XCIE-HUAWEI-双点双向引入带来的问题以及解决办法(三种)+各种路由环路
本章内容很长,建议耐心观看
先来一个环境,很常见的哈
说个故事剧情哈,我是个大学生我文采也不好,也不知道兄弟们听不听
随便啦
左边部门A右边部门B,中心信息中心
那么这一天
部门AB都来了新人,又刚好那么巧
两边的原本的ip规划都用完了,现在要加上新的
lo就代表新的地址,我懒得加上个交换机表示网段了,一样的意思
然后这个时候,部门AB的网段已经弄好了,不要管以前是怎么通的
反正现在不通
然后信息中心归你管,两边的lo(新网段已经建设宣告好了)
到了信息中心这,我们应该做啥?
很明显,这不是重分布嘛,思科是重分布,华为叫引入
没毛病
先来看正常的
直接发上来dis cu了没什么好讲解的
<R1>dis current-configuration
[V200R003C00]
#
sysname R1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
ip address 1.1.1.1 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0
#
interface LoopBack1
ip address 100.1.1.1 255.255.255.255
ospf enable 1 area 0.0.0.0
#
interface LoopBack9
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R1>
<R1>
<R1>dis ospf pe
<R1>dis ospf peer
OSPF Process 1 with Router ID 1.1.1.1
Neighbors
Area 0.0.0.0 interface 1.1.1.1(GigabitEthernet0/0/0)'s neighbors
Router ID: 2.2.2.2 Address: 1.1.1.2
State: Full Mode:Nbr is Master Priority: 1
DR: 1.1.1.1 BDR: 1.1.1.2 MTU: 0
Dead timer due in 34 sec
Retrans timer interval: 5
Neighbor is up for 03:49:29
Authentication Sequence: [ 0 ]
<R1>dis ip rou
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 GigabitEthernet
0/0/0
1.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
1.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
2.2.2.0/24 O_ASE 150 1 D 1.1.1.2 GigabitEthernet
0/0/0
100.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
200.1.1.1/32 O_ASE 150 1 D 1.1.1.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R1>
<XXZX>dis cu
<XXZX>dis current-configuration
[V200R003C00]
#
sysname XXZX
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 1
network-entity 49.0001.0000.0000.0001.00
import-route ospf 1
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
ip address 1.1.1.2 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ip address 2.2.2.1 255.255.255.0
isis enable 1
#
interface NULL0
#
ospf 1 router-id 2.2.2.2
import-route isis 1
area 0.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<XXZX> dis isis p
<XXZX>dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
0000.0000.0003 GE0/0/1 0000.0000.0003.01 Up 9s L2 64
Total Peer(s): 1
<XXZX>dis ospf pe
<XXZX>dis ospf peer
OSPF Process 1 with Router ID 2.2.2.2
Neighbors
Area 0.0.0.0 interface 1.1.1.2(GigabitEthernet0/0/0)'s neighbors
Router ID: 1.1.1.1 Address: 1.1.1.1
State: Full Mode:Nbr is Slave Priority: 1
DR: 1.1.1.1 BDR: 1.1.1.2 MTU: 0
Dead timer due in 32 sec
Retrans timer interval: 5
Neighbor is up for 03:50:13
Authentication Sequence: [ 0 ]
<XXZX>dis ip rou
<XXZX>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.2 GigabitEthernet
0/0/0
1.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
1.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
2.2.2.0/24 Direct 0 0 D 2.2.2.1 GigabitEthernet
0/0/1
2.2.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
2.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
100.1.1.1/32 OSPF 10 1 D 1.1.1.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
200.1.1.1/32 ISIS-L2 15 10 D 2.2.2.2 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<XXZX>
<R3>dis current-configuration
[V200R003C00]
#
sysname R3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 1
is-level level-2
network-entity 49.0001.0000.0000.0003.00
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
ip address 2.2.2.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0
ip address 200.1.1.1 255.255.255.255
isis enable 1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R3>dis isis p
<R3>dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
0000.0000.0001 GE0/0/0 0000.0000.0003.01 Up 29s L2 64
Total Peer(s): 1
<R3>dis ip rou
<R3>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0
2.2.2.0/24 Direct 0 0 D 2.2.2.2 GigabitEthernet
0/0/0
2.2.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
2.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
100.1.1.1/32 ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
200.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R3>
注意上面的操作叫做
单点双向引入
而且工作中很常见
补充知识
ospf里面看的是lsdb
isis也是,但是查看详细路由的方式不一样
display isis lsdb中
带*号的,都是这个本地产生的LSP对标ospf的LSA
那么查看详细的
display isis lsdb LSPID verbose
就是查看的一条的详细信息
问题来了,难道实际中就一台机器吗??备份这东西,不是超级常见吗
重点来了
双点双向重分布是有可能会引起环路的!!!
[XXZX-2]
[XXZX-2]dis cu
[V200R003C00]
sysname XXZX-2
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
clock timezone China-Standard-Time minus 08:00:00
portal local-server load flash:/portalpage.zip
drop illegal-mac alarm
wlan ac-global carrier id other ac id 0
set cpu-usage threshold 80 restore 75
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %
%
K8m.Nt84DZ}e#<0`8bmE3Uw}%
%
local-user admin service-type http
isis 1
is-level level-2
network-entity 49.0001.0000.0000.0004.00
firewall zone Local
priority 15
interface Ethernet0/0/0
interface Ethernet0/0/1
interface Ethernet0/0/2
interface Ethernet0/0/3
interface Ethernet0/0/4
interface Ethernet0/0/5
interface Ethernet0/0/6
interface Ethernet0/0/7
interface GigabitEthernet0/0/0
ip address 4.4.4.1 255.255.255.0
isis enable 1
interface GigabitEthernet0/0/1
ip address 3.3.3.2 255.255.255.0
ospf enable 1 area 0.0.0.0
interface NULL0
ospf 1
area 0.0.0.0
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
wlan ac
return
[XXZX-2]
此处我先不引入这个路由表,当然了,配置也还没做,一会边说边做
因为目前我还没引入,所以还是只能走上面的
不过,现在做哈~
目前这个就是双点双向的路由引入了
说到这,兄弟们不要照抄我配置,没用
我是讲解技术点的
如果照抄可以发现发r4没用isis和ospf邻居
因为我2和3没宣告对应的
这个懒得贴出来了
我这个可能比较枯燥
因为我有点类似讲课的进度
但是我这个很齐全很完整!
这个时候我们先来看看两个信息中心的路由表
<XXZX>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.2 GigabitEthernet
0/0/0
1.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
1.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
2.2.2.0/24 Direct 0 0 D 2.2.2.1 GigabitEthernet
0/0/1
2.2.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
2.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
3.3.3.0/24 OSPF 10 2 D 1.1.1.1 GigabitEthernet
0/0/0
4.4.4.0/24 ISIS-L2 15 20 D 2.2.2.2 GigabitEthernet
0/0/1
100.1.1.1/32 OSPF 10 1 D 1.1.1.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
200.1.1.1/32 ISIS-L2 15 10 D 2.2.2.2 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<XXZX>
---------------------------------------------------------
<XXZX-2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 OSPF 10 2 D 3.3.3.1 GigabitEthernet
0/0/1
2.2.2.0/24 ISIS-L2 15 20 D 4.4.4.4 GigabitEthernet
0/0/0
3.3.3.0/24 Direct 0 0 D 3.3.3.2 GigabitEthernet
0/0/1
3.3.3.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
3.3.3.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
4.4.4.0/24 Direct 0 0 D 4.4.4.1 GigabitEthernet
0/0/0
4.4.4.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
4.4.4.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
100.1.1.1/32 OSPF 10 1 D 3.3.3.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
200.1.1.1/32 ISIS-L2 15 10 D 4.4.4.4 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<XXZX-2>
这个是本章的重点,估计我自己都厌烦了哈哈,都多少东西了才到正文,这要是语文课本,我得被拉去打靶了
目前是没问题的
一会告诉你们为什么有问题
我们往下加一台路由器
问题出现了
为什么不通呢
他们都有彼此路由呀
为什么呢?
相信这个时候已经有人发现问题了
为什么在R3的路由表里面
192.168.1.1这条
只有一边而不是两边呢?
这就是问题所在
答案是什么?
这是什么情况呢?
环路了!!!
环路了
环路了
重要的事情说三遍
给我看好了
为什么
什么原因
首先
ISIS-L2优先级为15
OSPF外部路由O_ASE为150
那么以上图为例
为什么R1会有两条负载的去往R8的路由?
首先第一条 直连的走2/0/0 没毛病
第二条,是来自0/0/0口,那么,根据路由器防环,R2是肯定不可能从R1雪莱这条路有的
那么只能是R3
那么对于R3来说,这是怎么来的呢?
R4给的
R4怎么来的呢?
R1给的
这一串过来
到了R2对说
我左边收到192.168.1.1 OSPF的外部路由 优先级150
我右边收到192.168.1.1 isis-l2的路由 优先级15
那我路由表肯定加表优先级低的呀
没毛病
那么我就把isis的192.168.1.1传过去了,但是呢这边是ospf
所以
在r1上就能看到192.168.1.1这条负载的
所以这就是原因
那么负载的情况下,如果走了这条,不就是环路了嘛?
这个就是本章的重点,因为重分布後优先级带来的环路的原因
原理和mqc是一样的,只不过这个是路由,那个是策略,如果连着看的话肯定能很快理解的
好了,找到问题了
找到我们得解决呀,怎么干呢?
办法有两种
1.路由策略,过滤路由解决-用import里面附加route-policy
而不是用filter-policy,但是这个方法,没办法解决次优路径问题
假设现在在这个R2有一台pc去访问,192.168.1.1,那么他就不能走最优先的那边
得绕一圈,因为这个filter-polichy把他阻断了
2.使用优先级改动的办法
比如下面的是因为ISIS-L2的路由为15优先级,OSPF-ASE是因为这个150,所以选择了ISIS,那么现在,我把ISIS改大,看效果就知道了
修改优先级只是本地有效哈!!!
但是R1还是不通
他是解决了,R4没解决,而且R2也会受到影响
因为R2受影响会间接导致R4也会受到影响
为什么?
因为,R4的192.168.1.1这个路由一开始是用的ISIS的,这个优先级一改
他就会选择OSPF的,那么它传输给R1的也是OSPF
操作
R2和R4的ISIS优先级都调整到151
其实也可以改OSPF的一样的道理哈
然后目前看到的是
R2和R4都正常了,是来自OSPF的外部路由
而且在R1上也都正常了
这个时候全网ping,都是可以互通的
那么这个时候就可以形成备份了,只要他物理状态断了
因为物理状态断了,首先ip没了,其次协议肯定没了,然后路由也没了,那么这个时候
才会去走ISIS,形成备份
终于可以讲本章的重点了,TAG,标签,都1.2w字了呀妈呀
TAG呢是标签,包括VLAN呢这个,也叫打标签去标签这样
先说思路
在R5引入的外部路由打TAG,在R2和R4上,针对这一条路由,修改优先级,让他小于ISIS
就是给他个备注,然后呢,根据这个备注我们来做其他的操作
TAG
记住他的作用,一个标记
R8是始发源,那么,他在做引入的时候,带上这个名字为HCIE的route-policy
我是先做了绑定在做策略哈,然后引入的时候带上这个TAG,TAG名字为111
发送端
接收
看着,OSPF的LSDB链路状态数据库
目前来说,还是没任何变动的哈,只是加上一个标记
怎么改呢?当然还是用策略了,其他的也改不了
做完了还得挂接哈,挂哪里呢?
既然改的是OSPF,当然是在OSPF里面呀
注意,仅仅修改的是OSPF的ASE的外部路由,不过呢其实挂全局也没问题,因为其他的路由不含有TAG-111这个属性,但是针对ASE的外部路由来做,更加精细
检查
当然了,不只是一边要做,另外一边,也要做
<XXZX-2>sys
Enter system view, return user view with Ctrl+Z.
[XXZX-2]undo inf en
Info: Information center is disabled.
[XXZX-2]ospf
[XXZX-2-ospf-1]pr
[XXZX-2-ospf-1]preference a
[XXZX-2-ospf-1]preference ase rou
[XXZX-2-ospf-1]preference ase route-policy OSPF
[XXZX-2-ospf-1]
[XXZX-2-ospf-1]q
[XXZX-2]rou
[XXZX-2]route-
[XXZX-2]route-policy-change
[XXZX-2]route-policy OSPF p
[XXZX-2]route-policy OSPF permit no
[XXZX-2]route-policy OSPF permit node 10
Info: New Sequence of this List.
[XXZX-2-route-policy]if
[XXZX-2-route-policy]if-match t
[XXZX-2-route-policy]if-match tag 111
[XXZX-2-route-policy]pr
[XXZX-2-route-policy]app
[XXZX-2-route-policy]apply p
[XXZX-2-route-policy]apply preference 10
[XXZX-2-route-policy]dis ip rou pr ospf | in 192.168.1.1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 7 Routes : 7
OSPF routing table status : <Active>
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.1/32 O_ASE 10 1 D 3.3.3.1 GigabitEthernet0/0/
1
OSPF routing table status : <Inactive>
Destinations : 1 Routes : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
[XXZX-2-route-policy]
这个就是通过PBR结合TAG的解决办法
新问题又来了
假设这样呢?
左边的是解决了,右边的新来的咋办呢?
答案是不会出问题
so why???
因为
路由引入有一个点是很重要的请记住
只有路由优先级低的往高的进入可能会被覆盖
高的进入低的是没问题的
因为优先级摆在这呀
千万不要以为结束了,本章才到一半呢,现在是一万五千字
为什么这样说呢?
因为,还有环路的出现哦!
来看环境
还是他,环境不变,为什么说会出现环路呢?
假设,这个R8,故障了或者说,他不在需要重分布OSPF以外的路由进来了,在刚刚的配置下会导致环路,你们信吗
先说为什么,再做实验
假设现在,R8故障了,那就是说,收不到来自192.168.1.1这条LSA了(OSPF里面叫LSA,ISIS里面叫LSP,MPLS里面也有LSP)
那么OSPF的老化时间是多少?
3600秒
10分钟
算你hello包那个40秒维护邻居了
这40秒内
就可以造成路由环路
为什么呢?
当R1这边不泛洪这条192.168.1.1的这条LSA了
但是R2 R3 R4上面还是有的呀
然后,R2,R4对R1的就断了
收到了来自R5的ISIS的192.168.1.1
然后又回到两台信息中心R2,R4,然后这个重分布又到了R1这里
那么在R1上这条192.168.1.1的路由依然会存在,但是会变成啥呢?
指向R2或者R4其中一个
这么一来,不就是环路了嘛?
话不多说,做实验见真章,口说无凭
这个时候来看R1的路由表
这个时候,ping肯定不通,追踪
又衍生出一个新的环路问题哦~那怎么解决呢?
同理,就算R8不宣告了,我的R8的OSPF的LSDB一样会收到,你信不?
神奇吧~,他已经不是自己产生的了,是外部的来自2.2.2.2的传过来的路由
出了问题咱们就解决问题!
说个扯淡的,你重启进程肯定能解决,但是真实环境中可能么?
绝对不可能,你都不知道他挂了,甚至都不知道环路了
只是挺突然的,网络突然挂了
针对双点双向的路由引入环境的时候
当外部路由撤销的时候,可能会产生由于链路延迟的问题
导致优先级引入或者撤销LSA的情况,产生的路由环路的问题
解决办法:使用TAG作为标签,在中间的环境下,针对一个点引入的路由,在本端不在引入
啥意思呢?
上面的,你有的我就不要了
下面的,你不要的话那就我要吧
(通过人为基于TAG的策略路由来做)
其实这个有点像啥呢?
路由器的防环机制,但是他不是
从一个接口发出去的路由不会再从我这个口回来,这个是防环的
但是这个是要做成什么呢?
从我这口出去的,从我这里回来
这里先恢复环境,中间还是双点双向
下面则是正常的路由引入
解决办法
首先
从OSPF引入到ISIS的路由,打上这个TAG-100,在R2上做
那么对应的
拒绝从ISIS重分布到OSPF,并且标签为TAG-100的路由,在R4上做
可能有点难理解啊
怎么说呢
今天,X市有疫情了,这里是Y市,只要你经过X市,你的行程卡就有X市,实施永久封禁,永世不得经过Y市=当地法律=策略,但是你可以回去X市
(当然,这是路由的,是双向哈)
在R4上,从OSPF引入到ISIS的路由打上标签TAG-200
反正这个逻辑自己理解一下哈,很简单的
注意下方向哈,因为路由是双向的,那么左右都要做,并不是做一边就可以
总结一下
从左往右
A R2=信息中心主=从OSPF引入到ISIS的路由打上TAG=100=允许通过
B R2=信息中心主=从OSPF引入到ISIS的路由打上TAG=200=拒接通过
C R4=信息中心备=从ISIS引入OSPF的路由打上TAG=100=拒绝通过
D R4=信息中心备=从ISIS引入OSPF的路由打上TAG=200=`允许通过
从右往左
E R2=信息中心主=从ISIS引入到OSPF的路由打上TAG=300=允许通过
F R2=信息中心主=从ISIS引入到OSPF的路由打上TAG=400=拒绝通过
G R4=信息中心备=从OSPF到ISIS的路由打上TAG=300=拒绝通过
H R4=信息中心备=从OSPF到ISIS的路由打上TAG=400=允许通过
注意方向!!!
看着我那个图
一个一看就能理解了
条件出来了,一会配置这个PBR就简单多了,不骗你们
就怕你们绕路啊,我还特别加上了这个ABCDEFGH
注意看一组对应一组的
解释一下AC
R1始发的路由,到R2上,OSPF引入到ISIS,那么带上100的TAG
然后ISIS传输下来,到了R4,发现这路由带着TAG=100,拒绝通过
到了BD
那么到下面的收到之后转为200,TAG=200发给R1没问题,发给R2
发现TAG=200,拒绝通过,这样就肯定不会环路
以此类推哈
当然了还不够完美,还差一点就是前面做过的,至于为什么往上翻
始发打上TAG=500=R8设备
因为优先级的问题
优先级解决正常引入
TAG用来解决这个撤销回退
然后R2和R4上分别针对TAG=500的路由优先级改为10
以上就是双点双向配置过程以及带来的问题以及解决办法
接下来是这个配置了
上操作了, 慢慢看哈,很多!
这里一步一步讲解,最后会贴出来所有配置以及同款拓扑图链接,给我留个赞就行
R2-信息中心主
针对R2,这条要在ISIS里面去调用
我是按照顺序来做的,这条是针对从左到右,从OSPF到ISIS的路由的,所以要在ISIS上做
所以
这里是从左边到右边了
同理,从左到右是在ISIS里面做策略,那么从右到左自然是在OSPF下做
注意两个策略路由是不一样的,一个是针对OSPF_ASE-解决优先级
一个是解决环路-FANGHUAN-2的PBR
这里在讲讲,为什么从左到右是在ISIS下做策略,从右到左是在OSPF下做策略
因为,我们先看从左到右,在ISIS中引入OSPF的策略,然后我再ISIS的内部在泛洪,传播LSP,那么我的规则就是这个呀,那么肯定是要在发的地方做的,我再OSPF里面做是没有意义的,因为实际上是在ISIS里面运作。他才是最终者
当然,从右到左也是同理,看上面的解释即可
R4-信息中心-2
上面已经解释过了,这里不再过多解释,不懂的看上面的解释
R2和R4是同样的道理
注意哈,上面是ISIS,下面是OSPF了,为什么呢?
就是因为方向,真的这个要慢慢看,不然会晕的
R2防御红色的,R4防御绿色的
各机的路由表以及测试以及配置
先测试
配置
<R8>
<R8>dis cu
<R8>dis current-configuration
[V200R003C00]
#
sysname R8
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
ip address 10.1.1.1 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
#
interface NULL0
#
interface LoopBack0
ip address 192.168.1.1 255.255.255.255
#
ospf 1
import-route direct route-policy HCIE
area 0.0.0.0
#
route-policy HCIE permit node 10
apply tag 500
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R8>dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.1.1/24 up up
GigabitEthernet0/0/1 unassigned down down
LoopBack0 192.168.1.1/32 up up(s)
NULL0 unassigned up up(s)
<R8>dis ip rou
<R8>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 OSPF 10 2 D 10.1.1.10 GigabitEthernet
0/0/0
2.2.2.0/24 O_ASE 150 1 D 10.1.1.10 GigabitEthernet
0/0/0
3.3.3.0/24 OSPF 10 2 D 10.1.1.10 GigabitEthernet
0/0/0
4.4.4.0/24 O_ASE 150 1 D 10.1.1.10 GigabitEthernet
0/0/0
10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet
0/0/0
10.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
100.1.1.1/32 OSPF 10 1 D 10.1.1.10 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
200.1.1.1/32 O_ASE 150 1 D 10.1.1.10 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R8>dis ospf lsdb
OSPF Process 1 with Router ID 10.1.1.1
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 4.4.4.1 4.4.4.1 1665 36 80000015 1
Router 2.2.2.2 2.2.2.2 1655 36 80000015 1
Router 1.1.1.1 1.1.1.1 356 72 80000022 1
Router 10.1.1.1 10.1.1.1 355 36 80000018 1
Network 1.1.1.2 2.2.2.2 1655 32 80000013 0
Network 10.1.1.10 1.1.1.1 356 32 80000002 0
Network 3.3.3.2 4.4.4.1 1665 32 80000012 0
AS External Database
Type LinkState ID AdvRouter Age Len Sequence Metric
External 192.168.1.1 10.1.1.1 356 36 8000000F 1
External 10.1.1.0 10.1.1.1 356 36 8000000F 1
External 4.4.4.0 4.4.4.1 596 36 80000013 1
External 4.4.4.0 2.2.2.2 1248 36 80000011 1
External 2.2.2.0 2.2.2.2 1248 36 80000013 1
External 200.1.1.1 2.2.2.2 1248 36 80000013 1
<R8>
<R1>dis current-configuration
[V200R003C00]
#
sysname R1
#
board add 0/2 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
ip address 1.1.1.1 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ip address 3.3.3.1 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet2/0/0
ip address 10.1.1.10 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface NULL0
#
interface LoopBack0
#
interface LoopBack1
ip address 100.1.1.1 255.255.255.255
ospf enable 1 area 0.0.0.0
#
interface LoopBack9
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R1>dis ip rou
<R1>dis ip routing-tabl
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 18 Routes : 19
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 GigabitEthernet
0/0/0
1.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
1.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
2.2.2.0/24 O_ASE 150 1 D 1.1.1.2 GigabitEthernet
0/0/0
3.3.3.0/24 Direct 0 0 D 3.3.3.1 GigabitEthernet
0/0/1
3.3.3.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
3.3.3.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
4.4.4.0/24 O_ASE 150 1 D 3.3.3.2 GigabitEthernet
0/0/1
O_ASE 150 1 D 1.1.1.2 GigabitEthernet
0/0/0
10.1.1.0/24 Direct 0 0 D 10.1.1.10 GigabitEthernet
2/0/0
10.1.1.10/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
2/0/0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
2/0/0
100.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.1/32 O_ASE 150 1 D 10.1.1.1 GigabitEthernet
2/0/0
200.1.1.1/32 O_ASE 150 1 D 1.1.1.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R1>dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 7
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 7
The number of interface that is DOWN in Protocol is 0
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 1.1.1.1/24 up up
GigabitEthernet0/0/1 3.3.3.1/24 up up
GigabitEthernet2/0/0 10.1.1.10/24 up up
LoopBack0 unassigned up up(s)
LoopBack1 100.1.1.1/32 up up(s)
LoopBack9 unassigned up up(s)
NULL0 unassigned up up(s)
<R1>dis ospf lsdb
OSPF Process 1 with Router ID 1.1.1.1
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 4.4.4.1 4.4.4.1 1705 36 80000015 1
Router 2.2.2.2 2.2.2.2 1695 36 80000015 1
Router 1.1.1.1 1.1.1.1 396 72 80000022 1
Router 10.1.1.1 10.1.1.1 397 36 80000018 1
Network 1.1.1.2 2.2.2.2 1695 32 80000013 0
Network 10.1.1.10 1.1.1.1 396 32 80000002 0
Network 3.3.3.2 4.4.4.1 1705 32 80000012 0
AS External Database
Type LinkState ID AdvRouter Age Len Sequence Metric
External 192.168.1.1 10.1.1.1 398 36 8000000F 1
External 4.4.4.0 4.4.4.1 636 36 80000013 1
External 4.4.4.0 2.2.2.2 1288 36 80000011 1
External 2.2.2.0 2.2.2.2 1288 36 80000013 1
External 10.1.1.0 10.1.1.1 398 36 8000000F 1
External 200.1.1.1 2.2.2.2 1288 36 80000013 1
<R1>dis rou
<R1>dis route-policy
<R1>
<XXZX>dis cu
<XXZX>dis current-configuration
[V200R003C00]
#
sysname XXZX
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 1
network-entity 49.0001.0000.0000.0001.00
import-route ospf 1 route-policy FANGHUAN
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
ip address 1.1.1.2 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface GigabitEthernet0/0/1
ip address 2.2.2.1 255.255.255.0
isis enable 1
#
interface NULL0
#
ospf 1 router-id 2.2.2.2
import-route isis 1 route-policy FANGHUAN-2
preference ase route-policy OSPF 150
area 0.0.0.0
#
route-policy OSPF permit node 10
if-match tag 500
apply preference 10
#
route-policy FANGHUAN deny node 10
if-match tag 200
#
route-policy FANGHUAN permit node 20
apply tag 100
#
route-policy FANGHUAN-2 deny node 10
if-match tag 400
#
route-policy FANGHUAN-2 permit node 20
apply tag 300
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<XXZX>
<XXZX>dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 0
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 1.1.1.2/24 up up
GigabitEthernet0/0/1 2.2.2.1/24 up up
NULL0 unassigned up up(s)
<XXZX>dis ip rou
<XXZX>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.2 GigabitEthernet
0/0/0
1.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
1.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
2.2.2.0/24 Direct 0 0 D 2.2.2.1 GigabitEthernet
0/0/1
2.2.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
2.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
3.3.3.0/24 OSPF 10 2 D 1.1.1.1 GigabitEthernet
0/0/0
4.4.4.0/24 ISIS-L2 15 20 D 2.2.2.2 GigabitEthernet
0/0/1
10.1.1.0/24 OSPF 10 2 D 1.1.1.1 GigabitEthernet
0/0/0
100.1.1.1/32 OSPF 10 1 D 1.1.1.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.1/32 O_ASE 10 1 D 1.1.1.1 GigabitEthernet
0/0/0
200.1.1.1/32 ISIS-L2 15 10 D 2.2.2.2 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<XXZX>dis ospf lsdb
OSPF Process 1 with Router ID 2.2.2.2
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 4.4.4.1 4.4.4.1 1789 36 80000015 1
Router 2.2.2.2 2.2.2.2 1776 36 80000015 1
Router 1.1.1.1 1.1.1.1 479 72 80000022 1
Router 10.1.1.1 10.1.1.1 480 36 80000018 1
Network 1.1.1.2 2.2.2.2 1776 32 80000013 0
Network 10.1.1.10 1.1.1.1 480 32 80000002 0
Network 3.3.3.2 4.4.4.1 1789 32 80000012 0
AS External Database
Type LinkState ID AdvRouter Age Len Sequence Metric
External 4.4.4.0 2.2.2.2 1369 36 80000011 1
External 2.2.2.0 2.2.2.2 1369 36 80000013 1
External 200.1.1.1 2.2.2.2 1369 36 80000013 1
External 192.168.1.1 10.1.1.1 481 36 8000000F 1
External 4.4.4.0 4.4.4.1 719 36 80000013 1
External 10.1.1.0 10.1.1.1 481 36 8000000F 1
<XXZX>dis isis lsdb ve
<XXZX>dis isis lsdb verbose
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00* 0x0000002b 0xfa86 1121 56 0/0/0
SOURCE 0000.0000.0001.00
NLPID IPV4
AREA ADDR 49.0001
INTF ADDR 2.2.2.1
IP-Internal 2.2.2.0 255.255.255.0 COST: 10
Total LSP(s): 1
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00* 0x0000002d 0x1fc2 1121 70 0/0/0
SOURCE 0000.0000.0001.00
NLPID IPV4
AREA ADDR 49.0001
INTF ADDR 2.2.2.1
NBR ID 0000.0000.0003.01 COST: 10
IP-Internal 2.2.2.0 255.255.255.0 COST: 10
0000.0000.0001.00-01* 0x00000030 0xa9ae 1121 89 0/0/0
SOURCE 0000.0000.0001.00
IP-External 1.1.1.0 255.255.255.0 COST: 64
IP-External 3.3.3.0 255.255.255.0 COST: 64
IP-External 10.1.1.0 255.255.255.0 COST: 64
IP-External 100.1.1.1 255.255.255.255 COST: 64
IP-External 192.168.1.1 255.255.255.255 COST: 64
0000.0000.0003.00-00 0x0000002d 0x570b 653 113 0/0/0
SOURCE 0000.0000.0003.00
NLPID IPV4
AREA ADDR 49.0001
INTF ADDR 200.1.1.1
INTF ADDR 4.4.4.4
INTF ADDR 2.2.2.2
NBR ID 0000.0000.0003.02 COST: 10
NBR ID 0000.0000.0003.01 COST: 10
IP-Internal 200.1.1.1 255.255.255.255 COST: 0
IP-Internal 4.4.4.0 255.255.255.0 COST: 10
IP-Internal 2.2.2.0 255.255.255.0 COST: 10
0000.0000.0003.01-00 0x00000027 0x6101 653 55 0/0/0
SOURCE 0000.0000.0003.01
NLPID IPV4
NBR ID 0000.0000.0003.00 COST: 0
NBR ID 0000.0000.0001.00 COST: 0
0000.0000.0003.02-00 0x00000027 0xaeaf 653 55 0/0/0
SOURCE 0000.0000.0003.02
NLPID IPV4
NBR ID 0000.0000.0003.00 COST: 0
NBR ID 0000.0000.0004.00 COST: 0
0000.0000.0004.00-00 0x0000002b 0xb023 643 70 0/0/0
SOURCE 0000.0000.0004.00
NLPID IPV4
AREA ADDR 49.0001
INTF ADDR 4.4.4.1
NBR ID 0000.0000.0003.02 COST: 10
IP-Internal 4.4.4.0 255.255.255.0 COST: 10
0000.0000.0004.00-01 0x0000002d 0x97c0 714 89 0/0/0
SOURCE 0000.0000.0004.00
IP-External 1.1.1.0 255.255.255.0 COST: 64
IP-External 3.3.3.0 255.255.255.0 COST: 64
IP-External 10.1.1.0 255.255.255.0 COST: 64
IP-External 100.1.1.1 255.255.255.255 COST: 64
IP-External 192.168.1.1 255.255.255.255 COST: 64
Total LSP(s): 7
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
<XXZX> dis rou
<XXZX>dis route-policy
Route-policy : OSPF
permit : 10 (matched counts: 2)
Match clauses :
if-match tag 500
Apply clauses :
apply preference 10
Route-policy : FANGHUAN
deny : 10 (matched counts: 0)
Match clauses :
if-match tag 200
permit : 20 (matched counts: 6)
Apply clauses :
apply tag 100
Route-policy : FANGHUAN-2
deny : 10 (matched counts: 0)
Match clauses :
if-match tag 400
permit : 20 (matched counts: 7)
Apply clauses :
apply tag 300
<XXZX>
<XXZX-2>dis cu
[V200R003C00]
#
sysname XXZX-2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 1
is-level level-2
network-entity 49.0001.0000.0000.0004.00
import-route ospf 1 route-policy FANGHUAN-2
preference 151
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
ip address 4.4.4.1 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
ip address 3.3.3.2 255.255.255.0
ospf enable 1 area 0.0.0.0
#
interface NULL0
#
ospf 1
import-route isis 1 route-policy FANGHUAN
preference ase route-policy OSPF 150
area 0.0.0.0
#
route-policy OSPF permit node 10
if-match tag 500
apply preference 10
#
route-policy FANGHUAN deny node 10
if-match tag 100
#
route-policy FANGHUAN permit node 20
apply tag 200
#
route-policy FANGHUAN-2 deny node 10
if-match tag 300
#
route-policy FANGHUAN-2 permit node 20
apply tag 400
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<XXZX-2>
<XXZX-2>dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 0
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 4.4.4.1/24 up up
GigabitEthernet0/0/1 3.3.3.2/24 up up
NULL0 unassigned up up(s)
<XXZX-2>dis ip rou
<XXZX-2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 OSPF 10 2 D 3.3.3.1 GigabitEthernet
0/0/1
2.2.2.0/24 O_ASE 150 1 D 3.3.3.1 GigabitEthernet
0/0/1
3.3.3.0/24 Direct 0 0 D 3.3.3.2 GigabitEthernet
0/0/1
3.3.3.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
3.3.3.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
4.4.4.0/24 Direct 0 0 D 4.4.4.1 GigabitEthernet
0/0/0
4.4.4.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
4.4.4.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.1.1.0/24 OSPF 10 2 D 3.3.3.1 GigabitEthernet
0/0/1
100.1.1.1/32 OSPF 10 1 D 3.3.3.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.1/32 O_ASE 10 1 D 3.3.3.1 GigabitEthernet
0/0/1
200.1.1.1/32 O_ASE 150 1 D 3.3.3.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<XXZX-2>dis ospf lsdb
OSPF Process 1 with Router ID 4.4.4.1
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 4.4.4.1 4.4.4.1 92 36 80000016 1
Router 2.2.2.2 2.2.2.2 84 36 80000016 1
Router 1.1.1.1 1.1.1.1 584 72 80000022 1
Router 10.1.1.1 10.1.1.1 585 36 80000018 1
Network 1.1.1.2 2.2.2.2 84 32 80000014 0
Network 10.1.1.10 1.1.1.1 585 32 80000002 0
Network 3.3.3.2 4.4.4.1 92 32 80000013 0
AS External Database
Type LinkState ID AdvRouter Age Len Sequence Metric
External 4.4.4.0 4.4.4.1 822 36 80000013 1
External 192.168.1.1 10.1.1.1 586 36 8000000F 1
External 4.4.4.0 2.2.2.2 1476 36 80000011 1
External 2.2.2.0 2.2.2.2 1476 36 80000013 1
External 10.1.1.0 10.1.1.1 586 36 8000000F 1
External 200.1.1.1 2.2.2.2 1476 36 80000013 1
<XXZX-2>dis isis lsdb ver
Database information for ISIS(1)
--------------------------------
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00 0x0000002d 0x1fc2 1009 70 0/0/0
SOURCE 0000.0000.0001.00
NLPID IPV4
AREA ADDR 49.0001
INTF ADDR 2.2.2.1
NBR ID 0000.0000.0003.01 COST: 10
IP-Internal 2.2.2.0 255.255.255.0 COST: 10
0000.0000.0001.00-01 0x00000030 0xa9ae 1009 89 0/0/0
SOURCE 0000.0000.0001.00
IP-External 1.1.1.0 255.255.255.0 COST: 64
IP-External 3.3.3.0 255.255.255.0 COST: 64
IP-External 10.1.1.0 255.255.255.0 COST: 64
IP-External 100.1.1.1 255.255.255.255 COST: 64
IP-External 192.168.1.1 255.255.255.255 COST: 64
0000.0000.0003.00-00 0x0000002d 0x570b 542 113 0/0/0
SOURCE 0000.0000.0003.00
NLPID IPV4
AREA ADDR 49.0001
INTF ADDR 200.1.1.1
INTF ADDR 4.4.4.4
INTF ADDR 2.2.2.2
NBR ID 0000.0000.0003.02 COST: 10
NBR ID 0000.0000.0003.01 COST: 10
IP-Internal 200.1.1.1 255.255.255.255 COST: 0
IP-Internal 4.4.4.0 255.255.255.0 COST: 10
IP-Internal 2.2.2.0 255.255.255.0 COST: 10
0000.0000.0003.01-00 0x00000027 0x6101 541 55 0/0/0
SOURCE 0000.0000.0003.01
NLPID IPV4
NBR ID 0000.0000.0003.00 COST: 0
NBR ID 0000.0000.0001.00 COST: 0
0000.0000.0003.02-00 0x00000027 0xaeaf 541 55 0/0/0
SOURCE 0000.0000.0003.02
NLPID IPV4
NBR ID 0000.0000.0003.00 COST: 0
NBR ID 0000.0000.0004.00 COST: 0
0000.0000.0004.00-00* 0x0000002b 0xb023 535 70 0/0/0
SOURCE 0000.0000.0004.00
NLPID IPV4
AREA ADDR 49.0001
INTF ADDR 4.4.4.1
NBR ID 0000.0000.0003.02 COST: 10
IP-Internal 4.4.4.0 255.255.255.0 COST: 10
0000.0000.0004.00-01* 0x0000002d 0x97c0 605 89 0/0/0
SOURCE 0000.0000.0004.00
IP-External 1.1.1.0 255.255.255.0 COST: 64
IP-External 3.3.3.0 255.255.255.0 COST: 64
IP-External 10.1.1.0 255.255.255.0 COST: 64
IP-External 100.1.1.1 255.255.255.255 COST: 64
IP-External 192.168.1.1 255.255.255.255 COST: 64
Total LSP(s): 7
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
<XXZX-2>dis rou
<XXZX-2>dis route-policy
Route-policy : OSPF
permit : 10 (matched counts: 2)
Match clauses :
if-match tag 500
Apply clauses :
apply preference 10
Route-policy : FANGHUAN
deny : 10 (matched counts: 0)
Match clauses :
if-match tag 100
permit : 20 (matched counts: 3)
Apply clauses :
apply tag 200
Route-policy : FANGHUAN-2
deny : 10 (matched counts: 3)
Match clauses :
if-match tag 300
permit : 20 (matched counts: 6)
Apply clauses :
apply tag 400
<XXZX-2>
<R3>dis current-configuration
[V200R003C00]
#
sysname R3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 1
is-level level-2
network-entity 49.0001.0000.0000.0003.00
#
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
ip address 2.2.2.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
ip address 4.4.4.4 255.255.255.0
isis enable 1
#
interface NULL0
#
interface LoopBack0
ip address 200.1.1.1 255.255.255.255
isis enable 1
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<R3> dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 0
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 2.2.2.2/24 up up
GigabitEthernet0/0/1 4.4.4.4/24 up up
LoopBack0 200.1.1.1/32 up up(s)
NULL0 unassigned up up(s)
<R3>dis ip rou
<R3>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 21
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0
ISIS-L2 15 74 D 4.4.4.1 GigabitEthernet
0/0/1
2.2.2.0/24 Direct 0 0 D 2.2.2.2 GigabitEthernet
0/0/0
2.2.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
2.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
3.3.3.0/24 ISIS-L2 15 74 D 4.4.4.1 GigabitEthernet
0/0/1
ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0
4.4.4.0/24 Direct 0 0 D 4.4.4.4 GigabitEthernet
0/0/1
4.4.4.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
4.4.4.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.1.1.0/24 ISIS-L2 15 74 D 4.4.4.1 GigabitEthernet
0/0/1
ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0
100.1.1.1/32 ISIS-L2 15 74 D 4.4.4.1 GigabitEthernet
0/0/1
ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.1/32 ISIS-L2 15 74 D 4.4.4.1 GigabitEthernet
0/0/1
ISIS-L2 15 74 D 2.2.2.1 GigabitEthernet
0/0/0
200.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R3> dis isis lsdb ve
<R3>dis isis lsdb verbose
Database information for ISIS(1)
--------------------------------
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00 0x0000002d 0x1fc2 893 70 0/0/0
SOURCE 0000.0000.0001.00
NLPID IPV4
AREA ADDR 49.0001
INTF ADDR 2.2.2.1
NBR ID 0000.0000.0003.01 COST: 10
IP-Internal 2.2.2.0 255.255.255.0 COST: 10
0000.0000.0001.00-01 0x00000030 0xa9ae 893 89 0/0/0
SOURCE 0000.0000.0001.00
IP-External 1.1.1.0 255.255.255.0 COST: 64
IP-External 3.3.3.0 255.255.255.0 COST: 64
IP-External 10.1.1.0 255.255.255.0 COST: 64
IP-External 100.1.1.1 255.255.255.255 COST: 64
IP-External 192.168.1.1 255.255.255.255 COST: 64
0000.0000.0003.00-00* 0x0000002d 0x570b 427 113 0/0/0
SOURCE 0000.0000.0003.00
NLPID IPV4
AREA ADDR 49.0001
INTF ADDR 200.1.1.1
INTF ADDR 4.4.4.4
INTF ADDR 2.2.2.2
NBR ID 0000.0000.0003.02 COST: 10
NBR ID 0000.0000.0003.01 COST: 10
IP-Internal 200.1.1.1 255.255.255.255 COST: 0
IP-Internal 4.4.4.0 255.255.255.0 COST: 10
IP-Internal 2.2.2.0 255.255.255.0 COST: 10
0000.0000.0003.01-00* 0x00000027 0x6101 427 55 0/0/0
SOURCE 0000.0000.0003.01
NLPID IPV4
NBR ID 0000.0000.0003.00 COST: 0
NBR ID 0000.0000.0001.00 COST: 0
0000.0000.0003.02-00* 0x00000027 0xaeaf 427 55 0/0/0
SOURCE 0000.0000.0003.02
NLPID IPV4
NBR ID 0000.0000.0003.00 COST: 0
NBR ID 0000.0000.0004.00 COST: 0
0000.0000.0004.00-00 0x0000002b 0xb023 419 70 0/0/0
SOURCE 0000.0000.0004.00
NLPID IPV4
AREA ADDR 49.0001
INTF ADDR 4.4.4.1
NBR ID 0000.0000.0003.02 COST: 10
IP-Internal 4.4.4.0 255.255.255.0 COST: 10
0000.0000.0004.00-01 0x0000002d 0x97c0 489 89 0/0/0
SOURCE 0000.0000.0004.00
IP-External 1.1.1.0 255.255.255.0 COST: 64
IP-External 3.3.3.0 255.255.255.0 COST: 64
IP-External 10.1.1.0 255.255.255.0 COST: 64
IP-External 100.1.1.1 255.255.255.255 COST: 64
IP-External 192.168.1.1 255.255.255.255 COST: 64
Total LSP(s): 7
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
<R3>
链接:https://pan.baidu.com/s/1FPam2fs4T6PvVfz0FCoxPg?pwd=CCIE
提取码:CCIE
–来自百度网盘超级会员V4的分享
对应ENSP拓扑图( 含配置)
牛的,四万多字,估计官方文档都没我这么多字,能看到这肯定铁粉了,留个赞谢谢啦~