1.1.1 关于本实验
本实验主要介绍了路由选择工具ACL和IP-Prefix的配置,路由引入的配置以及路由策略的配置方法及注意事项。
1.1.2 实验目的
掌握路由选择工具的配置方法,路由策略与策略路由的配置与注意事项。
1.1.3 实验组网介绍
1.1.4 实验规划
某公司网络如实验拓扑所示,公司总部运行OSPF协议,分部运行ISIS协议,总部和分部中各有若干业务网段,其中奇数网段为业务A网段,偶数网段为业务B网段,请根据如下需求对网络进行部署:
- 按照拓扑分别搭建总部OSPF网络与分部ISIS网络,并尽量减少OSPF Area 1中设备需要维护的路由条目(不做路由聚合);
- 网络管理员在R1上将ISIS路由引入到OSPF中,在R2上将OSPF路由引入到ISIS中,并通过适当调测使得业务网段间能够正常通信;
- 为了避免由于总部与分部网络间单点故障而造成的断网,网络管理员在R1、R2上部署双向引入,并通过适当调测使得业务网段间能够正常通信;
- 在总部网络中,使得总部网段A和B业务各使用一条链路以实现负载(不能使用路由策略);
1.2 实验任务配置
1.2.1 配置思路
- 配置各接口IP
- 配置OSPF
- 配置ISIS
- 配置任务一
- 配置任务二
- 配置任务三
- 配置任务四
1.2.2 配置步骤
步骤 1 配置各接口IP地址
#配置R5
system-view[Quidway]sysname R5[R5]interface Serial 1/0/0[R5-Serial1/0/0]ip address 54.1.1.1 30[R5]interface Serial 1/0/1[R5-Serial1/0/1]ip address 54.2.2.1 30 [R5]interface LoopBack 0[R5-LoopBack0]ip address 5.5.5.5 32[R5]interface LoopBack 1[R5-LoopBack1]ip address 172.16.0.1 24[R5]interface LoopBack 2[R5-LoopBack2]ip address 172.16.1.1 24[R5]interface LoopBack 3[R5-LoopBack3]ip address 172.16.2.1 24[R5]interface LoopBack 4[R5-LoopBack4]ip address 172.16.3.1 24
#配置R4
system-view[Quidway]sysname R4[R4]interface Serial 1/0/0[R4-Serial1/0/0]ip address 54.1.1.2 30[R4]interface Serial 1/0/1[R4-Serial1/0/1]ip address 54.2.2.2 30 [R4]interface LoopBack 0[R4-LoopBack0]ip address 4.4.4.4 32[R4]interface GigabitEthernet 0/0/0 [R4-GigabitEthernet0/0/0]ip address 41.1.1.1 30[R4]interface GigabitEthernet 0/0/1 [R4-GigabitEthernet0/0/1]ip address 42.1.1.1 30
#配置R1
system-view[Quidway]sysname R1[R1]interface GigabitEthernet 0/0/1 [R1-GigabitEthernet0/0/1]ip address 41.1.1.2 30[R1]interface GigabitEthernet 0/0/0 [R1-GigabitEthernet0/0/0]ip address 13.1.1.1 30[R1]interface LoopBack 0[R1-LoopBack0]ip address 1.1.1.1 32
#配置R2
system-view[Quidway]sysname R2[R2]interface GigabitEthernet 0/0/1 [R2-GigabitEthernet0/0/1]ip address 42.1.1.2 30[R2]interface GigabitEthernet 0/0/0 [R2-GigabitEthernet0/0/0]ip address 23.1.1.1 30[R2]interface LoopBack 0[R2-LoopBack0]ip address 2.2.2.2 32
#配置R3
system-view[Quidway]sysname R3[R3]interface GigabitEthernet 0/0/1 [R3-GigabitEthernet0/0/1]ip address 23.1.1.2 30[R3]interface GigabitEthernet 0/0/0 [R3-GigabitEthernet0/0/0]ip address 13.1.1.2 30[R3]interface LoopBack 0[R3-LoopBack0]ip address 3.3.3.3 32[R3]interface LoopBack 1[R3-LoopBack1]ip address 192.168.1.1 24[R3]interface LoopBack 2[R3-LoopBack2]ip address 192.168.2.1 24[R3]interface LoopBack 3[R3-LoopBack3]ip address 192.168.3.1 24[R3]interface LoopBack 4[R3-LoopBack4]ip address 192.168.4.1 24
步骤 2 配置OSPF
#配置R5
[R5]ospf 1 router-id 5.5.5.5[R5-ospf-1]area 1[R5-ospf-1-area-0.0.0.1]network 5.5.5.5 0.0.0.0[R5-ospf-1-area-0.0.0.1]network 54.1.1.0 0.0.0.3[R5-ospf-1-area-0.0.0.1]network 54.2.2.0 0.0.0.3[R5]ip ip-prefix r5 permit 172.16.0.0 16 greater-equal 24 less-equal 24[R5]route-policy r5 permit node 10[R5-route-policy]if-match ip-prefix r5[R5]ospf 1 [R5-ospf-1]import-route direct route-policy r5
#配置R4
[R4]ospf 1 router-id 4.4.4.4[R4-ospf-1]area 1[R4-ospf-1-area-0.0.0.1]network 54.1.1.0 0.0.0.3[R4-ospf-1-area-0.0.0.1]network 54.2.2.0 0.0.0.3[R4-ospf-1]area 0[R4-ospf-1-area-0.0.0.0]network 41.1.1.0 0.0.0.3[R4-ospf-1-area-0.0.0.0]network 42.1.1.0 0.0.0.3[R4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
#配置R1
[R1]ospf 1 router-id 1.1.1.1[R1-ospf-1]area 0[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0[R1-ospf-1-area-0.0.0.0]network 41.1.1.0 0.0.0.3
#配置R2
[R2]ospf 1 router-id 2.2.2.2 [R2-ospf-1]area 0[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0[R2-ospf-1-area-0.0.0.0]network 42.1.1.0 0.0.0.3
步骤 3 配置ISIS
#配置R1
[R1]isis 1[R1-isis-1]network-entity 49.0010.0100.1001.00[R1-isis-1]is-level level-2[R1-isis-1]cost-style wide[R1]interface GigabitEthernet 0/0/0[R1-GigabitEthernet0/0/0]isis enable 1[R1]interface LoopBack 0[R1-LoopBack0]isis enable 1
#配置R2
[R2]isis 1[R2-isis-1]network-entity 49.0020.0200.2002.00[R2-isis-1]is-level level-2[R2-isis-1]cost-style wide[R2]interface GigabitEthernet 0/0/0[R2-GigabitEthernet0/0/0]isis enable 1[R2]interface LoopBack 0[R2-LoopBack0]isis enable 1
#配置R3
[R3]isis 1[R3-isis-1]network-entity 49.0030.0300.3003.00[R3-isis-1]is-level level-2[R3-isis-1]cost-style wide[R3]interface GigabitEthernet 0/0/0[R3-GigabitEthernet0/0/0]isis enable 1[R3]interface GigabitEthernet 0/0/1[R3-GigabitEthernet0/0/1]isis enable 1[R3]interface LoopBack 0[R3-LoopBack0]isis enable 1[R3]interface LoopBack 1[R3-LoopBack1]isis enable 1[R3]interface LoopBack 2[R3-LoopBack2]isis enable 1[R3]interface LoopBack 3[R3-LoopBack3]isis enable 1[R3]interface LoopBack 4[R3-LoopBack4]isis enable 1
步骤 4 配置任务一
#配置R4
[R4]ospf 1 [R4-ospf-1]area 1[R4-ospf-1-area-0.0.0.1]nssa no-summary
#配置R5
[R5]ospf 1[R5-ospf-1]area 1[R5-ospf-1-area-0.0.0.1]nssa
步骤 5 配置任务二
#配置R1
[R1]acl 2000[R1-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255[R1-acl-basic-2000]rule permit source 172.16.1.0 0.0.0.255[R1-acl-basic-2000]rule permit source 172.16.2.0 0.0.0.255[R1-acl-basic-2000]rule permit source 172.16.3.0 0.0.0.255[R1]acl 2001[R1-acl-basic-2001]rule permit source 192.168.1.0 0.0.0.255[R1-acl-basic-2001]rule permit source 192.168.2.0 0.0.0.255[R1-acl-basic-2001]rule permit source 192.168.3.0 0.0.0.255[R1-acl-basic-2001]rule permit source 192.168.4.0 0.0.0.255[R1]route-policy I2O permit node 10[R1-route-policy]if-match acl 2001[R1]ospf[R1-ospf-1]import-route isis route-policy I2O
#配置R2
[R2]acl 2000[R2-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255[R2-acl-basic-2000]rule permit source 172.16.1.0 0.0.0.255[R2-acl-basic-2000]rule permit source 172.16.2.0 0.0.0.255[R2-acl-basic-2000]rule permit source 172.16.3.0 0.0.0.255[R2]acl 2001[R2-acl-basic-2001]rule permit source 192.168.1.0 0.0.0.255[R2-acl-basic-2001]rule permit source 192.168.2.0 0.0.0.255[R2-acl-basic-2001]rule permit source 192.168.3.0 0.0.0.255[R2-acl-basic-2001]rule permit source 192.168.4.0 0.0.0.255[R2]route-policy O2I permit node 10[R2-route-policy]if-match acl 2000[R2]isis 1[R2-isis-1]import-route ospf route-policy O2I
#配置R1
[R1]route-policy ase permit node 10[R1-route-policy]if-match acl 2000 [R1-route-policy]apply preference 13[R1]ospf 1[R1-ospf-1]preference ase route-policy ase 150
步骤 6 配置任务三
#配置R1
[R1]route-policy I2O deny node 5 [R1-route-policy]if-match tag 100[R1]route-policy I2O permit node 10[R1-route-policy]apply tag 200 [R1]route-policy O2I deny node 5[R1-route-policy]if-match tag 300[R1]route-policy O2I permit node 10[R1-route-policy]apply tag 400[R1]isis 1[R1-isis-1]import-route ospf route-policy O2I
#配置R2
[R2]route-policy O2I deny node 5 [R2-route-policy]if-match tag 200 [R2]route-policy O2I permit node 10[R2-route-policy]apply tag 100[R2]route-policy I2O deny node 5[R2-route-policy]if-match tag 400 [R2]route-policy I2O permit node 10[R2-route-policy]apply tag 300[R2]ospf 1[R2-ospf-1]import-route isis route-policy I2O
#配置R2
[R2]route-policy ase permit node 10[R2-route-policy]if-match acl 2000[R2-route-policy]apply preference 13[R2]ospf 1[R2-ospf-1]preference ase route-policy ase 150
步骤 7 配置任务四
#配置R5
[R5]ip local policy-based-route test[R5]acl 2000[R5-acl-basic-2000]rule permit source 172.16.0.0 0.0.0.255 [R5-acl-basic-2000]rule permit source 172.16.2.0 0.0.0.255[R5]acl 2001[R5-acl-basic-2001]rule permit source 172.16.1.0 0.0.0.255 [R5-acl-basic-2001]rule permit source 172.16.3.0 0.0.0.255 [R5]policy-based-route test permit node 10 [R5-policy-based-route-test-10]if-match acl 2000 [R5-policy-based-route-test-10]apply output-interface Serial 1/0/0 [R5]policy-based-route test permit node 20 [R5-policy-based-route-test-20]if-match acl 2001 [R5-policy-based-route-test-20]apply output-interface Serial 1/0/1
1.3 思考
是否有其他方法完成各项任务?
1.4 配置参考
1.4.1 R1的配置
#dis cur#sysname R1#acl number 2000 rule 5 permit source 172.16.0.0 0.0.0.255 rule 10 permit source 172.16.1.0 0.0.0.255 rule 15 permit source 172.16.2.0 0.0.0.255 rule 20 permit source 172.16.3.0 0.0.0.255#acl number 2001 rule 5 permit source 192.168.1.0 0.0.0.255 rule 10 permit source 192.168.2.0 0.0.0.255 rule 15 permit source 192.168.3.0 0.0.0.255 rule 20 permit source 192.168.4.0 0.0.0.255#isis 1 is-level level-2 cost-style wide network-entity 49.0010.0100.1001.00 import-route ospf 1 route-policy O2I#interface GigabitEthernet0/0/0 ip address 13.1.1.1 255.255.255.252 isis enable 1#interface GigabitEthernet0/0/1 ip address 41.1.1.2 255.255.255.252#interface LoopBack0 ip address 1.1.1.1 255.255.255.255 isis enable 1#ospf 1 router-id 1.1.1.1 import-route isis 1 route-policy I2O preference ase route-policy ase 150 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 41.1.1.0 0.0.0.3#route-policy I2O deny node 5 if-match tag 100#route-policy I2O permit node 10 if-match acl 2001 apply tag 200#route-policy ase permit node 10 if-match acl 2000 apply preference 13#route-policy O2I deny node 5 if-match tag 300#route-policy O2I permit node 10 apply tag 400#return
1.4.2 R2的配置
dis cur#sysname R2#acl number 2000 rule 5 permit source 172.16.0.0 0.0.0.255 rule 10 permit source 172.16.1.0 0.0.0.255 rule 15 permit source 172.16.2.0 0.0.0.255 rule 20 permit source 172.16.3.0 0.0.0.255#acl number 2001 rule 5 permit source 192.168.1.0 0.0.0.255 rule 10 permit source 192.168.2.0 0.0.0.255 rule 15 permit source 192.168.3.0 0.0.0.255 rule 20 permit source 192.168.4.0 0.0.0.255#isis 1 is-level level-2 cost-style wide network-entity 49.0020.0200.2002.00 import-route ospf 1 route-policy O2I#interface GigabitEthernet0/0/0 ip address 23.1.1.1 255.255.255.252 isis enable 1#interface GigabitEthernet0/0/1 ip address 42.1.1.2 255.255.255.252#interface LoopBack0 ip address 2.2.2.2 255.255.255.255 isis enable 1#ospf 1 router-id 2.2.2.2 import-route isis 1 route-policy I2O preference ase route-policy ase 150 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 42.1.1.0 0.0.0.3#route-policy O2I deny node 5 if-match tag 200#route-policy O2I permit node 10 if-match acl 2000 apply tag 100#route-policy I2O deny node 5 if-match tag 400#route-policy I2O permit node 10 apply tag 300#route-policy ase permit node 10 if-match acl 2000 apply preference 13#return
1.4.3 R3的配置
dis cur#sysname R3#isis 1 is-level level-2 cost-style wide network-entity 49.0030.0300.3003.00#interface GigabitEthernet0/0/0 ip address 13.1.1.2 255.255.255.252 isis enable 1#interface GigabitEthernet0/0/1 ip address 23.1.1.2 255.255.255.252 isis enable 1#interface LoopBack0 ip address 3.3.3.3 255.255.255.255 isis enable 1#interface LoopBack1 ip address 192.168.1.1 255.255.255.0 isis enable 1#interface LoopBack2 ip address 192.168.2.1 255.255.255.0 isis enable 1#interface LoopBack3 ip address 192.168.3.1 255.255.255.0 isis enable 1#interface LoopBack4 ip address 192.168.4.1 255.255.255.0 isis enable 1#return
1.4.4 R4的配置
dis cur[V200R003C00]# sysname R4# board add 0/1 2SA#interface Serial1/0/0 link-protocol ppp ip address 54.1.1.2 255.255.255.252#interface Serial1/0/1 link-protocol ppp ip address 54.2.2.2 255.255.255.252#interface GigabitEthernet0/0/0 ip address 41.1.1.1 255.255.255.252#interface GigabitEthernet0/0/1 ip address 42.1.1.1 255.255.255.252#interface LoopBack0 ip address 4.4.4.4 255.255.255.255#ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 41.1.1.0 0.0.0.3 network 42.1.1.0 0.0.0.3 area 0.0.0.1 network 54.1.1.0 0.0.0.3 network 54.2.2.0 0.0.0.3 nssa no-summary#return
1.4.5 R5的配置
[R5]dis cur[V200R003C00]# sysname R5# board add 0/1 2SA#ip local policy-based-route test#acl number 2000 rule 5 permit source 172.16.0.0 0.0.0.255 rule 10 permit source 172.16.2.0 0.0.0.255acl number 2001 rule 5 permit source 172.16.1.0 0.0.0.255 rule 10 permit source 172.16.3.0 0.0.0.255#interface Serial1/0/0 link-protocol ppp ip address 54.1.1.1 255.255.255.252#interface Serial1/0/1 link-protocol ppp ip address 54.2.2.1 255.255.255.252#interface LoopBack0 ip address 5.5.5.5 255.255.255.255#interface LoopBack1 ip address 172.16.0.1 255.255.255.0#interface LoopBack2 ip address 172.16.1.1 255.255.255.0#interface LoopBack3 ip address 172.16.2.1 255.255.255.0#interface LoopBack4 ip address 172.16.3.1 255.255.255.0#ospf 1 router-id 5.5.5.5 import-route direct route-policy r5 area 0.0.0.1 network 5.5.5.5 0.0.0.0 network 54.1.1.0 0.0.0.3 network 54.2.2.0 0.0.0.3 nssa#route-policy r5 permit node 10 if-match ip-prefix r5#ip ip-prefix r5 index 10 permit 172.16.0.0 16 greater-equal 24 less-equal 24#policy-based-route test permit node 10 if-match acl 2000 apply output-interface Serial1/0/0 policy-based-route test permit node 20 if-match acl 2001 apply output-interface Serial1/0/1 #return