16.1 被动接口:Passive-interface
需要在路由选择进程下配置
- 将某个接口配置为被动接口;
- 将所有接口配置为被动接口,然后将某个接口取消被动接口配置。
16.2 管理距离
16.2.1 用于
常见路由协议的管理距离,默认值
可以做调整
- 如R2同时运行EIGRP和OSPF路由,R2分别从量表获取到了去往2个目的地的4条路由,这是就存在去往同一个目的地的选择哪一条路由的情况;
- 如默认情况下EIGRP是90,而OSPF是110,这是EIGRP的路由更优,这是R2去往目的地的路由下一跳始终指向R1。只有当R1挂掉或者路径不可达是,才会走R3。
- 我们希望实现一定路径的分流,希望去往1.1.1.0走EIGRP,去往11.11.11.0走OSPF,并且当一边设备DOWN时,流量可以自动切换到另一边,既互为热备又实现数据分流。
- 这时就可以通过控制管理距离来实现热备和分流。这时可以在R2上做一些配置影响路由的走向,注意这种在R2上调整AD值只在R2上有效,在其他设备上还是默认值。
- R3和R4同时运行OSPF和RIP协议,R3从OSPF重分布到RIP,这时R3给R5再到R4,R3过来的RIP网段的路由会被发送给R4,但是R4已经通过OSPF学到了这些路由,并且R4会将学到的路由和R5发的路由进行比较,这是由于AD值大,R4会选择OSPF自己学到的路由。这时R4也做重发布,这时R5看到的OSPF网段就是负载均衡,即从小AD双点发布到大AD发布的没问题。
- 反过来,R3将RIP路由重发布到OSPF,如将5.5.5.0注入到OSPF中,路由会经由R1、R2发送到R4,这时R4同时从OSPF和RIP学到了5.5.5.0的路由,这时R4会忽略RIP,而留着OSPF路由,保留了次优路径,因为OSPF的AD值小。同时R4也重发布进OSPF,由于R4已经没有5.5.5.0的RIP路由,这是重分发也就失败了,毕竟这条5.5.5.0被覆盖了。
16.2.2 试验
双点双向重分发试验,R1,R2,R3为OSPF,R2,R3,R4为RIP。R1的LOOKBACK接口分发进OSPF,R4的LOOKBACK接口分发进RIP
16.2.2.1 基础配置
R1接口配置
R1#conf t
R1(config)#interface serial 0/0
R1(config-if)#ip address 10.1.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface serial 0/1
R1(config-if)#ip address 10.1.13.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1 LOOKBACK接口配置
R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1 OSPF配置
R1#conf t
R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 10.1.12.1 0.0.0.0 area 0
R1(config-router)#network 10.1.13.1 0.0.0.0 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#end
R1(config)#interface loopback 0
R1(config-if)#ip ospf network point-to-point
R2路由器基础配置
R2#conf t
R2(config)#interface serial 0/0
R2(config-if)#ip address 10.1.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 0/1
R2(config-if)#ip address 10.1.24.2 255.255.255.0
R2(config-if)#no shutdown
R2 OSPF配置
R2#conf t
R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 10.1.12.2 0.0.0.0 area 0
R2 RIP配置
R2#conf t
R2(config)#router rip
R2(config-router)#network 10.0.0.0
R2(config-router)#version 2
R2(config-router)#no auto-summary
R3基础配置
R3#conf t
R3(config)#interface serial 0/0
R3(config-if)#ip address 10.1.13.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface serial 0/1
R3(config-if)#ip address 10.1.34.3 255.255.255.0
R3(config-if)#no shutdown
R3 OSPF配置
R3#conf t
R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
R3(config-router)#network 10.1.13.3 0.0.0.0 area 0
R3 RIP配置
R3#conf t
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 10.0.0.0
R4基础配置
R4#conf t
R4(config)#interface serial 0/0
R4(config-if)#ip address 10.1.24.4 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#exit
R4(config)#interface serial 0/1
R4(config-if)#ip address 10.1.34.4 255.255.255.0
R4(config-if)#no shutdown
R4 RIP配置
R4#conf t
R4(config)#router rip
R4(config-router)#version 2
R4(config-router)#no auto-summary
R4(config-router)#network 10.0.0.0
R4 LOOKBACK配置
R4#conf t
R4(config)#interface loopback 0
R4(config-if)#ip address 4.4.4.4 255.255.255.0
R4(config-if)#no shutdown
R4 RIP配置
R4#conf t
R4(config)#router rip
R4(config-router)#network 4.4.4.4
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 10.1.12.1, 00:16:07, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
R 4.4.4.0 [120/1] via 10.1.24.4, 00:00:22, Serial0/1
10.0.0.0/24 is subnetted, 4 subnets
O 10.1.13.0 [110/128] via 10.1.12.1, 00:16:07, Serial0/0
C 10.1.12.0 is directly connected, Serial0/0
C 10.1.24.0 is directly connected, Serial0/1
R 10.1.34.0 [120/1] via 10.1.24.4, 00:00:22, Serial0/1
R2的1.1.1.1从OSPF学到,AD值为110
R2的4.4.4.4从RIP学到,AD值为120
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 10.1.13.1, 00:16:33, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
R 4.4.4.0 [120/1] via 10.1.34.4, 00:00:12, Serial0/1
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.13.0 is directly connected, Serial0/0
O 10.1.12.0 [110/128] via 10.1.13.1, 00:16:33, Serial0/0
R 10.1.24.0 [120/1] via 10.1.34.4, 00:00:12, Serial0/1
C 10.1.34.0 is directly connected, Serial0/1
R3的1.1.1.1从OSPF学到,AD值为110
R3的4.4.4.4从RIP学到,AD值为120
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.13.0 is directly connected, Serial0/1
C 10.1.12.0 is directly connected, Serial0/0
R1上没有4.4.4.4的路由,还没有重分发
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 4 subnets
R 10.1.13.0 [120/1] via 10.1.34.3, 00:00:12, Serial0/1
R 10.1.12.0 [120/1] via 10.1.24.2, 00:00:23, Serial0/0
C 10.1.24.0 is directly connected, Serial0/0
C 10.1.34.0 is directly connected, Serial0/1
R4上没有1.1.1.1的路由,还没有重分发
16.2.2.2 OSPF双点分发进RIP
将OSPF双点重分发到RIP中,让R4获取1.1.1.1的路由
R2上重分发
R2#conf t
R2(config)#rou
R2(config)#router rip
R2(config-router)#redistribute ospf 1 metric 2
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/2] via 10.1.24.2, 00:00:19, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 4 subnets
R 10.1.13.0 [120/1] via 10.1.34.3, 00:00:25, Serial0/1
R 10.1.12.0 [120/1] via 10.1.24.2, 00:00:19, Serial0/0
C 10.1.24.0 is directly connected, Serial0/0
C 10.1.34.0 is directly connected, Serial0/1
这是R4上就已经有1.1.1.1的路由了
R3重分发
R3#conf t
R3(config)#router rip
R3(config-router)#redistribute ospf 1 metric 2
R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/2] via 10.1.34.3, 00:00:09, Serial0/1
[120/2] via 10.1.24.2, 00:00:06, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
C 4.4.4.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 4 subnets
R 10.1.13.0 [120/1] via 10.1.34.3, 00:00:11, Serial0/1
R 10.1.12.0 [120/1] via 10.1.24.2, 00:00:06, Serial0/0
C 10.1.24.0 is directly connected, Serial0/0
C 10.1.34.0 is directly connected, Serial0/1
这时R4将去往1.1.1.1的两个下一跳都装进路由表,负载均衡
这是一切正常,从AD值小的路由分发进AD值大的路由,不会出现问题。
16.2.2.3 RIP双点分发进OSPF
R2接下来将RIP重分发进OSPF
R2#configure terminal
R2(config)#router os
R2(config)#router ospf 1
R2(config-router)#redistribute rip subnets
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.1.12.2, 00:00:15, Serial0/0
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.13.0 is directly connected, Serial0/1
C 10.1.12.0 is directly connected, Serial0/0
O E2 10.1.24.0 [110/20] via 10.1.12.2, 00:00:15, Serial0/0
O E2 10.1.34.0 [110/20] via 10.1.12.2, 00:00:15, Serial0/0
R1上有了4.4.4.4的路由,OSPF学过来的
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
O 1.1.1.0 [110/65] via 10.1.13.1, 00:00:54, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.1.13.1, 00:00:54, Serial0/0
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.13.0 is directly connected, Serial0/0
O 10.1.12.0 [110/128] via 10.1.13.1, 00:00:54, Serial0/0
O E2 10.1.24.0 [110/20] via 10.1.13.1, 00:00:54, Serial0/0
C 10.1.34.0 is directly connected, Serial0/1
可是R3中关于4.4.4.4的路由是OSPF的,不再是RIP的,即R3去往R4是绕道R1和R2去的,形成次优路径。
这是如果还从R3将RIP路由重发进OSPF,则会失败,R1上依旧只能看见去往4.4.4.4的一侧路由。
R3#conf t
R3(config)#access-list 1 permit 4.4.4.0
R3(config-router)#distance 100 10.1.34.4 0.0.0.0 1
R4给的被ACL匹配的AD值改为100,这时即使收到OSPF的路由,默认110,OSPF也会被干掉,保留100的路由。
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
O 1.1.1.0 [110/65] via 10.1.13.1, 00:06:54, Serial0/0
4.0.0.0/24 is subnetted, 1 subnets
R 4.4.4.0 [100/1] via 10.1.34.4, 00:00:01, Serial0/1
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.13.0 is directly connected, Serial0/0
O 10.1.12.0 [110/128] via 10.1.13.1, 00:06:54, Serial0/0
O E2 10.1.24.0 [110/20] via 10.1.13.1, 00:06:54, Serial0/0
C 10.1.34.0 is directly connected, Serial0/1
这时正常了,R3直接通过RIP到R4,而不需要OSPF绕道到R4。
R3接下来将RIP重分发进OSPF
R3#conf t
R3(config)#router ospf 1
R3(config-router)#redistribute rip subnets
接着在R3上重分发可以成功,因为4.4.4.4没有被覆盖。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.1.13.3, 00:05:14, Serial0/1
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.13.0 is directly connected, Serial0/1
C 10.1.12.0 is directly connected, Serial0/0
O E2 10.1.24.0 [110/20] via 10.1.12.2, 00:05:14, Serial0/0
O E2 10.1.34.0 [110/20] via 10.1.13.3, 00:05:14, Serial0/1
R2上也做一个AD控制
R2#conf t
R2(config)#access-list 1 permit 4.4.4.0
R2(config)#router rip
R2(config-router)#distance 100 10.1.24.4 0.0.0.0 1
R1#clear ip route *R1#clear ip route *
先清空路由表
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 10.1.13.3, 00:00:05, Serial0/1
[110/20] via 10.1.12.2, 00:00:05, Serial0/0
10.0.0.0/24 is subnetted, 4 subnets
C 10.1.13.0 is directly connected, Serial0/1
C 10.1.12.0 is directly connected, Serial0/0
O E2 10.1.24.0 [110/20] via 10.1.12.2, 00:00:05, Serial0/0
O E2 10.1.34.0 [110/20] via 10.1.13.3, 00:00:07, Serial0/1
R1去往4.4.4.4的负载均衡路由
16.3 Route-map
比ACL强
- 去往办公服务器的流量主走左边,当左边DOWN掉时,从右边走;
- 去往生产服务器的流量主走右边,当右边DOWN掉时,从左边走;
- RouterMap动态感知远方状态UP还是DOWN。
16.3.1 用途
广泛应用于数据分流或者高冗余性;
和ACL类似,test为名,permit接块号。
按序号如10,20进行跳
可以match的栏目
Set栏目
Match和set的整合,X2和X3是或,X1和X2、X3是与。
- 定义ACL,用来匹配路由。
- 重发布时,发布route-map 名。表示引入的路由,都会从MAP中过一遍。
16.3.2 试验1:重分发
R3重发布LOOKBACK地址进OSPF,让R2学到,R2将OSPF重分发进RIP,让R1能学到,同时在R2上重分发时做MAP策略。
16.3.2.1 基础配置
R1配置,设置IP地址,宣告RIP路由
R1#conf ter
R1(config)#interface serial 0/0
R1(config-if)#ip address 10.1.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 10.0.0.0
R1(config-router)#end
R2配置,设置IP地址
R2#conf t
R2(config)#interface serial 0/0
R2(config-if)#ip address 10.1.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 0/1
R2(config-if)#ip address 10.1.23.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
宣告RIP和OSPF路由
R2#conf t
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 10.0.0.0
R2#conf t
R2(config)#router ospf 1
R2(config-router)#network 10.1.23.2 0.0.0.0 area 0
R3配置,设置地址
R3#conf t
R3(config)#interface serial 0/0
R3(config-if)#ip address 10.1.23.3 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit
宣告OSPF路由
R3(config)#router ospf 1
R3(config-router)#network 10.1.23.3 0.0.0.0 area 0
R3(config-router)#end
设置两个LOOKBACK地址
R3(config)#interface loopback 0
R3(config-if)#ip address 3.3.3.3 255.255.255.0
R3(config-if)#no shutdown
R3(config)#interface loopback 1
R3(config-if)#ip address 33.33.33.33 255.255.255.0
R3(config-if)#no shutdown
使用直连方式重分布LOOKBACK地址进OSPF
R3(config)#router ospf 1
R3(config-router)#redistribute connected subnets
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.23.3, 00:01:01, Serial0/1
3.0.0.0/24 is subnetted, 1 subnets
O E2 3.3.3.0 [110/20] via 10.1.23.3, 00:01:01, Serial0/1
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
C 10.1.23.0 is directly connected, Serial0/1
这是,R2上都有LOOKBACK路由
R1#show
*Mar 1 00:14:51.295: %SYS-5-CONFIG_I: Configured from console by console
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
R 10.1.23.0 [120/1] via 10.1.12.2, 00:00:11, Serial0/0
R1上没有LOOKBACK路由
16.3.2.2 Route-map策略
将R3的两条LOOKBACK分别设置METRIC值,并引入RIP
创建ACL
R2#conf t
R2(config)#access-list 1 permit 3.3.3.0
R2(config)#access-list 2 permit 33.33.33.0.
写ACL是,需要和路由表的前缀一致,比如此处是3.3.3.0,而不是3.3.3.3。因为标准的ACK匹配路由时,只匹配前缀,不能匹配掩码。扩展的ACK则不一样。
创建ROUTE-MAP,匹配ACL,并设置METRIC值
R2(config)#route-map test permit 10
R2(config-route-map)#match ip address 1
R2(config-route-map)#set metric 2
R2(config-route-map)#exit
R2(config)#route-map test permit 20
R2(config-route-map)#match ip address 2
R2(config-route-map)#set metric 3
需要启用MAP,由于是将OSPF重发布进RIP,所以需要进入RIP进程操作
R2(config)#router rip
R2(config-router)#redistribute ospf 1 route-map test
这是OSPF路由就会重发布进RIP,并且对应符合ACL的路由会设置METRIC值。
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
33.0.0.0/24 is subnetted, 1 subnets
R 33.33.33.0 [120/3] via 10.1.12.2, 00:00:10, Serial0/0
3.0.0.0/24 is subnetted, 1 subnets
R 3.3.3.0 [120/2] via 10.1.12.2, 00:00:10, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
R 10.1.23.0 [120/1] via 10.1.12.2, 00:00:10, Serial0/0
R1上多出了两条RIP路由,3.3.3.0和33.33.33.0,可以看到METRIC值进行了相应的修改。
16.3.3 试验2:重分发
接着上次试验,在R1上启动两个LOOKBACK接口1.1.1.0和11.11.11.0,通过直连重分发进RIP路由。只引入1.1.1.0。
创建两个LOOKBACK接口
R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config)#interface loopback 1
R1(config-if)#ip address 11.11.11.11 255.255.255.0
创建ACL
R1#conf t
R1(config)#access-list 1 permit 1.1.1.0
创建ROUTE-MAP,只允许ACL指定的地址通过
R1(config)#route-map test permit 10
R1(config-route-map)#match ip address 1
R1#conf t
R1(config)#router rip
R1(config-router)#redistribute connected route-map test
如果直接发布的话,会把两个LOOKBACK接口都发布进去,这是就可以借助ROUTE-MAP策略
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 10.1.12.1, 00:00:16, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.23.3, 00:34:16, Serial0/1
3.0.0.0/24 is subnetted, 1 subnets
O E2 3.3.3.0 [110/20] via 10.1.23.3, 00:34:16, Serial0/1
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
C 10.1.23.0 is directly connected, Serial0/1
R2可以看到1.1.1.0的路由,没有11.11.11.0的路由
16.3.4 试验3:重分发
接着上次试验,目前的做法只匹配了1.1.1.0,如果是过滤掉一个,而不是只匹配一个。如只干掉11.11.11.0
清除R1上ROUTE-MAP和ACL
R1#conf t
R1(config)#no access-list 1
R1(config)#no route-map test
创建ACL
R1#conf t
R1(config)#access-list 1 permit 11.11.11.0
创建ROUTE-MAP,禁止ACK指定的地址,同时运行其他地址
R1(config)#route-map test deny 10
R1(config-route-map)#match ip address 1
R1(config-route-map)#exit
R1(config)#route-map test permit 20
R1(config-route-map)#exit
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 10.1.12.1, 00:00:03, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.23.3, 01:01:54, Serial0/1
3.0.0.0/24 is subnetted, 1 subnets
O E2 3.3.3.0 [110/20] via 10.1.23.3, 01:01:54, Serial0/1
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
C 10.1.23.0 is directly connected, Serial0/1
这是R2没11.11.11.0的路由
进一步试验,在R1上增加LOOKBACK的111.111.111.111接口
R1(config)#interface loopback 2
R1(config-if)#ip address 111.111.111.111 255.255.255.0
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 10.1.12.1, 00:00:21, Serial0/0
33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 10.1.23.3, 01:03:56, Serial0/1
3.0.0.0/24 is subnetted, 1 subnets
O E2 3.3.3.0 [110/20] via 10.1.23.3, 01:03:56, Serial0/1
111.0.0.0/24 is subnetted, 1 subnets
R 111.111.111.0 [120/1] via 10.1.12.1, 00:00:02, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
C 10.1.23.0 is directly connected, Serial0/1
R2上可以看到111.111.111.0的路由,依旧没有11.11.11.0的路由。
16.3.5 范例4:执行路由策略
- R1,R2,R3运行OSPF协议;
- R3访问办公服务器,优先走左侧,访问生产服务器,优先走右侧。同时还能热备,当DOWN时,可以走另一侧。
- 将静态路由重发布进OSPF,且用ROUTE-MAP设置策略(否则会形成负载均衡),通过修改METRIC值,来优先选择链路。
16.3.6 范例5:路由反馈
- OSPF发布进RIP没问题;
- 将RIP发布进OSPF时,A和B同时双点双向重分发,A先注入,经由D传给B,这是B由于OSPF的AD值小于RIP,所以OSPF的会把RIP的覆盖,这是B到C就的绕着D和A到C,形成次优路径。
- 可以在B上关联ROUTE-MAP,将RIP注入,从D绕过来的毙掉
A上不允许1.0过,并在OSPF重发布进RIP时关联。
16.4 Distribute-list
距离矢量路由协议来说,更新包里面就是路由信息,所以可以直接针对IN/OUT方向工作。
- 对于链路状态路由协议,路由器间里面更新的不是路由信息,而是LSA,分发列表是处理不了LSA的;
- 路由器收集LSA后,转入LSDB,经过SPF算法计算,提取路由条目,后装进路由表;
- IN方向,需要在计算完路由条目,在装入路由表之前让分发列表生效。
- OUT方向,干不掉LSA,只有在过滤本地始发的外部路由时(如采用重发布的方式外部注入的),才能起到过滤的作用(本地始发的这个是路由,而不是LSA,一旦进入OSPF后就不行了)。
16.4.1 试验准备
R1基础配置,包括IP地址,两个LOOKBACK地址。
R1#conf t
R1(config)#interface serial 0/0
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#interface loopback 0
R1(config-if)#ip address 1.1.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config)#interface loopback 1
R1(config-if)#ip address 10.10.10.10 255.255.255.0
R1(config-if)#no shutdown
R2基础配置,包括IP地址。
R2#conf t
R2(config)#interface serial 0/0
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config)#interface serial 0/1
R2(config-if)#ip address 192.168.23.2 255.255.255.0
R2(config-if)#no shutdown
R3基础配置,包括IP地址,引入RIP协议。
R3#conf t
R3(config)#interface serial 0/1
R3(config-if)#ip address 192.168.23.3 255.255.255.0
R3(config-if)#no shutdown
16.4.2 试验1:RIP
R1引入两个LOOKBACK地址,全网运行RIP协议。通过分发列表禁止其中一个LOOKBACK网段进入R3
16.4.2.1 基础配置
R1引入RIP协议。
R1(config)#router rip
R1(config-router)#version 2
R1(config-router)#no auto-summary
R1(config-router)#network 192.168.12.1
R1(config-router)#network 1.1.1.1
R1(config-router)#network 10.10.10.10
R2引入RIP协议。
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.2
R2(config-router)#network 192.168.23.2
R3引入RIP协议。
R3(config)#router rip
R3(config-router)#version 2
R3(config-router)#no auto-summary
R3(config-router)#network 192.168.23.3
查看三台路由器,都有了路由
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, Loopback1
R 192.168.23.0/24 [120/1] via 192.168.12.2, 00:00:11, Serial0/0
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 192.168.12.1, 00:00:25, Serial0/0
10.0.0.0/24 is subnetted, 1 subnets
R 10.10.10.0 [120/1] via 192.168.12.1, 00:00:25, Serial0/0
C 192.168.23.0/24 is directly connected, Serial0/1
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R 192.168.12.0/24 [120/1] via 192.168.23.2, 00:00:02, Serial0/1
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/2] via 192.168.23.2, 00:00:02, Serial0/1
10.0.0.0/24 is subnetted, 1 subnets
R 10.10.10.0 [120/2] via 192.168.23.2, 00:00:02, Serial0/1
C 192.168.23.0/24 is directly connected, Serial0/1
禁止R3学到10.10.10.0网段地址,可以从R2的出口或者R3的入口禁止
16.4.2.2 出口禁止
设置访问列表
R2(config)#access-list 1 deny 10.10.10.0
R2(config)#access-list 1 permit any
从R2的出口禁止
R2(config)#router rip
R2(config-router)#distribute-list 1 out serial 0/1
注意10.10.10.0这是需要和路由表里面的对应一直。
清空路由表并查看
R3#clear ip route *
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R 192.168.12.0/24 [120/1] via 192.168.23.2, 00:00:04, Serial0/1
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/2] via 192.168.23.2, 00:00:04, Serial0/1
C 192.168.23.0/24 is directly connected, Serial0/1
R3可以看到没有10.10.10.0的路由
16.4.2.3 入口禁止
清除R2出口分发列表配置
R2(config)#router rip
R2(config-router)#no distribute-list 1 out serial 0/1
R3上入口配置
R3(config)#access-list 1 deny 10.10.10.0
R3(config)#access-list 1 permit any
R3(config)#router rip
R3(config-router)#distribute-list 1 in serial 0/1
R3#clear ip route *
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R 192.168.12.0/24 [120/1] via 192.168.23.2, 00:00:02, Serial0/1
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/2] via 192.168.23.2, 00:00:02, Serial0/1
C 192.168.23.0/24 is directly connected, Serial0/1
可以看到R3也没有了10.10.10.0的网段
16.4.3 试验2:RIP
接着上面的试验,从R2入口禁止10.10.10.0网段。
删除R3的入口分发列表
R3(config)#router rip
R3(config-router)#no distribute-list 1 in serial 0/1
从R2入口禁止
R2(config)#router rip
R2(config-router)#distribute-list 1 in serial 0/0
R2#clear ip route *
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 192.168.12.1, 00:00:02, Serial0/0
C 192.168.23.0/24 is directly connected, Serial0/1
R2上也没有了10.10.10.0
R3#clear ip route *
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
R 192.168.12.0/24 [120/1] via 192.168.23.2, 00:00:02, Serial0/1
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/2] via 192.168.23.2, 00:00:02, Serial0/1
C 192.168.23.0/24 is directly connected, Serial0/1
R3就更没有了
16.4.4 试验3:OSPF
- 在R2上只有1.1.1.1的路由
- 去除已有的RIP配置信息
R1(config)#no router rip
R2(config)#no router rip
R3(config)#no router rip
R1以宣告的方式引入LOOKBACK地址
R1(config)#router ospf 1
R1(config-router)#network 192.168.12.1 0.0.0.0 area 0
R1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#network 10.10.10.10 0.0.0.0 area 0
R2(config)#router ospf 1
R2(config-router)#network 192.168.12.2 0.0.0.0 area 0
R2(config-router)#network 192.168.23.2 0.0.0.0 area 0
R3(config)#router ospf 1
R3(config-router)#network 192.168.23.3 0.0.0.0 area 0
这是R2上就能学到所有路由了
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 192.168.12.1, 00:00:04, Serial0/0
10.0.0.0/32 is subnetted, 1 subnets
O 10.10.10.10 [110/65] via 192.168.12.1, 00:00:04, Serial0/0
C 192.168.23.0/24 is directly connected, Serial0/1
可以看到R2上是针对10.10.10.10,为了避免LOOKBACK带来的OSPF问题,修改网络类型,宣告网段路由。
R1(config)#interface loopback 0
R1(config-if)#ip ospf network point-to-point
R1(config)#interface loopback 1
R1(config-if)#ip ospf network point-to-point
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, Loopback1
O 192.168.23.0/24 [110/128] via 192.168.12.2, 00:00:16, Serial0/0
这时就是10.10.10.0网段了
不能在R1上做OUT方向,而是在R2上做IN方向,因为LOOKBACK地址路由使用宣告的方式而不是重发布的方式引入的,因为重发布的直接就是路由信息。
R2上已经有了access-lists
R2#show access-lists 1
Standard IP access list 1
10 deny 10.10.10.0 (1 match)
20 permit any (2 matches)
本实验针对所有接口就行
R2(config)#router ospf 1
R2(config-router)#distribute-list 1 in
R2#clear ip route *
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0
1.0.0.0/24 is subnetted, 1 subnets
O 1.1.1.0 [110/65] via 192.168.12.1, 00:00:01, Serial0/0
C 192.168.23.0/24 is directly connected, Serial0/1
可以看到R2上已经没有了10.10.10.0网段路由了。
接着查看LSA
R2#show ip ospf database router 10.10.10.10
OSPF Router with ID (192.168.23.2) (Process ID 1)
Router Link States (Area 0)
LS age: 197
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 10.10.10.10
Advertising Router: 10.10.10.10
LS Seq Number: 80000006
Checksum: 0x2776
Length: 72
Number of Links: 4
Link connected to: a Stub Network
(Link ID) Network/subnet number: 1.1.1.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 1
Link connected to: a Stub Network
(Link ID) Network/subnet number: 10.10.10.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 1
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 192.168.23.2
(Link Data) Router Interface address: 192.168.12.1
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 192.168.12.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metrics: 64
10.10.10.0依旧有LSA,放进来,产生路由之前进行拦截。
但是R3的路由是完成的,因为LSA能过去,如果R3想拦截,R3上也需要做相关策略
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O 192.168.12.0/24 [110/128] via 192.168.23.2, 00:07:10, Serial0/1
1.0.0.0/24 is subnetted, 1 subnets
O 1.1.1.0 [110/129] via 192.168.23.2, 00:07:10, Serial0/1
10.0.0.0/24 is subnetted, 1 subnets
O 10.10.10.0 [110/129] via 192.168.23.2, 00:07:10, Serial0/1
C 192.168.23.0/24 is directly connected, Serial0/1
16.4.5 试验4:OSPF
- 刚才试验的是IN方向,现在试验OUT方向
- 清除IN方向配置
R2(config)#router ospf 1
R2(config-router)#no distribute-list 1 in
在R1上做OUT方向分发列表
R1(config)#access-list 1 deny 10.10.10.0
R1(config)#access-list 1 permit any
R1(config)#router ospf 1
R1(config-router)#distribute-list 1 out
这是查看R2路由表
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0
1.0.0.0/24 is subnetted, 1 subnets
O 1.1.1.0 [110/65] via 192.168.12.1, 00:02:18, Serial0/0
10.0.0.0/24 is subnetted, 1 subnets
O 10.10.10.0 [110/65] via 192.168.12.1, 00:02:18, Serial0/0
C 192.168.23.0/24 is directly connected, Serial0/1
- 没有起到效果
- OSPF环境下,用NETWORK直接宣告的路由, OUT方向是没用的。
- 将R1改用重发布的方式看看效果。
- 去除宣告的LOOKBACK路由,
R1(config)#router ospf 1
R1(config-router)#no network 1.1.1.1 0.0.0.0 area 0
R1(config-router)#no network 10.10.10.10 0.0.0.0 area 0
重发布直连引入LOOKBACK路由
R1(config)#router ospf 1
R1(config-router)#redistribute connected subnets
这是再查看R2路由
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.12.0/24 is directly connected, Serial0/0
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/20] via 192.168.12.1, 00:00:30, Serial0/0
C 192.168.23.0/24 is directly connected, Serial0/1
这是就只有一条重发布的路由,10.10.10.0路由被干掉
16.4.6 范例5:OSPF
接着继续去除分发列表命令,去除分发列表
R1(config)#router ospf 1
R1(config-router)#no distribute-list 1 out
在R2上做OUT方向分发列表,阻挡R3获取10信息
R2(config)#router ospf 1
R2(config-router)#distribute-list 1 out
再查看R3路由信息
R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O 192.168.12.0/24 [110/128] via 192.168.23.2, 00:00:01, Serial0/1
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/20] via 192.168.23.2, 00:00:01, Serial0/1
10.0.0.0/24 is subnetted, 1 subnets
O E2 10.10.10.0 [110/20] via 192.168.23.2, 00:00:01, Serial0/1
C 192.168.23.0/24 is directly connected, Serial0/1
R3依旧有信息,没有阻挡成功
所以只有本地始发的外部路由,才可以使用OUT方向的分发列表过滤。
16.4.7 范例6:RIP和OSPF
Out方向除了跟接口外,还可以跟协议
只希望针对从RIP引入进来的路由生效,而不对R2直连的路由生效
16.4.8 范例7:双点双向重分发
用分发列表解决次优路径问题,过滤。
16.5 Prefix-list
标准访问列表不识别掩码,直接导致汇总和明细都被过滤了。
扩展ACL可以匹配掩码
ACL的源和目,前缀+掩码部分;针对掩码/24+反掩码(严格匹配/24)
- 1:抓取特定的独一无二的路由,
- 扩展ACL写法:192.168.1.0 0.0.0.0 255.255.255.255.255 0.0.0.0
汇总:192.168.4.0/22
前22位需要完全一致,掩码需要是/22位,但是之前掩码是24,这时需要加上掩码区间,由于明细都是24位,所以大于24小于24,ge 24 le 24。否则就认为路由的掩码必须是24位的。
禁止指定的汇总路由,然后permit any。