题目
1.R4为ISP,其上只能配置IP地址;R4与其他所有直连设备间均使用公有IP
2.R3-R5/6/7为MGRE环境,R3为中心站点;
3.整个OSPF环境IP基于172.16.0.0/16划分;
4.所有设备均可访问R4的环回;
5.减少LSA的更新量,加快收敛,保障更新安全;
6.全网可达
分析
1、r4为isp,其ip均为公网ip(包括环回);
2、环回模拟用户网段;
3、建立MGRE环境,r3为中心设备(r3作为中心要开启伪广播),r5、r6、r7为边界设备(注意其环回为私网,接口为公网ip),且中心和分支设备都要修改接口网络类型;
4、设备与区域数量多,要做到合理的网段划分;
5、私网之间可以互相访问,公网之间也可以互相访问,公网与私网之间也能互相访问;
6、减少LSA的更新量即做优化;加快收敛即做计时器;保障更新安全即做认证。
合理的网段划分
将172.16.0.0/16一分为六,给区域0-4和rip环境。再根据每个区域的需要,继续划分。(也可以将该网段一分为二,此实验rip所需网段很少,一分为二浪费地址,所以不建议采用一分为二)
子网划分核心是借位 ,现在需要划分六个网段所以要借3位(二的三次方等于八)。
172.16.0.0 16(主机位全为0)
172.16.00000000.00000000
172.16.000 00000.00000000-----借3位(掩码由16变成了19)
1.划分后的8个网段(随机分配给六个区域)
172.16.000 00000.00000000/19------172.16.0.0/19-----骨干0
172.16.001 00000.00000000/19-----172.16.32.0/19-----区域1
172.16.010 00000.00000000/19-----172.16.64.0/19-----区域2
172.16.011 00000.00000000/19-----172.16.96.0/19-----区域3
172.16.100 00000.00000000/19-----172.16.128.0/19-----区域4
172.16.101 00000.00000000/19-----172.16.160.0/19-----rip
172.16.110 00000.00000000/19-----172.16.192.0/19
172.16.111 00000.00000000/19-----172.16.224.0/19
1.1再次划分给设备(以骨干区域0为例)
为降低实验难度,直接将子网掩码划分到24(32-24=8,可用ip有2的八次方-2=254)
172.16.000 00000.00000000/19------172.16.0.0/19-----骨干0
//划分设备
172.16.000 00000 .00000000/24------172.16.0.0/24-----P2P
172.16.000 00001 .00000000/24------172.16.1.0/24-----MA
172.16.000 00010 .00000000/24------172.16.2.0/24-----用户(环回模拟用户)
172.16.000 00011 .00000000/24------172.16.3.0/24-----用户
172.16.000 00100 .00000000/24------172.16.4.0/24-----用户
172.16.000 00101 .00000000/24------172.16.5.0/24-----用户
172.16.000 00110 .00000000/24------172.16.6.0/24-----用户
…
1.1.1第三次划分给链路(以骨干区域0为例)
如果按照上面的划分规则,将这些地址分配给骨干链路(路由器与路由器之间的连接线路),同一条线路只用了两个ip(如一个接口用了192.16.1.1,另一个接口用了192.16.1.2),还是造成了浪费。因此可以拿出一部分地址,单独分配给骨干链路
;有些骨干链路只需要2个地址(2的2次方=4,32-2=30.所以借到30位)
172.16.0.0/24-----P2P骨干链路(划到30)
(30-24=6,2的6次方=64个网段)
172.16.000 00000 .00000000/24------172.16.0.0/24(划到30)
172.16.000 00000 .000000 00/30------172.16.0.0/30
172.16.000 00000 .000001 00/30------172.16.0.4/30
172.16.000 00000 .000010 00/30------172.16.0.8/30
…
172.16.1.0/24-----MA骨干链路(划到29)
172.16.000 00001 .00000000/24------172.16.1.0/24(划到29)
172.16.000 00001 .00000 000/29------172.16.1.0/29
172.16.000 00001 .00001 000/29------172.16.1.8/29
172.16.000 00001 .00010 000/29------172.16.1.16/29
…
1.2区域1
172.16.001 00000.00000000/19-----172.16.32.0/19-----区域1
//划分到24
172.16.32.0/24-----P2P
172.16.33.0/24-----MA
172.16.34.0/24-----用户
172.16.35.0/24-----用户
172.16.36.0/24-----用户
…
//骨干链路划分
172.16.32.0/24------P2P骨干(划到30)
172.16.32.000000 00-----172.16.32.0/30
172.16.32.000001 00-----172.16.32.4/30
172.16.32.000010 00-----172.16.32.8/30
172.16.32.000100 00-----172.16.32.16/30
…
172.16.33.0/24-----骨干链路(MA)划到29
172.16.33.00000 000-----172.16.33.0/29
172.16.33.00001 000-----172.16.33.8/29
172.16.33.00010 000-----172.16.33.16/29
172.16.33.00100 000-----172.16.33.24/29
…
1.3区域2
172.16.010 00000.00000000/19-----172.16.64.0/19-----区域2
//划分24
172.16.64.0/24-----P2P
172.16.65.0/24-----MA
172.16.66.0/24-----用户
172.16.67.0/24-----用户
…
//骨干链路划分
172.16.64.0/24------P2P骨干(划到30)
172.16.64.0/30
172.16.64.4/30
172.16.64.8/30
172.16.64.12/30
…
172.16.65.0/24-----MA(划到29)
172.16.65.0/29
172.16.65.8/29
172.16.65.16/29
…
1.4区域3
172.16.011 00000.00000000/19-----172.16.96.0/19-----区域3
//划分24
172.16.96.0/24-----P2P
172.16.97.0/24-----MA
172.16.98.0/24-----用户
172.16.99.0/24-----用户
//划分骨干
172.16.96.0/24-----P2P(划到30)
172.16.96.0/30
172.16.96.4/30
…
172.16.97.0/24-----MA(划到29)
172.16.97.0/29
172.16.97.8/29
172.16.97.16/29
…
1.5区域4
172.16.100 00000.00000000/19-----172.16.128.0/19-----区域4
//划分24
172.16.128.0/24-----P2P
172.16.129.0/24-----MA
172.16.130.0/24-----用户
172.16.131.0/24-----用户
…
//划分骨干
172.16.128.0/24-----P2P(划到30)
172.16.128.0/30
172.16.128.4/30
172.16.128.8/30
…
172.16.129.0/24-----MA(划到29)
172.16.129.0/29
172.16.129.8/29
172.16.129.16/29
…
1.6rip
172.16.101 00000.00000000/19-----172.16.160.0/19-----rip
//只有两个网段,划到24且没有链路,不需要划骨干
172.16.160.0/24
172.16.161.0/24
1、区域0配置
公网配置
公网是运营商规划的,我们不用规划,此实验随便配置
r3配置及其缺省(注意:其环回为私网且在区域1中,所以环回我们在区域1中配置)
[r3]interface Serial 4/0/0
[r3-Serial4/0/0]ip address 34.0.0.1 24
[r3]ip route-static 0.0.0.0 0 34.0.0.2
r4配置(运营商)及其环回(注意:其环回为公网)
[r4]interface Serial 4/0/0
[r4-Serial4/0/0]ip address 34.0.0.2 24
[r4-Serial4/0/0]interface Serial 4/0/1
[r4-Serial4/0/1]ip address 45.0.0.2 24
[r4-Serial4/0/1]interface Serial 3/0/0
[r4-Serial3/0/0]ip address 46.0.0.2 24
[r4-Serial3/0/0]q
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip address 47.0.0.2 24
[r4-GigabitEthernet0/0/0]q
[r4]interface LoopBack 0
[r4-LoopBack0]ip address 100.0.0.1 24
[r4-LoopBack0]q
r5配置及其缺省(注意:其环回为私网)
[r5]interface Serial 4/0/0
[r5-Serial4/0/0]ip address 45.0.0.1 24
[r5]ip route-static 0.0.0.0 0 45.0.0.2
[r5]
[r5]interface l0
[r5-LoopBack0]ip address 172.16.2.1 24
r6配置及其缺省(注意:其环回为私网)
[r6]interface Serial 4/0/0
[r6-Serial4/0/0]ip address 46.0.0.1 24
[r6]ip route-static 0.0.0.0 0 46.0.0.2
[r6]interface l0
[r6-LoopBack0]ip address 172.16.3.1 24
r7配置及其缺省(注意:其环回为私网)
[r7]interface GigabitEthernet 0/0/0
[r7-GigabitEthernet0/0/0]ip address 47.0.0.1 24
[r7]ip route-static 0.0.0.0 0 47.0.0.2
[r7]interface l0
[r7-LoopBack0]ip address 172.16.4.1 24
私网配置(此时才用到我们所划分的MA网段)
r3作为中心要开启伪广播
//r3
[r3-Tunnel0/0/0]display this
[V200R003C00]
#
interface Tunnel0/0/0
ip address 172.16.1.1 255.255.255.248
tunnel-protocol gre p2mp
source 34.0.0.1
nhrp entry multicast dynamic //开启伪广播
nhrp network-id 100
#
return
//r5
[r5-Tunnel0/0/0]display this
[V200R003C00]
#
interface Tunnel0/0/0
ip address 172.16.1.2 255.255.255.248
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 172.16.1.1 34.0.0.1 register
#
return
//r6
[r6-Tunnel0/0/0]display this
[V200R003C00]
#
interface Tunnel0/0/0
ip address 172.16.1.3 255.255.255.248
tunnel-protocol gre p2mp
source Serial4/0/0
nhrp network-id 100
nhrp entry 172.16.1.1 34.0.0.1 register
#
return
//r7
[r7-Tunnel0/0/0]display this
[V200R003C00]
#
interface Tunnel0/0/0
ip address 172.16.1.4 255.255.255.248
tunnel-protocol gre p2mp
source GigabitEthernet0/0/0
nhrp network-id 100
nhrp entry 172.16.1.1 34.0.0.1 register
#
return
检查私网是否ping通
2、区域1配置(要用到MA和用户网段)
//r1
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip address 172.16.33.1 29
[r1]interface l0
[r1-LoopBack0]ip address 172.16.34.1 24
//r2
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip address 172.16.33.2 29
[r2-GigabitEthernet0/0/0]q
[r2]interface l0
[r2-LoopBack0]ip address 172.16.35.1 24
//r3
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ip address 172.16.33.3 29
[r3-GigabitEthernet0/0/0]q
[r3]interface l0
[r3-LoopBack0]ip address 172.16.36.1 24
3、区域2配置(要用到P2P和用户网段)
//r6
[r6]interface GigabitEthernet 0/0/0
[r6-GigabitEthernet0/0/0]ip address 172.16.64.1 30
//r11
[r11]interface GigabitEthernet 0/0/0
[r11-GigabitEthernet0/0/0]ip ad 172.16.64.2 30
[r11]interface GigabitEthernet 0/0/1
[r11-GigabitEthernet0/0/1]ip address 172.16.64.5 30
[r11]interface l0
[r11-LoopBack0]ip address 172.16.66.1 24
//r12
[r12]interface GigabitEthernet 0/0/0
[r12-GigabitEthernet0/0/0]ip address 172.16.64.6 30
注意:172.16.64.4 30和172.16.64.7 30不可用,一个是主机位全0,一个是主机位全1
4、区域3配置
//r7
[r7]interface GigabitEthernet 0/0/1
[r7-GigabitEthernet0/0/1]ip address 172.16.96.1 30
//r8
[r8]interface GigabitEthernet 0/0/0
[r8-GigabitEthernet0/0/0]ip address 172.16.96.2 30
[r8-GigabitEthernet0/0/0]q
[r8]interface GigabitEthernet 0/0/1
[r8-GigabitEthernet0/0/1]ip address 172.16.96.5 30
[r8-GigabitEthernet0/0/1]q
[r8]interface l0
[r8-LoopBack0]ip address 172.16.98.1 24
//r9
[r9]interface GigabitEthernet 0/0/0
[r9-GigabitEthernet0/0/0]ip address 172.16.96.6 30
5、区域4配置
[r9]interface GigabitEthernet 0/0/01
[r9-GigabitEthernet0/0/1]ip ad
[r9-GigabitEthernet0/0/1]ip address 172.16.128.1 30
[r9-GigabitEthernet0/0/1]q
[r9]interface l0
[r9-LoopBack0]ip address 172.16.130.1 24
[r10]interface GigabitEthernet 0/0/0
[r10-GigabitEthernet0/0/0]ip address 172.16.128.2 30
[r10-GigabitEthernet0/0/0]q
[r10]interface l0
[r10-LoopBack0]ip address 172.16.131.1 24
6、区域rip配置
[r12]interface l0
[r12-LoopBack0]ip address 172.16.160.1 24
[r12-LoopBack0]q
[r12]interface l1
[r12-LoopBack1]ip address 172.16.161.1 24
启动OSPF
注意:公网上的接口不需要宣告
公网是属于互联网的一部分,一旦把公网宣告,那就意味着公网和私网就打通了,公网路由信息太多,会导致内部设备宕机。
并且r4不需要宣告,它是公网路由器
区域1宣告
[r1]ospf 1 router-id 1.1.1.1
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]network 0.0.0.0 0.0.0.0
//network 0.0.0.0 0.0.0.0 确定这台设备在这个区域中且不会有其他区域,宣告所有的ip地址
//或者这样宣告:[r1-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.31.255
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 1
[r2-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.31.255
//一开始区域1划分的网段是172.16.32.0/19
//因为r3是ABR设备,既有区域0地址,也有区域1地址,在宣告时,可以先进入区域1使用[r3-ospf-1-area-0.0.0.1]display ip interface brief 命令,查看有哪些接口位于区域1
//r3对于区域1的宣告
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.33.3/29 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.36.1/24 up up(s)
NULL0 unassigned up up(s)
Serial4/0/0 34.0.0.1/24 up up
Serial4/0/1 unassigned down down
Tunnel0/0/0 172.16.1.1/29 up up
//进行精确宣告
[r3-ospf-1-area-0.0.0.1]network 172.16.33.3 0.0.0.0
[r3-ospf-1-area-0.0.0.1]network 172.16.36.1 0.0.0.0
区域0宣告
//r3时ABR设备,然后我们在进入区域0,使用[r3-ospf-1-area-0.0.0.0]display ip interface brief,查看有哪些接口位于区域0
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 3
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 3
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.33.3/29 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.36.1/24 up up(s)
NULL0 unassigned up up(s)
Serial4/0/0 34.0.0.1/24 up up
Serial4/0/1 unassigned down down
Tunnel0/0/0 172.16.1.1/29 up up
[r3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0-----宣告隧道
[r5]ospf 1 router-id 5.5.5.5
[r5-ospf-1]area 0
//宣告环回和隧道接口
[r5-ospf-1-area-0.0.0.0]network 172.16.2.1 0.0.0.0
[r5-ospf-1-area-0.0.0.0]network 172.16.1.2 0.0.0.0
[r6]ospf 1 router-id 6.6.6.6
[r6-ospf-1]area 0
//宣告隧道和环回接口
[r6-ospf-1-area-0.0.0.0]network 172.16.3.1 0.0.0.0
[r6-ospf-1-area-0.0.0.0]network 172.16.1.3 0.0.0.0
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]area 0
//宣告环回和隧道
[r7-ospf-1-area-0.0.0.0]network 172.16.4.1 0.0.0.0
[r7-ospf-1-area-0.0.0.0]network 172.16.1.4 0.0.0.0
区域2宣告
[r6]ospf 1 router-id 6.6.6.6
[r6-ospf-1]area 2
//宣告0/0/0接口
[r6-ospf-1-area-0.0.0.2]network 172.16.64.1 0.0.0.0
[r11]ospf 1 router-id 11.1.1.1
[r11-ospf-1]area 2
//区域2划分的网段是172.16.64.0/19,所以可以进行整个网段的宣告
[r11-ospf-1-area-0.0.0.2]network 172.16.64.0 0.0.31.255
//r12是ASBR设备,但是区域2划分的网段是172.16.64.0/19,所以可以进行整个网段的宣告
[r12]ospf 1 router-id 12.1.1.1
[r12-ospf-1]area 2
[r12-ospf-1-area-0.0.0.2]network 172.16.64.0 0.0.31.255
区域3的宣告
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]area 3
[r7-ospf-1-area-0.0.0.3]display ip interface b
[r7-ospf-1-area-0.0.0.3]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 47.0.0.1/24 up up
GigabitEthernet0/0/1 172.16.96.1/30 up up
GigabitEthernet0/0/2 unassigned down down
LoopBack0 172.16.4.1/24 up up(s)
NULL0 unassigned up up(s)
Tunnel0/0/0 172.16.1.4/29 up up
//宣告位于区域3的接口
[r7-ospf-1-area-0.0.0.3]network 172.16.96.1 0.0.0.0
[r8]ospf 1 router-id 8.8.8.8
[r8-ospf-1]area 3
//划分时区域3的网段是172.16.96.0/19
[r8-ospf-1-area-0.0.0.3]network 172.16.96.0 0.0.31.255
[r9]ospf 1 router-id 9.9.9.9
[r9-ospf-1]area 3
[r9-ospf-1-area-0.0.0.3]network 172.16.96.6 0.0.0.0
区域4的宣告
[r9-ospf-1]area 4
//范围宣告,划分网段是时,区域4网段范围是172.16.128.0/19
[r9-ospf-1-area-0.0.0.4]network 172.16.128.0 0.0.31.255
[r10]ospf 1 router-id 10.1.1.1
[r10-ospf-1]area 4
[r10-ospf-1-area-0.0.0.4]network 172.16.128.0 0.0.31.255
rip中的宣告
[r12]rip
[r12-rip-1]network 172.16.0.0
查看此实验是否配通
R1
r1的邻接表,它应该有两个邻居,在以太网中和r2建立、r3建立
R3
r3的邻接表有问题,缺少r6、r7
原因:隧道接口是点到点类型,需要修改其接口网络类型默认的工作方式
解决方法:因为是中心到站点的结构,所以修改成P2MP
[r3-Tunnel0/0/0]ospf network-type p2mp
分支也要修改
[r5-Tunnel0/0/0]ospf network-type p2mp
[r6-Tunnel0/0/0]ospf network-type p2mp
[r7-Tunnel0/0/0]ospf network-type p2mp
修改后,邻接关系正确
此时,除区域四和rip以外应该全网可达
可以查询r1路由信息表
rip中做重发布
//把rip协议中的路由引入OSPF协议中
[r12-ospf-1]import-route rip
重分布后出现了rip路由信息
区域4做多进程的双向重发布
不做隧道(重复更新)和vlink(不能做优化)
这种情况下做多进程的双向重发布
但是区域4已经在ospf 1中宣告了,因此要删除宣告的内容(r9不能之间删除ospf 1协议,因为r9中还有其他接口存在与ospf 1中;r10可以之间删除协议),让它们在ospf 2中宣告;然后在ospf 1引入ospf 2的协议(此时ospf 2学习不到ospf 1的信息),因此ospf 2中还要引入ospf 1的协议。
[r9]ospf 1 router-id 9.9.9.9
[r9-ospf-1]area 4
[r9-ospf-1-area-0.0.0.4]display this
[V200R003C00]
#
area 0.0.0.4
network 172.16.128.0 0.0.31.255
#
return
[r9-ospf-1-area-0.0.0.4]undo network 172.16.128.0 0.0.31.255
[r9-ospf-1-area-0.0.0.4]q
[r9-ospf-1]undo area 4
[r9]ospf 2 router-id 9.9.9.9
[r9-ospf-2]area 0
[r9-ospf-2-area-0.0.0.0]network 172.16.128.0 0.0.31.255
[r10]undo ospf 1
Warning: The OSPF process will be deleted. Continue? [Y/N]:y
[r10]ospf 2 router-id 10.1.1.1
[r10-ospf-2]area 0
[r10-ospf-2-area-0.0.0.0]network 172.16.128.0 0.0.31.255
[r9-ospf-1]import-route ospf 2
[r9-ospf-2]import-route ospf 1
153
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
