OSPF互通MGRE网络

原创已于 2023-08-05 09:30:09 修改 · 145 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#网络

于 2023-08-04 19:42:27 首次发布

该博客围绕网络拓扑实验展开，先配置IP，确保公网通信正常后，进行VPN配置。组建了网状和星型的mgre拓扑，展示了R1的nhrp peer表。接着使用ospf搭建路由使网络通畅，最后提到为访问环回需进行nat转换。

实验要求如下：

下面是拓扑设计：

首先配置IP：

[Huawei]sys R1
[R1]int l0
[R1-LoopBack0]ip add 1.1.1.1 24
[R1-LoopBack0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 16.1.1.1 24
[R1-GigabitEthernet0/0/1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 16.2.2.1 24
[R1-GigabitEthernet0/0/0]int t 0/0/0
[R1-Tunnel0/0/0]ip add 6.0.0.1 24
[R1-Tunnel0/0/0]int t0/0/1
[R1-Tunnel0/0/1]ip add 10.0.0.1 24

配置简单我们只展示接口ip表：
R1
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              16.2.2.1/24          up         up        
GigabitEthernet0/0/1              16.1.1.1/24          up         up        
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         1.1.1.1/24           up         up(s)     
NULL0                             unassigned           up         up(s)  
Tunnel0/0/0                       6.0.0.1/24           up         down      
Tunnel0/0/1                       10.0.0.1/24          up         down 
R2
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              26.0.0.1/24          up         up        
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         2.2.2.2/24           up         up(s)     
NULL0                             unassigned           up         up(s)     
Tunnel0/0/0                       6.0.0.2/24           up         down    
R3
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              36.0.0.1/24          up         up        
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         3.3.3.3/24           up         up(s)     
NULL0                             unassigned           up         up(s)     
Tunnel0/0/0                       6.0.0.3/24           up         down   
R4
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              46.0.0.1/24          up         up        
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         4.4.4.4/24           up         up(s)     
NULL0                             unassigned           up         up(s)     
Tunnel0/0/1                       10.0.0.4/24          up         down      
R5
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              56.0.0.1/24          up         up        
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
LoopBack0                         5.5.5.5/24           up         up(s)     
NULL0                             unassigned           up         up(s)     
Tunnel0/0/1                       10.0.0.5/24          up         down      
R6
Interface                         IP Address/Mask      Physical   Protocol  
GigabitEthernet0/0/0              16.2.2.2/24          up         up        
GigabitEthernet0/0/1              16.1.1.2/24          up         up        
GigabitEthernet0/0/2              56.0.0.2/24          up         up        
GigabitEthernet2/0/0              46.0.0.2/24          up         up        
GigabitEthernet2/0/1              unassigned           down       down      
GigabitEthernet2/0/2              26.0.0.2/24          up         up        
GigabitEthernet2/0/3              36.0.0.2/24          up         up        
LoopBack0                         8.8.8.8/24           up         up(s)     
NULL0                             unassigned           up         up(s)

至此R6的配置全部完毕因为作为ISP我们只配置它的ip地址

在配置VPN前要保证公网通信正常

需要写缺省指向R6

[R5]ip route-static 0.0.0.0 0 56.0.0.2
[R4]ip route-static 0.0.0.0 0 46.0.0.2
[R3]ip route-static 0.0.0.0 0 36.0.0.2
[R2]ip route-static 0.0.0.0 0 26.0.0.2
[R1]ip route-static 0.0.0.0 0 16.1.1.2  
[R1]ip route-static 0.0.0.0 0 16.2.2.2

测试：

路由正常了 IP做完了我们先将mgre vpn通道打开组建好内网

为了组建网状mgre 我们采用让R4找R1注册让R1找R5注册让R5找R4来组建

先组建 10.0.0.0网段
网状mgre要求所有的
R1
[R1-Tunnel0/0/1]tunnel-protocol gre p2mp
[R1-Tunnel0/0/1]source 16.1.1.1 
[R1-Tunnel0/0/1]nhrp entry multicast dynamic 
让R1开启组播把动态的内容分享给其它（开启伪广播）
[R1-Tunnel0/0/1]nhrp entry 10.0.0.5 56.0.0.1 register 
R4
[R4-Tunnel0/0/1]tunnel-protocol gre p2mp
[R4-Tunnel0/0/1]source 46.0.0.1                 
[R4-Tunnel0/0/1]nhrp entry 10.0.0.1 16.1.1.1 register 
[R4-Tunnel0/0/1]nhrp entry multicast dynamic 
让R4寻找到R1报道
R5
[R5-Tunnel0/0/1]tunnel-protocol gre p2m
[R5-Tunnel0/0/1]souerce 	
[R5-Tunnel0/0/1]source 56.0.0.1
[R5-Tunnel0/0/1]nhrp entry multicast dynamic 
[R5-Tunnel0/0/1]nhrp entry 10.0.0.4 46.0.0.1 register

可以看到成功建立了网状结构

建立mgre的星型拓扑使用R1做原点

[R1-Tunnel0/0/0]tunnel-protocol gre p2mp
[R1-Tunnel0/0/0]source 16.2.2.1
[R1-Tunnel0/0/0]nhrp entry multicast dynamic #开启伪广播
让R1做中心节点
[R1-Tunnel0/0/0]nhrp network-id 100
防止与另一个nhrp冲突
[R2-Tunnel0/0/0]tunnel-protocol gre p2mp
[R2-Tunnel0/0/0]nhrp entry 6.0.0.1 16.2.2.1 register 
[R2-Tunnel0/0/0]source 26.0.0.1

[R3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R3-Tunnel0/0/0]source 36.0.0.1	
[R3-Tunnel0/0/0]nhrp entry  6.0.0.1 16.2.2.1 register

配置后 r1的 nhrp peer表：

[R1-Tunnel0/0/0]dis nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
10.0.0.5 32 56.0.0.1 10.0.0.5 static hub
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/1
Created time : 00:19:32
Expire time : --
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
10.0.0.4 32 46.0.0.1 10.0.0.4 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/1
Created time : 00:28:12
Expire time : 01:31:48
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
6.0.0.2 32 26.0.0.1 6.0.0.2 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:03:26
Expire time : 01:56:34
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
6.0.0.3 32 36.0.0.1 6.0.0.3 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:01:01
Expire time : 01:58:59

Number of nhrp peers: 4

使用ospf搭建路由：

我们把图看成这样：

使用ospf让网络通畅将路由建立

[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.255	
[R1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]network 6.0.0.0 0.0.0.255
[R1-Tunnel0/0/0]ospf network-type broadcast 
[R1-Tunnel0/0/1]ospf network-type broadcast 
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network  6.0.0.0 0.0.0.255
[R2-Tunnel0/0/0]ospf network-type broadcast 
[R2-Tunnel0/0/0]ospf dr-priority 0
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 6.0.0.0  0.0.0.255
[R3-Tunnel0/0/0] ospf network-type broadcast
[R3-Tunnel0/0/0] ospf dr-priority 0
[R4-Tunnel0/0/1]ospf network-type b
[R5-Tunnel0/0/1]ospf network-type broadcast 
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 10.0.0.0 0.0.0.255
[R5-Tunnel0/0/1]ospf network-type broadcast 
[R5-ospf-1]area 0  
[R5-ospf-1-area-0.0.0.0]n	
[R5-ospf-1-area-0.0.0.0]network 5.5.5.5 0.0.0.255
[R5-ospf-1-area-0.0.0.0]network 10.0.0.0 0.0.0.255

测试：

成功

为了访问6的环回需要nat转换

在每个接口上配置简单不做演示

[R1]acl 2000
[R1-acl-basic-2000]rule permit source 1.1.1.0 0.0.0.255
[R1-GigabitEthernet0/0/0]nat outbound 2000
[R1-GigabitEthernet0/0/1]nat outbound 2000