目录
第二章 IS-IS协议特性与配置
实验 2-1 IS-IS 配置实验
实验目标
·掌握IS-IS协议基本配置
·掌握IS-IS协议DIS优先级修改方式
·掌握IS-IS协议网络类型修改方式
·掌握IS-IS协议外部路由引入
·掌握IS-IS接口cost修改方式
·掌握IS-IS路由渗透配置方式
拓扑图
图2-1 IS-IS实验拓扑
场景
使用IS-IS协议作为某网络的IGP,R1和R5运行在49.0002区域Level-2,R2、R3和R4运行在49.0001区域,R4是Level-1路由器,R2和R3作为Level-1-2路由器。要求:R4可以访问R5引入的外部路由;R4连接S5的接口作为DIS;R1和R5之间使用点到点链路;从R4访问R5的上下行流量应该从以太网接口进行转发,可以通过cost和路由渗透进行选路控制;交换机不做额外的配置,仅透明转发。
学习任务
步骤一.IP编址与基本配置
给所有路由器配置IP地址信息。
[R1]interface loopback 0
[R1-LoopBack0]ip address 10.0.1.1 32
[R1-LoopBack0]quit
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.15.1 24
[R1-GigabitEthernet0/0/0]quit
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.0.13.1 24
[R1-GigabitEthernet0/0/1]quit
[R1]interface interface Serial1/0/0
[R1-Serial1/0/0]ip address 10.0.12.1 24
[R1-Serial1/0/0]quit
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 10.0.2.2 32
[R2-LoopBack0]quit
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.0.234.2 24
[R2-GigabitEthernet0/0/0]quit
[R2]interface Serial1/0/0
[R2-Serial1/0/0]ip address 10.0.12.2 24
[R2-Serial1/0/0]quit
[R3]interface LoopBack 0
[R3-LoopBack0]ip address 10.0.3.3 32
[R3-LoopBack0]quit
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ip address 10.0.234.3 24
[R3-GigabitEthernet0/0/0]quit
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]ip address 10.0.13.3 24
[R3-GigabitEthernet0/0/1]quit
[R4]interface LoopBack 0
[R4-LoopBack0]ip address 10.0.4.4 32
[R4-LoopBack0]quit
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]ip address 10.0.234.4 24
[R4-GigabitEthernet0/0/0]quit
[R5]interface LoopBack 0
[R5-LoopBack0]ip address 10.0.5.5 32
[R5-LoopBack0]quit
[R5]interface GigabitEthernet 0/0/0
[R5-GigabitEthernet0/0/0]ip address 10.0.15.5 24
[R5-GigabitEthernet0/0/0]quit
配置完成后,在R1上测试到R2、R3和R5直连接口的连通性。
[R1]ping -c 1 10.0.13.3
PING 10.0.13.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.13.3: bytes=56 Sequence=1 ttl=255 time=1 ms
--- 10.0.13.3 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
[R1]ping -c 1 10.0.12.2
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=26 ms
--- 10.0.12.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 26/26/26 ms
[R1]ping -c 1 10.0.15.5
PING 10.0.15.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.15.5: bytes=56 Sequence=1 ttl=255 time=1 ms
--- 10.0.15.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
测试R4到R2和R3之间直连接口的连通性。
[R4]ping -c 1 10.0.234.2
PING 10.0.234.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.234.2: bytes=56 Sequence=1 ttl=255 time=1 ms
--- 10.0.234.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
[R4]ping -c 1 10.0.234.3
PING 10.0.234.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.234.3: bytes=56 Sequence=1 ttl=255 time=1 ms
--- 10.0.234.3 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
步骤二.IS-IS协议基本配置
按照拓扑设计逐台配置路由器的isis进程,进程号使用1,以R1为例:
由于R1在区域49.0002,使用network-entity 49.0002.0000.0000.0001。
[R1]isis
[R1-isis-1]network-entity 49.0002.0000.0000.0001.00
默认情况下启用IS-IS进程后,路由器工作在Level-1-2模式,按照规划R1应该是L2模式,因此进行修改:
[R1-isis-1]is-level level-2
[R1-isis-1]quit
将相应的接口启用IS-IS,包括LoopBack接口,不指定IS-IS进程号的情况下默认在进程1下启用:
[R1]interface LoopBack 0
[R1-LoopBack0]isis enable
[R1-LoopBack0]quit
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]isis enable
[R1-GigabitEthernet0/0/0]quit
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]isis enable
[R1-GigabitEthernet0/0/1]quit
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]isis enable
[R1-Serial1/0/0]quit
检查IS-IS在接口的启用状况:
[R1]display isis interface
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Loop0 001 Up Down 1500 L1/L2 --
GE0/0/0 001 Up Down 1497 L1/L2 No/No
GE0/0/1 002 Up Down 1497 L1/L2 No/No
S1/0/0 002 Up Down 1500 L1/L2 --
可以看到ISIS(1)共启用了4个接口,在IPV4地址下状态为Up。
用相同的方式配置其他路由器,R2和R3工作在Level-1-2模式,因此不需要修改is-level:
[R2]isis 1
[R2-isis-1]network-entity 49.0001.0000.0000.0002.00
[R2-isis-1]quit
[R2]interface LoopBack 0
[R2-LoopBack0]isis enable
[R2-LoopBack0]quit
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]isis enable
[R2-GigabitEthernet0/0/0]quit
[R2]interface Serial 1/0/0
[R2-Serial1/0/0]isis enable
[R2-Serial1/0/0]quit
在R2上检查IS-IS在接口的启用状况:
[R2]display isis interface
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Loop0 002 Up Down 1500 L1/L2 --
GE0/0/0 001 Up Down 1497 L1/L2 No/No
S1/0/0 001 Up Down 1500 L1/L2 --
在R3上配置IS-IS:
[R3]isis 1
[R3-isis-1]network-entity 49.0001.0000.0000.0003.00
[R3-isis-1]quit
[R3]interface LoopBack 0
[R3-LoopBack0]isis enable
[R3-LoopBack0]quit
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]isis enable
[R3-GigabitEthernet0/0/0]quit
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]isis enable
[R3-GigabitEthernet0/0/1]quit
在R3上检查IS-IS在接口的启用状况:
[R3]display isis interface
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Loop0 001 Up Down 1500 L1/L2 --
GE0/0/0 002 Up Down 1497 L1/L2 No/No
GE0/0/1 001 Up Down 1497 L1/L2 No/No
在R4上配置IS-IS:
[R4]isis 1
[R4-isis-1]network-entity 49.0001.0000.0000.0004.00
[R4-isis-1]is-level level-1
[R4-isis-1]quit
[R4]interface LoopBack 0
[R4-LoopBack0]isis enable
[R4-LoopBack0]quit
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]isis enable
[R4-GigabitEthernet0/0/0]quit
在R4上检查IS-IS在接口的启用状况:
[R4]display isis interface
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Loop0 001 Up Down 1500 L1/L2 --
GE0/0/0 001 Up Down 1497 L1/L2 No/No
在R5上配置IS-IS:
[R5]isis 1
[R5-isis-1]network-entity 49.0002.0000.0000.0005.00
[R5-isis-1]is-level level-2
[R5-isis-1]quit
[R5]interface LoopBack 0
[R5-LoopBack0]isis enable
[R5-LoopBack0]quit
[R5]interface GigabitEthernet 0/0/0
[R5-GigabitEthernet0/0/0]isis enable
[R5-GigabitEthernet0/0/0]quit
在R5上检查IS-IS在接口的启用状况:
[R5]display isis interface
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
Loop0 001 Up Down 1500 L1/L2 --
GE0/0/0 001 Up Down 1497 L1/L2 No/No
配置完成后,观察各设备的邻居状态,以R1为例,应该有3个邻居,分别是R2、R3和R5:
[R1]display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
----------------------------------------------------------------------------
0000.0000.0005 GE0/0/0 0000.0000.0005.01 Up 7s L2 64
0000.0000.0003 GE0/0/1 0000.0000.0001.02 Up 21s L2 64
0000.0000.0002 S1/0/0 0000000001 Up 28s L2 --
Total Peer(s): 3
这里的System Id,类似于其他协议的Router Id,可以看到R2、R3和R5的状态都是Up,邻居状态正常。
继续检查其他设备的邻居状态:
[R2]display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
----------------------------------------------------------------------------
0000.0000.0001 S1/0/0 0000000001 Up 22s L2 --
0000.0000.0003 GE0/0/0 0000.0000.0004.01 Up 24s L1(L1L2) 64
0000.0000.0004 GE0/0/0 0000.0000.0004.01 Up 7s L1 64
0000.0000.0003 GE0/0/0 0000.0000.0002.01 Up 26s L2(L1L2) 64
Total Peer(s): 4
[R3]display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
----------------------------------------------------------------------------
0000.0000.0001 GE0/0/1 0000.0000.0001.02 Up 8s L2 64
0000.0000.0002 GE0/0/0 0000.0000.0004.01 Up 30s L1(L1L2) 64
0000.0000.0004 GE0/0/0 0000.0000.0004.01 Up 7s L1 64
0000.0000.0002 GE0/0/0 0000.0000.0002.01 Up 9s L2(L1L2) 64
Total Peer(s): 4
[R4]display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
----------------------------------------------------------------------------
0000.0000.0003 GE0/0/0 0000.0000.0004.01 Up 29s L1 64
0000.0000.0002 GE0/0/0 0000.0000.0004.01 Up 23s L1 64
Total Peer(s): 2
[R5]display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
----------------------------------------------------------------------------
0000.0000.0001 GE0/0/0 0000.0000.0005.01 Up 29s L2 64
Total Peer(s): 1
步骤三.修改DIS优先级
R2、R3和R4在一个广播网络下建立邻居,因此需要选举DIS,默认情况下,DIS优先级都为64,如果优先级相同MAC地址大的接口将成为DIS,我们希望选举更为清晰,因此通过修改R4的DIS优先级来保证其成为DIS。
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]isis dis-priority 120
[R4-GigabitEthernet0/0/0]quit
[R4]display isis interface
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 Yes/No
Loop0 001 Up Down 1500 L1/L2 –
在R2和R3上查看邻居的DIS优先级:
[R2]display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
----------------------------------------------------------------------------
0000.0000.0001 S1/0/0 0000000001 Up 29s L2 --
0000.0000.0003 GE0/0/0 0000.0000.0004.01 Up 25s L1(L1L2) 64
0000.0000.0004 GE0/0/0 0000.0000.0004.01 Up 8s L1 120
0000.0000.0003 GE0/0/0 0000.0000.0002.01 Up 20s L2(L1L2) 64
Total Peer(s): 4
[R3]display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
----------------------------------------------------------------------------
0000.0000.0001 GE0/0/1 0000.0000.0001.02 Up 8s L2 64
0000.0000.0002 GE0/0/0 0000.0000.0004.01 Up 22s L1(L1L2) 64
0000.0000.0004 GE0/0/0 0000.0000.0004.01 Up 7s L1 120
0000.0000.0002 GE0/0/0 0000.0000.0002.01 Up 8s L2(L1L2) 64
Total Peer(s): 4
步骤四.配置IS-IS网络类型
在广播网络中,IS-IS默认会将接口的circuit-type设置为广播模式,并参与DIS的选举。但在拓扑中R1和R5之间的以太网只有两台路由器,我们可以将这两台路由器之间的互联接口设置为点到点模式,进行优化。
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]isis circuit-type p2p
[R1-GigabitEthernet0/0/0]quit
[R5]interface GigabitEthernet 0/0/0
[R5-GigabitEthernet0/0/0]isis circuit-type p2p
[R5-GigabitEthernet0/0/0]quit
修改circuit-type过程中,邻居会重新建立,检查配置效果,Circuit Id会改变格式,接口的详细信息也会显示p2p,以R1为例:
[R1]display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
----------------------------------------------------------------------------
0000.0000.0005 GE0/0/0 0000000002 Up 22s L2 --
0000.0000.0003 GE0/0/1 0000.0000.0001.02 Up 27s L2 64
0000.0000.0002 S1/0/0 0000000001 Up 22s L2 --
[R1]display isis interface GigabitEthernet 0/0/0 verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 003 Up Down 1497 L1/L2 --
Circuit MT State : Standard
Circuit Parameters : p2p
Description : HUAWEI, AR Series, GigabitEthernet0/0/0 Interface
SNPA Address : d0d0-4b03-d3fc
IP Address : 10.0.15.1
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L12 10
Hello Timer Value : 10
DIS Hello Timer Value :
Hello Multiplier Value : 3
Cost : L1 10 L2 10
Ipv6 Cost : L1 10 L2 10
Retransmit Timer Value : L12 5
LSP-Throttle Timer : L12 50
Bandwidth-Value : Low 100000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
Extended-Circuit-Id Value : 0000000003
步骤五.配置IS-IS外部路由引入
在引入路由之前,先检查当前所有路由的学习情况,R1去往R4的路由呈现负载均衡的状态,数据包将会在GE0/0/1和S1/0/0之间均匀分布:
[R1]display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
----------------------------------------------------------------------------
10.0.4.4/32 20 NULL GE0/0/1 10.0.13.3 A/-/-/-
S1/0/0 10.0.12.2
10.0.5.5/32 10 NULL GE0/0/0 10.0.15.5 A/-/-/-
10.0.12.0/24 10 NULL S1/0/0 Direct D/-/L/-
10.0.13.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.234.0/24 20 NULL S1/0/0 10.0.12.2 A/-/-/-
GE0/0/1 10.0.13.3
10.0.15.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
10.0.2.2/32 10 NULL S1/0/0 10.0.12.2 A/-/-/-
10.0.3.3/32 10 NULL GE0/0/1 10.0.13.3 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[R1]display ip routing-table protocol isis
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : ISIS
Destinations : 5 Routes : 7
ISIS routing table status : <Active>
Destinations : 5 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.2/32 ISIS-L2 15 10 D 10.0.12.2 Serial1/0/0
10.0.3.3/32 ISIS-L2 15 10 D 10.0.13.3 GigabitEthernet0/0/1
10.0.4.4/32 ISIS-L2 15 20 D 10.0.13.3 GigabitEthernet0/0/1
ISIS-L2 15 20 D 10.0.12.2 Serial1/0/0
10.0.5.5/32 ISIS-L2 15 10 D 10.0.15.5 GigabitEthernet0/0/0
10.0.234.0/24 ISIS-L2 15 20 D 10.0.12.2 Serial1/0/0
ISIS-L2 15 20 D 10.0.13.3 GigabitEthernet0/0/1
ISIS routing table status : <Inactive>
Destinations : 0 Routes : 0
因为R2是LEVEL-1-2路由器,因此在两个level生成不同的路由,注意在level1会有默认路由的条目,指向空接口,R3和R2的情况相同:
[R2]display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
----------------------------------------------------------------------------
0.0.0.0/0 10 NULL
10.0.4.4/32 10 NULL GE0/0/0 10.0.234.4 A/-/L/-
10.0.12.0/24 10 NULL S1/0/0 Direct D/-/L/-
10.0.13.0/24 20 NULL GE0/0/0 10.0.234.3 A/-/L/-
10.0.234.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.2.2/32 0 NULL Loop0 Direct D/-/L/-
10.0.3.3/32 10 NULL GE0/0/0 10.0.234.3 A/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
----------------------------------------------------------------------------
10.0.4.4/32 20 NULL
10.0.5.5/32 20 NULL S1/0/0 10.0.12.1 A/-/-/-
10.0.12.0/24 10 NULL S1/0/0 Direct D/-/L/-
10.0.13.0/24 20 NULL
10.0.234.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.15.0/24 20 NULL S1/0/0 10.0.12.1 A/-/-/-
10.0.1.1/32 10 NULL S1/0/0 10.0.12.1 A/-/-/-
10.0.2.2/32 0 NULL Loop0 Direct D/-/L/-
10.0.3.3/32 10 NULL
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[R2]display ip routing-table protocol isis
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : ISIS
Destinations : 6 Routes : 6
ISIS routing table status : <Active>
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 ISIS-L2 15 10 D 10.0.12.1 Serial1/0/0
10.0.3.3/32 ISIS-L1 15 10 D 10.0.234.3 GigabitEthernet0/0/0
10.0.4.4/32 ISIS-L1 15 10 D 10.0.234.4 GigabitEthernet0/0/0
10.0.5.5/32 ISIS-L2 15 20 D 10.0.12.1 Serial1/0/0
10.0.13.0/24 ISIS-L1 5 20 D 10.0.234.3 GigabitEthernet0/0/0
10.0.15.0/24 ISIS-L2 15 20 D 10.0.12.1 Serial1/0/0
ISIS routing table status : <Inactive>
Destinations : 0 Routes : 0
[R3]display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
----------------------------------------------------------------------------
0.0.0.0/0 10 NULL
10.0.4.4/32 10 NULL GE0/0/0 10.0.234.4 A/-/L/-
10.0.12.0/24 20 NULL GE0/0/0 10.0.234.2 A/-/L/-
10.0.13.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.234.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.2.2/32 10 NULL GE0/0/0 10.0.234.2 A/-/L/-
10.0.3.3/32 0 NULL Loop0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
----------------------------------------------------------------------------
10.0.4.4/32 20 NULL
10.0.5.5/32 20 NULL GE0/0/1 10.0.13.1 A/-/-/-
10.0.12.0/24 20 NULL
10.0.13.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.234.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.15.0/24 20 NULL GE0/0/1 10.0.13.1 A/-/-/-
10.0.1.1/32 10 NULL GE0/0/1 10.0.13.1 A/-/-/-
10.0.2.2/32 10 NULL
10.0.3.3/32 0 NULL Loop0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[R3]display ip routing-table protocol isis
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : ISIS
Destinations : 6 Routes : 6
ISIS routing table status : <Active>
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 ISIS-L2 15 10 D 10.0.13.1 GigabitEthernet0/0/1
10.0.2.2/32 ISIS-L1 15 10 D 10.0.234.2 GigabitEthernet0/0/0
10.0.4.4/32 ISIS-L1 15 10 D 10.0.234.4 GigabitEthernet0/0/0
10.0.5.5/32 ISIS-L2 15 20 D 10.0.13.1 GigabitEthernet0/0/1
10.0.12.0/24 ISIS-L1 15 20 D 10.0.234.2 GigabitEthernet0/0/0
10.0.15.0/24 ISIS-L2 15 20 D 10.0.13.1 GigabitEthernet0/0/1
ISIS routing table status : <Inactive>
Destinations : 0 Routes : 0
由于R4是L1路由器,只能和同区域的L1或者LEVEL-1-2路由器建立邻居,并且默认情况下L1路由器无法学到L2的路由信息,只能够通过默认路由访问外部,R4可以看到两条默认路由指向R2和R3,呈现负载均衡。
[R4]display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
----------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.234.3 A/-/-/-
GE0/0/0 10.0.234.2
10.0.4.4/32 0 NULL Loop0 Direct D/-/L/-
10.0.12.0/24 20 NULL GE0/0/0 10.0.234.2 A/-/-/-
10.0.13.0/24 20 NULL GE0/0/0 10.0.234.3 A/-/-/-
10.0.234.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.2.2/32 10 NULL GE0/0/0 10.0.234.2 A/-/-/-
10.0.3.3/3 10 NULL GE0/0/0 10.0.234.3 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[R4]display ip routing protocol isis
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : ISIS
Destinations : 5 Routes : 6
ISIS routing table status : <Active>
Destinations : 5 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 ISIS-L1 15 10 D 10.0.234.3 GigabitEthernet0/0/0
ISIS-L1 15 10 D 10.0.234.2 GigabitEthernet0/0/0
10.0.2.2/32 ISIS-L1 15 10 D 10.0.234.2 GigabitEthernet0/0/0
10.0.3.3/32 ISIS-L1 15 10 D 10.0.234.3 GigabitEthernet0/0/0
10.0.12.0/24 ISIS-L1 15 20 D 10.0.234.2 GigabitEthernet0/0/0
10.0.13.0/24 ISIS-L1 15 20 D 10.0.234.3 GigabitEthernet0/0/0
ISIS routing table status : <Inactive>
Destinations : 0 Routes : 0
R5在引入外部路由前,路由学习情况:
[R5]display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
10.0.4.4/32 30 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.5.5/32 0 NULL Loop0 Direct D/-/L/-
10.0.12.0/24 20 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.13.0/24 20 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.234.0/24 30 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.15.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 10 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.2.2/32 20 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.3.3/32 20 NULL GE0/0/0 10.0.15.1 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[R5]display ip routing-table protocol isis
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : ISIS
Destinations : 7 Routes : 7
ISIS routing table status : <Active>
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 ISIS-L2 15 10 D 10.0.15.1 GigabitEthernet0/0/0
10.0.2.2/32 ISIS-L2 15 20 D 10.0.15.1 GigabitEthernet0/0/0
10.0.3.3/32 ISIS-L2 15 20 D 10.0.15.1 GigabitEthernet0/0/0
10.0.4.4/32 ISIS-L2 15 30 D 10.0.15.1 GigabitEthernet0/0/0
10.0.12.0/24 ISIS-L2 15 20 D 10.0.15.1 GigabitEthernet0/0/0
10.0.13.0/24 ISIS-L2 15 20 D 10.0.15.1 GigabitEthernet0/0/0
10.0.234.0/24 ISIS-L2 15 30 D 10.0.15.1 GigabitEthernet0/0/0
ISIS routing table status : <Inactive>
Destinations : 0 Routes : 0
在R5上创建新的LoopBack口,并引入到isis进程:
[R5]interface LoopBack 1
[R5-LoopBack1]ip address 192.168.1.1 24
[R5-LoopBack1]quit
[R5]interface LoopBack 2
[R5-LoopBack2]ip address 192.168.2.1 24
[R5-LoopBack2]quit
[R5]interface LoopBack 3
[R5-LoopBack3]ip address 192.168.3.1 24
[R5-LoopBack3]quit
[R5]isis
[R5-isis-1]import-route direct level-2
[R5-isis-1]quit
在R5上直连路由引入level-2,查看效果:
[R5]display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
----------------------------------------------------------------------------
10.0.4.4/32 30 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.5.5/32 0 NULL Loop0 Direct D/-/L/-
10.0.12.0/24 20 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.13.0/24 20 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.234.0/24 30 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.15.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 10 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.2.2/32 20 NULL GE0/0/0 10.0.15.1 A/-/-/-
10.0.3.3/32 20 NULL GE0/0/0 10.0.15.1 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-2 Redistribute Table
----------------------------------
Type IPV4 Destination IntCost ExtCost Tag
----------------------------------------------------------------------------
D 192.168.1.0/24 0 0
D 192.168.2.0/24 0 0
D 192.168.3.0/24 0 0
Type: D-Direct, I-ISIS, S-Static, O-OSPF, B-BGP, R-RIP, U-UNR
此时在R4上再次查看路由表,发现并没有变化,原因是在默认情况下,L2路由不会渗透进入L1路由器,但通过默认路由,R4可访问 192.168.1.0/24、192.168.2.0/24和192.168.3.0/24。
[R4]display ip routing-table protocol isis
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : ISIS
Destinations : 5 Routes : 6
ISIS routing table status : <Active>
Destinations : 5 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 ISIS-L1 15 10 D 10.0.234.3 GigabitEthernet0/0/0
ISIS-L1 15 10 D 10.0.234.2 GigabitEthernet0/0/0
10.0.2.2/32 ISIS-L1 15 10 D 10.0.234.2 GigabitEthernet0/0/0
10.0.3.3/32 ISIS-L1 15 10 D 10.0.234.3 GigabitEthernet0/0/0
10.0.12.0/24 ISIS-L1 15 20 D 10.0.234.2 GigabitEthernet0/0/0
10.0.13.0/24 ISIS-L1 15 20 D 10.0.234.3 GigabitEthernet0/0/0
ISIS routing table status : <Inactive>
Destinations : 0 Routes : 0
[R4]ping -c 1 192.168.1.1
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=253 time=14 ms
--- 192.168.1.1 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 14/14/14 ms
[R4]ping -c 1 192.168.2.1
PING 192.168.2.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=253 time=13 ms
--- 192.168.2.1 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 13/13/13 ms
[R4]ping -c 1 192.168.3.1
PING 192.168.3.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.3.1: bytes=56 Sequence=1 ttl=253 time=1 ms
--- 192.168.3.1 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms
步骤六.修改IS-IS接口Cost值
默认情况下,IS-IS接口cost值为10,不会基于带宽自动计算,对于R1来说,去往R4的流量会在R2和R3上负载均衡,但由于R1和R2之间使用Series接口,带宽较小,容易出现瓶颈,因此可以通过修改相应的cost值来控制R1的选路。
增大出口的cost值:
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]isis cost 15
[R1-Serial1/0/0]quit
[R1]display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
----------------------------------------------------------------------------
10.0.4.4/32 20 NULL GE0/0/1 10.0.13.3 A/-/-/-
10.0.5.5/32 10 NULL GE0/0/0 10.0.15.5 A/-/-/-
192.168.1.0/24 10 0 GE0/0/0 10.0.15.5 A/-/-/-
10.0.12.0/24 15 NULL S1/0/0 Direct D/-/L/-
192.168.2.0/24 10 0 GE0/0/0 10.0.15.5 A/-/-/-
10.0.13.0/24 10 NULL GE0/0/1 Direct D/-/L/-
192.168.3.0/24 10 0 GE0/0/0 10.0.15.5 A/-/-/-
10.0.234.0/24 20 NULL GE0/0/1 10.0.13.3 A/-/-/-
10.0.15.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
10.0.2.2/32 15 NULL S1/0/0 10.0.12.2 A/-/-/-
10.0.3.3/32 10 NULL GE0/0/1 10.0.13.3 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
可以看到在R1上负载均衡已经消失,去往R4的流量将从以太网接口转发。
步骤七.配置IS-IS路由渗透
观察R4的数据转发,由于R4对Level-2网络状况一无所知,因此使用负载均衡转发数据到R2和R3,如果我们希望R4不使用R2到R1之间的链路,可以通过路由渗透将Level-2的路由引入到Level-1中,通过路由最长匹配选路,从R3转发去往R5的数据包。
测试tracert之前,需要在R5上开启端口不可达的响应,默认是关闭的,如果不开启,则最后一跳会超时。
在开启前:
[R4]tracert 192.168.1.1
traceroute to 192.168.1.1(192.168.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.0.234.2 2 ms 10.0.234.3 2 ms 10.0.234.2 2 ms
2 10.0.13.1 11 ms 10.0.12.1 9 ms 10.0.13.1 11 ms
3 * * *
在R5上开启后:
[R5]icmp port-unreachable send
[R4]tracert 192.168.1.1
traceroute to 192.168.1.1(192.168.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.0.234.2 2 ms 10.0.234.3 2 ms 10.0.234.2 2 ms
2 10.0.13.1 2 ms 10.0.12.1 9 ms 10.0.13.1 1 ms
3 192.168.1.1 8 ms 1 ms 9 ms
可以看到每次发出的tracert包会在两个下一跳地址负载均衡到达R5,此时我们在R3开启路由渗透,使得R3为更优的下一跳:
[R3]isis
[R3-isis-1]import-route isis level-2 into level-1
[R3-isis-1]quit
[R4]display isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
----------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.234.3 A/-/-/-
GE0/0/0 10.0.234.2
10.0.4.4/32 0 NULL Loop0 Direct D/-/L/-
10.0.5.5/32 30 NULL GE0/0/0 10.0.234.3 A/-/-/U
192.168.1.0/24 10 20 GE0/0/0 10.0.234.3 A/-/-/U
10.0.12.0/24 20 NULL GE0/0/0 10.0.234.2 A/-/-/-
192.168.2.0/24 10 20 GE0/0/0 10.0.234.3 A/-/-/U
10.0.13.0/24 20 NULL GE0/0/0 10.0.234 A/-/-/-
192.168.3.0/24 10 20 GE0/0/0 10.0.234.3 A/-/-/U
10.0.234.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.15.0/24 30 NULL GE0/0/0 10.0.234.3 A/-/-/U
10.0.1.1/32 20 NULL GE0/0/0 10.0.234.3 A/-/-/U
10.0.2.2/32 10 NULL GE0/0/0 10.0.234.2 A/-/-/-
10.0.3.3/32 10 NULL GE0/0/0 10.0.234.3 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[R4]display ip routing-table protocol isis
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : ISIS
Destinations : 11 Routes : 12
ISIS routing table status : <Active>
Destinations : 11 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 ISIS-L1 15 10 D 10.0.234.3 GigabitEthernet0/0/0
ISIS-L1 15 10 D 10.0.234.2 GigabitEthernet0/0/0
10.0.1.1/32 ISIS-L1 15 20 D 10.0.234.3 GigabitEthernet0/0/0
10.0.2.2/32 ISIS-L1 15 10 D 10.0.234.2 GigabitEthernet0/0/0
10.0.3.3/32 ISIS-L1 15 10 D 10.0.234.3 GigabitEthernet0/0/0
10.0.5.5/32 ISIS-L1 15 30 D 10.0.234.3 GigabitEthernet0/0/0
10.0.12.0/24 ISIS-L1 15 20 D 10.0.234.2 GigabitEthernet0/0/0
10.0.13.0/24 ISIS-L1 15 20 D 10.0.234.3 GigabitEthernet0/0/0
10.0.15.0/24 ISIS-L1 15 30 D 10.0.234.3 GigabitEthernet0/0/0
192.168.1.0/24 ISIS-L1 15 94 D 10.0.234.3 GigabitEthernet0/0/0
192.168.2.0/24 ISIS-L1 15 94 D 10.0.234.3 GigabitEthernet0/0/0
192.168.3.0/24 ISIS-L1 15 94 D 10.0.234.3 GigabitEthernet0/0/0
ISIS routing table status : <Inactive>
Destinations : 0 Routes : 0
[R4]tracert 192.168.1.1
traceroute to 192.168.1.1(192.168.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.0.234.3 2 ms 1 ms 1 ms
2 10.0.13.1 2 ms 2 ms 2 ms
3 192.168.1.1 1 ms 1 ms 2 ms
最终,通过tracert测试验证了路由渗透对IS-IS选路效果的影响。
配置文件参考
<R1>display current-configuration
[V200R007C00SPC600]
#
sysname R1
#
isis 1
is-level level-2
network-entity 49.0002.0000.0000.0001.00
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.12.1 255.255.255.0
isis enable 1
isis cost 15
#
interface GigabitEthernet0/0/0
ip address 10.0.15.1 255.255.255.0
isis enable 1
isis circuit-type p2p
#
interface GigabitEthernet0/0/1
ip address 10.0.13.1 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
isis enable 1
#
return
<R2>display current-configuration
[V200R007C00SPC600]
#
sysname R2
#
isis 1
network-entity 49.0001.0000.0000.0002.00
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.12.2 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/0
ip address 10.0.234.2 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
isis enable 1
#
return
<R3>display current-configuration
[V200R007C00SPC600]
#
sysname R3
#
isis 1
network-entity 49.0001.0000.0000.0003.00
import-route isis level-2 into level-1
#
interface GigabitEthernet0/0/0
ip address 10.0.234.3 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/1
ip address 10.0.13.3 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
isis enable 1
#
return
<R4>display current-configuration
[V200R007C00SPC600]
#
sysname R4
#
isis 1
is-level level-1
network-entity 49.0001.0000.0000.0004.00
#
interface GigabitEthernet0/0/0
ip address 10.0.234.4 255.255.255.0
isis enable 1
isis dis-priority 120
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
isis enable 1
#
return
<R5>display current-configuration
[V200R007C00SPC600]
#
sysname R5
#
icmp port-unreachable send
#
isis 1
is-level level-2
network-entity 49.0002.0000.0000.0005.00
import-route direct
#
interface GigabitEthernet0/0/0
ip address 10.0.15.5 255.255.255.0
isis enable 1
isis circuit-type p2p
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.255
isis enable 1
#
interface LoopBack1
ip address 192.168.1.1 255.255.255.0
#
interface LoopBack2
ip address 192.168.2.1 255.255.255.0
#
interface LoopBack3
ip address 192.168.3.1 255.255.255.0
#
return