十六、CCNP-路由策略

16.1 被动接口:Passive-interface

需要在路由选择进程下配置

  • 将某个接口配置为被动接口;
  • 将所有接口配置为被动接口,然后将某个接口取消被动接口配置。

16.2 管理距离

16.2.1 用于

常见路由协议的管理距离,默认值

可以做调整

  • 如R2同时运行EIGRP和OSPF路由,R2分别从量表获取到了去往2个目的地的4条路由,这是就存在去往同一个目的地的选择哪一条路由的情况;
  • 如默认情况下EIGRP是90,而OSPF是110,这是EIGRP的路由更优,这是R2去往目的地的路由下一跳始终指向R1。只有当R1挂掉或者路径不可达是,才会走R3。
  • 我们希望实现一定路径的分流,希望去往1.1.1.0走EIGRP,去往11.11.11.0走OSPF,并且当一边设备DOWN时,流量可以自动切换到另一边,既互为热备又实现数据分流。
  • 这时就可以通过控制管理距离来实现热备和分流。这时可以在R2上做一些配置影响路由的走向,注意这种在R2上调整AD值只在R2上有效,在其他设备上还是默认值。
  • R3和R4同时运行OSPF和RIP协议,R3从OSPF重分布到RIP,这时R3给R5再到R4,R3过来的RIP网段的路由会被发送给R4,但是R4已经通过OSPF学到了这些路由,并且R4会将学到的路由和R5发的路由进行比较,这是由于AD值大,R4会选择OSPF自己学到的路由。这时R4也做重发布,这时R5看到的OSPF网段就是负载均衡,即从小AD双点发布到大AD发布的没问题。
  • 反过来,R3将RIP路由重发布到OSPF,如将5.5.5.0注入到OSPF中,路由会经由R1、R2发送到R4,这时R4同时从OSPF和RIP学到了5.5.5.0的路由,这时R4会忽略RIP,而留着OSPF路由,保留了次优路径,因为OSPF的AD值小。同时R4也重发布进OSPF,由于R4已经没有5.5.5.0的RIP路由,这是重分发也就失败了,毕竟这条5.5.5.0被覆盖了。

16.2.2 试验

双点双向重分发试验,R1,R2,R3为OSPF,R2,R3,R4为RIP。R1的LOOKBACK接口分发进OSPF,R4的LOOKBACK接口分发进RIP

16.2.2.1 基础配置

R1接口配置

R1#conf t
R1(config)#interface serial 0/0
R1(config-if)#ip address 10.1.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface serial 0/1
R1(config-if)#ip address 10.1.13.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit

R1 LOOKBACK接口配置

R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#no shutdown

R1 OSPF配置

R1#conf t
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.1.12.1 0.0.0.0 area 0
R1(config-router)#network 10.1.13.1 0.0.0.0 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#end

R1(config)#interface loopback 0
R1(config-if)#ip ospf network point-to-point

R2路由器基础配置

R2#conf t
R2(config)#interface serial 0/0
R2(config-if)#ip address 10.1.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 0/1
R2(config-if)#ip address 10.1.24.2 255.255.255.0
R2(config-if)#no shutdown

R2 OSPF配置

R2#conf t
R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 10.1.12.2 0.0.0.0 area 0

R2 RIP配置

R2#conf t
R2(config)#router rip
R2(config-router)#network 10.0.0.0
R2(config-router)#version 2
R2(config-router)#no auto-summary

R3基础配置

R3#conf t
R3(config)#interface serial 0/0
R3(config-if)#ip address 10.1.13.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface serial 0/1
R3(config-if)#ip address 10.1.34.3 255.255.255.0
R3(config-if)#no shutdown

R3 OSPF配置

R3#conf t
R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 10.1.13.3 0.0.0.0 area 0

R3 RIP配置

R3#conf t
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 10.0.0.0

R4基础配置

R4#conf t
R4(config)#interface serial 0/0
R4(config-if)#ip address 10.1.24.4 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#exit
R4(config)#interface serial 0/1
R4(config-if)#ip address 10.1.34.4 255.255.255.0
R4(config-if)#no shutdown

R4 RIP配置

R4#conf t
R4(config)#router rip
R4(config-router)#version 2
R4(config-router)#no auto-summary
R4(config-router)#network 10.0.0.0

R4 LOOKBACK配置

R4#conf t
R4(config)#interface loopback 0
R4(config-if)#ip address 4.4.4.4 255.255.255.0
R4(config-if)#no shutdown

R4 RIP配置

R4#conf t
R4(config)#router rip
R4(config-router)#network 4.4.4.4
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/65] via 10.1.12.1, 00:16:07, Serial0/0
     4.0.0.0/24 is subnetted, 1 subnets
R       4.4.4.0 [120/1] via 10.1.24.4, 00:00:22, Serial0/1
     10.0.0.0/24 is subnetted, 4 subnets
O       10.1.13.0 [110/128] via 10.1.12.1, 00:16:07, Serial0/0
C       10.1.12.0 is directly connected, Serial0/0
C       10.1.24.0 is directly connected, Serial0/1
R       10.1.34.0 [120/1] via 10.1.24.4, 00:00:22, Serial0/1

R2的1.1.1.1从OSPF学到,AD值为110

R2的4.4.4.4从RIP学到,AD值为120

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/65] via 10.1.13.1, 00:16:33, Serial0/0
     4.0.0.0/24 is subnetted, 1 subnets
R       4.4.4.0 [120/1] via 10.1.34.4, 00:00:12, Serial0/1
     10.0.0.0/24 is subnetted, 4 subnets
C       10.1.13.0 is directly connected, Serial0/0
O       10.1.12.0 [110/128] via 10.1.13.1, 00:16:33, Serial0/0
R       10.1.24.0 [120/1] via 10.1.34.4, 00:00:12, Serial0/1
C       10.1.34.0 is directly connected, Serial0/1

R3的1.1.1.1从OSPF学到,AD值为110

R3的4.4.4.4从RIP学到,AD值为120

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.13.0 is directly connected, Serial0/1
C       10.1.12.0 is directly connected, Serial0/0

R1上没有4.4.4.4的路由,还没有重分发

R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 4 subnets
R       10.1.13.0 [120/1] via 10.1.34.3, 00:00:12, Serial0/1
R       10.1.12.0 [120/1] via 10.1.24.2, 00:00:23, Serial0/0
C       10.1.24.0 is directly connected, Serial0/0
C       10.1.34.0 is directly connected, Serial0/1

R4上没有1.1.1.1的路由,还没有重分发

16.2.2.2 OSPF双点分发进RIP

将OSPF双点重分发到RIP中,让R4获取1.1.1.1的路由

R2上重分发

R2#conf t
R2(config)#rou
R2(config)#router rip
R2(config-router)#redistribute ospf 1 metric 2
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 10.1.24.2, 00:00:19, Serial0/0
     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 4 subnets
R       10.1.13.0 [120/1] via 10.1.34.3, 00:00:25, Serial0/1
R       10.1.12.0 [120/1] via 10.1.24.2, 00:00:19, Serial0/0
C       10.1.24.0 is directly connected, Serial0/0
C       10.1.34.0 is directly connected, Serial0/1

这是R4上就已经有1.1.1.1的路由了

R3重分发

R3#conf t
R3(config)#router rip
R3(config-router)#redistribute ospf 1 metric 2
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 10.1.34.3, 00:00:09, Serial0/1
                [120/2] via 10.1.24.2, 00:00:06, Serial0/0
     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 4 subnets
R       10.1.13.0 [120/1] via 10.1.34.3, 00:00:11, Serial0/1
R       10.1.12.0 [120/1] via 10.1.24.2, 00:00:06, Serial0/0
C       10.1.24.0 is directly connected, Serial0/0
C       10.1.34.0 is directly connected, Serial0/1

这时R4将去往1.1.1.1的两个下一跳都装进路由表,负载均衡

这是一切正常,从AD值小的路由分发进AD值大的路由,不会出现问题。

16.2.2.3 RIP双点分发进OSPF

R2接下来将RIP重分发进OSPF

R2#configure terminal
R2(config)#router os
R2(config)#router ospf 1
R2(config-router)#redistribute rip subnets
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     4.0.0.0/24 is subnetted, 1 subnets
O E2    4.4.4.0 [110/20] via 10.1.12.2, 00:00:15, Serial0/0
     10.0.0.0/24 is subnetted, 4 subnets
C       10.1.13.0 is directly connected, Serial0/1
C       10.1.12.0 is directly connected, Serial0/0
O E2    10.1.24.0 [110/20] via 10.1.12.2, 00:00:15, Serial0/0
O E2    10.1.34.0 [110/20] via 10.1.12.2, 00:00:15, Serial0/0

R1上有了4.4.4.4的路由,OSPF学过来的

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
O       1.1.1.0 [110/65] via 10.1.13.1, 00:00:54, Serial0/0
     4.0.0.0/24 is subnetted, 1 subnets
O E2    4.4.4.0 [110/20] via 10.1.13.1, 00:00:54, Serial0/0
     10.0.0.0/24 is subnetted, 4 subnets
C       10.1.13.0 is directly connected, Serial0/0
O       10.1.12.0 [110/128] via 10.1.13.1, 00:00:54, Serial0/0
O E2    10.1.24.0 [110/20] via 10.1.13.1, 00:00:54, Serial0/0
C       10.1.34.0 is directly connected, Serial0/1

可是R3中关于4.4.4.4的路由是OSPF的,不再是RIP的,即R3去往R4是绕道R1和R2去的,形成次优路径。

这是如果还从R3将RIP路由重发进OSPF,则会失败,R1上依旧只能看见去往4.4.4.4的一侧路由。

R3#conf t
R3(config)#access-list 1 permit 4.4.4.0
R3(config-router)#distance 100 10.1.34.4 0.0.0.0 1

R4给的被ACL匹配的AD值改为100,这时即使收到OSPF的路由,默认110,OSPF也会被干掉,保留100的路由。

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
O       1.1.1.0 [110/65] via 10.1.13.1, 00:06:54, Serial0/0
     4.0.0.0/24 is subnetted, 1 subnets
R       4.4.4.0 [100/1] via 10.1.34.4, 00:00:01, Serial0/1
     10.0.0.0/24 is subnetted, 4 subnets
C       10.1.13.0 is directly connected, Serial0/0
O       10.1.12.0 [110/128] via 10.1.13.1, 00:06:54, Serial0/0
O E2    10.1.24.0 [110/20] via 10.1.13.1, 00:06:54, Serial0/0
C       10.1.34.0 is directly connected, Serial0/1

这时正常了,R3直接通过RIP到R4,而不需要OSPF绕道到R4。

R3接下来将RIP重分发进OSPF

R3#conf t
R3(config)#router ospf 1
R3(config-router)#redistribute rip subnets

接着在R3上重分发可以成功,因为4.4.4.4没有被覆盖。

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     4.0.0.0/24 is subnetted, 1 subnets
O E2    4.4.4.0 [110/20] via 10.1.13.3, 00:05:14, Serial0/1
     10.0.0.0/24 is subnetted, 4 subnets
C       10.1.13.0 is directly connected, Serial0/1
C       10.1.12.0 is directly connected, Serial0/0
O E2    10.1.24.0 [110/20] via 10.1.12.2, 00:05:14, Serial0/0
O E2    10.1.34.0 [110/20] via 10.1.13.3, 00:05:14, Serial0/1

R2上也做一个AD控制

R2#conf t
R2(config)#access-list 1 permit 4.4.4.0
R2(config)#router rip
R2(config-router)#distance 100 10.1.24.4 0.0.0.0 1
R1#clear ip route *

R1#clear ip route *

先清空路由表

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     4.0.0.0/24 is subnetted, 1 subnets
O E2    4.4.4.0 [110/20] via 10.1.13.3, 00:00:05, Serial0/1
                [110/20] via 10.1.12.2, 00:00:05, Serial0/0
     10.0.0.0/24 is subnetted, 4 subnets
C       10.1.13.0 is directly connected, Serial0/1
C       10.1.12.0 is directly connected, Serial0/0
O E2    10.1.24.0 [110/20] via 10.1.12.2, 00:00:05, Serial0/0
O E2    10.1.34.0 [110/20] via 10.1.13.3, 00:00:07, Serial0/1

R1去往4.4.4.4的负载均衡路由

16.3 Route-map

比ACL强

  • 去往办公服务器的流量主走左边,当左边DOWN掉时,从右边走;
  • 去往生产服务器的流量主走右边,当右边DOWN掉时,从左边走;
  • RouterMap动态感知远方状态UP还是DOWN。

16.3.1 用途

广泛应用于数据分流或者高冗余性;

和ACL类似,test为名,permit接块号。

按序号如10,20进行跳

可以match的栏目

Set栏目

Match和set的整合,X2和X3是或,X1和X2、X3是与。

  • 定义ACL,用来匹配路由。
  • 重发布时,发布route-map 名。表示引入的路由,都会从MAP中过一遍。

16.3.2 试验1:重分发

R3重发布LOOKBACK地址进OSPF,让R2学到,R2将OSPF重分发进RIP,让R1能学到,同时在R2上重分发时做MAP策略。

16.3.2.1 基础配置

R1配置,设置IP地址,宣告RIP路由

R1#conf ter
R1(config)#interface  serial 0/0
R1(config-if)#ip address 10.1.12.1 255.255.255.0 
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 10.0.0.0
R1(config-router)#end

R2配置,设置IP地址

R2#conf t
R2(config)#interface serial 0/0
R2(config-if)#ip address 10.1.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 0/1
R2(config-if)#ip address 10.1.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit

宣告RIP和OSPF路由

R2#conf t
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 10.0.0.0

R2#conf t
R2(config)#router ospf 1
R2(config-router)#network 10.1.23.2 0.0.0.0 area 0

R3配置,设置地址

R3#conf t
R3(config)#interface serial 0/0
R3(config-if)#ip address 10.1.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit

宣告OSPF路由

R3(config)#router ospf 1
R3(config-router)#network 10.1.23.3 0.0.0.0 area 0
R3(config-router)#end

设置两个LOOKBACK地址

R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config-if)#no shutdown

R3(config)#interface loopback 1
R3(config-if)#ip address 33.33.33.33 255.255.255.0
R3(config-if)#no shutdown

使用直连方式重分布LOOKBACK地址进OSPF

R3(config)#router ospf 1
R3(config-router)#redistribute connected subnets
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     33.0.0.0/24 is subnetted, 1 subnets
O E2    33.33.33.0 [110/20] via 10.1.23.3, 00:01:01, Serial0/1
     3.0.0.0/24 is subnetted, 1 subnets
O E2    3.3.3.0 [110/20] via 10.1.23.3, 00:01:01, Serial0/1
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
C       10.1.23.0 is directly connected, Serial0/1

这是,R2上都有LOOKBACK路由

R1#show
*Mar  1 00:14:51.295: %SYS-5-CONFIG_I: Configured from console by console
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
R       10.1.23.0 [120/1] via 10.1.12.2, 00:00:11, Serial0/0

R1上没有LOOKBACK路由

16.3.2.2 Route-map策略

将R3的两条LOOKBACK分别设置METRIC值,并引入RIP

创建ACL

R2#conf t
R2(config)#access-list 1 permit 3.3.3.0
R2(config)#access-list 2 permit 33.33.33.0.

写ACL是,需要和路由表的前缀一致,比如此处是3.3.3.0,而不是3.3.3.3。因为标准的ACK匹配路由时,只匹配前缀,不能匹配掩码。扩展的ACK则不一样。

创建ROUTE-MAP,匹配ACL,并设置METRIC值

R2(config)#route-map test permit 10
R2(config-route-map)#match ip address 1
R2(config-route-map)#set metric 2
R2(config-route-map)#exit

R2(config)#route-map test permit 20
R2(config-route-map)#match ip address 2
R2(config-route-map)#set metric 3

需要启用MAP,由于是将OSPF重发布进RIP,所以需要进入RIP进程操作

R2(config)#router rip
R2(config-router)#redistribute ospf 1 route-map test

这是OSPF路由就会重发布进RIP,并且对应符合ACL的路由会设置METRIC值。

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     33.0.0.0/24 is subnetted, 1 subnets
R       33.33.33.0 [120/3] via 10.1.12.2, 00:00:10, Serial0/0
     3.0.0.0/24 is subnetted, 1 subnets
R       3.3.3.0 [120/2] via 10.1.12.2, 00:00:10, Serial0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
R       10.1.23.0 [120/1] via 10.1.12.2, 00:00:10, Serial0/0

R1上多出了两条RIP路由,3.3.3.0和33.33.33.0,可以看到METRIC值进行了相应的修改。

16.3.3 试验2:重分发

接着上次试验,在R1上启动两个LOOKBACK接口1.1.1.0和11.11.11.0,通过直连重分发进RIP路由。只引入1.1.1.0。

创建两个LOOKBACK接口

R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0

R1(config)#interface loopback 1
R1(config-if)#ip address 11.11.11.11 255.255.255.0

创建ACL

R1#conf t
R1(config)#access-list 1 permit 1.1.1.0

创建ROUTE-MAP,只允许ACL指定的地址通过

R1(config)#route-map test permit 10
R1(config-route-map)#match ip address 1
R1#conf t
R1(config)#router rip
R1(config-router)#redistribute connected route-map test

如果直接发布的话,会把两个LOOKBACK接口都发布进去,这是就可以借助ROUTE-MAP策略

R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/1] via 10.1.12.1, 00:00:16, Serial0/0
     33.0.0.0/24 is subnetted, 1 subnets
O E2    33.33.33.0 [110/20] via 10.1.23.3, 00:34:16, Serial0/1
     3.0.0.0/24 is subnetted, 1 subnets
O E2    3.3.3.0 [110/20] via 10.1.23.3, 00:34:16, Serial0/1
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
C       10.1.23.0 is directly connected, Serial0/1

R2可以看到1.1.1.0的路由,没有11.11.11.0的路由

16.3.4 试验3:重分发

接着上次试验,目前的做法只匹配了1.1.1.0,如果是过滤掉一个,而不是只匹配一个。如只干掉11.11.11.0

清除R1上ROUTE-MAP和ACL

R1#conf t
R1(config)#no access-list 1
R1(config)#no route-map test

创建ACL

R1#conf t
R1(config)#access-list 1 permit 11.11.11.0

创建ROUTE-MAP,禁止ACK指定的地址,同时运行其他地址

R1(config)#route-map test deny 10
R1(config-route-map)#match ip address 1
R1(config-route-map)#exit

R1(config)#route-map test permit 20
R1(config-route-map)#exit
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/1] via 10.1.12.1, 00:00:03, Serial0/0
     33.0.0.0/24 is subnetted, 1 subnets
O E2    33.33.33.0 [110/20] via 10.1.23.3, 01:01:54, Serial0/1
     3.0.0.0/24 is subnetted, 1 subnets
O E2    3.3.3.0 [110/20] via 10.1.23.3, 01:01:54, Serial0/1
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
C       10.1.23.0 is directly connected, Serial0/1

这是R2没11.11.11.0的路由

进一步试验,在R1上增加LOOKBACK的111.111.111.111接口

R1(config)#interface loopback 2
R1(config-if)#ip address 111.111.111.111 255.255.255.0
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/1] via 10.1.12.1, 00:00:21, Serial0/0
     33.0.0.0/24 is subnetted, 1 subnets
O E2    33.33.33.0 [110/20] via 10.1.23.3, 01:03:56, Serial0/1
     3.0.0.0/24 is subnetted, 1 subnets
O E2    3.3.3.0 [110/20] via 10.1.23.3, 01:03:56, Serial0/1
     111.0.0.0/24 is subnetted, 1 subnets
R       111.111.111.0 [120/1] via 10.1.12.1, 00:00:02, Serial0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, Serial0/0
C       10.1.23.0 is directly connected, Serial0/1

R2上可以看到111.111.111.0的路由,依旧没有11.11.11.0的路由。

16.3.5 范例4:执行路由策略

  • R1,R2,R3运行OSPF协议;
  • R3访问办公服务器,优先走左侧,访问生产服务器,优先走右侧。同时还能热备,当DOWN时,可以走另一侧。
  • 将静态路由重发布进OSPF,且用ROUTE-MAP设置策略(否则会形成负载均衡),通过修改METRIC值,来优先选择链路。

16.3.6 范例5:路由反馈

  • OSPF发布进RIP没问题;
  • 将RIP发布进OSPF时,A和B同时双点双向重分发,A先注入,经由D传给B,这是B由于OSPF的AD值小于RIP,所以OSPF的会把RIP的覆盖,这是B到C就的绕着D和A到C,形成次优路径。
  • 可以在B上关联ROUTE-MAP,将RIP注入,从D绕过来的毙掉

A上不允许1.0过,并在OSPF重发布进RIP时关联。

16.4 Distribute-list

距离矢量路由协议来说,更新包里面就是路由信息,所以可以直接针对IN/OUT方向工作。

  • 对于链路状态路由协议,路由器间里面更新的不是路由信息,而是LSA,分发列表是处理不了LSA的;
  • 路由器收集LSA后,转入LSDB,经过SPF算法计算,提取路由条目,后装进路由表;
  • IN方向,需要在计算完路由条目,在装入路由表之前让分发列表生效。
  • OUT方向,干不掉LSA,只有在过滤本地始发的外部路由时(如采用重发布的方式外部注入的),才能起到过滤的作用(本地始发的这个是路由,而不是LSA,一旦进入OSPF后就不行了)。

16.4.1 试验准备

R1基础配置,包括IP地址,两个LOOKBACK地址。

R1#conf t
R1(config)#interface serial 0/0
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#no shutdown

R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#no shutdown

R1(config)#interface loopback 1
R1(config-if)#ip address 10.10.10.10 255.255.255.0
R1(config-if)#no shutdown

R2基础配置,包括IP地址。

R2#conf t
R2(config)#interface serial 0/0
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#no shutdown

R2(config)#interface serial 0/1
R2(config-if)#ip address 192.168.23.2 255.255.255.0
R2(config-if)#no shutdown

R3基础配置,包括IP地址,引入RIP协议。

R3#conf t
R3(config)#interface serial 0/1
R3(config-if)#ip address 192.168.23.3 255.255.255.0 
R3(config-if)#no shutdown

16.4.2 试验1:RIP

R1引入两个LOOKBACK地址,全网运行RIP协议。通过分发列表禁止其中一个LOOKBACK网段进入R3

16.4.2.1 基础配置

R1引入RIP协议。

R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 192.168.12.1
R1(config-router)#network 1.1.1.1
R1(config-router)#network 10.10.10.10

R2引入RIP协议。

R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.2
R2(config-router)#network 192.168.23.2

R3引入RIP协议。

R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.23.3

查看三台路由器,都有了路由

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial0/0
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Loopback1
R    192.168.23.0/24 [120/1] via 192.168.12.2, 00:00:11, Serial0/0
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial0/0
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/1] via 192.168.12.1, 00:00:25, Serial0/0
     10.0.0.0/24 is subnetted, 1 subnets
R       10.10.10.0 [120/1] via 192.168.12.1, 00:00:25, Serial0/0
C    192.168.23.0/24 is directly connected, Serial0/1
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R    192.168.12.0/24 [120/1] via 192.168.23.2, 00:00:02, Serial0/1
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 192.168.23.2, 00:00:02, Serial0/1
     10.0.0.0/24 is subnetted, 1 subnets
R       10.10.10.0 [120/2] via 192.168.23.2, 00:00:02, Serial0/1
C    192.168.23.0/24 is directly connected, Serial0/1

禁止R3学到10.10.10.0网段地址,可以从R2的出口或者R3的入口禁止

16.4.2.2 出口禁止

设置访问列表

R2(config)#access-list 1 deny 10.10.10.0
R2(config)#access-list 1 permit any

从R2的出口禁止

R2(config)#router rip
R2(config-router)#distribute-list 1 out serial 0/1

注意10.10.10.0这是需要和路由表里面的对应一直。

清空路由表并查看

R3#clear ip route *
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R    192.168.12.0/24 [120/1] via 192.168.23.2, 00:00:04, Serial0/1
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 192.168.23.2, 00:00:04, Serial0/1
C    192.168.23.0/24 is directly connected, Serial0/1

R3可以看到没有10.10.10.0的路由

16.4.2.3 入口禁止

清除R2出口分发列表配置

R2(config)#router rip
R2(config-router)#no distribute-list 1 out serial 0/1

R3上入口配置

R3(config)#access-list 1 deny 10.10.10.0
R3(config)#access-list 1 permit any

R3(config)#router rip
R3(config-router)#distribute-list 1 in serial 0/1
R3#clear ip route *
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R    192.168.12.0/24 [120/1] via 192.168.23.2, 00:00:02, Serial0/1
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 192.168.23.2, 00:00:02, Serial0/1
C    192.168.23.0/24 is directly connected, Serial0/1

可以看到R3也没有了10.10.10.0的网段

16.4.3 试验2:RIP

接着上面的试验,从R2入口禁止10.10.10.0网段。

删除R3的入口分发列表

R3(config)#router rip
R3(config-router)#no distribute-list 1 in serial 0/1

从R2入口禁止

R2(config)#router rip
R2(config-router)#distribute-list 1 in serial 0/0
R2#clear ip route *
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial0/0
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/1] via 192.168.12.1, 00:00:02, Serial0/0
C    192.168.23.0/24 is directly connected, Serial0/1

R2上也没有了10.10.10.0

R3#clear ip route *
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

R    192.168.12.0/24 [120/1] via 192.168.23.2, 00:00:02, Serial0/1
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/2] via 192.168.23.2, 00:00:02, Serial0/1
C    192.168.23.0/24 is directly connected, Serial0/1

R3就更没有了

16.4.4 试验3:OSPF

  • 在R2上只有1.1.1.1的路由
  • 去除已有的RIP配置信息
R1(config)#no router rip
R2(config)#no router rip
R3(config)#no router rip

R1以宣告的方式引入LOOKBACK地址

R1(config)#router ospf 1
R1(config-router)#network 192.168.12.1 0.0.0.0 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#network 10.10.10.10 0.0.0.0 area 0

R2(config)#router ospf 1
R2(config-router)#network 192.168.12.2 0.0.0.0 area 0
R2(config-router)#network 192.168.23.2 0.0.0.0 area 0

R3(config)#router ospf 1
R3(config-router)#network 192.168.23.3 0.0.0.0 area 0

这是R2上就能学到所有路由了

R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial0/0
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/65] via 192.168.12.1, 00:00:04, Serial0/0
     10.0.0.0/32 is subnetted, 1 subnets
O       10.10.10.10 [110/65] via 192.168.12.1, 00:00:04, Serial0/0
C    192.168.23.0/24 is directly connected, Serial0/1

可以看到R2上是针对10.10.10.10,为了避免LOOKBACK带来的OSPF问题,修改网络类型,宣告网段路由。

R1(config)#interface loopback 0
R1(config-if)#ip ospf network point-to-point
R1(config)#interface loopback 1
R1(config-if)#ip ospf network point-to-point
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial0/0
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Loopback1
O    192.168.23.0/24 [110/128] via 192.168.12.2, 00:00:16, Serial0/0

这时就是10.10.10.0网段了

不能在R1上做OUT方向,而是在R2上做IN方向,因为LOOKBACK地址路由使用宣告的方式而不是重发布的方式引入的,因为重发布的直接就是路由信息。

R2上已经有了access-lists

R2#show access-lists 1
Standard IP access list 1
    10 deny   10.10.10.0 (1 match)
    20 permit any (2 matches)

本实验针对所有接口就行

R2(config)#router ospf 1
R2(config-router)#distribute-list 1 in
R2#clear ip route *
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial0/0
     1.0.0.0/24 is subnetted, 1 subnets
O       1.1.1.0 [110/65] via 192.168.12.1, 00:00:01, Serial0/0
C    192.168.23.0/24 is directly connected, Serial0/1

可以看到R2上已经没有了10.10.10.0网段路由了。

接着查看LSA

R2#show ip ospf database router 10.10.10.10

            OSPF Router with ID (192.168.23.2) (Process ID 1)

                Router Link States (Area 0)

  LS age: 197
  Options: (No TOS-capability, DC)
  LS Type: Router Links
  Link State ID: 10.10.10.10
  Advertising Router: 10.10.10.10
  LS Seq Number: 80000006
  Checksum: 0x2776
  Length: 72
  Number of Links: 4

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 1.1.1.0
     (Link Data) Network Mask: 255.255.255.0
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 10.10.10.0
     (Link Data) Network Mask: 255.255.255.0
      Number of TOS metrics: 0
       TOS 0 Metrics: 1

    Link connected to: another Router (point-to-point)
     (Link ID) Neighboring Router ID: 192.168.23.2
     (Link Data) Router Interface address: 192.168.12.1
      Number of TOS metrics: 0
       TOS 0 Metrics: 64

    Link connected to: a Stub Network
     (Link ID) Network/subnet number: 192.168.12.0
     (Link Data) Network Mask: 255.255.255.0
      Number of TOS metrics: 0
       TOS 0 Metrics: 64

10.10.10.0依旧有LSA,放进来,产生路由之前进行拦截。

但是R3的路由是完成的,因为LSA能过去,如果R3想拦截,R3上也需要做相关策略

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

O    192.168.12.0/24 [110/128] via 192.168.23.2, 00:07:10, Serial0/1
     1.0.0.0/24 is subnetted, 1 subnets
O       1.1.1.0 [110/129] via 192.168.23.2, 00:07:10, Serial0/1
     10.0.0.0/24 is subnetted, 1 subnets
O       10.10.10.0 [110/129] via 192.168.23.2, 00:07:10, Serial0/1
C    192.168.23.0/24 is directly connected, Serial0/1

16.4.5 试验4:OSPF

  • 刚才试验的是IN方向,现在试验OUT方向
  • 清除IN方向配置
R2(config)#router ospf 1
R2(config-router)#no distribute-list 1 in 

在R1上做OUT方向分发列表

R1(config)#access-list 1 deny 10.10.10.0
R1(config)#access-list 1 permit any

R1(config)#router ospf 1
R1(config-router)#distribute-list 1 out

这是查看R2路由表

R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial0/0
     1.0.0.0/24 is subnetted, 1 subnets
O       1.1.1.0 [110/65] via 192.168.12.1, 00:02:18, Serial0/0
     10.0.0.0/24 is subnetted, 1 subnets
O       10.10.10.0 [110/65] via 192.168.12.1, 00:02:18, Serial0/0
C    192.168.23.0/24 is directly connected, Serial0/1
  • 没有起到效果
  • OSPF环境下,用NETWORK直接宣告的路由, OUT方向是没用的。
  • 将R1改用重发布的方式看看效果。
  • 去除宣告的LOOKBACK路由,
R1(config)#router ospf 1
R1(config-router)#no network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#no network 10.10.10.10 0.0.0.0 area 0

重发布直连引入LOOKBACK路由

R1(config)#router ospf 1
R1(config-router)#redistribute connected subnets

这是再查看R2路由

R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.12.0/24 is directly connected, Serial0/0
     1.0.0.0/24 is subnetted, 1 subnets
O E2    1.1.1.0 [110/20] via 192.168.12.1, 00:00:30, Serial0/0
C    192.168.23.0/24 is directly connected, Serial0/1

这是就只有一条重发布的路由,10.10.10.0路由被干掉

16.4.6 范例5:OSPF

接着继续去除分发列表命令,去除分发列表

R1(config)#router ospf 1
R1(config-router)#no distribute-list 1 out

在R2上做OUT方向分发列表,阻挡R3获取10信息

R2(config)#router ospf 1
R2(config-router)#distribute-list 1 out

再查看R3路由信息

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

O    192.168.12.0/24 [110/128] via 192.168.23.2, 00:00:01, Serial0/1
     1.0.0.0/24 is subnetted, 1 subnets
O E2    1.1.1.0 [110/20] via 192.168.23.2, 00:00:01, Serial0/1
     10.0.0.0/24 is subnetted, 1 subnets
O E2    10.10.10.0 [110/20] via 192.168.23.2, 00:00:01, Serial0/1
C    192.168.23.0/24 is directly connected, Serial0/1

R3依旧有信息,没有阻挡成功

所以只有本地始发的外部路由,才可以使用OUT方向的分发列表过滤。

16.4.7 范例6:RIP和OSPF

Out方向除了跟接口外,还可以跟协议

只希望针对从RIP引入进来的路由生效,而不对R2直连的路由生效

16.4.8 范例7:双点双向重分发

用分发列表解决次优路径问题,过滤。

16.5 Prefix-list

标准访问列表不识别掩码,直接导致汇总和明细都被过滤了。

扩展ACL可以匹配掩码

ACL的源和目,前缀+掩码部分;针对掩码/24+反掩码(严格匹配/24)

  • 1:抓取特定的独一无二的路由,
  • 扩展ACL写法:192.168.1.0 0.0.0.0 255.255.255.255.255 0.0.0.0

汇总:192.168.4.0/22

前22位需要完全一致,掩码需要是/22位,但是之前掩码是24,这时需要加上掩码区间,由于明细都是24位,所以大于24小于24,ge 24 le 24。否则就认为路由的掩码必须是24位的。

禁止指定的汇总路由,然后permit any。

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注