目录
之前配置过ospf的简单配置,其目的只不过是做通,做认证,防环之类的实验,而今天的实验是ospf的综合实验,包括了更多有关于ospf实验的配置,相对比较复杂,但是这里的复杂其实也只是配置量的问题,整体的实验配置下来其实也没有太多的难点,话不多说具体实验要求如下:
一、实验要求分析
根据如上的图片所示的拓扑信息和实验要求,我们逐条用表格来解析,表格如下:
实验要求 | 实验分析 |
---|---|
第一个要求他是需要我知道R4是ISP设备,且与他直连的设备均配置公有IP地址 | 这里就没有什么好说的我们直接看下一个要求 |
第二个要求是要求我在R3-R5/6/7之间配置搭建一个MGRE环境,且R3为中心站点 | 这里需要我配置R3中心,创建隧道接口且其成员设备均配置相同网段的隧道接口IP,找到中心注册,修改网络接口类型 |
第三个要求是要基于172.16.0.0/16分配IP地址 | 这里的划分会在IP地址划分中具体说明 |
第四个要求是所有的设备可以访问R4的环回接口 | 首先我们知道R4为ISP设备要想访问他的环回就需要配置NAT来访问 |
第五个要求(1)减少LSA的更新量(2)加快收敛(3)保障更新安全 | (1)要减少LSA的更新量可以从两方面入手,第一就是减少骨干区域的更新量,第二就是减少非骨干区域的LSA信息的更新量。也就是说我要做区域汇总来减少骨干区域的更新量,做特殊区域来减少非骨干区域的更新量(2)加快收敛在之前的简单实验中就有过配置,具体配置就是来修改计时器来实现要求(3)保障更新安全,这里也可以分为两点来说明,第一点就是链路安全也就是所谓的防环,第二就是数据安全问题,也就是要我来做认证。至此三个要求就完成了 |
最后一个要求就是全网可达 | 所有的路由器启动对应的ospf配置,且添加缺省路由完成后,无法通信的地方也就只有rip地区,和区域四这两个位置,具体原因就是rip和ospf的差异问题和不规则区域的问题了,也就是要配置重发布,这里的不规则区域也可以使用其他的方法解决比如配置隧道或者虚链路但是考虑到要配置特殊区域,配置重发布更为正确 |
二、IP地址的划分
1.基于172.16.0.0/16网段的划分情况
172.16.0.0/16 总网段
172.16.0.0/19 用于区域0
172.16.0.0/24
172.16.1.0/24
172.16.2.0/24
.......
172.16.32.0/19 用于区域1
172.16.32.0/24
172.16.33.0/24
172.16.34.0/24
.......
172.16.64.0/19 用于区域2
172.16.64.0/24
172.16.65.0/24
172.16.66.0/24
.......
172.16.96.0/19 用于区域3
172.16.96.0/24
172.16.97.0/24
172.16.210.0/24
........
172.16.128.0/19 用于区域4
172.16.128.0/24
172.16.129.0/24
172.16.130.0/24
........
172.16.160.0/19 用于RIP
172.16.160.0/20
172.16.176.0/20
172.16.192.0/19 预留
172.16.224.0/19 预留
2.该实验公网没有IP地址限制所有公网接口任意配置,参考配置如下:
三、具体配置
一号路由器:
sysname r1
#
interface GigabitEthernet0/0/0
ip address 172.16.32.2 255.255.255.0
ospf authentication-mode md5 1 cipher %$%$"L'f*dtHJL;)PiWW*Q1Cp4-L%$%$
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack1
ip address 172.16.33.1 255.255.255.0
#
ospf 1 router-id 1.1.1.1
area 0.0.0.1
network 172.16.32.0 0.0.0.255
network 172.16.33.0 0.0.0.255
stub
二号路由器:
sysname r2
#
interface GigabitEthernet0/0/0
ip address 172.16.32.3 255.255.255.0
ospf authentication-mode md5 1 cipher %$%$luR7%xbWRGA'U$K!EZ:Np4p-%$%$
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack1
ip address 172.16.34.1 255.255.255.0
#
ospf 1 router-id 2.2.2.2
area 0.0.0.1
network 172.16.32.0 0.0.0.255
network 172.16.34.0 0.0.0.255
stub
三号路由器:
sysname r3
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface Serial4/0/0
link-protocol ppp
ip address 34.0.0.1 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/0
ip address 172.16.32.1 255.255.255.0
ospf authentication-mode md5 1 cipher %$%$0Q@s$_9H.4e=_2O6+Z5!p3'T%$%$
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface LoopBack1
ip address 172.16.1.1 255.255.255.0
#
interface Tunnel0/0/0
ip address 172.16.0.1 255.255.255.0
tunnel-protocol gre p2mp
source 34.0.0.1
ospf network-type p2mp
ospf timer hello 10
nhrp entry multicast dynamic
nhrp network-id 100
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 172.16.0.0 0.0.0.255
area 0.0.0.1
abr-summary 172.16.32.0 255.255.224.0
network 172.16.1.0 0.0.0.255
network 172.16.32.0 0.0.0.255
stub no-summary
#
ip route-static 0.0.0.0 0.0.0.0 34.0.0.2
ip route-static 172.16.32.0 255.255.224.0 NULL0
四号路由器:
sysname isp
#
interface Serial2/0/0
link-protocol ppp
ip address 34.0.0.2 255.255.255.0
#
interface Serial3/0/0
link-protocol ppp
ip address 54.0.0.2 255.255.255.0
#
interface Serial4/0/0
link-protocol ppp
ip address 64.0.0.2 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 74.0.0.2 255.255.255.0
#
interface LoopBack1
ip address 4.4.4.4 255.255.255.0
五号路由器:
sysname r5
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface Serial4/0/0
link-protocol ppp
ip address 54.0.0.1 255.255.255.0
nat outbound 2000
#
interface LoopBack1
ip address 172.16.2.1 255.255.255.0
#
interface Tunnel0/0/0
ip address 172.16.0.2 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
ospf network-type p2mp
ospf timer hello 10
nhrp network-id 100
nhrp entry 34.0.0.1 172.16.0.1 register
nhrp entry 172.16.0.1 34.0.0.1 register
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 172.16.0.0 0.0.0.255
network 172.16.2.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 54.0.0.2
六号路由器:
sysname r6
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface Serial4/0/0
link-protocol ppp
ip address 64.0.0.1 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/0
ip address 172.16.64.1 255.255.255.0
ospf authentication-mode md5 1 cipher %$%$jho.14lrb-Uq;N-HYL1Ip2>p%$%$
#
interface LoopBack1
ip address 172.16.3.1 255.255.255.0
#
interface Tunnel0/0/0
ip address 172.16.0.3 255.255.255.0
tunnel-protocol gre p2mp
source Serial4/0/0
ospf network-type p2mp
ospf timer hello 10
nhrp network-id 100
nhrp entry 34.0.0.1 172.16.0.1 register
nhrp entry 172.16.0.1 34.0.0.1 register
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 172.16.0.0 0.0.0.255
network 172.16.3.0 0.0.0.255
area 0.0.0.2
abr-summary 172.16.64.0 255.255.224.0
network 172.16.64.0 0.0.0.255
nssa no-summary
#
ip route-static 0.0.0.0 0.0.0.0 64.0.0.2
ip route-static 172.16.64.0 255.255.224.0 NULL0
七号路由器:
sysname r7
#
acl number 2000
rule 5 permit source 172.16.0.0 0.0.255.255
#
interface GigabitEthernet0/0/0
ip address 74.0.0.1 255.255.255.0
nat outbound 2000
#
interface GigabitEthernet0/0/1
ip address 172.16.96.1 255.255.255.0
ospf authentication-mode md5 1 cipher %$%$3fA_*_|{{:c]_<VVd,R!p5<N%$%$
#
interface LoopBack1
ip address 172.16.4.1 255.255.255.0
#
interface Tunnel0/0/0
ip address 172.16.0.4 255.255.255.0
tunnel-protocol gre p2mp
source GigabitEthernet0/0/0
ospf network-type p2mp
ospf timer hello 10
nhrp network-id 100
nhrp entry 34.0.0.1 172.16.0.1 register
nhrp entry 172.16.0.1 34.0.0.1 register
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 172.16.0.0 0.0.0.255
network 172.16.4.0 0.0.0.255
area 0.0.0.3
abr-summary 172.16.96.0 255.255.224.0
network 172.16.96.0 0.0.0.255
nssa no-summary
#
ip route-static 0.0.0.0 0.0.0.0 74.0.0.2
ip route-static 172.16.96.0 255.255.224.0 NULL0
八号路由器:
sysname r8
#
interface GigabitEthernet0/0/0
ip address 172.16.96.2 255.255.255.0
ospf authentication-mode md5 1 cipher %$%$=([@'V&aiEt~tE*Er\-Sp5-G%$%$
#
interface GigabitEthernet0/0/1
ip address 172.16.97.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack1
ip address 172.16.98.1 255.255.255.0
#
ospf 1 router-id 8.8.8.8
area 0.0.0.3
network 172.16.0.0 0.0.255.255
nssa
九号路由器:
sysname r9
#
interface GigabitEthernet0/0/0
ip address 172.16.97.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.128.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack1
ip address 172.16.129.1 255.255.255.0
#
ospf 1 router-id 9.9.9.9
asbr-summary 172.16.128.0 255.255.224.0
import-route ospf 2
area 0.0.0.3
network 172.16.97.0 0.0.0.255
nssa
#
ospf 2 router-id 9.9.9.9
default-route-advertise always
area 0.0.0.4
network 172.16.128.0 0.0.0.255
network 172.16.129.0 0.0.0.255
#
ip route-static 172.16.128.0 255.255.224.0 NULL0
十号路由器:
sysname r10
#
interface GigabitEthernet0/0/0
ip address 172.16.128.2 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack1
ip address 172.16.130.1 255.255.255.0
#
ospf 1 router-id 10.10.10.10
area 0.0.0.4
network 172.16.128.0 0.0.0.255
network 172.16.130.0 0.0.0.255
十一号路由器:
sysname r11
#
interface GigabitEthernet0/0/0
ip address 172.16.64.2 255.255.255.0
ospf authentication-mode md5 1 cipher %$%$Ab[r/fObbML\>96r8)R<p3D#%$%$
#
interface GigabitEthernet0/0/1
ip address 172.16.65.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack1
ip address 172.16.66.1 255.255.255.0
#
ospf 1 router-id 11.11.11.11
area 0.0.0.2
network 172.16.64.0 0.0.0.255
network 172.16.65.0 0.0.0.255
network 172.16.66.0 0.0.0.255
nssa
十二号路由器:
sysname r12
#
interface GigabitEthernet0/0/0
ip address 172.16.65.2 255.255.255.0
#
interface LoopBack1
ip address 172.16.160.1 255.255.240.0
#
interface LoopBack2
ip address 172.16.176.1 255.255.240.0
#
ospf 1 router-id 12.12.12.12
asbr-summary 172.16.160.0 255.255.224.0
import-route rip 1
area 0.0.0.2
network 172.16.65.0 0.0.0.255
nssa
#
rip 1
version 2
network 172.16.0.0
#
ip route-static 172.16.160.0 255.255.224.0 NULL0
四、实验结果展示
1.MGER环境搭建
2.减少LSA的更新量,加快收敛,保障更新安全
(1)减少LSA的更新量
骨干区域路由获取情况
区域一内部路由获取情况
(2)加快收敛
接口计时器修改情况
(3)保障更新安全
ospf接口认证情况
空接口配置可参考具体配置
3.访问R4环回,全网可达
访问R4环回
全网可达(骨干区域已记录所有网段信息,R4环回可以访问实现全网可达)