6. Huawei H3C small and medium-sized enterprise network architecture construction [route definition, route analysis required by the entire network]

Enterprise 2021-03-01 01:19:53 views: null

Topology

Actual combat

The topology can be saved locally, and then enlarged to view, so that it can be seen more clearly.

6.1 Route definition analysis

In this network, at present, only the corresponding two core switches and the egress firewall are designed to the three-layer part, and the following exchanges are all two-layer networks, then there is no need to use dynamic routing protocols here, static The routing is fully competent. The previous architecture has already seen it. VRRP is used between switches to virtualize an address to communicate with the firewall, and the firewall is also an IP address, so what we need to define is the firewall routing: 1 A default route points to the ISP. This is for Internet access. Of course, there are two ISPs, so two default routes need to be defined, which point to the next hop of the ISP. The detailed route needs to be assigned to VLAN 19-21, 88 The route of these networks, why? Because a data packet has to go and return, you can use the default route when you go out, but the firewall does not know where the data packet comes back, so here we need to tell the firewall how to forward it, here Route summary can be used, which also reflects the summary of subnet division. For the routing of the two switches , you only need to define a default route pointing to the firewall, because the internal network actually knows how to go to the switch, and the only thing that you don't know is how to go to the external network, so you only need to specify a default route pointing to the firewall.

6.2  Route definition

[Core-A]ip route-static 0.0.0.0 0 192.168.100.252
[Core-B]ip route-static 0.0.0.0 0 192.168.100.252
[USG-GW]ip route-static 192.168.0.0 16 192.168.100.254
Description: Three routes are defined. The first two are that the switch defines the default route and forwards it directly to the firewall, while the third one can be seen directly as a summary route, forwarding the 192.168.0.0/16 directly to 192.168.100.254, also It is the VRRP address of the switch.

[AC6605]ip route-static 0.0.0.0 0.0.0.0 192.168.1.254
Here you need to define an AC route to facilitate subsequent policy making.

Note: Regarding the route from the firewall to the ISP, we will analyze it together when the firewall implements NAT, and define different configurations according to different needs.

This article was first published on the public account: Network Road Blog

Guess you like

Origin blog.51cto.com/ccieh3c/2641292
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com