实验分析
需求:
R4为ISP,其上只能配置IP地址;R4与其他所有直连设备间均使用公有IP。
配置公网IP,涉及接口IP地址配置2. 需求二
R3-R5/6/7为MGRE环境,R3为中心站点。
配置AR3为中心,创建隧道接口且其成员设备均配置相同网段的隧道接口IP,找中心注册,修改网络接口类型,
注意AR3要开启中心伪广播。
3. 需求三整个OSPF环境IP基于172.16.0.0/16划分。
子网划分要合理,所谓合理就是说,在拓扑图中,两台非用户设备之间划分的网段能用的地址最好只有两个。也就是30位的网段,
这样不会造成IP地址的浪费还能在一定程度上防环;而用户网段划分位可用IP地址在100个以内的网段,当然划分为掩码24位的也可以。
基于以上分析,划分网段如下:
1. 总划分
6个区域,那至少借3位,这样可以划分出8个网段,使用6个,剩下两个预留。
172.16.0.0 16 --借位 3 得
172.16.0.0 19 -- 0区
172.16.32.0 19 -- 1区
172.16.64.0 19 -- 2区
172.16.96.0 19 -- 3区
172.16.128.0 19 -- 4区
172.16.160.0 19 -- rip区
172.16.192.0 19 -- 预留
172.16.224.0 19 -- 预留
==========================================================================
2. 区域划分
area 0
172.16.0.0 19 基于这个网段划分为掩码24位的网段
172.16.0.0 24
172.16.1.0 24
172.16.2.0 24
172.16.3.0 24
172.16.4.0 24
......
基于掩码24位的网段再划分为掩码为29位或30位,根据需要划分
172.16.0.0 24--骨干链路(P2P骨干)/30
172.16.0.0 30
172.16.0.4 30
172.16.0.8 30
......
172.16.1.0 24--骨干链路(MA骨干)/29
172.16.1.0 29
172.16.1.8 29
172.16.1.16 29
......
使用在环回网段,模拟用户,可以不用再划分了
172.16.2.0 24
172.16.3.0 24
172.16.4.0 24
172.16.5.0 24
......
==========================================================================
area 1
172.16.32.0 19
P2P
172.16.32.0 24
172.16.32.0 30
172.16.32.4 30
172.16.32.8 30
MA
172.16.33.0 24
172.16.33.0 29
172.16.33.8 29
172.16.33.16 29
172.16.33.24 29
用户
172.16.34.0 24
172.16.35.0 24
......
==========================================================================
area 2
172.16.64.0 19
P2P
172.16.64.0 24
172.16.64.0 30
172.16.64.4 30
172.16.64.8 30
172.16.64.12 30
MA
172.16.65.0 24
172.16.65.0 29
172.16.65.8 29
172.16.65.16 29
用户
172.16.66.0 24
172.16.67.0 24
......
==========================================================================
area 3
172.16.96.0 19
P2P
172.16.96.0 24
172.16.96.0 30
172.16.96.4 30
MA
172.16.97.0 24
172.16.97.0 29
172.16.97.8 29
172.16.97.16 29
用户
172.16.98.0 24
172.16.99.0 24
......
==========================================================================
area 4
172.16.128.0 19
P2P
172.16.128.0 24
172.16.128.0 30
172.16.128.4 30
MA
172.16.129.0 24
172.16.129.0 29
172.16.129.8 29
用户
172.16.130.0 24
172.16.131.0 24
......
==========================================================================
RIP
172.16.160.0 19
用户
172.16.160.0 24
172.16.161.0 24
......
==========================================================================
预留
172.16.192.0 19
172.16.224.0 19
4. 需求四
所有设备均可访问R4的环回。
可以理解为保证公网的畅通,也就是说在每个区域的边界路由配置指向ISP设备的缺省路由即可。
5. 需求五
减少LSA的更新量,加快收敛,保障更新安全。
这是对OSPF协议下的网络做优化,使用域间手工汇总,域外汇总的方法减少LSA的更新量;
还可以划分一些特殊区域,让关键设备拒绝学习一些没有作用的路由信息,修改计时器等以加快收敛;
而保障更新安全就是注意链路的防环以及设备的认证。
3. 实验配置
1. AR1
# 1. 配置IP地址
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip accounting
[AR1]interface l0
[AR1-LoopBack0]ip address 172.16.34.1 24
# 2. 配置OSPF
[AR1]ospf 1 router-id 1.1.1.1
[AR1-ospf-1]area 1
[AR1-ospf-1-area-0.0.0.1]network 0.0.0.0 0.0.0.0 # 全宣告,因为为网段划分很合理
[AR1-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.31.255 # 范围宣告。两种方法二选一
# 3. 划分为STUB区域
[AR1]ospf 1
[AR1-ospf-1]area 1
[AR1-ospf-1-area-0.0.0.1]stub
# 4. 配置NAT
[AR3]acl 2000
[AR3-acl-basic-2000]rule permit s 172.16.0.0 0.0.255.255
[AR3]interface Serial 4/0/0
[AR3-Serial4/0/0]nat outbound 2000
# 5. 修改hello时间
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ospf timer hello 3
# 6. 认证
[AR1]interface GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
2. AR2
# 1. 配置IP地址
[AR2]interface GigabitEthernet 0/0/0
[AR2-GigabitEthernet0/0/0]ip address 172.16.33.2 29
[AR2]interface l0
[AR2-LoopBack0]ip address 172.16.35.1 24
# 2. 配置OSPF
[AR2]ospf 1 router-id 2.2.2.2
[AR2-ospf-1]area 1
[AR2-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.31.255
# 3. 划分为STUB区域
[AR2]ospf 1
[AR2-ospf-1]area 1
[AR2-ospf-1-area-0.0.0.1]stub
3. AR3
# 1. 配置IP
[AR3]interface Serial 4/0/0
[AR3-Serial4/0/0]ip address 34.0.0.1 24
[AR3]interface l0
[AR3-LoopBack0]ip address 172.16.36.1 24
# 2. 配置缺省
[AR3]ip route-static 0.0.0.0 0 34.0.0.2
# 3. 配置MGRE
[AR3]interface Tunnel 0/0/0
[AR3-Tunnel0/0/0]ip address 172.16.1.1 29
[AR3-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR3-Tunnel0/0/0]source 34.0.0.1
[AR3-Tunnel0/0/0]nhrp network-id 100
[AR3-Tunnel0/0/0]nhrp entry multicast dynamic
[AR3-Tunnel0/0/0]ospf network-type p2mp
# 4. 配置OSPF
[AR3]ospf 1 router-id 3.3.3.3
[AR3-ospf-1-area-0.0.0.1]network 172.16.33.3 0.0.0.0 # 宣告区域1的接口地址,锁死地址式宣告
[AR3-ospf-1-area-0.0.0.1]network 172.16.36.1 0.0.0.0 # 宣告环回
[AR3-ospf-1]area 0
[AR3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0 # 宣告隧道
# 5. 汇总
[AR3]ospf 1
[AR3-ospf-1]area 1
[AR3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
# 6. 划分为stub no-summary区域
[AR3]ospf 1
[AR3-ospf-1]area 1
[AR3-ospf-1-area-0.0.0.1]stub no-summary
# 认证
[AR3]ospf 1
[AR3-ospf-1]area 1
[AR3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
4. AR4
# 1. 配置IP地址
[ISP]interface Serial 4/0/0
[ISP-Serial4/0/0]ip address 34.0.0.2 24
[ISP]interface Serial 4/0/1
[ISP-Serial4/0/1]ip address 45.0.0.2 24
[ISP]interface Serial 3/0/0
[ISP-Serial3/0/0]ip address 46.0.0.2 24
[ISP]interface GigabitEthernet 0/0/0
[ISP-GigabitEthernet0/0/0]ip address 47.0.0.2 24
5. AR5
# 1.配置IP地址
[AR5]interface Serial 4/0/0
[AR5-Serial4/0/0]ip address 45.0.0.1 24
[AR5]interface l0
[AR5-LoopBack0]ip address 172.16.2.1 24
# 2. 配置缺省
[AR5]ip route-static 0.0.0.0 0 45.0.0.2
# 3.配置MGRE
[AR5]interface Tunnel 0/0/0
[AR5-Tunnel0/0/0]ip address 172.16.1.2 29
[AR5-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR5-Tunnel0/0/0]source Serial 4/0/0
[AR5-Tunnel0/0/0]nhrp network-id 100
[AR5-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register
[AR5-Tunnel0/0/0]ospf network-type p2mp
# 4. 配置OSPF
[AR5]ospf 1 router-id 5.5.5.5
[AR5-ospf-1]area 0
[AR5-ospf-1-area-0.0.0.0]network 172.16.2.1 0.0.0.0
[AR5-ospf-1-area-0.0.0.0]network 172.16.1.2 0.0.0.0
# 5. 配置NAT
[AR5]acl 2000
[AR5-acl-basic-2000]rule permit s 172.16.0.0 0.0.255.255
[AR5]interface Serial 4/0/0
[AR5-Serial4/0/0]nat outbound 2000
6. AR6
# 1.配置IP地址
[AR6]interface Serial 4/0/0
[AR6-Serial4/0/0]ip address 46.0.0.1 24
[AR6]interface l0
[AR6-LoopBack0]ip address 172.16.3.1 24
[AR6]interface GigabitEthernet 0/0/0
[AR6-GigabitEthernet0/0/0]ip address 172.16.64.1 30
# 2. 配置缺省
[AR6]ip route-static 0.0.0.0 0 46.0.0.2
# 3. 配置MGRE
[AR6]interface Tunnel 0/0/0
[AR6-Tunnel0/0/0]ip address 172.16.1.3 29
[AR6-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR6-Tunnel0/0/0]source Serial 4/0/0
[AR6-Tunnel0/0/0]nhrp network-id 100
[AR6-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register
[AR6-Tunnel0/0/0]ospf network-type p2mp
# 4. 配置OSPF
[AR6]ospf 1 router-id 6.6.6.6
[AR6-ospf-1]area 0
[AR6-ospf-1-area-0.0.0.0]network 172.16.3.1 0.0.0.0
[AR6-ospf-1-area-0.0.0.0]network 172.16.1.3 0.0.0.0
[AR6-ospf-1]area 2
[AR6-ospf-1-area-0.0.0.2]network 172.16.64.1 0.0.0.0
# 5. 汇总
[AR6]ospf 1
[AR6-ospf-1]area 2
[AR6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
# 6. 划分特殊区域nssa no-summary
[AR6]ospf 1
[AR6-ospf-1]area 2
[AR6-ospf-1-area-0.0.0.2]nssa no-summary
# 7. 配置NAT
[AR6]acl 2000
[AR6-acl-basic-2000]rule permit s 172.16.0.0 0.0.255.255
[AR6]interface Serial 4/0/0
[AR6-Serial4/0/0]nat outbound 2000
7. AR7
# 1. 配置IP地址
[AR7]interface GigabitEthernet 0/0/0
[AR7-GigabitEthernet0/0/0]ip address 47.0.0.1 24
[AR7]interface GigabitEthernet 0/0/1
[AR7-GigabitEthernet0/0/1]ip address 172.16.96.1 30
[AR7]interface l0
[AR7-LoopBack0]ip address 172.16.4.1 24
# 2. 配置缺省
[AR7]ip route-static 0.0.0.0 0 47.0.0.2
# 3. 配置MGRE
[AR7]interface Tunnel 0/0/0
[AR7-Tunnel0/0/0]ip address 172.16.1.4 29
[AR7-Tunnel0/0/0]tunnel-protocol gre p2mp
[AR7-Tunnel0/0/0]source 47.0.0.1
[AR7-Tunnel0/0/0]nhrp network-id 100
[AR7-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register
[AR7-Tunnel0/0/0]ospf network-type p2mp
# 4. 配置OSPF
[AR7]ospf 1 router-id 7.7.7.7
[AR7-ospf-1]area 0
[AR7-ospf-1-area-0.0.0.0]network 172.16.4.1 0.0.0.0
[AR7-ospf-1-area-0.0.0.0]network 172.16.1.4 0.0.0.0
[AR7-ospf-1]area 3
[AR7-ospf-1-area-0.0.0.3]network 172.16.96.1 0.0.0.0
# 5. 汇总
[AR7]ospf 1
[AR7-ospf-1]area 3
[AR7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0
# 6. 划分特殊区域nssa no-summary
[AR7]ospf 1
[AR7-ospf-1]area 3
[AR7-ospf-1-area-0.0.0.3]nssa no-summary
# 7. 配置NAT
[AR7]acl 2000
[AR7-acl-basic-2000]rule permit s 172.16.0.0 0.0.255.255
[AR7]interface GigabitEthernet 0/0/0
[AR7-GigabitEthernet0/0/0]nat outbound 2000
8. AR8
# 1. 配置IP地址
[AR8]interface GigabitEthernet 0/0/0
[AR8-GigabitEthernet0/0/0]ip address 172.16.96.2 30
[AR8]interface GigabitEthernet 0/0/1
[AR8-GigabitEthernet0/0/1]ip address 172.16.96.5 30
[AR8]interface l0
[AR8-LoopBack0]ip address 172.16.98.1 24
# 2. 配置OSPF
[AR8]ospf 1 router-id 8.8.8.8
[AR8-ospf-1]area 3
[AR8-ospf-1-area-0.0.0.3]network 172.16.96.0 0.0.31.255
# 3. 划分特殊区域nssa
[AR8]ospf 1
[AR8-ospf-1]area 3
[AR8-ospf-1-area-0.0.0.3]nssa
9. AR9
# 1.配置IP地址
[AR9]interface GigabitEthernet 0/0/0
[AR9-GigabitEthernet0/0/0]ip address 172.16.96.6 30
[AR9]interface GigabitEthernet 0/0/1
[AR9-GigabitEthernet0/0/1]ip address 172.16.128.1 30
[AR9]interface l0
[AR9-LoopBack0]ip address 172.16.130.1 24
# 2. 配置OSPF
[AR9]ospf 2 router-id 9.9.9.9
[AR9-ospf-2]area 0
[AR9-ospf-2-area-0.0.0.0]network 172.16.128.0 0.0.31.255
# 3. 向OSPF1引入OSPF2
[AR9]ospf 1
[AR9-ospf-1]import-route ospf 2
# 4. 汇总
[AR9]ospf 1
[AR9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0
# 5. 划分特殊区域nssa
[AR9]ospf 1
[AR9-ospf-1]area 3
[AR9-ospf-1-area-0.0.0.3]nssa
# 6. 下发缺省
[AR9]ospf 2
[AR9-ospf-2]default-route-advertise
10. AR10
# 1. 配置IP地址
[AR10]interface GigabitEthernet 0/0/0
[AR10-GigabitEthernet0/0/0]ip address 172.16.128.2 30
[AR10]interface l0
[AR10-LoopBack0]ip address 172.16.131.1 24
# 2. 配置OSPF
[AR10]ospf 2 router-id 10.10.10.10
[AR10-ospf-2]area 0
[AR10-ospf-2-area-0.0.0.0]network 172.16.128.0 0.0.31.255
11. AR11
# 1. 配置IP地址
[AR11]interface GigabitEthernet 0/0/0
[AR11-GigabitEthernet0/0/0]ip address 172.16.64.2 30
[AR11]interface GigabitEthernet 0/0/1
[AR11-GigabitEthernet0/0/1]ip address 172.16.64.5 30
[AR11]interface l0
[AR11-LoopBack0]ip address 172.16.66.1 24
# 2. 配置OSPF
[AR11]ospf 1 router-id 11.11.11.11
[AR11-ospf-1]area 2
[AR11-ospf-1-area-0.0.0.2]network 172.16.64.0 0.0.31.255
# 3. 划分特殊区域nssa
[AR11]ospf 1
[AR11-ospf-1]area 2
[AR11-ospf-1-area-0.0.0.2]nssa
12. AR12
# 1. 配置IP地址
[AR12]interface GigabitEthernet 0/0/0
[AR12-GigabitEthernet0/0/0]ip address 172.16.64.6 30
[AR12]interface l0
[AR12-LoopBack0]ip address 172.16.160.1 24
[AR12]interface l1
[AR12-LoopBack1]ip address 172.16.161.1 24
# 2. 配置OSPF
[AR12]ospf 1 router-id 12.12.12.12
[AR12-ospf-1]area 2
[AR12-ospf-1-area-0.0.0.2]network 172.16.64.0 0.0.31.255
# 3. 宣告RIP
[AR12]rip 1
[AR12-rip-1]network 172.16.0.0
# 4. 引入RIP
[AR12]ospf 1
[AR12-ospf-1]import-route rip
# 5. 汇总
[AR12]ospf 1
[AR12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0
# 6. 划分特殊区域nssa
[AR12]ospf 1
[AR12-ospf-1]area 2
[AR12-ospf-1-area-0.0.0.2]nssa
4. 实验结果
1. 汇总,划分特殊区域之前的路由表
1. AR3
2. AR6
AR7
AR9
AR12
2. 汇总,划分特殊区域之后的路由表
1. AR3
AR6
AR7
AR9
AR12
3. 汇总之前设备路由学习情况
1. AR3