ospf的综合实验

实验要求:

一,R4为ISP,其上只能配置IP地址;R4与其他所有直连设备间均使用公有IP,整个OSPF环境Ip基于172.16.0.0/16划分;

二,R3-R5/6/7为MGRE环境,R3为中心站点;

​三,所有设备均可访问R4的环回;

四,减少LSA的更新量,加快收敛,保障更新安全;

五,全网可达

第一步,搭建拓扑结构并配置IP(基于172.16.0.0/16划分)

  二,R3-R5/6/7为MGRE环境,R3为中心站点;


R3
[r3]int t0/0/0
[r3-Tunnel0/0/0]ip add 172.16.4.1 24	
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r3-Tunnel0/0/0]source 34.0.0.1
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry multicast dynamic #需开启伪广播
R5
[r5]int t0/0/0
[r5-Tunnel0/0/0]ip add 172.16.4.2 24
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r5-Tunnel0/0/0]source s4/0/0
[r5-Tunnel0/0/0]nhrp entry 172.16.4.1 34.0.0.1 register
[r5-Tunnel0/0/0]nhrp entry multicast dynamic #需开启伪广播
R6
[r6]int t0/0/0
[r6-Tunnel0/0/0]ip add 172.16.4.3 24
[r6-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r6-Tunnel0/0/0]source s4/0/0
[r6-Tunnel0/0/0]nhrp entry 172.16.4.1 34.0.0.1 register
[r6-Tunnel0/0/0]nhrp entry multicast dynamic #需开启伪广播
R7
[r7]int t0/0/0
[r7-Tunnel0/0/0]ip add 172.16.4.4 24	
[r7-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r7-Tunnel0/0/0]source g0/0/0
[r7-Tunnel0/0/0]nhrp entry 172.16.4.1 34.0.0.1 register
配置完ospf后

由于通道p2p为点到点所以改为 broadcast


[r3-Tunnel0/0/0]ospf network-type broadcast
[r5-Tunnel0/0/0]ospf network-type broadcast
[r6-Tunnel0/0/0]ospf network-type broadcast
[r7-Tunnel0/0/0]ospf network-type broadcast

三,所有设备均可访问R4的环回;

1.在所有路由器上配置好ospf
2.在r9和r7上设置虚链路

 


[r9-ospf-1-area-0.0.0.3]vlink-peer 7.7.7.7
[r7-ospf-1-area-0.0.0.3]vlink-peer 9.9.9.9

3.在r10上可以看到未减少更新量时所获取的路由条目 

4.ABR设备上做nat网络地址转换

[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.32.0 0.0.31.255
[r3-acl-basic-2000]int s4/0/0
[r3-Serial4/0/0]nat outbound 2000

 5.在ABR设备上做区域汇总

[r3]ospf
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0

6.在r12上做双向重发布 

[r12-ospf-1]import-route rip 1
[r12-rip-1]import-route ospf 1

7.所有设备此时均可访问ISP的环回

[r1]ping 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=254 time=60 ms
    Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=254 time=50 ms
    Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=254 time=50 ms
    Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=254 time=40 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=254 time=40 ms
 
  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 40/48/60 ms
 
[r12-ospf-1]ping -a 172.16.160.1 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=253 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=253 time=20 ms
    Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=253 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=20 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=30 ms
 
  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/26/30 ms

四,减少LSA的更新量,加快收敛,保障更新安全;

1.减少LSA更新量(特殊区域)2.加速收敛(修改hello时间)2.加速收敛(修改hello时间)

a1(末梢区域)
[r1-ospf-1-area-0.0.0.1]stub
[r2-ospf-1-area-0.0.0.1]stub
[r3-ospf-1-area-0.0.0.1]stub no-summary
 
a2(非完全末梢区域)
[r6-ospf-1-area-0.0.0.2]nssa no-summary 
[r11-ospf-1-area-0.0.0.2]nssa
[r12-ospf-1-area-0.0.0.2]nssa

2.加速收敛(修改hello时间) 

r1-GigabitEthernet0/0/0]ospf timer hello 5

3.保障更新安全(区域认证) 

[r1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r5-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r6-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r6-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
[r7-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r7-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[r7-ospf-1-area-0.0.0.3]vlink-peer 9.9.9.9 md5 1 cipher 123456
[r8-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[r9-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[r9-ospf-1-area-0.0.0.4]authentication-mode md5 1 cipher 123456
[r9-ospf-1-area-0.0.0.3]vlink-peer 7.7.7.7 md5 1 cipher 123456
[r10-ospf-1-area-0.0.0.4]authentication-mode md5 1 cipher 123456
[r11-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
[r12-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456

五。全网可达

 Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=40 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=20 ms
 
  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/26/40 ms
<r10>ping -a 172.16.129.1 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=252 time=50 ms
    Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=252 time=40 ms
    Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=252 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=252 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=252 time=40 ms
 
  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/38/50 ms

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值