HCIA review
OSI reference model----OSI/RM
application layer
presentation layer
session layer
Transport layer (port number: 0-65535; 1-1023 is the indicated port)
Network layer (IP address)
data link layer
physical layer
ARP protocol
Forward ARP --- Obtain the destination MAC address through the IP address
First, the host sends an ARP request in the form of a broadcast, requesting a MAC address based on a known IP address. All devices in the broadcast domain can receive the request packet, and all devices that receive the data packet will record the correspondence between the source IP address and the source MAC address in the data packet and store it in the local ARP cache table. After that, look at the requested IP address. If it is a local IP address, an ARP response will be made and the local MAC address will be notified. If it is not a local IP address, the packet will be discarded directly. Afterwards, when sending data, first check the local ARP cache table. If there is a record in the table, the information will be sent directly according to the record. If there is no record, then send the ARP request packet to obtain the MAC address.
Reverse ARP --- Get the target IP address through the target MAC address
Free ARP - use the principle of forward ARP to request your own IP address
1. Self-introduction
2. Detect address conflicts
TCP/IP
Four-layer model----TCP/IP standard model
Five-layer model----TCP/IP peer-to-peer model
PDU---protocol data unit
L1PDU
L2PDU
...
L7PDU
Application layer----data message
Transport layer - data segment
Network layer - data packet
Data link layer ---- data frame
Physical layer - bit stream
Encapsulation and Decapsulation
Application layer - there is an encapsulation process, depending on different applications
Transport layer----TCP, UDP (port number)
Network layer - encapsulation of IP address
Data link layer --- encapsulation MAC address
Physical layer----data has become an electrical signal, there is no encapsulation
Cross-Layer Encapsulation of TCP/IP
Purpose: Improve the speed of encapsulation and decapsulation, and speed up the transmission efficiency
Cross-four-layer encapsulation ( STP protocol used between directly connected switches )----After the data encapsulation of the application layer is completed, the data of the network layer is directly encapsulated
Applied between directly connected routing devices
Layer-3 and layer-4 encapsulation ( directly connected routers in the SPF protocol use layer-4 encapsulation ) --- Encapsulate layer-2 data directly after application layer encapsulation
Applied between directly connected switching devices
SOF --- frame delimiter ( equivalent to the preamble )
MAC sublayer - media access control layer - 802.3
LLC sublayer----logical link control layer----802.2
DSAP: identifies the module that the upper layer of the receiver processes data packets
SSAP: the module that identifies the upper layer of the sender to sort out data packets
Control: The module that determines how our data is transferred
1. No connection mode
2. Connection-oriented mode - control fragmentation, reorganization, sorting
IP address
IPv4 version --- 32-bit binary --- dotted decimal: divide 32-bit binary into 4 parts, each part is 8 bits, and convert binary to decimal
IPv6 version --- 128-bit binary --- hexadecimal
Network bit: the same network bit means they are in the same broadcast domain
Host bits: In the same broadcast domain, use host bits to distinguish different hosts
Mask: Consisting of consecutive 1s and consecutive 0s, 1 represents network bits and 0 represents host bits.
IPv4 address classification (classful addressing)
Unicast address---one-to-one communication
Features: It can be used as both source IP address and destination IP address
Multicast address---one-to-many
Broadcast address---one-to-all (used only as destination IP address)
A: Mask: 255.0.0.0
B: Mask: 255.255.0.0
C: mask: 255.255.255.0
D---Multicast address----can only be used as the target IP address, not as the source IP
E --- reserved address
IP address classification principle: Classify according to the first eight digits of the binary IP address
A:0XXX XXXX-----0-127
B:10XX XXXX-----128-191
C:110X XXXX-----192-223
D:1110 XXXX-----224-239
E:1111 XXXX-----240-255
special IP address
1. 127.0.0.1-127.255.255.254----loopback address----local test
2. 255.255.255.255---restricted broadcast address
3. The host bits are all 1 --- 192.168.1.255/24 --- direct broadcast address
Difference: Restricted broadcast addresses are not forwarded by routers, while direct broadcast addresses are forwarded.
4. The host bits are all 0---192.168.1.0/24----network
5. 0.0.0.0----represents no IP address, or represents all IP addresses
6. 169.254.0.0/16----link-local address/automatic private address
Note: This IP address cannot communicate across network segments----Ethernet environment
VLSM----variable length subnet mask idea: borrow bits from host bits to network bits.
192.168.1.0/24
192.168.1.0 000 0000/25---192.168.1.0/25
192.168.1.1 000 0000/25---192.168.1.128/25
CIDR----classless inter-domain routing idea: take the same, go different
192.168.0.0/24
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.0000 0000.0
192.168.0000 0001.0
192.168.0000 0010.0
192.168.0000 0011.0
192.168.0.0/22----Supernet
172.16.0.0/24
172.16.1.0/24
172.16.2.0/24
172.16.3.0/24
172.16.0.0/22----subnet summary
DHCP service ---Dynamic Host Configuration Protocol
DHCP Discover---Broadcast
The forwarding principle of the switch:
After the switch receives the electrical signal, it converts the electrical signal into binary, and then intercepts the data frame.
Check the source MAC address of the data frame, and then record the corresponding relationship between the address and the interface where the data enters in the local MAC address table---300s.
After that, look at the destination MAC address in the data frame, and query the local MAC address table based on the destination MAC address. If there is a record relationship in the table, it will be forwarded according to the record; if there is no record relationship in the table, it will be flooded (the switch will send the data to Send once from all interfaces except the incoming interface)
Three cases of switch flooding:
1. Encountered a broadcast frame
2. Encountered a multicast frame
3. Unknown unicast address encountered
DHCP ack message----broadcast/unicast
DNS service ---Domain Name Resolution Protocol
URL---resource delimiter, it is different from domain name
Agreement + website domain name information + file path
Purpose: Obtain the corresponding IP address through the domain name
DNS port number ------53---TCP/UDP
DNS query process
Router forwarding principle
Principle: The router will query the local routing table based on the destination IP address in the data packet. If the record is saved in the routing table, it will be unconditionally followed by the record
Forward; if there is no record, the packet will be discarded directly.
Get information about unknown network segments
1. Directly connected routing: The router generates routing entries for directly connected network segments with available interfaces by default.
2. Static routing: manually configured by the network administrator
3. Dynamic routing: All routers run the same routing protocol, and then routers communicate with each other to calculate routing information for unknown network segments
Conditions for generating direct routes
1. Interface double UP
Physical layer UP: indicates that the link is normal
UP at the protocol level: means having a communication protocol
2. The interface must be configured with an IP address
HTTP protocol - hypertext transfer protocol
TCP---80
Hypertext --- contains text marked with hyperlinks and multimedia elements
TCP protocol
It is a connection-oriented reliable transport protocol
reliability Confirmation mechanism: transmission confirmation, each time a data segment is received, a confirmation is required Retransmission mechanism: the optimal mechanism to ensure reliability. When a packet in a data segment is lost, it will remind you to retransmit the message Sorting mechanism: When a data segment is transmitted, it is divided into multiple packets, so that they are transmitted through different paths, and the order of the final destination will be disrupted, so reordering is required. According to the sequence number field in the TCP packet. Flow control mechanism: sliding window mechanism - adjust the window size to control the flow |
MSS=MTU-TCP header-IP header (in the option field of the TCP protocol)
PMTU----Path MTU Discovery Protocol
In the IP header, there is a field called DF, which indicates whether the IP packet is allowed to be fragmented. After the PMTU function is enabled, this field will be set to 1, indicating that fragmentation is not allowed.
At this time, when fragmentation is required, if the packet is found to be unfragable, the device will discard the packet, and send an ICMP packet (data unreachable) to the sender, and at the same time record the MTU value of the current device interface.
After receiving the ICMP message, the sender will resend the data due to the TCP retransmission mechanism, but will also generate a new message for transmission according to the new MTU value.
TCP connection-oriented
three handshake
1XX---100---notification information
2XX----200---Success
3XX----300---redirection
4XX---403---Customer Error
5XX---500---Server Error--503
static route
Advantages of static routing:
1. Reasonable route selection, manually configured by the network administrator ( selected by a person, with comprehensive consideration )
2. Security , the calculation of dynamic routing protocols requires the exchange of data packets between routers
3. No need to occupy additional device resources
Disadvantages of static routing:
1. Large amount of configuration
2. Cannot automatically converge based on topology changes
Basic Static Routing Configuration
Method 1: [r1]ip route-static 23.0.0.0 24 12.0.0.2- ---- Need to recursively find the outbound interface
Method 2: [r3]ip route-static 12.0.0.0 24 GigabitEthernet 0/0/0 needs to activate proxy ARP
Solution: enable the ARP proxy function on the incoming interface of the next router
[r2-GigabitEthernet0/0/1]arp-proxy enable
Proxy ARP idea: After receiving the ARP packet, the router will check the local routing table, if there is a destination IP address in the local router
At this time, the router will pretend to be the destination IP address to answer the ARP message.
Method 3: [r1]ip route-static 192.168.2.0 24 GigabitEthernet 0/0/1 12.0.0.2 No need for recursive search
Method 4: [r3]ip route-static 192.168.1.0 24 12.0.0.1 needs to pave the way for all routing items in the recursive routing search process in advance.
Extended configuration of static routing
Load balancing : When a router has multiple paths with similar costs when accessing the same target, the traffic can be split and then go through multiple paths at the same time to achieve the effect of superimposing bandwidth
Manual summary : When the router can access multiple consecutive subnets, if they all pass the same next hop, these network segments can be summarized and counted.
For calculation, just write a static route to the summary network segment directly. It can reduce the number of routing table entries and improve forwarding efficiency.
Routing black hole: In the summary, if a network segment that does not actually exist in the network is included, it may cause traffic to go without return, wasting link resources. Reasonable division and aggregation can reduce the generation of routing black holes
Default route: a route that does not limit the destination. When looking up the table, if none of the routes match, the default route will be matched.
Empty interface routing:
To prevent the route black hole from meeting the default route and going out of the loop, configure a route on the black hole router that reaches the summary network segment and points to an empty interface.
1. NULL0---If the outbound interface of a routing entry points to a null interface, the datagram matching this routing information will be discarded
2. The matching principle of the routing table---the longest matching principle (exact matching principle)
Floating static routing: By modifying the default priority of static routing, the effect of backup is achieved
Static route and BFD association
BFD: Bidirectional forwarding detection is a unified detection mechanism for the entire network, which is used to quickly detect and monitor the forwarding connectivity status of links or IP routes in the network .
Static routes require a large amount of configuration, but cannot be automatically converged. In the figure, R1 configures a static route to reach the loopback of R4. Originally, load balancing should be configured, but here it is configured as a floating static route. Normally, the left link is used, and the right link is used when a fault occurs.
If the link between R1 and LSW1 is broken or LSW1 fails, can it be switched to the link on the right? Can
If the link between R2 and LSW1 fails, it cannot be switched to the link on the right, how to solve it?
R1 cannot perceive the link between R2 and LSW1, but can only perceive the link between LSW1 and R1 including LSW1. If the switch is broken, then LSW1
The 0/0/1 interface of R1 will be down, and the 0/0/0 interface of R1 will be down, and R1 will know. For example, the 0/0/0 interface of R2 hangs up, only LSW1
0/0/2 will become down, which cannot affect the link between LSW1 and R1. R1 cannot detect the link between R2 and LSW1, and cannot switch to the right link. That
Is there any way to perceive it? Using BFD, BFD detection mechanism: The detection mechanism of BFD is that two systems establish a BFD session and follow the path between them
Periodically send BFD control packets, if one party does not receive BFD control packets within a predetermined time, it is considered that a fault has occurred on the path. OSPF protocol uses
The hello packet ensures the existence of neighbors. Send an empty message to the neighbor, and the reply will exist. If there is no reply, it will be fine. It can also detect faults, so why do we need BFD and OSFP?
Linkage, let BFD help?
OSPF 10S sends a hello packet to keep alive, but if the OSPF network suddenly has a sudden structural change after the convergence is completed, at least DR/BR must be elected.
Even in a point-to-point network, it takes a few seconds to collect topology information, and then it takes time to complete the topology calculation. However in some areas
domain, requires fast convergence, reduces the impact of equipment failures on services, and improves network reliability.
Communication failure, so that measures can be taken in time to ensure the continuation of business. The minimum sending time of OSPF hell packet is changed to 1s, but BFD can implement ms convergence
The configuration in the picture:
[R1]ip route-static 10.9.9.0 24 10.1.12.1
[R1]ip route-static 10.9.9.0 24 10.1.23.1 preference 90
[R2]ip route-static 0.0.0.0 0 10.1.134.3
[R3]ip route-static 0.0.0.0 0 10.1.134.3
[R4]ip route-static 10.1.12.0 24 10.1.134.1
[R4]ip route-static 10.1.23.0 24 10.1.134.2
R2 closes the 0/0/0 interface, checks the table, and R1 does not switch to the right link
First delete [R1]ip route-static 10.9.9.0 24 10.1.12.1 , and then configure BFD
BFD configuration
[R1]bfd //Start the BDF protocol
[R1]bfd aa bind peer-ip 10.1.12.1 (peer IP address ) --- create a bfd session, the session name is aa (only local meaning)
[R1-bfd-session-aa] discriminator local 20 --- session local identifier
[R1-bfd-session-aa]discriminator remote 10 ---Session peer identifier
[R1-bfd-session-aa]commit -- the configuration must be submitted, otherwise it will not take effect
[R1]ip route-static 10.9.9.0 24 10.1.12.1 track bfd-session aa link static routing and BFD
[R1]display bfd session all View all BFD sessions
BFD needs to be configured on both sides, the configuration of R2:
[R2]bfd
[R2]bfd bb bind peer-ip 10.1.12.2
[R2-bfd-session-bb]discriminator local 10
[R2-bfd-session-bb]discriminator remote 20
[R2-bfd-session-bb]commit
Grab the 0/0/0 interface of R2 and find that sending a BFD packet does not even take 1S
Check to see if it can be switched: LSW1-GigabitEthernet0/0/2]shutdown
It means that the BFD status is down
[R1]display bfd session all View all BFD sessions
At this time, the route with priority 90 is loaded, and R1 switches to the link on the right
How to judge that R1 and R2 are really unable to communicate and switch routes?
By default (that is, by default), the bfd session sends a message every 1000ms (can be modified), and when there is no response to the message for three consecutive times (can be modified), the state of the bfd session is disconnected, thereby causing linkage Agreement lapsed.
[ R 1-bfd-session-bb]min-rx-interval 10 --- Configure the interval for receiving BFD packets as 10 milliseconds
[ R1 -bfd-session-bb]min-tx-interval 10 --- Configure the BFD packet sending interval to 10 milliseconds
[ R 1-bfd-session-bb]detect-multiplier 10 ---Configure the local detection multiplier to 10 (changeable range 3-50) , that is, if the BFD message is not received ten times, it will be considered a failure
Network type and data link layer protocol
The network type is divided according to the protocols and rules run by our data link layer.
Classification of Network Types
P2P----point to point---point to point
MA---multipoint access network
BMA---Broadcast Multipoint Access Network
NBMA - non-broadcast multipoint access network
Data Link Layer Protocol
MA network
ethernet protocol
Features: Need to use MAC address to distinguish and identify our equipment
Reason: (Why Ethernet needs to use MAC address for physical addressing)
A Layer 2 network established using the Ethernet protocol can contain multiple interfaces, and each Ethernet interface can exchange Ethernet data frames for communication. If there is no MAC address, the corresponding received data cannot be found. Frame device.
Type------BMA
The construction method of the Ethernet network ----- use the Ethernet cable to connect the Ethernet interface of the device, and the formed network is called the Ethernet network.
The protocol is the Ethernet protocol.
Features of Ethernet - can provide a huge transmission rate - frequency division technology
P2P network
Definition: When only two devices can exist in a network, and the third device is not allowed to join, such a network is called a P2P network.
The construction of P2P network - use the serial port cable to connect the serial interface of the device to form a network
Serial cable----a relatively ancient cable, one of the main cables used in the early days
Serial port standard:
E1----2.048M/bps
T1----1.544M/bps
HDLC
High-Level Data Link Control----High-Level Data Link Control Protocol
standard:
HDLC protocol that meets industry standards--ISO organization (IBM Corporation--SDLC--is a bit-oriented synchronous data link control protocol--transmits data in units of frames)
Does not meet the HDLC protocol marked by the industry --- various manufacturers modify the HDLC according to the ISO standard
Note: Standard HDLC and non-standard HDLC are not compatible with each other. (Cisco, Ruijie)
HDLC network construction
[ R 1-Serial4/0/0]link-protocol hdlc //Modify the network type to HDLC
Address: The unicast is written, which means there is no content to fill in, because the point-to-point network actually does not need an IP address to communicate, and the reason for configuring the IP address is only to serve the upper layer protocol.
Control: It was originally used for some strategies, but this field is not reserved in the current serial network, and it is filled with 0
protocol: Indicates the type of the upper layer encapsulation protocol, similar to the type field in the Ethernet protocol
HDLC interface address borrowing
[ R 1-Serial4/0/0]ip address unnumbered interface LoopBack 0 -- borrow the IP address of loopback 0
[ R 1]ip route-static 12.0.0.0 24 Serial 4/0/0 --- The reason for not writing the next hop is that 1. If the next hop is written, recursive routing is required; 2. Because the interface does not have IP address, so a direct route to the next hop cannot be generated.
In the end, it is necessary to supplement the static routing information of the peer device on both devices to ensure that the data can be forwarded through table lookup .
Configure the IP address of the loopback interface as the address on the same network segment as the IP address of the peer interface, and set the mask to 32 .
PPP - point to point protocol
Advantages of PPP agreement
1. Compared with HDLC, PPP protocol has good compatibility. Unified standard protocol (any serial interface or serial cable, as long as it can support full-duplex communication, it can support PPP protocol)
2. It has good portability. ----PPPoE
3. Authentication and authorization can be completed.
4. No retransmission mechanism, low overhead and fast speed
Establishment of PPP session
The PPP protocol needs to go through three stages to establish a session
Link establishment phase ---- LCP protocol
Certification stage ---------- PPP certification (optional)
Network layer protocol negotiation phase ---- NCP negotiation
PPP link establishment phase
Dead stage ---- known as the physical layer unavailable stage
When the two ends of the communication detect that the physical link is activated, they will transition from the dead phase to the Establish phase.
Establish phase ---- LCP parameter negotiation will be carried out
At this stage, when the LCP parameters are negotiated successfully, it will enter the opened state, indicating that the underlying link has been established.
Authenticate phase----In most cases, the devices at both ends of the link need to go through the authentication phase before entering the network layer protocol negotiation phase.
By default, PPP links do not require authentication
If authentication is required, an authentication protocol must be specified during the link establishment phase.
The authentication mode is negotiated during the link establishment phase of both parties.
Network phase----PPP link for NCP negotiation
A network layer protocol is selected and configured through NCP negotiation, and parameters of the network layer protocol are negotiated.
Only after the negotiation of the corresponding network layer protocol is successful, the network layer protocol may be sent through this PPP link.
After the NCP protocol is successful, the PPP link will remain in the communication state
If the physical link is disconnected, the authentication fails, the timer expires, the connection is manually closed, etc. during the operation of PPP, the link will enter the Terminate stage.
Terminate phase ---- the phase of link closure
If all link resources have been released at this time, both communication parties will return to the initial state of Dead until the two parties re-establish the PPP connection.
PPP data frame structure
LCP protocol ----- link control protocol --- is mainly used to complete the first phase negotiation process of PPP session establishment
NCP protocol-----Network Control Protocol------is a general term for a series of protocols, which is carried out for the network layer protocol when the third phase of PPP session establishment is completed.
negotiate. The protocols used by the network layer are different, and the corresponding NCP protocols are different.
LCP has three message types
Link configuration message----important
link termination message
Terminate-Request: terminate the request
Terminate-ACK: Terminate acknowledgment
link maintenance message
echo-request------echo request
echo-reply---------- echo reply
LCP established
1. MRU value: the maximum data unit allowed in a PPP data frame, unit byte, default 1500
2. Authentication method: Judging according to the second-stage authentication, if there is authentication, the authentication method needs to be negotiated; if there is no authentication, no negotiation is required.
3. Magic word: used to detect whether there is a loop in the link, it is a string randomly generated by the local device (device serial number, hardware address)
OSPF basics
OSPF seven state machines
down --- closed state --- once the OSPF protocol is started, the hello packet is sent and enters the next state
init----initialization state----in the received hello packet, if there is its own RID value, it will enter the next state
2-way--two-way communication status----- the sign of the establishment of neighbor relationship .
Condition matching: If the match is successful, it will enter the next stage, if it is not successful, it will stay in 2-way
exstart----pre-start state----use the DBD package without information to carry out the master-slave relationship election, and the one with the larger RID is the master
exchange-----quasi-exchange state--use DBD message carrying directory information for directory sharing
loading------loading status-----neighbors use LSR/LSU/LSAck three kinds of messages to obtain complete TOPO information
full----forwarding status----repair is a positive result------ marks the establishment of the adjacency relationship
condition match
device interface name
DR---designated router
BDR---Backup Designated Router
DRother----other routers
OSPF calls the condition of adjacency
Point-to-point - no need to elect DR and BDR - directly start to establish adjacency relationship (method to speed up convergence)
MA network----In a network, there is no limit to the number of nodes (DR and BDR will be elected)
election rules
Interface priority ----->0-255---->The greater the priority, it is DR, and the next level is BDR (Huawei defaults to 1)
RID - the bigger the priority
Election scope----a broadcast for a conditional match between roles
In a broadcast domain, all devices maintain adjacency, and there will be a large number of repeated updates, so DR/BDR elections are required, and all non-DR/BDR devices only need to maintain neighbor relationships
DR and DRother---->Adjacency
DR and BDR---->Adjacency
BDR and DRother---->Adjacency
DRother and DRother---->neighbor relationship
1. In a broadcast domain, if DR and BDR are available, at least four routers are required to see the neighbor relationship
2. The designated router is selected for a broadcast domain, so it is actually an interface concept
non-preemptive election mode
electoral process
1. The election of DR and BDR is implemented through Hello packets, and the election process occurs after the 2-way state
2. The router fills in the "DR Priority" field in the hello packet with the DR priority of its own interface
3. You can modify the DR priority in the interface view (if the DR priority is changed to 0, it means that you are not eligible for DR and BDR elections)
4. When the router interface activates OSPF, it first checks whether there is a DR device on the network, and if it exists, it will accept the DR role. if not
exists, the device with the highest DR priority is called DR (RID)
5. The BDR election process is the same as the DR election process, but after the DR election is successful.
The DR device uses multicast 224.0.0.5 to send messages to the MA network.
And DR and BDR use 224.0.0.6 to monitor the news of the MA network.
DROther uses 224.0.06 to send its own LSU message
Exists in NBMA network types.
On an NBMA network, if OSPF needs to be enabled, neighbors need to be specified manually; otherwise, hello packets will not be sent.
If no hello message is sent, the neighbor state is in the attempt state
1. Start OSFP After the configuration is complete, OSPF will multicast 224.0.0.5 to all local interfaces running the OSPF protocol to send hello packets; the hello packets carry the local RID and the locally known neighbor RID; then generate a neighbor table.
2. After the neighbor relationship is established, conditional matching is performed; if the match fails, it stays in the neighbor relationship; only the hello message is kept alive
3. Neighbors that match successfully will start to establish adjacency.
4. First use the DBD message without data to carry out the master-slave relationship election; then use the DBD message with data to share the database directory; then use the LSR/LSU/LSACK message locally to obtain unknown LSA information;
5. Complete the establishment of the local database --- generate database tables.
6. After that, the directed graph and the shortest path tree are generated locally based on the database, and then the shortest path to all unknown network segments in the local topology is calculated.
7. Path, and add it to the routing table.
The convergence is complete, and the hello packets are periodically kept alive. Periodically updated every 30 minutes
Structural mutation
1. Adding a new network segment - use the LSU to update directly on the interface of the adjacency relationship, and tell the content to the neighbors. And need the neighbor's ACK confirmation.
2. Disconnect the network segment - use the LSU to update directly on the interface of the adjacency relationship, and tell the content to the neighbors. And need the neighbor's ACK confirmation.
3. Unable to communicate----dead time----four times the hello time.
1. Start the OSPF process [r1] ospf 1 router-id 1.1.1.1 //The process ID only has local meaning, manually configure the RID method
2. Create area [r1-ospf-1]area 0
3. Declare
[r1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0 //Accurate declaration
[r1-ospf-1-area-0.0.0.0]network 12.0.0.0 0.0.0.255 //declare the network segment
Declare the use of the unmasked form
OSPF announcements use reverse masks to achieve accurate announcements, that is, to announce the specific interface IP address to activate the specified interface, or to announce the directly connected network segment to activate the interface.
32-bit binary, expressed in dotted decimal notation. Continuous 0+ continuous 1; and 0 means immutable; 1 means variable
In the Huawei system, the priority is 10;
OSPF COST====reference bandwidth (100Mbps)/actual bandwidth
[r1-ospf-1]bandwidth-reference 1000 //Modify the reference bandwidth-----all devices need to be modified
The cost of an OSPF path is equal to the sum of the inbound interface costs of all devices along the path from the destination to the local router .
OSPF packet format
OSPF packet header
Version (Version)
For OSPFv2, the value of this field is always 2
type
Describes the type of OSPF packet
Hello------1
DBD-------2
LSR--------3
LSU--------4
LSACK----5
Packet Length
The length of the entire OSPF message ----- unit byte
router-id
The RID value of the router that sent the packet
area ID
The ID value of the area to which the interface sending the packet belongs
checksum
Verify the validity of OSPF overall data packets
authentication type
Indicates the type of authentication used by the message
No authentication ---0; simple authentication ---1; MD5 authentication ---2;
authentication data
The content to be compared for message authentication
If the authentication type is not authenticated, this field is filled with 0
The authentication function of OSPF exists in all data exchange processes, and any kind of data packet needs to be authenticated.
During the authentication process, two fields need to be compared, and the authentication type field is first compared.
If they are the same, the authentication data fields will be compared.
Network Mask
This field is filled with the netmask that sends the message
If two OSPF routers are directly connected through Ethernet interfaces , the directly connected interfaces on both sides must be configured with the same network mask.
(Point-to-point network does not need to compare this parameter)
Note: The need to compare the subnet mask information for OSPF to establish a neighbor relationship is unique to Huawei, and other manufacturers do not have this requirement .
Hello Interval
The two directly connected routers need to ensure that the Hello intervals of the directly connected interfaces are the same; otherwise, the neighbor relationship cannot be established .
By default, for P2P and BMA, it is 10S; for P2MP and NBMA, it is 30S.
Options
This field has a total of 8 bits, and each bit is used to indicate a specific OSPF feature of the router.
During the establishment of the OSPF neighbor relationship, some bits in this field will be checked, which may affect the establishment of the OSPF neighbor relationship. (marking of special areas)
router priority
[r2-GigabitEthernet0/0/0]ospf dr-priority ? //Modify the DR priority of the OSPF interface
INTEGER<0-255> Router priority value
Router Dead Time
To establish an OSPF neighbor relationship between two directly connected routers, it is necessary to ensure that the dead time of the two interfaces is the same, otherwise the neighbor
Relationships cannot be established normally.
The default time is 4 times of hello.
designated router
Interface IP address of the DR device on the network.
If there is no DR or DR is not elected, fill in 0.0.0.0
Backup Designated Router
Interface IP address of the network BDR device
If there is no BDR or the election is not over, fill in 0.0.0.0
Neighbor
Valid neighbors found on the direct link, filled here is the RID value of the neighbor, if multiple neighbors are found, it contains multiple
neighbor field.
All multicast addresses in 224.0.0.X format are called link-local multicast, and the TTL value in the packet whose destination IP address is link-local multicast is set to 1 . All local link multicast will have a corresponding multicast MAC address, 01-00-5e- last 24 digits ( last 24 digits of multicast IP address )
subnet mask
After modifying the netmask on R2, R2 will immediately change the state of R3 to Down. And R3 will switch state after 40S death time.
The reason is that after R2 modifies the mask of the IP address, it will think that the previous connection is interrupted and the connection needs to be re-established, so the state machine is reset.
And R3 thinks it is unable to communicate. Therefore, it will wait for the death time to expire before switching the state.
Moreover, in this case, R3 can still forward data to R2 during the waiting period of 40S, and R2 can receive the data packet, but cannot reply
★Interface maximum transmission unit (interface MTU)
Huawei sets the value to 0
Huawei does not detect the MTU value by default
[r1-GigabitEthernet0/0/0]ospf mtu-enable
If this function is enabled on both sides, MTU detection will be performed, and when the detection is performed, if the two sides are different, the state will be stuck in the exstart state.
★I bit----master-slave relationship election
If this bit is 1, no LSA header will be carried.
★M bit----represents whether there are multiple DD messages in the follow-up
If it is set to 1, it means that there will be DD packets in the future
If it is set to 0, it means that the message is the last DD message
★MS bit----represents the master device
If the bit position is 1, it means Master
Before the election of the master-slave relationship is completed, each device will consider itself the master.
★DD serial number
It is used to ensure the orderly and reliable transmission of DD packets. ----DD serial number increments by 1.
The DD serial number must be determined by the Master router, and the slave device can only use the DD serial number sent by the Master device to send its own DD message. (implicit confirmation mechanism)
★LSA head
When a router uses DD packets to describe its LSDB, the LSA header information is included.
A DD packet can contain one or more LSA header information.
LASCK bag
2. OSPF sends all protocol packets in multicast mode ( 224.0.0.5 ) on the interface whose network type is P2P . And OSPF will not elect DR and BDR in P2P network .
In the interface type information, the description information of DR priority, DR and BDR seen in the BMA network is missing .
4. P2MP interface type
1. On a P2MP interface, OSPF usually sends hello packets in multicast mode and other messages in unicast mode.
1. Use the tunnel tunnel: build a tunnel between R2 and R3, and then declare the tunnel to Area0, which is equivalent to legalizing the illegal ABR device R3.
2. Use vpn tunnels to solve the problem of irregular areas: poor route selection may occur/repeated updates may occur/because of the existence of virtual links, neighbors need to be established between R2 and R3. The periodic data maintained between them will pass through Area1, resulting in excessive resource consumption in the middle area.
3. Virtual link---Vlink
A technology specially developed to solve OSPF irregular areas. It is a virtual and logical link.
[r2-ospf-1-area-0.0.0.1]vlink-peer 3.3.3.3
[r3-ospf-1-area-0.0.0.1]vlink-peer 2.2.2.2
Configuration conditions of the virtual link: only one area can be traversed.
In fact, all Vlink links use unicast packets to describe information.
Vlink is regarded as an extension of the backbone area——vlink always belongs to Area0.
Use vlink to solve the problem of irregular areas:
1. Due to the existence of virtual links, neighbors need to be established between R2 and R3. The periodic data maintained between them will pass through Area1, resulting in excessive resource consumption in the middle area.
2. Can only pass through one area. In fact, vlink is not only applied to the above two irregular areas, but also can be used to repair some suboptimal paths or unrobust problems in the backbone area.
4. Use multi-process two-way redistributing
Redistribution: publish a routing information in another routing protocol.
[r3-ospf-1]import-route ospf 2 --- import the route of OSPF process 2 to OSPF process 1
Link state aging time (Link-State Age) 16bit, unit S When the LSA is generated by the originating router, the value is set to 0, and then the aging time gradually accumulates as the LSA is flooded in the network. Maximum Aging Time--3600S-----When this time is reached, the LSA will be deleted by the local router. On an OSPF network, only the originating router can age the LSA in advance and delete the LSA information on the entire network. group pacing timer ----cisco----240S |
optional The content is the same as the hello package |
Link State Type (Link-State Type) Indicates the type of the LSA |
Link State ID Different types of LSAs used to identify LSAs have different definitions of this field. |
advertising router RID of the router that originated the LSA |
link state serial number 32 bits, incremented one by one Start: 0X80000001; End: 0X7FFFFFFF serial number space linear serial number space circular sequence number space lollipop serial number space |
checksum Will participate in the comparison of old and new relationships in LSA |
Determine the old and new relationship of LSA
Link state serial number, aging time, checksum
1. LSA information with higher sequence number is better
2. For LSAs with the same sequence number, select the LSA with the larger checksum
3. With the same sequence number and checksum, if the aging time of an LSA is set to the maximum aging time, the LSA is considered to be the latest.
4. With the same serial number and checksum, no aging time of any LSA is the maximum aging time, and the difference between the aging times of the two LSAs will be compared.
1. When the difference is greater than 15 minutes (MaxAge Diff: the longest time required for an LSA instance to be sent from the originating device until it is flooded to the entire AS boundary), the two LSAs will be considered different, and the smaller LSA will be selected
2. When the difference is less than or equal to 15 minutes, the two LSAs will be considered the same, and a random one will be selected
Type-1 LSA----Router
1. For a type of LSA, all devices in the network will send, and only one
2. The interfaces that belong to the same area share a type-1 LSA information for description.
If there are multiple areas, the router will generate a type-1 LSA for each area, and each LSA only describes the interface connected to the area.
Type-2 LSA----Network
Type-5 LSA----External
1.通告者---ASBR
2.LS ID----域外路由信息的目标网络号
3.传播范围----整个OSPF域
4.五类LSA中携带的是域外路由信息,通过重发布导入OSPF网络,因为不同协议对开销值的 算法标准不同,所以,在路由导入之后,将直接舍弃原本的开销值,之后给路由赋予一个规定值-----种子度量值
OSPF的种子度量值为1
[r4-ospf-1]import-route rip 1 cost 5
5.E位:
* 示外部路由使用的度量值类型,OSPF定义了两种外部路由度量值类型,分别为Metric-Type-1(E=0)、Metric-Type-2(E=1)
* Type-1:所有设备到达域外目的网段的开销值为本地到达ASBR的开销值+种子度量值
* Type-2:域内所有设备到达域外目的网段的开销值等于种子度量值;OSPF默认使用类型 2.
*[r4-ospf-1]import-route rip 1 cost 5 type 1
6.外部路由标记
*一个只有外部路由才能携带的标记,经常被用于部署路由策略或策略路由。
*在华为路由器上,缺省时,该字段值被设置为1。
7.转发地址---FA
FA字段默认为0.0.0.0;则到达该外部网段的流量会被转发引入到发送这条LSA的ASBR设备。
而若FA字段不为0.0.0.0,则流量会被发送给这个FA字段所表示的地址。
作用:解决次优路径问题-----与ICMP中的重定向报文具有相同效果。
FA字段被设置为其余数值的条件:
*引入外部路由的ASBR在其连接外部网络的接口上激活了OSPF协议。
*该接口的网络类型为BMA或者NBMA。
*该接口的IP地址属于OSPF协议配置network命令范围。
*该接口没有被配置为静默接口
- 链路状态ID------ASBR的RID值
- 度量值----填写的是该通告者到达ASBR的Cost值
- 四类LSA的任务就是在辅助五类LSA完成验算过程,找到ASBR的位置,里面只携带一个开销 值。
第一大类-----1、不能是骨干区域;2、不能存在虚链路;3、不能存在ASBR设备
1. 如果将一个区域配置成非末梢区域,则这个区域将不再学习4类和5类LSA。-----ABR设备将 不会在给该区域转发4类和5类LSA信息。
重发布和路由策略
重发布
路由策略
前缀列表(IP-prefix)
IP前缀列表可以包含一条或多条语句,每条语句都使用一个序号(十进制)进行标识。
做策略
偏移列表-----Cisco
过滤策略----Filter-Policy----路由过滤工具
路由策略----Route-policy
BGP报文头部
BGP的路由黑洞
使用直连接口IP地址建立EBGP对等体关系