二、知识点
1,OSPF与ISIS 双点双向重分发
在边界路由器上把两个路由域的路由相互引入,称之为双向路由重发布。两个路由域存在两个边界路由器,并且都执行双向路由重分发,此时称为双点双向路由重发布。双点双向路由重发布是一种经典的路由模型,因单点的双向路由重发布缺乏冗余性,一旦单点的边界路由器故障,那么两个路由域之间的通信可能就会出现问题,因此在大型网络部署中一般采用双点双向路由重发布。双点双向重路由发布虽然增强了网络的可靠性,但是容易引发:次优路径、路由环路等问题。
2,拓扑
3,配置命令:
R1配置:
ospf 1 router-id 1.1.1.1
import-route direct
area 0.0.0.0
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
R2配置:
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.12.0 0.0.0.255
[R2-ospf-1]q
[R2]isis 1
[R2-isis-1]network-entity 49.0001.0000.0000.0002.00
[R2-isis-1]is-level level-1-2
[R2-isis-1]q
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]isis enable 1
[R2-GigabitEthernet0/0/1]q
[R2]isis 1
[R2-isis-1]import-route ospf 1
[R2-isis-1]q
[R2]ospf 1
[R2-ospf-1]import-route isis 1 ** //默认 引入 LEVEL -2 数据库 ,如果 引入到level 1 数据库的话 出现环路的设备有变化**
R3配置:
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 192.168.13.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]q
[R3]isis 1
[R3-isis-1]network-entity 49.0001.0000.0000.0003.00
[R3-isis-1]q
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]isis enable 1
[R3-GigabitEthernet0/0/1]q
[R3]isis 1
[R3-isis-1]import-route ospf 1
[R3-isis-1]q
[R3]ospf 1
[R3-ospf-1]import-route isis 1
R4配置:
[R4]isis 1
[R4-isis-1]network-entity 49.0001.0000.0000.0004.00
[R4-isis-1]q
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]isis enable 1
[R4-GigabitEthernet0/0/0]q
[R4]int g0/0/1
[R4-GigabitEthernet0/0/1]isis enable 1
实现双点双向引入之后存在以下问题: 路由环路和次优路径问题
1)测试路由环路
[R4]ping 10.10.1.1
PING 10.10.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.10.1.1: bytes=56 Sequence=1 ttl=254 time=40 ms
Reply from 10.10.1.1: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 10.10.1.1: bytes=56 Sequence=3 ttl=254 time=20 ms
Reply from 10.10.1.1: bytes=56 Sequence=4 ttl=254 time=20 ms
Reply from 10.10.1.1: bytes=56 Sequence=5 ttl=254 time=30 ms
[R4]tracert 10.10.1.1
traceroute to 10.10.1.1(10.10.1.1), max hops: 30 ,packet length: 40
1 192.168.24.2 30 ms 10 ms 20 ms
2 192.168.12.1 20 ms 20 ms 20 ms
在R1 上将LO 接口 删掉 :
[R1]undo interface LoopBack 0
再在R4上测试;
[R4]tracert 10.10.1.1
traceroute to 10.10.1.1(10.10.1.1), max hops: 30 ,packet length: 40,press CTRL
_C to break
1 192.168.24.2 40 ms 20 ms 20 ms
2 192.168.12.1 20 ms 20 ms 20 ms
3 192.168.13.3 20 ms 30 ms 20 ms
4 192.168.34.4 10 ms 20 ms 10 ms
5 192.168.24.2 30 ms 30 ms 40 ms
6 192.168.12.1 30 ms 30 ms 30 ms
7 192.168.13.3 40 ms 40 ms 30 ms
8 192.168.34.4 30 ms 20 ms 30 ms
9 192.168.24.2 40 ms 30 ms 30 ms
10 192.168.12.1 40 ms 40 ms 40 ms
11 192.168.13.3 50 ms 40 ms 60 ms
12 192.168.34.4 40 ms 40 ms 30 ms
13 192.168.24.2 60 ms 50 ms 70 ms
14 192.168.12.1 50 ms 60 ms 50 ms
15 192.168.13.3 70 ms 50 ms 70 ms
16 192.168.34.4 50 ms 50 ms 50 ms
17 192.168.24.2 70 ms 60 ms 80 ms
18 192.168.12.1 70 ms 80 ms 70 ms
19 192.168.13.3 60 ms 70 ms 80 ms
20 192.168.34.4 60 ms 70 ms 60 ms
21 192.168.24.2 90 ms 80 ms 80 ms
22 192.168.12.1 80 ms 70 ms 100 ms
23 192.168.13.3 80 ms 70 ms 80 ms
24 192.168.34.4 70 ms 80 ms 70 ms
25 192.168.24.2 90 ms 90 ms 80 ms
26 192.168.12.1 100 ms 110 ms 100 ms
27 192.168.13.3 80 ms 100 ms 70 ms
28 192.168.34.4 90 ms 100 ms 90 ms
29 192.168.24.2 90 ms 90 ms 100 ms
30 192.168.12.1 90 ms 90 ms 90 ms
[R4]
2)查看次优路径
还原接口:
[R1]interface LoopBack 0
[R1-LoopBack0]ip add 10.10.1.1 32
[R3]dis ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
192.168.13.0/24 1 Transit 192.168.13.3 3.3.3.3 0.0.0.0
192.168.12.0/24 2 Transit 192.168.13.1 1.1.1.1 0.0.0.0
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
10.10.1.1/32 1 Type2 1 192.168.13.1 1.1.1.1
192.168.24.0/24 1 Type2 1 192.168.13.1 2.2.2.2
192.168.34.0/24 1 Type2 1 192.168.13.1 2.2.2.2
Total Nets: 5
Intra Area: 2 Inter Area: 0 ASE: 3 NSSA: 0
[R3]dis ip routing-table
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.10.1.1/32 ISIS-L2 15 84 D 192.168.34.4 GigabitEthernet0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.12.0/24 OSPF 10 2 D 192.168.13.1 GigabitEthernet
通过拓扑图发现 ,R3 访问 10.10.1.1 走OSPF 学来的外部路由 优先级150到达R1 上的接口是 最短的路径 ,
但是在R3上 从ISIS 学来的 10.10.1.1 优先级 15 ,所以 R3 认为 通过ISIS 这条路由转发数据路径最优 ,实际上 已经选择了 次优路径
解决 路由环路问题:方法一
在路由重发布的实际应用中,通过IP前缀进行路由匹配固然可行,但当网络规模较大时,配置工作量较大;通过Tag进行路由匹配可以极大简化配置工作量。
[R2]isis 1
[R2-isis-1]cost-style wide // ISIS路由如果需要支持TAG ,必须要使用wide类型的开销,否则ISIS路由不能携带TAG 标记
1)顺时针过滤:
R2: OSPF —>Isis tag 100
[R2]ip ip-prefix 10 index 10 permit 10.10.1.1 32
[R2]route-policy 10 permit node 10
[R2-route-policy]if-match ip-prefix 10
[R2-route-policy]apply tag 100
[R2-route-policy]q
[R2]isis 1
[R2-isis-1]import-route ospf 1 route-policy 10
[R2-isis-1]q
R3 : ISIS—>OSPF 过滤 tag 100
[R3]route-policy 10 deny node 10
[R3-route-policy]if-match tag 100
[R3-route-policy]q
[R3]route-policy 10 permit node 20
[R3-route-policy]q
[R3]ospf 1
[R3-ospf-1]import-route isis 1 route-policy 10
—
R3: ISIS —>OSPF TAG 200
[R3]ip ip-prefix 20 index 20 permit 10.10.1.1 32
[R3]route-policy 20 permit node 20
[R3-route-policy]if-match ip-prefix 20
[R3-route-policy]apply tag 200
[R3-route-policy]q
[R3]ospf 1
[R3-ospf-1]import-route isis 1 route-policy 20
R2 : OSPF—>ISIS 过滤 TAG 200
[R2]route-policy 20 deny node 20
[R2-route-policy]if-match tag 200
[R2-route-policy]q
[R2]route-policy 20 permit node 30
[R2-route-policy]q
[R2]isis 1
[R2-isis-1]import-route ospf 1 route-policy 20
以上操作,在一个设备上 ,同一方向,需要设置一个策略名字 ,否则一个协议内部引入的时候出现覆盖 ,所以做如下更改:
[R3]undo route-policy 20
[R3]route-policy 10 permit node 20
[R3-route-policy]if-match ip-prefix 20
[R3-route-policy]apply tag 200
[R3]route-policy 10 permit node 30
[R2]undo route-policy 20
[R2]route-policy 10 deny node 20
[R2-route-policy]if-match tag 200
R2]route-policy 10 deny node 30
逆时针过滤:
[R2]route-policy 20 deny node 10 //将R3引入进ISIS的OSPF路由 打tag 400 的 路由 过滤掉 ,不在回传到OSPF
[R2-route-policy]if-match tag 400
[R2-route-policy]q
[R2]route-policy 20 permit node 20 // 将 ISIS 引入到 OSPF 的路由 打上 tag 300
[R2-route-policy]if-match ip-prefix 10
[R2-route-policy]apply tag 300
[R2-route-policy]q
[R2]route-policy 20 permit node 30
[R2-route-policy]q
[R2]ospf 1
[R2-ospf-1]import-route isis 1 route-policy 20
[R3]route-policy 20 deny node 10 // 将R2引入进OSPF 的ISIS 路由打tag 300 的 路由 过滤掉 ,不在回传到ISIS
[R3-route-policy]if-match tag 300
[R3-route-policy]q
[R3]route-policy 20 permit node 20 // 将OSPF 引入到ISIS 的路由 打上 tag 400
[R3-route-policy]if-match ip-prefix 20
[R3-route-policy]apply tag 400
[R3-route-policy]q
[R3]route-policy 20 permit node 30
[R3]isis 1
[R3-isis-1]import-route ospf 1 route-policy 20
[R3]dis isis route verbose 10.10.1.1
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Redistribute Table
----------------------------------
Type IPV4 Destination IntCost ExtCost Tag
O 10.10.1.1/32 0 NULL 400
[R2]dis ip routing-table 10.10.1.1 verbose
Route Flags: R - relay, D - download to fib
Routing Table : Public
Summary Count : 2
Destination: 10.10.1.1/32
Protocol: ISIS-L2 Process ID: 1
Preference: 15 Cost: 20
NextHop: 192.168.24.4 Neighbour: 0.0.0.0
State: Active Adv Age: 00h30m30s
Tag: 400 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/1
TunnelID: 0x0 Flags: D
[R4]dis ip routing-table verbose
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations : 11 Routes : 12
Destination: 10.10.1.1/32
Protocol: ISIS-L2 Process ID: 1
Preference: 15 Cost: 10
NextHop: 192.168.24.2 Neighbour: 0.0.0.0
State: Active Adv Age: 00h05m12s
Tag: 100 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/0
TunnelID: 0x0 Flags: D
Destination: 10.10.1.1/32
Protocol: ISIS-L2 Process ID: 1
Preference: 15 Cost: 10
NextHop: 192.168.34.3 Neighbour: 0.0.0.0
State: Active Adv Age: 00h04m56s
Tag: 400 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/1
TunnelID: 0x0 Flags: D
[R1]dis ospf lsdb ase 192.168.34.0
[R1]dis ospf routing
验证:
[R1]undo interface LoopBack 0
[R4]tracert 10.10.1.1
traceroute to 10.10.1.1(10.10.1.1), max hops: 30 ,packet length: 40,press CTRL
_C to break
1 192.168.34.3 20 ms 20 ms 20 ms
2 192.168.13.1 20 ms 20 ms 20 ms
[R4]tracert 10.10.1.1
traceroute to 10.10.1.1(10.10.1.1), max hops: 30 ,packet length: 40,press CTRL
_C to break
方法二:
解决方案二:在R3的OSPF中引入IS-IS路由时,通过Route-Policy过滤掉10.1.1.0/24路由。
在R3上执行以下操作:
[R3] acl 2001[R3-acl-basic-2001] rule 5 deny source 10.1.1.0 0[R3-acl-basic-2001] rule 10 permit[R3] route-policy RP permit node 10[R3-route-policy] if-match 2001[R3-route-policy] quit[R3] ospf[R3-ospf-1] import-route isis 1 route-policy RP
解决次优路径问题:方法一
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.10.1.1/32 ISIS-L2 15 20 D 192.168.24.4 GigabitEthernet0/0/1 ** //发现R2 去往10.1.1.1 选择的是从isis 优先级 15 这条路由**
[R2]acl 2000
[R2-acl-basic-2000]rule permit source 10.10.1.0 0.0.0.255
[R2-acl-basic-2000]q
[R2]route-policy pref permit node 10
[R2-route-policy]if-match acl 2000
[R2-route-policy]apply preference 14 //将 优先级 值改为 14
[R2-route-policy]q
[R2]ospf 1
[R2-ospf-1]preference ase route-policy pref ** //在OSPF 1 进程里调用策略,将OSPF 外部路由150 改为 14**
[R2-ospf-1]q
[R2]dis ip routing-table **//发现去往10.1.1.1 选择 优先级14 的路由啦 **
同理 R3上同上
#
acl number 2000
rule 5 permit source 10.10.1.0 0.0.0.255
#
#
route-policy pref permit node 10
if-match acl 2000
apply preference 160
#
#
isis 1
preference route-policy pref
#
操作完 ,会发现 R3上 去往10.1.1.1 会选择 OSPF 优先级150 的外部路由
方法二:
解决方案二:在R3的IS-IS进程内,通过Filter-Policy禁止来自R4的10.1.1.0/24路由加入本地路由表。
在R3上执行以下操作:
[R3] acl 2001[R3-acl-basic-2001] rule 5 deny source 10.1.1.0 0[R3-acl-basic-2001] rule 10 permit[R3] isis[R3-isis-1] filter-policy 2001 import
1)(简答题)Filter-Policy export在OSPF、BGP中的作用分别是?
在OSPF中的作用为过滤从其他路由协议引入到OSPF中的路由条目;
在BGP中的作用为限制本地对外发布的路由条目。
2)(简答题)Route-Policy多个节点之间的逻辑关系为?一个节点内多个条件语句的逻辑关系为?
节点之间的逻辑关系为或,
条件语句间的逻辑关系为与。
小结:
控制路由的发布、接收时需要先将相应的路由使用匹配器进行抓取,最常见的匹配器有ACL、 IP-Prefix List 。Filter-Policy、Route-Policy都可用来在发布、接收路由时进行过滤,但需要注意在链路状态路由协议中使用Filter-Policy并不能正常的过滤链路状态信息,只是影响了本地的路由表。Route-Policy在发布、接收路由时可以对路由的属性进行灵活地修改.
更多资源------>黑凤梨 (zhangwujistudy) - Gitee.com