拓扑图
实验需求
1)AR2上过滤掉AR3和AR4直连网段的路由,查看AR1和AR2的路由表及LSDB是否受影响
2)3类LSA过滤 10.10.x.0/24(x为奇数),查看AR1和AR2的路由表及LSDB是否受影响
3)过滤掉5类LSA5 10.10.x.0/24(x为偶数)
4)在ABR上过滤掉区域1内的10.10.4.0的路由,查看AR1和AR2的路由表及LSDB是否受影响
配置
配置OSPF,建立邻居
sysname AR1
#
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
#
ospf 1 router-id 10.1.1.1
area 0.0.0.0
network 12.1.1.1 0.0.0.0
#
sysname AR2
#
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 23.1.1.2 255.255.255.0
ospf 1 router-id 10.2.2.2
area 0.0.0.0
network 0.0.0.0 255.255.255.255
#
sysname AR3
#
interface GigabitEthernet0/0/0
ip address 23.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 34.1.1.3 255.255.255.0
#
ospf 1 router-id 10.3.3.3
area 0.0.0.0
network 23.1.1.3 0.0.0.0
area 0.0.0.1
network 34.1.1.3 0.0.0.0
#
sysname AR4
#
interface GigabitEthernet0/0/0
ip address 34.1.1.4 255.255.255.0
#
interface LoopBack0
ip address 10.10.4.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack1
ip address 10.10.5.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack2
ip address 10.10.6.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack3
ip address 10.10.7.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack4
ip address 10.10.0.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack5
ip address 10.10.1.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack6
ip address 10.10.2.1 255.255.255.0
ospf network-type broadcast
#
interface LoopBack7
ip address 10.10.3.1 255.255.255.0
ospf network-type broadcast
#
route-policy D->O permit node 10
if-match ip-prefix 1
#
ip ip-prefix 1 index 10 permit 10.10.0.0 22 greater-equal 24 less-equal 24
#
ospf 1 router-id 10.4.4.4
import-route direct route-policy D->O
area 0.0.0.1
network 10.10.4.1 0.0.0.0
network 10.10.5.1 0.0.0.0
network 10.10.6.1 0.0.0.0
network 10.10.7.1 0.0.0.0
network 34.1.1.4 0.0.0.0
#
结果查看
filter-policy过滤本地路由信息加载
查看AR2路由表,可以看到34.1.1.0/24网络的路由
在AR2配置filter-policy,过滤34.1.1.0/24路由加入本地路由表
ip ip-prefix 1 index 10 deny 34.1.1.0 24
ip ip-prefix 1 index 20 permit 0.0.0.0 0 less-equal 32
#
ospf 1
filter-policy ip-prefix 1 import
#
再次查看AR2的路由表,发现34.1.1.0/24未出现在路由表中
查看AR1的路由表,发现AR1有34.1.1.0/24的路由信息,说明未过滤LSA
ABR上过滤3类LSA
先查看AR2的路由表
在AR3上过滤3类LSA的10.10.x.0/24(x为奇数)
acl number 2000
rule 5 deny source 10.10.5.0 0.0.2.0
rule 10 permit
#
ospf 1
area 1
filter 2000 export
#
或者配置区域0的import,效果同上
acl number 2000
rule 5 deny source 10.10.5.0 0.0.2.0
rule 10 permit
#
ospf 1
area 0
filter 2000 import
#
再次查看AR2的路由表,发现10.10.5.0/24和10.10.7.0/24已消失
查看AR2的LSDB,未发现3类LSA(10.10.5.0/10.10.7.0)
ASBR上过滤5类LSA
ASBR上过滤5类LSA的10.10.x.0/24(x为偶数)
先查看AR2的路由表
AR4上通过配置filter-policy过滤5类LSA
acl number 2000
rule 5 deny source 10.10.0.0 0.0.2.0
rule 10 permit
#
ospf 1
filter-policy 2000 export
#
再次查看AR2的路由表,10.10.0.0/24和10.10.2.0/24的外部路由已消失
查看AR2的LSDB,没有5类LSA的10.10.0.0和10.10.2.0
ABR上使用filter-policy过滤区域内路由
前面介绍filter-policy过滤本地路由表加载,无法过滤LSA信息,有种情况比较特殊,在ABR上对区域内的路由进行过滤,会影响3类LSA的生成
查看AR3的路由表及LSDB
查看AR2的路由表及LSDB
在AR3上过滤掉区域内的10.10.4.0路由
ip ip-prefix 1 index 10 deny 10.10.4.0 24
ip ip-prefix 1 index 20 permit 0.0.0.0 0 less-equal 32
#
ospf 1 router-id 10.3.3.3
filter-policy ip-prefix 1 import
#
查看AR3的路由表及LSDB,没有关于10.10.4.0的信息
查看AR2的路由表及LSDB,没有关于10.10.4.0的信息
由于在ABR上过滤掉了区域内的10.10.4.0的路由,ABR也就无法将区域内关于10.10.4.0的路由转变成3类LSA通告给其他区域