OSPF综合实验

 

 

一     R4为ISP，其上只能配置IP地址;R4与其他所有直连设备间均使用公有IP，整个OSPF环境Ip基于172.16.0.0/16划分;

1.首先划分IP

2.在设备接口上配置IP 

二    R3-R5/6/7为MGRE环境，R3为中心站点;

R3

[r3]int t0/0/0
[r3-Tunnel0/0/0]ip add 172.16.4.1 24	
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r3-Tunnel0/0/0]source 34.0.0.1
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nhrp entry multicast dynamic #需开启伪广播

 R5

[r5]int t0/0/0
[r5-Tunnel0/0/0]ip add 172.16.4.2 24
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r5-Tunnel0/0/0]source s4/0/0
[r5-Tunnel0/0/0]nhrp entry 172.16.4.1 34.0.0.1 register
[r5-Tunnel0/0/0]nhrp entry multicast dynamic #需开启伪广播

R6

[r6]int t0/0/0
[r6-Tunnel0/0/0]ip add 172.16.4.3 24
[r6-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r6-Tunnel0/0/0]source s4/0/0
[r6-Tunnel0/0/0]nhrp entry 172.16.4.1 34.0.0.1 register
[r6-Tunnel0/0/0]nhrp entry multicast dynamic #需开启伪广播

R7

[r7]int t0/0/0
[r7-Tunnel0/0/0]ip add 172.16.4.4 24	
[r7-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r7-Tunnel0/0/0]source g0/0/0
[r7-Tunnel0/0/0]nhrp entry 172.16.4.1 34.0.0.1 register

查看邻居表 

 配置完ospf后

由于通道p2p为点到点所以改为 broadcast

[r3-Tunnel0/0/0]ospf network-type broadcast
[r5-Tunnel0/0/0]ospf network-type broadcast
[r6-Tunnel0/0/0]ospf network-type broadcast
[r7-Tunnel0/0/0]ospf network-type broadcast

 

 

三，所有设备均可访问R4的环回;

1.在所有路由器上配置好ospf

2.在r9和r7上设置虚链路

[r9-ospf-1-area-0.0.0.3]vlink-peer 7.7.7.7
[r7-ospf-1-area-0.0.0.3]vlink-peer 9.9.9.9

3.在r10上可以看到未减少更新量时所获取的路由条目 

 

 4.ABR设备上做nat网络地址转换

[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.32.0 0.0.31.255
[r3-acl-basic-2000]int s4/0/0
[r3-Serial4/0/0]nat outbound 2000

 5.在ABR设备上做区域汇总

[r3]ospf
[r3-ospf-1]a 1
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0

6.在r12上做双向重发布 

M[r12-ospf-1]import-route rip 1
[r12-rip-1]import-route ospf 1

7.所有设备此时均可访问ISP的环回

[r1]ping 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=254 time=60 ms
    Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=254 time=50 ms
    Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=254 time=50 ms
    Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=254 time=40 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=254 time=40 ms
 
  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 40/48/60 ms

[r12-ospf-1]ping -a 172.16.160.1 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=253 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=253 time=20 ms
    Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=253 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=20 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=30 ms
 
  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/26/30 ms

四，减少LSA的更新量，加快收敛，保障更新安全;

1.减少LSA更新量（特殊区域）

a 1区域（末梢区域）

[r1-ospf-1-area-0.0.0.1]stub
[r2-ospf-1-area-0.0.0.1]stub
[r3-ospf-1-area-0.0.0.1]stub no-summary

a 2区域（非完全末梢区域） 

[r6-ospf-1-area-0.0.0.2]nssa no-summary 
[r11-ospf-1-area-0.0.0.2]nssa
[r12-ospf-1-area-0.0.0.2]nssa

2.加速收敛（修改hello时间）

[r1-GigabitEthernet0/0/0]ospf timer hello 5

3.保障更新安全（区域认证） 

[r1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[r3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r5-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r6-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r6-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
[r7-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123456
[r7-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[r7-ospf-1-area-0.0.0.3]vlink-peer 9.9.9.9 md5 1 cipher 123456
[r8-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[r9-ospf-1-area-0.0.0.3]authentication-mode md5 1 cipher 123456
[r9-ospf-1-area-0.0.0.4]authentication-mode md5 1 cipher 123456
[r9-ospf-1-area-0.0.0.3]vlink-peer 7.7.7.7 md5 1 cipher 123456
[r10-ospf-1-area-0.0.0.4]authentication-mode md5 1 cipher 123456
[r11-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456
[r12-ospf-1-area-0.0.0.2]authentication-mode md5 1 cipher 123456

五，全网可达

[r12-ospf-1-area-0.0.0.2]ping -a 172.16.160.1 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=253 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=253 time=20 ms
    Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=253 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=30 ms
 
  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/28/30 ms
 
[r12-ospf-1-area-0.0.0.2]ping -a 172.16.176.1 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=253 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=253 time=20 ms
    Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=253 time=20 ms
    Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=40 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=20 ms
 
  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/26/40 ms
<r10>ping -a 172.16.129.1 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=252 time=50 ms
    Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=252 time=40 ms
    Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=252 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=252 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=252 time=40 ms
 
  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/38/50 ms