OSPF實驗拓撲
拓撲圖
拓撲要求:
(1)R4爲ISP,其上4個接口只能配置公有IP地址,之後不能再進行其任何配置。
(2)整個OSPF協議內部私有網段可達,同時所有路由器均可訪問R4環回。
(3)R2 Telnet R1的公有IP地址時,可以登錄到R5上。
(4)R1-R3構建一個MGRE環境,R1爲中心站點,R2和R3位分支站點。
(5)R1/R5/R6中R1爲DR,該網段沒有BDR。
1. 首先進行合理的IP地址規劃。
思路:例如私網地址使用172.16.0.0/16來進行合理的IP地址規劃。首先有4個區域,故可將地址大體分爲四個網段,但是考慮到日後可能會加進入新的網絡,故可借三位劃分8個網段。每個區域一個網段,剩餘4個以備後用。
考慮到IP地址配置的簡單,我們將地址簡單化
(1)鏈路之間的地址爲:10.1.X.0/24
(2)路由器環回口爲:1.1.1.1/24(每個路由器編號爲例)
(3)MGRE環境:20.1.1.1(中心)、20.1.1.2(分支)、20.1.1.3(分支)
2. IP地址規劃完成之後,開始在area 0內配置MGRE環境:
[r1]ip route-static 0.0.0.0 0.0.0.0 10.1.14.2
[r2]ip route-static 0.0.0.0 0.0.0.0 10.1.24.2
[r3]ip route-static 0.0.0.0 0.0.0.0 10.1.34.2
R1/R2/R3上配置tunnel :
[R1]int Tunnel 0/0/0
[R1-Tunnel0/0/0]ip address 20.1.1.1 255.255.255.0
[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]source 10.1.14.1
[R1-Tunnel0/0/0]nhrp entry multicast dynamic
[R1-Tunnel0/0/0]nhrp network-id 100
[R2]int Tunnel 0/0/0
[R2-Tunnel0/0/0]ip address 20.1.1.2 255.255.255.0
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
[R2-Tunnel0/0/0]source GigabitEthernet0/0/0
[R2-Tunnel0/0/0]nhrp network-id 100
[R2-Tunnel0/0/0]nhrp entry 20.1.1.1 10.1.14.1 register
[R3]int Tunnel 0/0/0
[R3-Tunnel0/0/0]ip address 20.1.1.3 255.255.255.0
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source GigabitEthernet0/0/0
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]nhrp entry 20.1.1.1 10.1.14.1 register
配置完成後,進行驗證:
[R1]ping 20.1.1.2
PING 20.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 20.1.1.2: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 20.1.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 20.1.1.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 20.1.1.2: bytes=56 Sequence=4 ttl=255 time=40 ms
Reply from 20.1.1.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 20.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/30/40 ms
[R1]ping 20.1.1.3
PING 20.1.1.3: 56 data bytes, press CTRL_C to break
Reply from 20.1.1.3: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 20.1.1.3: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 20.1.1.3: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 20.1.1.3: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 20.1.1.3: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 20.1.1.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/30/30 ms
3.配置OSPF環境:
[R1]ospf 1
[R1-ospf-1]di th
[V200R003C00]
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 20.1.1.1 0.0.0.0
area 0.0.0.1
network 1.1.1.1 0.0.0.0
network 10.1.156.3 0.0.0.0
[R2]ospf 1
[R2-ospf-1]dis th
[V200R003C00]
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 20.1.1.2 0.0.0.0
[R3]ospf 1
[R3-ospf-1]dis th
[V200R003C00]
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 20.1.1.3 0.0.0.0
area 0.0.0.2
network 3.3.3.3 0.0.0.0
network 10.1.37.1 0.0.0.0
[R5]ospf 1
[R5-ospf-1]dis th
[V200R003C00]
#
ospf 1 router-id 5.5.5.5
area 0.0.0.1
network 5.5.5.5 0.0.0.0
network 10.1.156.1 0.0.0.0
[R6]ospf 1
[R6-ospf-1]dis th
[V200R003C00]
#
ospf 1 router-id 6.6.6.6
area 0.0.0.1
network 6.6.6.6 0.0.0.0
network 10.1.156.2 0.0.0.0
[R7]ospf 1
[R7-ospf-1]dis th
#
ospf 1 router-id 7.7.7.7
import-route ospf 2
area 0.0.0.2
network 7.7.7.7 0.0.0.0
network 10.1.37.2 0.0.0.0
[R7]ospf 2
[R7-ospf-2]dis th
#
ospf 2 router-id 7.7.7.7
import-route ospf 1
area 0.0.0.0
network 10.1.78.1 0.0.0.0
[R8]ospf 2
[R8-ospf-2]dis th
[V200R003C00]
#
ospf 2 router-id 8.8.8.8
area 0.0.0.0
network 8.8.8.8 0.0.0.0
network 10.1.78.2 0.0.0.0
當R1/R2/R3配置完成後,因爲默認OSPF在tunnel 接口的工作方式爲p2p,故在MGRE環境只能建立一個鄰居關係,而MGRE又構建的是一個MA網絡,存在多個鄰居,故cisco中爲鄰居表翻滾,華爲是和最先收到Hello的鄰居建立,和該網段其他鄰居卡在init狀態
解決方法:R1/R2/R3修改OSPF接口網絡類型,並將R1設置爲DR,沒有BDR。
[R1]int Tunnel 0/0/0
[R1-Tunnel0/0/0]ospf network-type broadcast
[R2]int Tunnel 0/0/0
[R2-Tunnel0/0/0]ospf network-type broadcast
[R2-Tunnel0/0/0]ospf dr-priority 0
[R3]int Tunnel 0/0/0
[R3-Tunnel0/0/0]ospf network-type broadcast
[R3-Tunnel0/0/0]ospf dr-priority 0
4.當OSPF環境配置完成後,可以在R7查看路由表,此時R7上的路由表存在area 0,1,2,3的所有路由(由於area 3未連接骨幹區域所以其路由並不能被其他OSPF區域所學習)
解決方法:
(1)虛鏈路
(2)雙向重發布
(3)tunnel
此處我們採取雙向重發布來解決:
[R7]ospf 1
[R7-ospf-1]import-route ospf 2
[R7]ospf 2
[R7-ospf-1]import-route ospf 1
此時所有路由器學到了整個ospf的路由。
5.優化
(1)特殊區域(totally stub,totally nssa、過濾掉3,4,5類LSA,下發一條3類默認)
(2)路由彙總(由於沒有使用合理的IP地址段,故省略)
6.此時,還應該滿足全網可達,並且訪問R4的環回4.4.4.4/24
[R1]acl 2000
[R1-acl-basic-2000]dis th
[V200R003C00]
#
acl number 2000
rule 5 permit source 10.1.0.0 0.0.255.255
rule 10 permit source 5.5.5.0 0.0.0.255
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000
[R2]acl 2000
[R2-acl-basic-2000]dis th
[V200R003C00]
#
acl number 2000
rule 5 permit source 2.2.2.0 0.0.0.255
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]nat outbound 2000
[R3]acl 2000
[R3-acl-basic-2000]dis th
[V200R003C00]
#
acl number 2000
rule 5 permit source 10.1.0.0 0.0.255.255
rule 10 permit source 3.3.3.0 0.0.0.255
rule 15 permit source 7.7.7.0 0.0.0.255
rule 20 permit source 8.8.8.0 0.0.0.255
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]nat outbound 2000
在R1上的OSPF中下發缺省,他會將三類缺省也傳給R7,但不會傳給R8,重發布不會將3類缺省傳過去。故可以在R8上寫一條靜態路由。
[R1]ospf 1
[R1-ospf-1]default-route-advertise
[R8]ip route-static 0.0.0.0 0.0.0.0 10.1.78.1
測試:
<R5>ping 4.4.4.4
PING 4.4.4.4: 56 data bytes, press CTRL_C to break
Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=254 time=50 ms
Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=254 time=50 ms
--- 4.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/42/50 ms
[R2]ping 4.4.4.4
PING 4.4.4.4: 56 data bytes, press CTRL_C to break
Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=255 time=10 ms
Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=255 time=10 ms
Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 4.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/18/30 ms
<R8>ping 4.4.4.4
PING 4.4.4.4: 56 data bytes, press CTRL_C to break
Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=253 time=30 ms
Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=253 time=20 ms
Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=253 time=40 ms
Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=30 ms
Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=50 ms
--- 4.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/34/50 ms
7.端口映射。R2TelnetR1實際TelnetR5
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat server protocol tcp global current-interface 23 inside 10.1.156.1 23
Warning:The port 23 is well-known port. If you continue it may cause function failure.
Are you sure to continue?[Y/N]:y
[R5]aaa
[R5-aaa]local-user ccnp password cipher cisco123
[R5-aaa]local-user ccnp service-type telnet
[R5-aaa]q
[R5]user-interface vty 0 4
[R5-ui-vty0-4]user privilege level 15
[R5-ui-vty0-4]authentication-mode aaa
測試:
<R2>telnet 10.1.14.1
Press CTRL_] to quit telnet mode
Trying 10.1.14.1 ...
Connected to 10.1.14.1 ...
Login authentication
Username:ccnp
Password:
-----------------------------------------------------------------------------
User last login information:
-----------------------------------------------------------------------------
Access Type: Telnet
IP-Address : 10.1.14.2
Time : 2020-02-17 19:10:51-08:00
-----------------------------------------------------------------------------
<R5>
8.R1/R5/R6中,R1爲DR,沒有BDR
[R5]int g0/0/0
[R5-GigabitEthernet0/0/0]ospf dr-priority 0
[R6]int g0/0/0
[R6-GigabitEthernet0/0/0]ospf dr-priority 0
完成所有配置之後,此實驗所有要求全部完成。