1.实验要求:
2.实施——拓扑搭建、子网划分:
2.1拓扑搭建 :
2.2子网划分:
172.16.0.0/16 母网
172.16.0.0/18 area 0 0-63
172.16.1.0/24 R1
172.16.2.0/24 R2
172.16.3.0/24 tunnel
……
172.16.64.0/18 (area 1 area 2) 64-127
172.16.64.0/19 area 1
172.16.64.0/24 R3
172.16.65.0/24 R4
172.16.66.0/24 R5
172.16.67.0/24 骨干链路
172.16.67.0/30
172.16.67.4/30
172.16.67.8/30
……
172.16.96.0/19 area 2
172.16.96.0/24 R6
172.16.97.0/24 骨干链路
172.16.97.0/30 R5-R6
172.16.98.0/30
……
172.16.98.0/24
……
172.16.128.0/18 备用
172.16.192.0/18 备用
3.配置:
[R1]dis curr
[V200R003C00]
#
sysname R1
#
interface GigabitEthernet0/0/0
ip address 17.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 172.16.1.1 255.255.255.0
#
interface Tunnel0/0/0
ip address 172.16.3.1 255.255.255.0
tunnel-protocol gre p2mp
source 17.1.1.1
ospf network-type broadcast
nhrp entry multicast dynamic
nhrp network-id 100
nhrp entry 172.16.3.2 27.1.1.1 register
nhrp entry 172.16.3.3 37.1.1.1 register
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.3.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 17.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[R2]dis curr
[V200R003C00]
#
sysname R2
#
interface GigabitEthernet0/0/0
ip address 27.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 172.16.2.1 255.255.255.0
#
interface Tunnel0/0/0
ip address 172.16.3.2 255.255.255.0
tunnel-protocol gre p2mp
source 27.1.1.1
ospf network-type broadcast
nhrp entry multicast dynamic
nhrp network-id 100
nhrp entry 172.16.3.3 37.1.1.1 register
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 172.16.2.0 0.0.0.255
network 172.16.3.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 27.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[R3]dis curr
[V200R003C00]
#
sysname R3
#
acl number 2000
rule 5 permit source 172.16.64.0 0.0.63.255
#
interface GigabitEthernet0/0/0
ip address 37.1.1.1 255.255.255.0
nat server protocol tcp global current-interface telnet inside 172.16.97.2 teln
et
nat outbound 2000
#
interface GigabitEthernet0/0/1
ip address 172.16.67.1 255.255.255.252
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 172.16.64.1 255.255.255.0
#
interface Tunnel0/0/0
ip address 172.16.3.3 255.255.255.0
tunnel-protocol gre p2mp
source 37.1.1.1
ospf network-type broadcast
nhrp entry multicast dynamic
nhrp network-id 100
nhrp entry 172.16.3.2 27.1.1.1 register
nhrp entry 172.16.3.1 17.1.1.1 register
#
ospf 1 router-id 3.3.3.3
default-route-advertise
area 0.0.0.0
network 172.16.3.0 0.0.0.255
area 0.0.0.1
network 172.16.64.0 0.0.0.255
network 172.16.67.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 37.1.1.2
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[ISP]dis curr
[V200R003C00]
#
sysname ISP
#
interface GigabitEthernet0/0/0
ip address 17.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 27.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 37.1.1.2 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[R4]dis curr
[V200R003C00]
#
sysname R4
#
interface GigabitEthernet0/0/0
ip address 172.16.67.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.67.5 255.255.255.252
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 172.16.65.1 255.255.255.0
#
ospf 1 router-id 4.4.4.4
area 0.0.0.1
network 172.16.65.0 0.0.0.255
network 172.16.67.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[R5]dis curr
[V200R003C00]
#
sysname R5
#
interface GigabitEthernet0/0/0
ip address 172.16.67.6 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.97.1 255.255.255.252
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 172.16.66.1 255.255.255.0
#
ospf 1 router-id 5.5.5.5
import-route ospf 2
area 0.0.0.0
area 0.0.0.1
network 172.16.66.0 0.0.0.255
network 172.16.67.0 0.0.0.255
area 0.0.0.2
#
ospf 2
default-route-advertise
import-route ospf 1
area 0.0.0.2
network 172.16.97.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[R6]dis curr
[V200R003C00]
#
sysname R6
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$c63#MDLwnKQ]VD02@y89w-W{%$%$
local-user admin privilege level 15
local-user admin service-type telnet
#
interface GigabitEthernet0/0/0
ip address 172.16.97.2 255.255.255.252
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 172.16.96.1 255.255.255.0
#
interface LoopBack1
ip address 6.6.6.6 255.255.255.0
#
ospf 1 router-id 6.6.6.6
area 0.0.0.2
network 172.16.96.0 0.0.0.255
network 172.16.97.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
authentication-mode aaa
user-interface vty 16 20
#
wlan ac
#
return
此上述配置是经过删减的,上述的玩法是用多进程双向重发布的解决方案来解决远离骨干的非骨干区域,下面我还会介绍其他两种解决方案,我会把需要变动的命令截图附上
4.测试:
测试由重发布解决远离骨干的非骨干区域的解决方案
其他不一一测试了
*此处需要强调一点:在R3 上引入缺省路由,但是在R5(ASBR)依然需要引入缺省,因为R3上引入ospf 进程1 里面,而在R5 上的ospf进程2根本没有(重发布只会发布普通路由,不会发布缺省)
5.其他两种解决方案:
5.1tunnel解决方案:
5.2虚链路解决方案:
此处不上传测试图片了
6.分析一下三种解决方案的利弊:
1、tunnel --在两台ABR间建立VPN隧道;之后将该隧道链路宣告到OSPF协议中;
缺点:
1)选路不佳
2)周期的信息将占用中间穿越区域的链路资源
2、OSPF虚链路 ---由非法ABR与合法ABR间建立沟通,获得授权;之后非法ABR具有区域间路由共享的能力
[r3]ospf 1
[r3-ospf-1]area 1 中间穿越区域
[r3-ospf-1-area-0.0.0.1]vlink-peer 4.4.4.4 对端设备的RID
用于没有新增路径,故不会出现选路不佳的问题;
缺点:OSPF周期的信息对中间区域造成影响
华为 两台ABR间取消所有周期保活,周期更新 --- 不可靠
Cisco 两台ABR间周期保活,周期更新 --- 对中间区域造成很大占用
3、多进程双向重发布
多进程—在一台路由器上,同时运行多个OSPF进程;每个进程拥有自己的邻居;和各自度量的数据库;数据库不共享;仅将不同数据库计算所得的路由加载于同一张路由表显示;
故在一台路由器上运行同一协议的不同进程;类似于在同一台路由器上允许多种路由协议;
重发布---在一个网络中若运行多种路由协议时,可以制作一台ASBR(自治系统边界路由器、协议边界路由器);ASBR需要不同接口工作不同的协议中,通过不同协议获取未知的路由;默认协议间不会互动;重发布技术可以将不同协议学习到的路由共享到其他协议;
[r2]ospf 1
[r2-ospf-1]import-route ospf 2
[r2-ospf-1]q
[r2]ospf 2
[r2-ospf-2]import-route ospf 1
在实际工程推荐使用重发布方案