<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
|
3.3 RIP
的被动、单播、过滤
| |
|
| |
|
实验连接图
| |
|
<?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" />
| |
|
提要描述
| |
|
在一些的应用中,路由不想把更新信息传出去,或者只想把路由信息传递给特定的路由设备,那么这样的要求就引发出
RIP
的被动接口、单播更新和路由过滤的应用。首先
RIP v1
是以广播的形式(
255.255.255.255
)来把自己的路由更新信息发出去,而
RIP v2
是以组播(
224.0.0.9
)的方式发自己的更新信息出去。广播和组播能不能穿透被动接口而把更新发出去?单播又是怎么工作的?路由过滤又是如何呢?
实验目标:
在
R2
上分别做被动、单播和在
R3
上做过滤的调试看看各个现象和结合应用的情况。
| |
|
RIPv1
基本配置
| |
|
R1
的配置
|
R2
的配置
|
|
!
hostname R1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Serial1/1
no shut
ip address 12.1.1.1 255.255.255.0
clock rate 64000
!
router rip
network 0.0.0.0
!
|
!
hostname R2
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Serial1/0
no shut
ip address 12.1.1.2 255.255.255.0
!
interface Serial1/1
ip address 23.1.1.2 255.255.255.0
!
router rip
network 0.0.0.0
!
|
|
R3
的配置
|
|
|
!
hostname R3
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Serial1/0
no shut
ip address 23.1.1.3 255.255.255.0
clock rate 64000
!
router rip
network 0.0.0.0
!
|
|
|
↓调试配置及监测步骤↓
| |
首先:我们这里各个路由器都运行RIPv1,现在把R2 的S1/0的接口被动掉,看看会有什么情况发生?!
R2(config)#router rip
R2(config-router)#passive-interface s1/0
R1的情况:
R1#sh ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 [120/1] via 12.1.1.2, 00:00:28, Serial1/1
R 3.0.0.0/8 [120/2] via 12.1.1.2, 00:00:28, Serial1/1
R 23.0.0.0/8 [120/1] via 12.1.1.2, 00:00:28, Serial1/1
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/1
再看:
R1#sh ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 [120/1] via 12.1.1.2, 00:00:36, Serial1/1
R 3.0.0.0/8 [120/2] via 12.1.1.2, 00:00:36, Serial1/1
R 23.0.0.0/8 [120/1] via 12.1.1.2, 00:00:36, Serial1/1
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/1
这个时候更新计时器没有回0 ,说明在R1上已经收不到上面阴影部分的路由信息了。 进入了无效更新阶段 ,过了180S后的时候,就会出现下面的possibly down现象。
R1#sh ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 is possibly down, routing via 12.1.1.2, Serial1/1
R 3.0.0.0/8 is possibly down, routing via 12.1.1.2, Serial1/1
R 23.0.0.0/8 is possibly down, routing via 12.1.1.2, Serial1/1
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/1
过了60S的时间后,再看R1的路由表,已经没有了从R2学到的路由信息:
R1#sh ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/1
R2的情况:
R2#show ip route
R 1.0.0.0/8 [120/1] via 12.1.1.1, 00:00:12, Serial1/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
R 3.0.0.0/8 [120/1] via 23.1.1.3, 00:00:00, Serial1/1
23.0.0.0/24 is subnetted, 1 subnets
C 23.1.1.0 is directly connected, Serial1/1
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/0
R2的路由表是一直没有变化的,这就是被动接口的功能-----只收不发,被禁止的路由器接口他是不会发送路由更新给邻居的,但他自己仍然可以从邻居那里接收路由更新。
看看R1、R2在运行RIPv1 的debug信息
R1# debug ip rip
RIP protocol debugging is on
R1#
*Mar 4 19:41:04.087: RIP: sending v1 update to 255.255.255.255 via Serial1/1 (12.1.1.1)
*Mar 4 19:41:04.087: RIP: build update entries
*Mar 4 19:41:04.087: network 1.0.0.0 metric 1
R1没有收到任何路由信息
R2#debug ip rip
RIP protocol debugging is on
R2#
*Mar 4 19:40:07.655: RIP: received v1 update from 12.1.1.1 on Serial1/0
*Mar 4 19:40:07.659: 1.0.0.0 in 1 hops
R2#
*Mar 4 19:40:22.071: RIP: sending v1 update to 255.255.255.255 via Serial1/1 (23.1.1.2)
*Mar 4 19:40:22.071: RIP: build update entries
*Mar 4 19:40:22.075: network 1.0.0.0 metric 2
*Mar 4 19:40:22.075: network 2.0.0.0 metric 1
*Mar 4 19:40:22.075: network 12.0.0.0 metric 1
R2#
*Mar 4 19:40:31.591: RIP: received v1 update from 23.1.1.3 on Serial1/1
*Mar 4 19:40:31.595: 3.0.0.0 in 1 hops
R2收到了所以的路由信息
从上面R1和R2的信息来看,运行RIPv1时候采用广播(255.255.255.255)的方式发送更新不能穿透被动接口,那现在我们换成RIPv2看看:
R1(config)#router rip
R1(config-router)#version 2
R2(config)#router rip
R2(config-router)#version 2
R1#debug ip rip
*Mar 4 19:51:41.419: RIP: sending v2 update to 224.0.0.9 via Serial1/1 (12.1.1.1)
*Mar 4 19:51:41.419: RIP: build update entries
*Mar 4 19:51:41.423: 1.0.0.0/8 via 0.0.0.0, metric 1, tag 0
R2#debug ip rip
*Mar 4 19:51:41.991: RIP: received v2 update from 12.1.1.1 on Serial1/0
*Mar 4 19:51:41.995: 1.0.0.0/8 via 0.0.0.0 in 1 hops
R2#
*Mar 4 19:51:40.971: RIP: sending v2 update to 224.0.0.9 via Loopback0 (2.2.2.2)
*Mar 4 19:51:40.971: RIP: build update entries
*Mar 4 19:51:40.975: 1.0.0.0/8 via 0.0.0.0, metric 2, tag 0
*Mar 4 19:51:40.975: 3.0.0.0/8 via 0.0.0.0, metric 2, tag 0
*Mar 4 19:51:40.979: 12.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar 4 19:51:40.979: 23.0.0.0/8 via 0.0.0.0, metric 1, tag 0
*Mar 4 19:51:40.983: RIP: ignored v2 packet from 2.2.2.2 (sourced from one of our addresses)
转换到RIPv2后,同样R1也没有收到任何路由信息,这证实了以组播(224.0.0.9)方式发送更新也不能够穿透被动接口。
那么单播能不能把更新信息传递出来呢?我们在R1和R2上面配置单播看看。
R1(config)#router rip
R1(config-router)#neighbor 12.1.1.2
R2(config)#router rip
R2(config-router)#neighbor 12.1.1.1
R2#debug ip rip
RIP protocol debugging is on
R2#
*Mar 4 20:03:59.527: RIP: sending v1 update to 12.1.1.1 via Serial1/0 (12.1.1.2)
*Mar 4 20:03:59.527: RIP: build update entries
*Mar 4 20:03:59.531: network 2.0.0.0 metric 1
*Mar 4 20:03:59.531: network 3.0.0.0 metric 2
*Mar 4 20:03:59.531: network 23.0.0.0 metric 1
R1#debug ip rip
*Mar 4 20:04:52.939: RIP: received v1 update from 12.1.1.2 on Serial1/1
*Mar 4 20:04:52.943: 2.0.0.0 in 1 hops
*Mar 4 20:04:52.943: 3.0.0.0 in 2 hops
*Mar 4 20:04:52.943: 23.0.0.0 in 1 hops
R1#show ip route
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 [120/1] via 12.1.1.2, 00:00:00, Serial1/1
R 3.0.0.0/8 [120/2] via 12.1.1.2, 00:00:00, Serial1/1
R 23.0.0.0/8 [120/1] via 12.1.1.2, 00:00:00, Serial1/1
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/1
通过在R1和R2指定了单播之后,R2以单播指定的方式向R1发送数据报文,而R1也在指定的ip地址接收数据报文,查看R1的路由表,已经学到了全部路由信息。这证实单播能够穿透被动接口。
结论:
在运行
RIP
的情况下做接口被动是可以隔绝
RIP
的广播和组播数据报文
,但是不会隔绝单播的数据报文,单播是可以穿透被动接口发送数据报文的。
被动和单播很多时候是在一起使用,被动的应用主要在小网络客户和
ISP
连接的时候,
ISP
在他的边界路由器上面使用的技术
。
除了用被动禁止发送路由信息外,我们还可以利用
分发列表
来实现在
RIP
中过滤路由:
我们现在在R3上实现这个功能:
R3(config)#router rip
R3(config-router)#no network 0.0.0.0 #先删除默认路由,再宣告明细路由
R3(config-router)#network 23.0.0.0
R3(config-router)#network 3.3.3.3
R3#show ip protocols
Routing for Networks:
3.0.0.0
23.0.0.0
这里有两个网络被宣告出去,现在要拒绝宣告3.0.0.0这个网络,不让它通过R3的s1/0宣告出去:
R3(config)#access-list 10 deny 3.0.0.0
R3(config)#access-list 10 permit any
R3(config)#router rip
R3(config-router)#distribute-list 10 out s1/0
配置后等一些时间,再看看R2、R1的路由表情况:
R2#sh ip route
R 1.0.0.0/8 [120/1] via 12.1.1.1, 00:00:10, Serial1/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
R 3.0.0.0/8 is possibly down, routing via 23.1.1.3, Serial1/1
23.0.0.0/24 is subnetted, 1 subnets
C 23.1.1.0 is directly connected, Serial1/1
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/0
这时候R2已经出现在possibly down了,R2会通知R1,R3的3.0.0.0这个网络不可达,这时候R1会马上删除3.0.0.0这个网络
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - <?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
R 2.0.0.0/8 [120/1] via 12.1.1.2, 00:00:05, Serial1/1
R 23.0.0.0/8 [120/1] via 12.1.1.2, 00:00:05, Serial1/1
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/1
R1已经没有了3.0.0.0这个网络了,再过60秒左右R2也会删除3.0.0.0这个网络。
R2#sh ip route
Gateway of last resort is not set
R 1.0.0.0/8 [120/1] via 12.1.1.1, 00:00:17, Serial1/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
23.0.0.0/24 is subnetted, 1 subnets
C 23.1.1.0 is directly connected, Serial1/1
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/0
转载于:https://blog.51cto.com/sharkii/64173
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
