1.拓扑及IP地址规划
2. r3 r5 r6 r7 MGRE环境 r3为中心
r3
[r3]acl 2000
[r3-acl-basic-2000]rule 5 permit source any
[r3-acl-basic-2000]q
[r3]int s4/0/0
[r3-Serial4/0/0]nat outbound 2000
[r3-Serial4/0/0]q
[r3]ip route-static 0.0.0.0 0 34.1.1.2
[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]ip add 172.16.0.1 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp
[r3-Tunnel0/0/0]source 34.1.1.1
[r3-Tunnel0/0/0]nhrp entry multicast dynamic
[r3-Tunnel0/0/0]nhrp network-id 100
r5
[r5]ip route-static 0.0.0.0 0 45.1.1.1
[r5]acl 2000
[r5-acl-basic-2000]rule 5 permit source any
[r5-acl-basic-2000]q
[r5]int s4/0/0
[r5-Serial4/0/0]nat outbound 2000
[r5]interface Tunnel 0/0/0
[r5-Tunnel0/0/0]ip add 172.16.0.2 24
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp
[r5-Tunnel0/0/0]source 45.1.1.2
[r5-Tunnel0/0/0]nhrp network-id 100
[r5-Tunnel0/0/0]nhrp entry 172.16.0.1 34.1.1.1 register
r6
[r6]ip route-static 0.0.0.0 0 46.1.1.1
[r6]acl 2000
[r6-acl-basic-2000]rule permit source any
[r6-acl-basic-2000]q
[r6]int s4/0/0
[r6-Serial4/0/0]nat outbound 2000
[r6]interface Tunnel 0/0/0
[r6-Tunnel0/0/0]ip add 172.16.0.3 24
[r6-Tunnel0/0/0]tunnel-protocol gre p2mp
[r6-Tunnel0/0/0]nhrp network-id 100
[r6-Tunnel0/0/0]source 46.1.1.2
[r6-Tunnel0/0/0]nhrp entry 172.16.0.1 34.1.1.1 register
r7
[r7]ip route-static 0.0.0.0 0 47.1.1.1
[r7]acl 2000
[r7-acl-basic-2000]rule 5 permit source any
[r7-acl-basic-2000]q
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]nat outbound 2000
[r7]int Tunnel 0/0/0
[r7-Tunnel0/0/0]ip add 172.16.0.4 24
[r7-Tunnel0/0/0]tunnel-protocol gre p2mp
[r7-Tunnel0/0/0]source 47.1.1.2
[r7-Tunnel0/0/0]nhrp network-id 100
[r7-Tunnel0/0/0]nhrp entry 172.16.0.1 34.1.1.1 register
结果
3. OSPF环境搭建
r1
[r1]ospf 100 router-id 1.1.1.1
[r1-ospf-100]area 1
[r1-ospf-100-area-0.0.0.1]network 0.0.0.0 255.255.255.255
r2
[r2]ospf 100 router-id 2.2.2.2
[r2-ospf-100]area 1
[r2-ospf-100-area-0.0.0.1]network 0.0.0.0 255.255.255.255
r3
[r3]ospf 100 router-id 3.3.3.3
[r3-ospf-100]default-route-advertise
[r3-ospf-100]area 1
[r3-ospf-100-area-0.0.0.1]network 172.16.19.0 0.0.0.255
[r3-ospf-100-area-0.0.0.1]network 172.16.16.0 0.0.0.255
[r3-ospf-100]area 0
[r3-ospf-100-area-0.0.0.0]network 172.16.0.0 0.0.0.255
[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]ospf network-type broadcast (更改接口网络类型)
r5
[r5]ospf 100 router-id 5.5.5.5
[r5-ospf-100]area 0
[r5-ospf-100-area-0.0.0.0]network 172.16.1.0 0.0.0.255
[r5-ospf-100-area-0.0.0.0]network 172.16.0.0 0.0.0.255
[r5]interface Tunnel 0/0/0
[r5-Tunnel0/0/0]ospf network-type broadcast
r6
[r6-Tunnel0/0/0]ospf network-type broadcast
[r6]ospf 100 router-id 6.6.6.6
[r6-ospf-100]area 0
[r6-ospf-100-area-0.0.0.0]network 172.16.2.0 0.0.0.255
[r6-ospf-100-area-0.0.0.0]network 172.16.0.0 0.0.0.255
[r6-ospf-100]area 2
[r6-ospf-100-area-0.0.0.2]network 172.16.32.0 0.0.0.255
r7
[r7]int Tunnel 0/0/0
[r7-Tunnel0/0/0]ospf network-type broadcast
[r7]ospf 100 router-id 7.7.7.7
[r7-ospf-100]area 0
[r7-ospf-100-area-0.0.0.0]network 172.16.3.0 0.0.0.255
[r7-ospf-100-area-0.0.0.0]network 172.16.0.0 0.0.0.255
[r7-ospf-100]area 3
[r7-ospf-100-area-0.0.0.3]network 172.16.48.0 0.0.0.255
r8
[r8]ospf 100 router-id 8.8.8.8
[r8-ospf-100]area 3
[r8-ospf-100-area-0.0.0.3]network 172.16.48.0 0.0.0.255
[r8-ospf-100-area-0.0.0.3]network 172.16.49.0 0.0.0.255
[r8-ospf-100-area-0.0.0.3]network 172.16.48.4 0.0.0.255
r9
[r9]ospf 100 router-id 9.9.9.9
[r9-ospf-100]area 3
[r9-ospf-100-area-0.0.0.3]network 172.16.48.4 0.0.0.255
[r9]ospf 200 router-id 99.9.9.9
[r9-ospf-200]area 4
[r9-ospf-200-area-0.0.0.4]network 172.16.64.0 0.0.0.255
[r9-ospf-200-area-0.0.0.4]network 172.16.66.0 0.0.0.255
出现不规则区域,考虑到后续需要做路由优化,采用单点双向重发布方式实现全网可达
[r9]ospf 100
[r9-ospf-100]import-route ospf 200
[r9-ospf-100]q
[r9]ospf 200
[r9-ospf-200]import-route ospf 100
r10
[r10]ospf 200 router-id 10.10.10.10
[r10-ospf-200]area 4
[r10-ospf-200-area-0.0.0.4]network 0.0.0.0 255.255.255.255
r11
[r11]ospf 100 router-id 11.11.11.11
[r11-ospf-100]area 2
[r11-ospf-100-area-0.0.0.2]network 172.16.33.0 0.0.0.255
[r11-ospf-100-area-0.0.0.2]network 172.16.32.0 0.0.0.255
[r11-ospf-100-area-0.0.0.2]network 172.16.32.0 0.0.0.255
r12
[r12]ospf 100 router-id 12.12.12.12
[r12-ospf-100]area 2
[r12-ospf-100-area-0.0.0.2]network 172.16.32.4 0.0.0.255
[r12]rip 1
[r12-rip-1]version 2
[r12-rip-1]network 12.0.0.0
进行单点双向重发不把rip路由发布进ospf
[r12]ospf 100
[r12-ospf-100]import-route rip 1
[r12]rip 1
[r12-rip-1]version 2
[r12-rip-1]import-route ospf 100
结果:实现全网可达
4. 减少lsa更新量
1.进行域间路由汇总
在r3上做area1的区域汇总
[r3]ospf 100
[r3-ospf-100]area 1
[r3-ospf-100-area-0.0.0.1]abr-summary 172.16.16.0 255.255.240.0
在r6上做area2的区域汇总
[r6-ospf-100]area 2
[r6-ospf-100-area-0.0.0.2]abr-summary 172.16.32.0 255.255.240.0
在r7上做area3的区域汇总
[r7-ospf-100]area 3
[r7-ospf-100-area-0.0.0.3]abr-summary 172.16.48.0 255.255.240.0
2.进行域外路由汇总
在r12上进行域外路由汇总
[r12]ospf 100
[r12-ospf-100]asbr-summary 172.16.128.0 255.255.128.0
在r9上进行域外路由汇总
[r9]ospf 100
[r9-ospf-100]asbr-summary 172.16.64.0 255.255.240.0
结果:
- 特殊区域
完全的stub区域
r1
[r1-ospf-100]area 1
[r1-ospf-100-area-0.0.0.1]stub
r2
[r2]ospf 100
[r2-ospf-100]area 1
[r2-ospf-100-area-0.0.0.1]stub
r3
[r3-ospf-100]area 1
[r3-ospf-100-area-0.0.0.1]stub no-summary
完全nssa区域
r7
[r7-ospf-100]area 3
[r7-ospf-100-area-0.0.0.3]nssa no-summary
r8
[r8-ospf-100]area 3
[r8-ospf-100-area-0.0.0.3]nssa
r9
[r9-ospf-100]area 3
[r9-ospf-100-area-0.0.0.3]nssa
r6
[r6-ospf-100]area 2
[r6-ospf-100-area-0.0.0.2]nssa no-summary
r11
[r11-ospf-100]area 2
[r11-ospf-100-area-0.0.0.2]nssa
r12
[r12-ospf-100]area 2
[r12-ospf-100-area-0.0.0.2]nssa
5. 加快收敛速度
1.改链路类型为p2p
r11
[r11]interface g0/0/1
[r11-GigabitEthernet0/0/1]ospf network-type p2p
r12
[r12]interface g0/0/0
[r12-GigabitEthernet0/0/0]ospf network-type p2p
2.修改hello时间
修改区域1的hello时间为5秒
r1
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]ospf timer hello 5
r2
[r2]interface g0/0/0
[r2-GigabitEthernet0/0/0]ospf timer hello 5
r3
[r3]interface g0/0/0
[r3-GigabitEthernet0/0/0]ospf timer hello 5
6. 保证更新安全
对区域1进行区域认证
r1
[r1]ospf 100
[r1-ospf-100]area 1
[r1-ospf-100-area-0.0.0.1]authentication-mode md5 1 cipher 123456
r2
[r2]ospf 100
[r2-ospf-100]area 1
[r2-ospf-100-area-0.0.0.1]authentication-mode md5 1 cipher 123456
r3
[r3]ospf 100
[r3-ospf-100]area 1
[r3-ospf-100-area-0.0.0.1]authentication-mode md5 1 cipher 123456