------
10.0.35.3 GigabitEthernet0/0/0 RIP 0:0:20
Number of RIP routes : 1
10.0.45.4 GigabitEthernet0/0/1 RIP 0:0:21
Number of RIP routes : 1
[R5]
#rip邻居建立成功。在R5上配置前缀列表精确引入外部路由:
1
2
3
4[R5]ip ip-prefix 1 index 10 permit 20.0.0.0 22 greater-equal 22 less-equal 24
--匹配前缀为20.0.0.0/22 中掩码为22-24中的四个网段
#我们这一下子匹配了四个,跟题目要求的不符合,往下看在在R5上配置两个环回口地址为20.0.3.1,20.0.4.1后,查看R4 RIP路由表
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25[R4]dis ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 6 Routes : 6
RIP routing table status : <Active>
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.35.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
20.0.0.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
20.0.1.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
20.0.2.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
20.0.3.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
#发现新加的路由只有20.0.3.0被学习了,20.0.4.0没有被学习,起到一个过滤的作用
#但是依旧会学到一条,那这不是就没有进行精确引入了吗?
#可以在添加一条规则直接拒绝掉。在R5的前缀列表上新加入一条匹配规则:
1
2
3[R5]ip ip-prefix 1 index 5 deny 20.0.3.0 24
# 这条规则跟acl的匹配差不多,但是要注意index的值,让它优先进行匹配才能过滤。再次查看R4 RIP路由表:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21[R4]dis ip rou protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 5 Routes : 5
RIP routing table status : <Active>
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.35.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
20.0.0.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
20.0.1.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
20.0.2.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
#精确引入要求达成在R1配置默认路由指向R2,在R2上配置静态并引入至OSPF域内:(略)
在R2上配置路由策略,只允许OSPF域内学到双数路由:
1
2
3[R2]acl 2000
[R2-acl-basic-2000]rule 5 permit source 172.16.0.0 0.0.2.0 --配置ACL匹配172.16.0.0里面的双数网段
[R2-ospf-1]filter-policy 2000 export static 按照过滤策略对引入静态路由在发布时进行过滤在R4上查看OSPF路由表:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29[R4]dis ip rou pr osfp
^
Error: Unrecognized command found at '^' position.
[R4]dis ip rou pr ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 5 Routes : 5
OSPF routing table status : <Active>
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
2.2.2.2/32 OSPF 10 1 D 10.0.24.2 GigabitEthernet
0/0/0
3.3.3.3/32 OSPF 10 2 D 10.0.24.2 GigabitEthernet
0/0/0
10.0.23.0/24 OSPF 10 2 D 10.0.24.2 GigabitEthernet
0/0/0
172.16.0.0/24 O_ASE 150 1 D 10.0.24.2 GigabitEthernet
0/0/0
172.16.2.0/24 O_ASE 150 1 D 10.0.24.2 GigabitEthernet
0/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
#发现只有两条双数路由的存在,要求达成在R3,R4上进行双向引入:
1
2
3
4
5
6[R3-ospf-1]import-route rip
[R3-rip-1]import-route ospf
[R4-ospf-1]import-route rip
[R4-rip-1]import-route ospf在R3上 tracert 172.16.0.0/172.16.2.0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34[R3]tracert 172.16.0.1
traceroute to 172.16.0.1(172.16.0.1), max hops: 30 ,packet length: 40,press CT
RL_C to break
1 10.0.35.5 40 ms 20 ms 20 ms
2 10.0.45.4 20 ms 20 ms 20 ms
3 10.0.24.2 30 ms 20 ms 20 ms
4 10.0.12.1 40 ms 40 ms 40 ms
[R3]
<R3>tracert 172.16.2.1
traceroute to 172.16.2.1(172.16.2.1), max hops: 30 ,packet length: 40,press CT
RL_C to break
1 10.0.35.5 10 ms 10 ms 10 ms
2 10.0.45.4 20 ms 20 ms 20 ms
3 10.0.24.2 40 ms 30 ms 30 ms
4 10.0.12.1 40 ms 30 ms 40 ms
<R3>
#发现通往次网段的路径都是R5-R4-R2-R1,而这个路径不是最优的,所以当我们进行双向引入的时候,造成了次优路径的产生,
#因为OSPF外部路由优先级为150,在R4上将OSPF重发布进RIP后,R5会学到此路由,并且会发给R3,此时R3上就会存在两条路由,因为rip优先级为100,比外部路由的小,所以优先选择RIP的,因此造成次优路劲。
#关于次优路径,有两种解决办法:
#结局方案一:首先是在R2上将外部路由的优先级直接改为比100小,
#解决方案二:还有就是将OSPF路由引入RIP后,将优先级改的比150大
#两种办法我们都尝试一下解决方案1:在R4上修改外部网络的优先级为99:
1
2
3
4
5
6[R4]acl 2000
[R4-acl-basic-2000]rule 5 permit source 172.16.0.0 0.0.2.0
[R4]route-policy ase permit node 10 --配置route-policy的名字和进程
[R4-route-policy]if-match acl 2000 --匹配acl 2000
[R4-route-policy]apply preference 99 --定义动作为优先级99.
[R4-ospf-1]preference ase route-policy ase --配置路由策略为特定的路由设定优先级查看R4的路由表:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29[R4]dis ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 5 Routes : 5
OSPF routing table status : <Active>
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
2.2.2.2/32 OSPF 10 1 D 10.0.24.2 GigabitEthernet
0/0/0
3.3.3.3/32 OSPF 10 2 D 10.0.24.2 GigabitEthernet
0/0/0
10.0.23.0/24 OSPF 10 2 D 10.0.24.2 GigabitEthernet
0/0/0
172.16.0.0/24 O_ASE 99 1 D 10.0.24.2 GigabitEthernet
0/0/0
172.16.2.0/24 O_ASE 99 1 D 10.0.24.2 GigabitEthernet
0/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
[R4]
#发现外部路由优先级为99,而rip的优先级为100,所以就不会从RIP中不会学到该路由。R4上的次优路径解除。
#R3配置和R4同理解决方案2:在R2上面配置路由策略,将引入的外部路由打上tag 500的标签:
1
2
3[R2]route-policy tag permit node 10
[R2-route-policy] apply tag 500 --打上tag500
[R2-ospf-1]import-route static route-policy tag --引入路由的时候调用路由策略在R4上配置路由策略对tag路由进行匹配,并在rip里面加上优先级。
1
2
3
4[R4]route-policy 1 permit node 10
[R4-route-policy]if-match tag 500 --匹配tag500的路由
[R4-route-policy]apply preference 200 --定义动作,加上优先级为200
[R4-rip-1]preference route-policy 1 --指定路由策略,对满足条件的特定路由设置优先级。查看R4的路由表:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49[R4]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 20 Routes : 20
Destination/Mask Proto Pre Cost Flags NextHop Interface
2.2.2.2/32 OSPF 10 1 D 10.0.24.2 GigabitEthernet
0/0/0
3.3.3.3/32 OSPF 10 2 D 10.0.24.2 GigabitEthernet
0/0/0
4.4.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.23.0/24 OSPF 10 2 D 10.0.24.2 GigabitEthernet
0/0/0
10.0.24.0/24 Direct 0 0 D 10.0.24.4 GigabitEthernet
0/0/0
10.0.24.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.24.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.35.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
10.0.45.0/24 Direct 0 0 D 10.0.45.4 GigabitEthernet
0/0/1
10.0.45.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.45.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
20.0.0.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
20.0.1.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
20.0.2.0/24 RIP 100 1 D 10.0.45.5 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.0.0/24 O_ASE 150 1 D 10.0.24.2 GigabitEthernet
0/0/0
172.16.2.0/24 O_ASE 150 1 D 10.0.24.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R4]
#发现在R4上访问外部路由的下一跳为R2,这时次优路径的问题就被解决了
#因为172.16.0.0/172.16.2.0,在RIP内的优先级为200,所以优先选择OSPF区域内的,所以不存在次优问题了
#R3配置和R4同理次优路径解决,但是因为是在R3,R4上做的双点双向路由重分发,所以在R3上rip从ospf学到的路由,可能会经过R4继续传给OSPF,这样会造成路由回灌,会产生环路。我们可以在R3上引入路由的时候打上一个tag标签,让路由带标签进行传递,然后在R4上拒绝该tag路由的传递,这样就避免了路由回灌。
在R3上配置单点双向的标签标记。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18[R3]route-policy o2r permit node 10
[R3-route-policy]apply tag 100 --打上tag100
[R3-rip-1]import-route ospf 1 route-policy o2r --引入的OSPF路由全都打上了tag100的标签。
[R4]route-policy r2o deny node 10
[R4-route-policy]if-match tag 100 --匹配tag100
[R4-ospf-1]import-route rip route-policy r2o --引入rip路由是拒绝tag100的路由
[R3]route-policy r2o permit node 10
[R3-route-policy]apply tag 200
[R3-ospf-1]import-route rip route-policy r2o
[R4]route-policy o2r deny node 10
[R4-route-policy]if-match tag 200
[R4-rip-1]import-route ospf 1 route-policy o2r
#o2r --OSPF引入RIP
#r2o --rip引入OSPF.在R4上配置单点双向的标签标记。
1
2
3
4
5
6
7
8
9
10
11
12
13[R4]route-policy o2r permit node 20
[R4-route-policy]apply tag 300
[R3]route-policy r2o deny node 20
[R3-route-policy]if-match tag 300
[R4]route-policy r2o permit node 20
[R4-route-policy]apply tag 400
[R3]route-policy r2o deny node 20
[R3-route-policy]if-match tag 400
#因为刚才已经在引入时进行调用了,现在就不必调用了。配置路由汇总:
1
2
3[R3-ospf-1]asbr-summary 20.0.0.0 255.255.0.0
[R4-ospf-1]asbr-summary 20.0.0.0 255.255.0.0查看R3的rip路由表:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31[R3]dis ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
Destinations : 6 Routes : 6
RIP routing table status : <Active>
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
4.4.4.4/32 RIP 100 2 D 10.0.35.5 GigabitEthernet
0/0/1
10.0.24.0/24 RIP 100 2 D 10.0.35.5 GigabitEthernet
0/0/1
10.0.45.0/24 RIP 100 1 D 10.0.35.5 GigabitEthernet
0/0/1
20.0.0.0/24 RIP 100 1 D 10.0.35.5 GigabitEthernet
0/0/1
20.0.1.0/24 RIP 100 1 D 10.0.35.5 GigabitEthernet
0/0/1
20.0.2.0/24 RIP 100 1 D 10.0.35.5 GigabitEthernet
0/0/1
RIP routing table status : <Inactive>
Destinations : 0 Routes : 0
[R3]
#发现有一条聚合路由20.0.0.0的存在,在R4的路由表中也会存在该路由
#那么当访问一条不存在的20.0.x.x的路由时,在R3和R4之间就会产生环路。在R4上tracert 20.0.5.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17[R4]tracert 20.0.5.1
traceroute to 20.0.5.1(20.0.5.1), max hops: 30 ,packet length: 40,press CTRL_C
to break
1 10.0.45.5 20 ms 20 ms 20 ms
2 10.0.35.3 20 ms 20 ms 20 ms
3 10.0.23.2 20 ms 20 ms 30 ms
4 10.0.23.3 30 ms 10.0.24.4 20 ms 10.0.23.3 30 ms
5 10.0.45.5 30 ms 10.0.23.2 30 ms 10.0.45.5 30 ms
#当我们试图访问压根就不存在的路由时,会造成环路。
#可以通过在R3,R4配置acl,拒绝聚合路由的进入就可以了,因为在R3或者R4上访问该路由时,会以聚合路由的路由条目进行查表转发在R3配置acl拒绝聚合路由传递。
1
2
3
4
5
6[R3]acl 2000
[R3-acl-basic-2000]rule 5 deny source 20.0.0.0 0.0.255.255
[R4-acl-basic-2000]rule 10 permit source any --acl在进行路由过滤的话默认是拒绝所有的。
[R3-acl-basic-2000]quit
[R3-ospf-1]filter-policy 2000 import --再次在R4 tracert 20.0.5.1
1
2
3
4
5
6
7
8
9
10
11
12R4]tracert 20.0.5.1
traceroute to 20.0.5.1(20.0.5.1), max hops: 30 ,packet length: 40,press CTRL_C
to break
1 * * *
2 * * *
3 * * *
#已经访问不了,达成实验要求.
实验结果:
在R5上访问R1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17[R5]ping 172.16.0.1
PING 172.16.0.1: 56 data bytes, press CTRL_C to break
Request time out
Reply from 172.16.0.1: bytes=56 Sequence=2 ttl=253 time=50 ms
Reply from 172.16.0.1: bytes=56 Sequence=3 ttl=253 time=30 ms
Reply from 172.16.0.1: bytes=56 Sequence=4 ttl=253 time=30 ms
Reply from 172.16.0.1: bytes=56 Sequence=5 ttl=253 time=20 ms
--- 172.16.0.1 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 20/32/50 ms
[R5]
#实验成功
总结
本次实验主要考察对路由策略知识点,还有双点双向重分发遇到的问题,着重理解次优路径的产生,以及怎么解决次优路径,还有就是对于路由回灌的问题,不要对两边路由引入的方向绕晕。