实验要求:
一,R4为ISP,其上只能配置IP地址;R4与其他所有直连设备间均使用公有IP,整个OSPF环境Ip基于172.16.0.0/16划分;
二,R3-R5/6/7为MGRE环境,R3为中心站点;
三,所有设备均可访问R4的环回;
四,减少LSA的更新量,加快收敛,保障更新安全;
五,全网可达
第一步,搭建拓扑结构并配置IP(基于172.16.0.0/16划分)
二,R3-R5/6/7为MGRE环境,R3为中心站点;
R3
[r3]int t0/0/0
[r3-Tunnel0/0/0]ip add 172.16.4.1 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source 34.0.0.1
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry multicast dynamic #需开启伪广播
R5
[r5]int t0/0/0
[r5-Tunnel0/0/0]ip add 172.16.4.2 24
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp
[r5-Tunnel0/0/0]source s4/0/0
[r5-Tunnel0/0/0]nhrp entry 172.16.4.1 34.0.0.1 register
[r5-Tunnel0/0/0]nhrp entry multicast dynamic #需开启伪广播
R6
[r6]int t0/0/0
[r6-Tunnel0/0/0]ip add 172.16.4.3 24
[r6-Tunnel0/0/0]tunnel-protocol gre p2mp
[r6-Tunnel0/0/0]source s4/0/0
[r6-Tunnel0/0/0]nhrp entry 172.16.4.1 34.0.0.1 register
[r6-Tunnel0/0/0]nhrp entry multicast dynamic #需开启伪广播
R7
[r7]int t0/0/0
[r7-Tunnel0/0/0]ip add 172.16.4.4 24
[r7-Tunnel0/0/0]tunnel-protocol gre p2mp
[r7-Tunnel0/0/0]source g0/0/0
[r7-Tunnel0/0/0]nhrp entry 172.16.4.1 34.0.0.1 register
配置完ospf后
由于通道p2p为点到点所以改为 broadcast
[r3-Tunnel0/0/0]ospf network-type broadcast
[r5-Tunnel0/0/0]ospf network-type broadcast
[r6-Tunnel0/0/0]ospf network-type broadcast
[r7-Tunnel0/0/0]ospf network-type broadcast
三,所有设备均可访问R4的环回;
1.在所有路由器上配置好ospf
2.在r9和r7上设置虚链路
[r9-ospf-1-area-0.0.0.3]vlink-peer 7.7.7.7
[r7-ospf-1-area-0.0.0.3]vlink-peer 9.9.9.9
3.在r10上可以看到未减少更新量时所获取的路由条目
4.ABR设备上做nat网络地址转换
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.32.0 0.0.31.255
[r3-acl-basic-2000]int s4/0/0
[r3-Serial4/0/0]nat outbound 2000
5.在ABR设备上做区域汇总
[r3]ospf
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
6.在r12上做双向重发布
[r12-ospf-1]import-route rip 1
[r12-rip-1]import-route ospf 1
7.所有设备此时均可访问ISP的环回
[r1]ping 4.4.4.4
PING 4.4.4.4: 56 data bytes, press CTRL_C to break
Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=254 time=60 ms
Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=254 time=50 ms
Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=254 time=50 ms
Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=254 time=40 ms
--- 4.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/48/60 ms
[r12-ospf-1]ping -a 172.16.160.1 4.4.4.4
PING 4.4.4.4: 56 data bytes, press CTRL_C to break
Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=253 time=30 ms
Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=253 time=20 ms
Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=253 time=30 ms
Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=20 ms
Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=30 ms
--- 4.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/26/30 ms
四,减少LSA的更新量,加快收敛,保障更新安全;
1.减少LSA更新量(特殊区域)2.加速收敛(修改hello时间)2.加速收敛(修改hello时间)
a1(末梢区域) [r1-ospf-1-area-0.0.0.1]stub [r2-ospf-1-area-0.0.0.1]stub [r3-ospf-1-area-0.0.0.1]stub no-summary a2(非完全末梢区域) [r6-ospf-1-area-0.0.0.2]nssa no-summary [r11-ospf-1-area-0.0.0.2]nssa [r12-ospf-1-area-0.0.0.2]nssa
2.加速收敛(修改hello时间)
r1-GigabitEthernet0/0/0]ospf timer hello 5
3.保障更新安全(区域认证)
[r1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r5-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r6-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r6-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
[r7-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r7-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[r7-ospf-1-area-0.0.0.3]vlink-peer 9.9.9.9 md5 1 cipher 123456
[r8-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[r9-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[r9-ospf-1-area-0.0.0.4]authentication-mode md5 1 cipher 123456
[r9-ospf-1-area-0.0.0.3]vlink-peer 7.7.7.7 md5 1 cipher 123456
[r10-ospf-1-area-0.0.0.4]authentication-mode md5 1 cipher 123456
[r11-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
[r12-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
五。全网可达
Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=40 ms
Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=20 ms
--- 4.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/26/40 ms
<r10>ping -a 172.16.129.1 4.4.4.4
PING 4.4.4.4: 56 data bytes, press CTRL_C to break
Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=252 time=50 ms
Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=252 time=40 ms
Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=252 time=30 ms
Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=252 time=30 ms
Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=252 time=40 ms
--- 4.4.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/38/50 ms