目录
步骤四.使用Route-policy过滤路由信息避免路由环路
步骤五.使用Route-policy修改路由优先级避免路由环路
第四章 路由控制
实验 4-1 路由引入与路由控制
学习目的
·掌握OSPF与ISIS相互路由引入的配置方法
·掌握通过地址前缀列表过滤路由信息的配置方法
·掌握通过Route-policy过滤路由信息的配置方法
拓扑图
图4-1 路由引入与路由控制
场景
你是你们公司的网络管理员。公司网络中有两部分路由区域,一部分运行OSPF,另外一部分运行RIP。为了实现网络互通,你需要配置路由相互引入。在典型的双点双向路由引入中,会出现一些问题。为了解决这些问题,避免可能出现的路由环路和次优路径的产生,现在你需要使用到前缀列表和路由策略对路由进行控制。
学习任务
步骤一.基础配置与IP编址
给所有路由器配置物理接口以及Loopback接口的IP地址和掩码。注意各Loopback 0接口均使用32位掩码。
<R1>system-view
Enter system view, return user view with Ctrl+Z.
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ip address 10.0.12.1 255.255.255.0
[R1-Serial1/0/0]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.0.15.1 255.255.255.0
[R1-GigabitEthernet0/0/0]interface Serial 3/0/0
[R1-Serial3/0/0]ip address 10.0.14.1 255.255.255.0
[R1-Serial3/0/0]interface LoopBack 0
[R1-LoopBack0]ip address 10.0.1.1 255.255.255.255
<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]interface Serial 1/0/0
[R2-Serial1/0/0]ip address 10.0.12.2 255.255.255.0
[R2-Serial1/0/0]interface Serial 2/0/0
[R2-Serial2/0/0]ip address 10.0.23.2 255.255.255.0
[R2-Serial2/0/0]interface LoopBack 0
[R2-LoopBack0]ip add 10.0.2.2 255.255.255.255
<R3>system-view
Enter system view, return user view with Ctrl+Z.
[R3]interface Serial 2/0/0
[R3-Serial2/0/0]ip address 10.0.23.3 255.255.255.0
[R3-Serial2/0/0]interface Serial 3/0/0
[R3-Serial3/0/0]ip address 10.0.35.3 255.255.255.0
[R3-Serial3/0/0]interface LoopBack 0
[R3-LoopBack0]ip address 10.0.3.3 255.255.255.255
<R4>system-view
Enter system view, return user view with Ctrl+Z.
[R4]interface Serial 1/0/0
[R4-Serial1/0/0]ip address 10.0.14.4 255.255.255.0
[R4-Serial1/0/0]interface LoopBack 0
[R4-LoopBack0]ip address 10.0.4.4 255.255.255.255
<R5>system-view
Enter system view, return user view with Ctrl+Z.
[R5]interface Serial 1/0/0
[R5-Serial1/0/0]ip address 10.0.35.5 255.255.255.0
[R5-Serial1/0/0]interface GigabitEthernet 0/0/0
[R5-GigabitEthernet0/0/0]ip address 10.0.15.5 255.255.255.0
[R5-GigabitEthernet0/0/0]interface LoopBack 0
[R5-LoopBack0]ip address 10.0.5.5 255.255.255.255
配置完成后,测试直连链路的连通性。
[R1]ping -c 1 10.0.12.2
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=38 ms
--- 10.0.12.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 38/38/38 ms
[R1]ping -c 1 10.0.15.5
PING 10.0.15.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.15.5: bytes=56 Sequence=1 ttl=255 time=12 ms
--- 10.0.15.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 12/12/12 ms
[R1]ping -c 1 10.0.14.4
PING 10.0.14.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.14.4: bytes=56 Sequence=1 ttl=255 time=33 ms
--- 10.0.14.4 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 33/33/33 ms
[R2]ping -c 1 10.0.23.3
PING 10.0.23.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.23.3: bytes=56 Sequence=1 ttl=255 time=34 ms
--- 10.0.23.3 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/34/34 ms
[R3]ping -c 1 10.0.35.5
PING 10.0.35.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.35.5: bytes=56 Sequence=1 ttl=255 time=39 ms
--- 10.0.35.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 39/39/39 ms
步骤二.配置IGP
在R1,R2,R4,R5上运行OSPF,所有设备属于区域0。
配置R1的S1/0/0,S3/0/0,G0/0/0和Loopback0连接的网段运行OSPF,
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.0.12.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.0.15.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.0.14.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.0.1.1 0.0.0.0
配置R2的S1/0/0连接的网段运行OSPF。
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.0.12.2 0.0.0.0
配置R4的S1/0/0和Loopback 0连接的网段运行OSPF。
[R4]ospf 1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 10.0.14.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0]network 10.0.4.4 0.0.0.0
配置R5的G0/0/0连接的网段运行OSPF。
[R5]ospf 1
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 10.0.15.5 0.0.0.0
检查是否学习到其他设备上的Loopback0接口连接网段的路由。
[R1]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.4.4/32 OSPF 10 1562 D 10.0.14.4 Serial3/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.1 Serial1/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.12.2/32 Direct 0 0 D 10.0.12.2 Serial1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.14.0/24 Direct 0 0 D 10.0.14.1 Serial3/0/0
10.0.14.1/32 Direct 0 0 D 127.0.0.1 Serial3/0/0
10.0.14.4/32 Direct 0 0 D 10.0.14.4 Serial3/0/0
10.0.14.255/32 Direct 0 0 D 127.0.0.1 Serial3/0/0
10.0.15.0/24 Direct 0 0 D 10.0.15.1 GigabitEthernet0/0/0
10.0.15.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.15.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 OSPF 10 1562 D 10.0.12.1 Serial1/0/0
10.0.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.4.4/32 OSPF 10 3124 D 10.0.12.1 Serial1/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.2 Serial1/0/0
10.0.12.1/32 Direct 0 0 D 10.0.12.1 Serial1/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.14.0/24 OSPF 10 3124 D 10.0.12.1 Serial1/0/0
10.0.15.0/24 OSPF 10 1563 D 10.0.12.1 Serial1/0/0
10.0.23.0/24 Direct 0 0 D 10.0.23.2 Serial2/0/0
10.0.23.2/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
10.0.23.3/32 Direct 0 0 D 10.0.23.3 Serial2/0/0
10.0.23.255/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
[R4]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 OSPF 10 1562 D 10.0.14.1 Serial1/0/0
10.0.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 OSPF 10 3124 D 10.0.14.1 Serial1/0/0
10.0.14.0/24 Direct 0 0 D 10.0.14.4 Serial1/0/0
10.0.14.1/32 Direct 0 0 D 10.0.14.1 Serial1/0/0
10.0.14.4/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.14.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.15.0/24 OSPF 10 1563 D 10.0.14.1 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
[R5]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 OSPF 10 1 D 10.0.15.1 GigabitEthernet0/0/0
10.0.4.4/32 OSPF 10 1563 D 10.0.15.1 LoopBack0
10.0.5.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.12.0/24 OSPF 10 1563 D 10.0.15.1 GigabitEthernet0/0/0
10.0.14.0/24 OSPF 10 1563 D 10.0.15.1 GigabitEthernet0/0/0
10.0.15.0/24 Direct 0 0 D 10.0.15.5 GigabitEthernet0/0/0
10.0.15.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.15.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.35.0/24 Direct 0 0 D 10.0.35.5 Serial1/0/0
10.0.35.3/32 Direct 0 0 D 10.0.35.3 Serial1/0/0
10.0.35.5/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.35.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32Direct 0 0 D 127.0.0.1 InLoopBack0
在R2,R3,R5上配置RIP。
R2的S2/0/0和Loopback0连接的网段运行ISIS,
[R2]isis 1
[R2-isis-1]network-entity 49.0001.0000.0000.0002.00
[R2-isis-1]is-level level-2
[R2-isis-1]interface serial2/0/0
[R2-Serial2/0/0]isis enable 1
[R2]interface loopback0
[R2-LoopBack0]isis enable 1
R3的S2/0/0,S3/0/0和Loopback0连接的网段运行ISIS,
[R3]rip
[R3-rip-1]version 2
[R3-rip-1]network 10.0.0.0
[R3-rip-1]quit
[R3]isis 1
[R3-isis-1]network-entity 49.0001.0000.0000.0003.00
[R3-isis-1]is-level level-2
[R3-isis-1]interface serial2/0/0
[R3-Serial2/0/0]isis enable 1
[R3-Serial2/0/0]interface serial3/0/0
[R3-Serial3/0/0]isis enable 1
[R3-Serial3/0/0]interface loopback0
[R3-LoopBack0]isis enable 1
R5的S1/0/0和Loopback0连接的网段运行ISIS,
[R5]isis 1
[R5-isis-1]network-entity 49.0001.0000.0000.0005.00
[R5-isis-1]is-level level-2
[R5-isis-1]interface serial1/0/0
[R5-Serial1/0/0]isis enable 1
[R5-Serial1/0/0]interface loopback 0
[R5-LoopBack0]isis enable 1
检查是否学习到其他设备上的Loopback0地址。
[R2]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 20 Routes : 20
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 OSPF 10 48 D 10.0.12.1 Serial1/0/0
10.0.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.3.3/32 ISIS-L2 15 10 D 10.0.23.3 Serial2/0/0
10.0.4.4/32 OSPF 10 96 D 10.0.12.1 Serial1/0/0
10.0.5.5/32 ISIS-L2 15 20 D 10.0.23.3 Serial2/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.2 Serial1/0/0
10.0.12.1/32 Direct 0 0 D 10.0.12.1 Serial1/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.14.0/24 OSPF 10 96 D 10.0.12.1 Serial1/0/0
10.0.15.0/24 OSPF 10 49 D 10.0.12.1 Serial1/0/0
10.0.23.0/24 Direct 0 0 D 10.0.23.2 Serial2/0/0
10.0.23.2/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
10.0.23.3/32 Direct 0 0 D 10.0.23.3 Serial2/0/0
10.0.23.255/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
10.0.35.0/24 ISIS-L2 15 20 D 10.0.23.3 Serial2/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R3]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.2/32 ISIS-L2 15 10 D 10.0.23.2 Serial2/0/0
10.0.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.5.5/32 ISIS-L2 15 10 D 10.0.35.5 Serial3/0/0
10.0.23.0/24 Direct 0 0 D 10.0.23.3 Serial2/0/0
10.0.23.2/32 Direct 0 0 D 10.0.23.2 Serial2/0/0
10.0.23.3/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
10.0.23.255/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
10.0.35.0/24 Direct 0 0 D 10.0.35.3 Serial3/0/0
10.0.35.3/32 Direct 0 0 D 127.0.0.1 Serial3/0/0
10.0.35.5/32 Direct 0 0 D 10.0.35.5 Serial3/0/0
10.0.35.255/32 Direct 0 0 D 127.0.0.1 Serial3/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R5]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 19 Routes : 19
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 OSPF 10 1 D 10.0.15.1 GigabitEthernet0/0/0
10.0.2.2/32 ISIS-L2 15 20 D 10.0.35.3 Serial1/0/0
10.0.3.3/32 ISIS-L2 15 10 D 10.0.35.3 Serial1/0/0
10.0.4.4/32 OSPF 10 49 D 10.0.15.1 GigabitEthernet0/0/0
10.0.5.5/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 OSPF 0 49 D 10.0.15.1 GigabitEthernet0/0/0
10.0.14.0/24 OSPF 10 49 D 10.0.15.1 GigabitEthernet0/0/0
10.0.15.0/24 Direct 0 0 D 10.0.15.5 GigabitEthernet0/0/0
10.0.15.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.15.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.23.0/24 ISIS-L2 15 20 D 10.0.35.3 Serial1/0/0
10.0.35.0/24 Direct 0 0 D 10.0.35.5 Serial1/0/0
10.0.35.3/32 Direct 0 0 D 10.0.35.3 Serial1/0/0
10.0.35.5/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.35.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
步骤三.配置前缀列表过滤路由信息
在R1上创建静态路由1.1.1.1/32,1.1.1.0/24,1.1.1.0/25,1.1.0.0/16,1.0.0.0/8分别指向NULL 0接口。并使用import-route static命令将这些路由引入OSPF中。
[R1]ip route-static 1.1.1.1 255.255.255.255 NULL 0
[R1]ip route-static 1.1.1.0 255.255.255.0 NULL 0
[R1]ip route-static 1.1.1.0 255.255.255.128 NULL 0
[R1]ip route-static 1.1.0.0 255.255.0.0 NULL 0
[R1]ip route-static 1.0.0.0 255.0.0.0 NULL 0
[R1]ospf 1
[R1-ospf-1]import-route static
在R4上检查是否接收到R1上添加的这几条静态路由。
[R4]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.0.0.0/8 O_ASE 150 1 D 10.0.14.1 Serial1/0/0
1.1.0.0/16 O_ASE 150 1 D 10.0.14.1 Serial1/0/0
1.1.1.0/24 O_ASE 150 1 D 10.0.14.1 Serial1/0/0
1.1.1.0/25 O_ASE 150 1 D 10.0.14.1 Serial1/0/0
1.1.1.1/32 O_ASE 150 1 D 10.0.14.1 Serial1/0/0
10.0.1.1/32 OSPF 10 1562 D 10.0.14.1 Serial1/0/0
10.0.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 OSPF 10 3124 D 10.0.14.1 Serial1/0/0
10.0.14.0/24 Direct 0 0 D 10.0.14.4 Serial1/0/0
10.0.14.1/32 Direct 0 0 D 10.0.14.1 Serial1/0/0
10.0.14.4/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.14.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.15.0/24 OSPF 10 1563 D 10.0.14.1 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
在R1上配置前缀列表pref_r1,匹配路由1.1.1.0/24。
[R1]ip ip-prefix pref_r1 index 10 permit 1.1.1.0 24 greater-equal 24 less-equal 24
创建路由策略policy_r1,调用前缀列表pref_r1,控制R1上引入的静态路由信息。
[R1]route-policy policy_r1 permit node 10
[R1-route-policy]if-match ip-prefix pref_r1
[R1-route-policy]quit
[R1]ospf
[R1-ospf-1]import-route static route-policy policy_r1
[R1-ospf-1]quit
在R4上查看路由表。
[R4]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 O_ASE 150 1 D 10.0.14.1 Serial1/0/0
10.0.1.1/32 OSPF 10 1562 D 10.0.14.1 Serial1/0/0
10.0.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 OSPF 10 3124 D 10.0.14.1 Serial1/0/0
10.0.14.0/24 Direct 0 0 D 10.0.14.4 Serial1/0/0
10.0.14.1/32 Direct 0 0 D 10.0.14.1 Serial1/0/0
10.0.14.4/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.14.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.15.0/24 OSPF 10 1563 D 10.0.14.1 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
步骤四.使用Route-policy过滤路由信息避免路由环路
在R4上创建Loopback1,地址为10.1.4.4/24,使用import-route direct命令引入OSPF中。
[R4]interface LoopBack 1
[R4-LoopBack1]ip address 10.1.4.4 255.255.255.0
[R4-LoopBack1]quit
[R4]ospf 1
[R4-ospf-1]import-route direct
[R4-ospf-1]quit
在R2上将OSPF引入到ISIS 中,在R5上将ISIS引入到OSPF中。
[R2]rip
[R2-rip-1]import-route ospf
[R2]isis 1
[R2-isis-1]import-route ospf
[R2-rip-1]quit
[R5]ospf 1
[R5-ospf-1]import-route rip
[R5-rip-1]quit
在R1上测试到10.1.4.4的连通性。
[R1]ping 10.1.4.4
PING 10.1.4.4: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.1.4.4 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
发现不通,查看R1路由表。
[R1]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 28 Routes : 28
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.0.0.0/8 Static 60 0 D 0.0.0.0 NULL0
1.1.0.0/16 Static 60 0 D 0.0.0.0 NULL0
1.1.1.0/24 Static 60 0 D 0.0.0.0 NULL0
1.1.1.0/25 Static 60 0 D 0.0.0.0 NULL0
1.1.1.1/32 Static 60 0 D 0.0.0.0 NULL0
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.2/32 O_ASE 150 1 D 10.0.15.5 GigabitEthernet0/0/0
10.0.3.3/32 O_ASE 150 1 D 10.0.15.5 GigabitEthernet0/0/0
10.0.4.4/32 OSPF 10 1562 D 10.0.14.4 Serial3/0/0
10.0.5.5/32 O_ASE 150 1 D 10.0.15.5 GigabitEthernet0/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.1 Serial1/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.12.2/32 Direct 0 0 D 10.0.12.2 Serial1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.14.0/24 Direct 0 0 D 10.0.14.1 Serial3/0/0
10.0.14.1/32 Direct 0 0 D 127.0.0.1 Serial3/0/0
10.0.14.4/32 Direct 0 0 D 10.0.14.4 Serial3/0/0
10.0.14.255/32 Direct 0 0 D 127.0.0.1 Serial3/0/0
10.0.15.0/24 Direct 0 0 D 10.0.15.1 GigabitEthernet0/0/0
10.0.15.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.15.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.23.0/24 O_ASE 150 1 D 10.0.15.5 GigabitEthernet0/0/0
10.0.35.0/24 O_ASE 150 1 D 10.0.15.5 GigabitEthernet0/0/0
10.1.4.0/24 O_ASE 150 1 D 10.0.15.5 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
此时R1上路由10.1.4.0/24的下一跳是R5。
再分别查看R2,R3,R5上路由表中的10.1.4.0/24这条路由。
[R2]display ip routing-table 10.1.4.0
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.4.0/24 O_ASE 150 1 D 10.0.12.1 Serial1/0/0
[R3]display ip routing-table 10.1.4.0
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.4.0/24 ISIS-L2 15 74 D 10.0.23.2 Serial2/0/0
[R5]display ip routing-table 10.1.4.0
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.4.0/24 ISIS-L2 15 84 D 10.0.35.3 Serial1/0/0
在R1上使用tracert命令查看到地址10.1.4.4的路径。
[R1]tracert 10.1.4.4
traceroute to 10.1.4.4(10.1.4.4), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.0.15.5 61 ms 2 ms 2 ms
2 10.0.35.3 29 ms 28 ms 29 ms
3 10.0.23.2 31 ms 36 ms 36 ms
4 10.0.12.1 34 ms 36 ms 36 ms
5 10.0.15.5 34 ms 37 ms 37 ms
6 10.0.35.3 55 ms 59 ms 59 ms
7 10.0.23.2 60 ms 66 ms 66 ms
8 10.0.12.1 63 ms 66 ms 66 ms
9 10.0.15.5 65 ms 67 ms 67 ms
此时发现环路。
原因是配置了路由引入后,R5既可以在ISIS域中学习到10.1.4.0/24,也可以在OSPF域中学习到这条路由。
由于ISIS的路由优先级比OSPF外部路由的优先级高,从而导致R5使用了从ISIS域中学习到的路由。
R1能同时从R5和R4学习到这条路由。对于这两条外部路由,同是OSPF外部路由,所以比较二者的cost值。由于R1连接R5的是千兆链路,优于R1连接R4的串行链路,使R1选择使用从R5学习的路由,最终导致环路。
在R5上使用路由策略policy_r5,给路由10.1.4.0/24打上标记100。
[R5]acl number 2001
[R5-acl-basic-2001]rule 0 permit source 10.1.4.0 0.0.0.255
[R5-acl-basic-2001]quit
[R5]route-policy add_tag permit node 10
[R5-route-policy]if-match acl 2001
[R5-route-policy]apply tag 100
[R5-route-policy]quit
[R5]route-policy add_tag permit node 20
[R5-route-policy]quit
[R5]ospf 1
[R5-ospf-1]import-route rip route-policy add_tag
[R5-ospf-1]quit
在R1上查看OSPF路由信息。
[R1]display ospf routing
OSPF Process 1 with Router ID 10.0.12.1
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
10.0.1.1/32 0 Stub 10.0.1.1 10.0.12.1 0.0.0.0
10.0.12.0/24 1562 Stub 10.0.12.1 10.0.12.1 0.0.0.0
10.0.14.0/24 1562 Stub 10.0.14.1 10.0.12.1 0.0.0.0
10.0.15.0/24 1 Transit 10.0.15.1 10.0.12.1 0.0.0.0
10.0.4.4/32 1562 Stub 10.0.14.4 10.0.14.4 0.0.0.0
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
1.1.1.0/24 1 Type2 1 10.0.15.5 10.0.35.5
10.0.2.2/32 1 Type2 1 10.0.15.5 10.0.35.5
10.0.3.3/32 1 Type2 1 10.0.15.5 10.0.35.5
10.0.5.5/32 1 Type2 1 10.0.15.5 10.0.35.5
10.0.14.1/32 1 Type2 1 10.0.15.5 10.0.35.5
10.0.23.0/24 1 Type2 1 10.0.15.5 10.0.35.5
10.0.35.0/24 1 Type2 1 10.0.15.5 10.0.35.5
10.1.4.0/24 1 Type2 100 10.0.15.5 10.0.35.5
Total Nets: 13
Intra Area: 5 Inter Area: 0 ASE: 8 NSSA: 0
在R1上发现携带标记100的10.1.4.0/24路由,再次R1验证是从R5获得这条路由。
为了解决环路问题,在R5上向OSPF引入ISIS路由时,过滤掉路由10.1.4.0/24即可。
在R5上配置路由策略route_delete,控制向OSPF引入的RIP路由。
[R5]route-policy route_delete deny node 10
[R5-route-policy]if-match acl 2001
[R5-route-policy]quit
[R5]route-policy route_delete permit node 20
[R5-route-policy]quit
[R5]ospf 1
[R5-ospf-1]import-route rip route-policy route_delete
[R5-ospf-1]quit
在R1上查看路由表,
[R1]display ip routing-table
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Tables: Public
Destinations : 28 Routes : 28
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.0.0.0/8 Static 60 0 D 0.0.0.0 NULL0
1.1.0.0/16 Static 60 0 D 0.0.0.0 NULL0
1.1.1.0/24 Static 60 0 D 0.0.0.0 NULL0
1.1.1.0/25 Static 60 0 D 0.0.0.0 NULL0
1.1.1.1/32 Static 60 0 D 0.0.0.0 NULL0
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.2/32 O_ASE 150 1 D 10.0.15.5 GigabitEthernet0/0/0
10.0.3.3/32 O_ASE 150 1 D 10.0.15.5 GigabitEthernet0/0/0
10.0.4.4/32 OSPF 10 1562 D 10.0.14.4 Serial3/0/0
10.0.5.5/32 O_ASE 150 1 D 10.0.15.5 GigabitEthernet0/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.1 Serial1/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.12.2/32 Direct 0 0 D 10.0.12.2 Serial1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.14.0/24 Direct 0 0 D 10.0.14.1 Serial3/0/0
10.0.14.1/32 Direct 0 0 D 127.0.0.1 Serial3/0/0
10.0.14.4/32 Direct 0 0 D 10.0.14.4 Serial3/0/0
10.0.14.255/32 Direct 0 0 D 127.0.0.1 Serial3/0/0
10.0.15.0/24 Direct 0 0 D 10.0.15.1 GigabitEthernet0/0/0
10.0.15.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.15.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.23.0/24 O_ASE 150 1 D 10.0.15.5 GigabitEthernet0/0/0
10.0.35.0/24 O_ASE 150 1 D 10.0.15.5 GigabitEthernet0/0/0
10.1.4.0/24 O_ASE 150 1 D 10.0.14.4 Serial3/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
显示路由信息正常。
测试R1与地址10.1.4.4之间的连通性。
[R1]ping 10.1.4.4
PING 10.1.4.4: 56 data bytes, press CTRL_C to break
Reply from 10.1.4.4: bytes=56 Sequence=1 ttl=255 time=33 ms
Reply from 10.1.4.4: bytes=56 Sequence=2 ttl=255 time=29 ms
Reply from 10.1.4.4: bytes=56 Sequence=3 ttl=255 time=29 ms
Reply from 10.1.4.4: bytes=56 Sequence=4 ttl=255 time=29 ms
Reply from 10.1.4.4: bytes=56 Sequence=5 ttl=255 time=29 ms
--- 10.1.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 29/29/33 ms
在R1上检测到达地址10.1.4.4的路径。
缺省情况下,设备的ICMP端口不可达报文的发送功能处于未使能状态,所以我们首先在R4上执行命令icmp port-unreachable send,使能设备的ICMP端口不可达报文的发送功能。
[R4]icmp port-unreachable send
[R1]tracert 10.1.4.4
traceroute to 10.1.4.4(10.1.4.4), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.0.14.4 61 ms 29 ms 29 ms
此时环路问题解决,R1上路由10.1.4.0/24的下一跳为R4。
步骤五.使用Route-policy修改路由优先级避免路由环路
查看R5的路由表。观察路由10.1.4.0/24的下一跳。
[R5]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 22 Routes : 22
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 ISIS-L2 15 84 D 10.0.35.3 Serial1/0/0
10.0.1.1/32 OSPF 10 1 D 10.0.15.1 GigabitEthernet
0/0/0
10.0.2.2/32 ISIS-L2 15 20 D 10.0.35.3 Serial1/0/0
10.0.3.3/32 ISIS-L2 15 10 D 10.0.35.3 Serial1/0/0
10.0.4.4/32 OSPF 10 49 D 10.0.15.1 GigabitEthernet
0/0/0
10.0.5.5/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 OSPF 10 49 D 10.0.15.1 GigabitEthernet
0/0/0
10.0.14.0/24 OSPF 10 49 D 10.0.15.1 GigabitEthernet
0/0/0
10.0.14.1/32 ISIS-L2 15 84 D 10.0.35.3 Serial1/0/0
10.0.15.0/24 Direct 0 0 D 10.0.15.5 GigabitEthernet
0/0/0
10.0.15.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.15.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.23.0/24 ISIS-L2 15 20 D 10.0.35.3 Serial1/0/0
10.0.35.0/24 Direct 0 0 D 10.0.35.5 Serial1/0/0
10.0.35.3/32 Direct 0 0 D 10.0.35.3 Serial1/0/0
10.0.35.5/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.35.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.1.4.0/24 ISIS-L2 15 84 D 10.0.35.3 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
在R5上检测到达地址10.1.4.4的路径。
[R5]tracert 10.1.4.4
traceroute to 10.1.4.4(10.1.4.4), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.0.35.3 62 ms 24 ms 24 ms
2 10.0.23.2 43 ms 44 ms 44 ms
3 10.0.12.1 33 ms 33 ms 33 ms
4 10.0.14.4 74 ms 55 ms 55 ms
发现通过路由过滤的方法虽然能解决环路问题,但是R5仍旧是从ISIS域学习到路由10.1.4.0/24。显然次优路径问题仍然没有得到解决。
为了解决环路问题以及次优路径问题,阻止R5从ISIS域中获得路由10.1.4.0/24,使R5从OSPF域学习到路由10.1.4.0/24。
删除R5上的策略route_delete。
[R5]ospf 1
[R5-ospf-1]undo import-route isis
[R5-ospf-1]quit
[R5]undo route-policy route_delete
[R5]ospf 1
[R5-ospf-1]import-route isis
[R5-ospf-1]quit
在R5上配置策略route_pref,将10.1.4.0/24的路由优先级修改为180,使其小于OSPF外部路由的路由优先级。
[R5]route-policy route_pref permit node 10
[R5-route-policy]if-match acl 2001
[R5-route-policy]apply preference 180
[R5-route-policy]quit
使用路由策略route_pref来控制RIP发布给OSPF的路由。
[R5]isis 1
[R5-isis-1]preference route-policy route_pref
检查R5,R1的路由表,观察路由10.1.4.0/24的下一跳。
[R5]display ip routing-table 10.1.4.0
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.4.0/24 O_ASE 150 1 D 10.0.15.1 GigabitEthernet0/0/0
[R1]display ip routing-table 10.1.4.0
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.4.0/24 O_ASE 150 1 D 10.0.14.4 Serial3/0/0
检查R1与地址10.1.4.4的连通性。
[R1]ping 10.1.4.4
PING 10.1.4.4: 56 data bytes, press CTRL_C to break
Reply from 10.1.4.4: bytes=56 Sequence=1 ttl=255 time=39 ms
Reply from 10.1.4.4: bytes=56 Sequence=2 ttl=255 time=35 ms
Reply from 10.1.4.4: bytes=56 Sequence=3 ttl=255 time=35 ms
Reply from 10.1.4.4: bytes=56 Sequence=4 ttl=255 time=35 ms
Reply from 10.1.4.4: bytes=56 Sequence=5 ttl=255 time=35 ms
--- 10.1.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 35/35/39 ms
在R1上检测到达地址10.1.4.4的路径。
[R1]tracert 10.1.4.4
traceroute to 10.1.4.4(10.1.4.4), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.0.14.4 61 ms 25 ms 25 ms
在R5上检测到达地址10.1.4.4的路径。
[R5]tracert 10.1.4.4
traceroute to 10.1.4.4(10.1.4.4), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.0.15.1 61 ms 2 ms 2 ms
2 10.0.14.4 41 ms 28 ms 27 ms
此时环路问题解决。
在R1上,路由10.1.4.0/24的下一跳是R4。在R5上,路由10.1.4.0/24的下一跳是R1。次优路由也得到解决。
附加实验: 思考并验证
在步骤三中,思考通过访问控制列表是否可以实现同样的效果,它和前缀列表的区别又是什么。
在步骤五中,思考为什么R3路由表中的10.0.15.0/24出现有两个下一跳,而10.0.12.0/24只有一个下一跳。
最终设备配置
<R1>display current-configuration
[V200R007C00SPC600]
#
sysname R1
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.12.1 255.255.255.0
#
interface Serial3/0/0
link-protocol ppp
ip address 10.0.14.1 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.0.15.1 255.255.255.0
#
interface LoopBack0
ip address 10.0.1.1 255.255.255.255
#
ospf 1
import-route static route-policy policy_r1
area 0.0.0.0
network 10.0.12.1 0.0.0.0
network 10.0.15.1 0.0.0.0
network 10.0.14.1 0.0.0.0
network 10.0.1.1 0.0.0.0
#
route-policy policy_r1 permit node 10
if-match ip-prefix pref_r1
#
ip ip-prefix pref_r1 index 10 permit 1.1.1.0 24 greater-equal 24 less-equal 24
#
ip route-static 1.0.0.0 255.0.0.0 NULL0
ip route-static 1.1.0.0 255.255.0.0 NULL0
ip route-static 1.1.1.0 255.255.255.0 NULL0
ip route-static 1.1.1.0 255.255.255.128 NULL0
ip route-static 1.1.1.1 255.255.255.255 NULL0
#
return
<R2>display current-configuration
[V200R007C00SPC600]
#
sysname R2
#
isis 1
is-level level-2
network-entity 49.0001.0000.0000.0002.00
import-route ospf 1
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.12.2 255.255.255.0
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.23.2 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.255
isis enable 1
#
ospf 1
area 0.0.0.0
network 10.0.12.2 0.0.0.0
#
return
<R3>display current-configuration
[V200R007C00SPC600]
#
sysname R3
#
isis 1
is-level level-2
network-entity 49.0001.0000.0000.0003.00
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.23.3 255.255.255.0
isis enable 1
#
interface Serial3/0/0
link-protocol ppp
ip address 10.0.35.3 255.255.255.0
isis enable 1
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.255
isis enable 1
<R4>display current-configuration
[V200R007C00SPC600]
#
sysname R4
#
icmp port-unreachable send
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.14.4 255.255.255.0
#
interface LoopBack0
ip address 10.0.4.4 255.255.255.255
#
interface LoopBack1
ip address 10.1.4.4 255.255.255.0
#
ospf 1
import-route direct
area 0.0.0.0
network 10.0.14.4 0.0.0.0
network 10.0.4.4 0.0.0.0
#
return
<R5>display current-configuration
[V200R007C00SPC600]
#
sysname R5
#
isis 1
is-level level-2
network-entity 49.0001.0000.0000.0005.00
preference route-policy route_pref
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.35.5 255.255.255.0
isis enable 1
#
interface GigabitEthernet0/0/0
ip address 10.0.15.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.255
isis enable 1
#
ospf 1
import-route rip 1 route-policy route_delete
area 0.0.0.0
network 10.0.15.5 0.0.0.0
#
route-policy add_tag permit node 10
if-match acl 2001
apply tag 100
#
route-policy add_tag permit node 20
#
route-policy route_pref permit node 10
if-match acl 2001
apply preference 180
#
return