IGP双栈综合实验

最新推荐文章于 2023-06-24 11:31:55 发布

土豆aaa

最新推荐文章于 2023-06-24 11:31:55 发布

阅读量478

点赞数

分类专栏：实验文章标签：运维

本文链接：https://blog.csdn.net/qq_32405915/article/details/113611412

版权

实验专栏收录该内容

6 篇文章 0 订阅

订阅专栏

实验需求
本实验模拟ISP网络结构，R1/2组成国家骨干网，R3/4组成省级网络，R5/6/7组成数据中心网络。所有ipv4地址已配置，请自行测试直连。
在这里插入图片描述

一、部署ISIS(IPv4)

在R1/2/3/4/5/6/7上都有环回口Loopback0作为设备的管理地址，使用ISIS进程1发布该地址，使得管理员可以从数据中心的R7访问这些地址。具体需求如下：

1.1 系统ID

所有ISIS路由器系统ID前16位全0，后32位使用Loopback0的IPv4地址。注意十进制转换为十六进制。提示100.1.1.1=6401.0101

1.2 区域划分

1.2.1 R1/2属于区域49.0012
1.2.2 R3/4/5/6/7属于区域49.0034

1.3 is-level

1.3.1 R5/6/7为Level-1路由器
1.3.2 R1/2为Level-2的路由器。
1.3.3 R3/4为Level-1-2
1.3.4 R3/4之间建立Level1邻居关系
1.3.5 减少不必要的IIH报文

1.4 is-name

使用sysname作为is-name。

1.5 快速收敛

1.5.1 配置bfd联动，自动根据isis邻居关系建立bfd会话，快速发现邻居故障。
1.5.2 配置LSP生成的智能定时器，最大间隔为1秒，初始10毫秒，增量100毫秒。
1.5.3 加快LSP泛洪速度，收到2个LSP立刻扩散，最大间隔100毫秒。
1.5.4 配置SPF智能定时器，最大计算间隔为2秒，初始20毫秒，增量200毫秒。

1.6 路由渗透

1.6.1 在R3/4配置路由渗透。
1.6.2 保证数据中心路由器R5/6/7能学习到R1/2的路由。

二、部署OSPFv2

数据中心有业务网段192.168.10.0/24，R5/6/7使用OSPF进程1发布，具体需求如下：

2.1 Router-id

RID手动设置为Loopback0接口地址。

2.2 区域划分

2.2.1 全部划入区域0，使用通配符0.0.0.0
2.2.2 R7的G0/0/2不宣告。
2.2.3 所有设备的环回口静默。

2.3 路由引入

2.3.1 R7引入直连路由，配置过滤策略。
2.3.2 仅引入路由192.168.10.0/24，并打上tag 56.
2.3.3 前缀列表名称10，index 10
2.3.4 路由策略名称为toOSPF，node 10.

三、协议互通

R5/6作为ISIS和OSPF的边界，配置双点双向路由引入。

3.1 OSPF to ISIS

3.1.1 在R5/6将业务网段192.168.10.0/24引入ISIS发布到互联网。
（注：实际项目会使用BGP发布，这里用ISIS取代）
3.1.2 使用路由策略仅发布有tag56的业务网段，并在发布后依旧携带tag56.
3.1.3 策略名称toISIS，node 10。
3.1.4 查看R5/6的192.168.10.0/24路由，分析潜在问题。

3.2 ISIS to OSPF

3.2.1 为避免环路，R5/6不得从ISIS学习携带tag56的路由。
3.2.2 使用路由策略在ISIS协议入方向过滤路由。
3.2.3 策略名称deny56，node 10 过滤路由，node100 允许其他路由。
3.2.4 R5/6将已过滤的ISIS路由引入到OSPF中。
3.2.5 确认没有环路风险。

四、过渡到IPv6

目前ISP正处于IPv4向IPv6过渡时期，省网首先部署了IPv6，数据中心开始进行IPv6测试。

4.1 部署IPv6

R3/4首先部署IPv6，数据中心使用R6和R7进行IPv6测试，完成以下需求：
4.1.1 全局启用ipv6
4.1.2 R3/4/6/7/PC2互联接口启用ipv6，并自动配置链路本地地址。
4.1.3 所有设备的Loopback0配置IPv6地址2000::X/128，X为设备编号。如R1编号为1以此类推。
4.1.4 PC2配置静态IPv6地址：3000::2/64，网关地址为3000::7/64

4.2 部署ISIS(IPv6)

R3/4/6/7部署ISIS(IPv6)
4.2.1 ISIS进程1中启用ipv6。
4.2.3 各IPv6接口启用isis ipv6。
4.2.4 R7的G0/0/3配置为静默接口
4.2.5 PC2无法访问R3的ipv6地址，试分析原因。

4.3 ISIS(IPv6)MT

部署ISIS多图拓扑以解决IPv4与IPv6规划不一致导致的丢包问题。
4.3.1 创建ipv6拓扑，名称为spoto。
4.3.2 isis开启MT功能，并设置ipv6拓扑ID为100
4.3.3 将各ipv6接口划入ipv6拓扑，并开启isis多拓扑。
4.3.4 确认PC2可以正常访问R3的ipv6地址。

五、代码

<R1>dis cu
#
sysname R1
#
bfd
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher eexxETn0}Q;BH^68NhwO^'-#
 local-user admin service-type http
#
isis 1
 is-level level-2
 cost-style wide
 timer lsp-generation 1 10 100 level-2
 flash-flood 2 max-timer-interval 100 level-2
 bfd all-interfaces enable
 network-entity 49.0012.0000.6401.0101.00
 is-name R1
 timer spf 2 20 200
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip address 12.1.1.1 255.255.255.0
 isis enable 1
#
interface GigabitEthernet0/0/1
 ip address 13.1.1.1 255.255.255.0
 isis enable 1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
 ip address 100.1.1.1 255.255.255.255
 isis enable 1
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

<R2>dis cu
#
sysname R2
#
bfd
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher 2Aaz:U,_7+@X,k6.E\Z,J'(#
 local-user admin service-type http
#
isis 1
 is-level level-2
 cost-style wide
 timer lsp-generation 1 10 100 level-2
 flash-flood 2 max-timer-interval 100 level-2
 bfd all-interfaces enable
 network-entity 49.0012.0000.6402.0202.00
 is-name R2
 timer spf 2 20 200
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip address 12.1.1.2 255.255.255.0
 isis enable 1
#
interface GigabitEthernet0/0/1
 ip address 24.1.1.2 255.255.255.0
 isis enable 1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
 ip address 100.2.2.2 255.255.255.255
 isis enable 1
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

<R3>dis cu
#
sysname R3
#
ipv6
#
ipv6 topology GT
#
bfd
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher diV)I+U,,M:z9:%F`[a=_')#
 local-user admin service-type http
#
isis 1
 cost-style wide
 timer lsp-generation 1 10 100 level-1
 timer lsp-generation 1 10 100 level-2
 flash-flood 2 max-timer-interval 100 level-1
 flash-flood 2 max-timer-interval 100 level-2
 bfd all-interfaces enable
 network-entity 49.0034.0000.6403.0303.00
 is-name R3
 import-route isis level-2 into level-1
 timer spf 2 20 200
 #
 ipv6 enable topology ipv6
 #
 #
 ipv6 topology GT topology-id 100
 #
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ipv6 enable
 ip address 34.1.1.3 255.255.255.0
 ipv6 topology GT enable
 ipv6 address auto link-local
 isis enable 1
 isis ipv6 enable 1
 isis circuit-level level-1
 isis ipv6 topology GT
#
interface GigabitEthernet0/0/1
 ip address 13.1.1.3 255.255.255.0
 isis enable 1
 isis circuit-level level-2
#
interface GigabitEthernet0/0/2
 ip address 35.1.1.3 255.255.255.0
 isis enable 1
 isis circuit-level level-1
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
 ipv6 enable
 ip address 100.3.3.3 255.255.255.255
 ipv6 address 2000::3/128
 ipv6 address auto link-local
 isis enable 1
 isis ipv6 enable 1
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

<R4>dis cu
#
sysname R4
#
ipv6
#
ipv6 topology GT
#
bfd
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher BBE\LB!zkJ;BH^68NhwOw'*#
 local-user admin service-type http
#
isis 1
 cost-style wide
 timer lsp-generation 1 10 100 level-1
 timer lsp-generation 1 10 100 level-2
 flash-flood 2 max-timer-interval 100 level-1
 flash-flood 2 max-timer-interval 100 level-2
 bfd all-interfaces enable
 network-entity 49.0034.0000.6404.0404.00
 is-name R4
 import-route isis level-2 into level-1
 timer spf 2 20 200
 #
 ipv6 enable topology ipv6
 #
 #
 ipv6 topology GT topology-id 100
 #
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ipv6 enable
 ip address 34.1.1.4 255.255.255.0
 ipv6 topology GT enable
 ipv6 address auto link-local
 isis enable 1
 isis ipv6 enable 1
 isis circuit-level level-1
 isis ipv6 topology GT
#
interface GigabitEthernet0/0/1
 ip address 24.1.1.4 255.255.255.0
 isis enable 1
 isis circuit-level level-2
#
interface GigabitEthernet0/0/2
 ipv6 enable
 ip address 46.1.1.4 255.255.255.0
 ipv6 topology GT enable
 ipv6 address auto link-local
 isis enable 1
 isis ipv6 enable 1
 isis circuit-level level-1
 isis ipv6 topology GT
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
 ipv6 enable
 ip address 100.4.4.4 255.255.255.255
 ipv6 address 2000::4/128
 ipv6 address auto link-local
 isis enable 1
 isis ipv6 enable 1
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

<R5>dis cu
#
sysname R5
#
ipv6
#
bfd
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher eexxETn0}Q]@l3D+mKgUt'+#
 local-user admin service-type http
#
isis 1
 is-level level-1
 cost-style wide
 timer lsp-generation 1 10 100 level-1
 flash-flood 2 max-timer-interval 100 level-1
 bfd all-interfaces enable
 network-entity 49.0034.0000.6405.0505.00
 is-name R5
 filter-policy route-policy deny56 import
 import-route ospf 1 level-1 route-policy toISIS
 timer spf 2 20 200
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface Global-Mp-Group0
#
interface Global-Mp-Group1
#
interface GigabitEthernet0/0/0
 ip address 35.1.1.5 255.255.255.0
 isis enable 1
#
interface GigabitEthernet0/0/1
 ip address 57.1.1.5 255.255.255.0
 isis enable 1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
 ip address 100.5.5.5 255.255.255.255
 isis enable 1
#
ospf 1 router-id 10.5.5.5
 import-route isis 1
 silent-interface LoopBack0
 area 0.0.0.0
  network 10.5.5.5 0.0.0.0
  network 57.1.1.5 0.0.0.0
#
route-policy toISIS permit node 10
 if-match tag 56
 apply tag 56
#
route-policy deny56 deny node 10
 if-match tag 56
#
route-policy deny56 permit node 100
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

<R6>dis cu
#
sysname R6
#
ipv6
#
ipv6 topology GT
#
bfd
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher f>Z}30S.qBani^>"qh^;%',#
 local-user admin service-type http
#
isis 1
 is-level level-1
 cost-style wide
 timer lsp-generation 1 10 100 level-1
 flash-flood 2 max-timer-interval 100 level-1
 bfd all-interfaces enable
 network-entity 49.0034.0000.6406.0606.00
 is-name R6
 filter-policy route-policy deny56 import
 import-route ospf 1 level-1 route-policy toISIS
 timer spf 2 20 200
 #
 ipv6 enable topology ipv6
 #
 #
 ipv6 topology GT topology-id 100
 #
#
isis 12
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ipv6 enable
 ip address 46.1.1.6 255.255.255.0
 ipv6 topology GT enable
 ipv6 address auto link-local
 isis enable 1
 isis ipv6 enable 1
 isis ipv6 topology GT
#
interface GigabitEthernet0/0/1
 ipv6 enable
 ip address 67.1.1.6 255.255.255.0
 ipv6 topology GT enable
 ipv6 address auto link-local
 isis enable 1
 isis ipv6 enable 1
 isis ipv6 topology GT
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
 ipv6 enable
 ip address 100.6.6.6 255.255.255.255
 ipv6 address 2000::6/128
 ipv6 address auto link-local
 isis enable 1
 isis ipv6 enable 1
#
ospf 1 router-id 100.6.6.6
 import-route isis 1
 silent-interface LoopBack0
 area 0.0.0.0
  network 100.6.6.6 0.0.0.0
  network 67.1.1.6 0.0.0.0
#
route-policy toISIS permit node 10
 if-match tag 56
 apply tag 56
#
route-policy deny56 deny node 10
 if-match tag 56
#
route-policy deny56 permit node 100
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

<R7>dis cu
#
sysname R7
#
ipv6
#
ipv6 topology GT
#
bfd
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher KPAj$4UrJW;BH^68NhwOX'-#
 local-user admin service-type http
#
isis 1
 is-level level-1
 cost-style wide
 timer lsp-generation 1 10 100 level-1
 flash-flood 2 max-timer-interval 100 level-1
 bfd all-interfaces enable
 network-entity 49.0034.0000.6407.0707.00
 is-name R7
 timer spf 2 20 200
 #
 ipv6 enable topology ipv6
 #
 #
 ipv6 topology GT topology-id 100
 #
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip address 57.1.1.7 255.255.255.0
 isis enable 1
#
interface GigabitEthernet0/0/1
 ipv6 enable
 ip address 67.1.1.7 255.255.255.0
 ipv6 topology GT enable
 ipv6 address auto link-local
 isis enable 1
 isis ipv6 enable 1
 isis ipv6 topology GT
#
interface GigabitEthernet0/0/2
 ip address 192.168.10.254 255.255.255.0
#
interface GigabitEthernet0/0/3
 ipv6 enable
 ipv6 topology GT enable
 ipv6 address 3000::7/64
 ipv6 address auto link-local
 isis ipv6 enable 1
 isis silent
 isis ipv6 topology GT
#
wlan
#
interface NULL0
#
interface LoopBack0
 ipv6 enable
 ip address 100.7.7.7 255.255.255.255
 ipv6 address 2000::7/128
 ipv6 address auto link-local
 isis enable 1
 isis ipv6 enable 1
#
ospf 1 router-id 100.7.7.7
 import-route direct route-policy toOSPF
 silent-interface LoopBack0
 area 0.0.0.0
  network 57.1.1.7 0.0.0.0
  network 67.1.1.7 0.0.0.0
  network 100.7.7.7 0.0.0.0
#
route-policy toOSPF permit node 10
 if-match ip-prefix 10
 apply tag 56
#
ip ip-prefix 10 index 10 permit 192.168.10.0 24
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

土豆aaa

关注

0
点赞
踩
3

收藏

觉得还不错? 一键收藏
打赏
0
评论
IGP双栈综合实验

实验需求本实验模拟ISP网络结构，R1/2组成国家骨干网，R3/4组成省级网络，R5/6/7组成数据中心网络。所有ipv4地址已配置，请自行测试直连。一、部署ISIS(IPv4)在R1/2/3/4/5/6/7上都有环回口Loopback0作为设备的管理地址，使用ISIS进程1发布该地址，使得管理员可以从数据中心的R7访问这些地址。具体需求如下：1.1 系统ID所有ISIS路由器系统ID前16位全0，后32位使用Loopback0的IPv4地址。注意十进制转换为十六进制。提示100.1.1.1=
复制链接

扫一扫